Analysis Overview
SHA256
6659e4a6a0327dfa5d2580ca37b3e628fb4adf9031c107e3209cad1d9b29e711
Threat Level: Shows suspicious behavior
The file H2M Launcher_0.12.0_x64_en-US (1).msi was found to be: Shows suspicious behavior.
Malicious Activity Summary
Network Share Discovery
Enumerates connected drives
Downloads MZ/PE file
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
Executes dropped EXE
Drops file in Program Files directory
Loads dropped DLL
Drops file in Windows directory
Browser Information Discovery
System Location Discovery: System Language Discovery
System Network Configuration Discovery: Internet Connection Discovery
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Modifies data under HKEY_USERS
Uses Volume Shadow Copy service COM API
Checks SCSI registry key(s)
Modifies registry class
Suspicious use of AdjustPrivilegeToken
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-14 19:15
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-14 19:15
Reported
2024-08-14 19:19
Platform
win11-20240802-en
Max time kernel
210s
Max time network
213s
Command Line
Signatures
Downloads MZ/PE file
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
Network Share Discovery
Detected potential entity reuse from brand microsoft.
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File created | \??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_01cf530faf2f1752\display.PNF | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\system32\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\System32\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SYSTEM32\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Program Files\H2M Launcher\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File created | C:\Program Files\H2M Launcher\Uninstall H2M Launcher.lnk | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files\H2M Launcher\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File created | C:\Program Files\H2M Launcher\H2M Launcher.exe | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\EBWebView\x64\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSID5AF.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF105F2C2E274DA458.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\metadata | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File created | C:\Windows\SystemTemp\~DF08B597800A07BAA4.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File created | C:\Windows\Installer\e57d4e4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e57d4e6.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\Installer\{9E4D2DE9-2006-4A7E-B70E-3EDD52929379}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{9E4D2DE9-2006-4A7E-B70E-3EDD52929379} | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFA80FAF8DE1C77ECB.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\Installer\e57d4e4.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\SystemTemp\~DFF7CB3EDC7C9C535C.TMP | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\exe\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\h2m_launcher.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
| File created | C:\Windows\Installer\{9E4D2DE9-2006-4A7E-B70E-3EDD52929379}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\DLL\kernel32.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.22000.120_none_9d947278b86cc467\symbols\dll\ntdll.pdb | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| File opened for modification | C:\Windows\SystemTemp\Crashpad\settings.dat | C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
| N/A | N/A | C:\Program Files\H2M Launcher\H2M Launcher.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
| N/A | N/A | C:\Windows\syswow64\MsiExec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
System Network Configuration Discovery: Internet Connection Discovery
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters | C:\Windows\system32\vssvc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 00000000040000000b4c6b626f29820b0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff0000000027010100000800000b4c6b620000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff0000000007000100006809000b4c6b62000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1d0b4c6b62000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000b4c6b6200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000 | C:\Windows\system32\vssvc.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133681366166259786" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5A33B0EA4F26DF857AF62E2A04ED7CE4\9ED2D4E96002E7A47BE0E3DD25293997 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9ED2D4E96002E7A47BE0E3DD25293997\ShortcutsFeature = "MainProgram" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\Version = "786432" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9ED2D4E96002E7A47BE0E3DD25293997 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\ProductName = "H2M Launcher" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\Language = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9ED2D4E96002E7A47BE0E3DD25293997\MainProgram | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9ED2D4E96002E7A47BE0E3DD25293997\Environment = "MainProgram" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\ProductIcon = "C:\\Windows\\Installer\\{9E4D2DE9-2006-4A7E-B70E-3EDD52929379}\\ProductIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\5A33B0EA4F26DF857AF62E2A04ED7CE4 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\SourceList\PackageName = "H2M Launcher_0.12.0_x64_en-US (1).msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9ED2D4E96002E7A47BE0E3DD25293997\External | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997\PackageCode = "5B749B1FB39A49441A2B128FE25BD63B" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9ED2D4E96002E7A47BE0E3DD25293997 | C:\Windows\system32\msiexec.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncreaseQuotaPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeMachineAccountPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTcbPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSecurityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeTakeOwnershipPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLoadDriverPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemProfilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemtimePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeProfSingleProcessPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePagefilePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreatePermanentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeBackupPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRestorePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAuditPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSystemEnvironmentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeChangeNotifyPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeRemoteShutdownPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeUndockPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeSyncAgentPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeEnableDelegationPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeManageVolumePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeImpersonatePrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateGlobalPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeCreateTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeAssignPrimaryTokenPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
| Token: SeLockMemoryPrivilege | N/A | C:\Windows\system32\msiexec.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\msiexec.exe
msiexec.exe /I "C:\Users\Admin\AppData\Local\Temp\H2M Launcher_0.12.0_x64_en-US (1).msi"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding A6DECCFB970C346ACC06B4318C2BE70E C
C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
C:\Windows\system32\srtasks.exe
C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
C:\Program Files\H2M Launcher\H2M Launcher.exe
"C:\Program Files\H2M Launcher\H2M Launcher.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=1840.3440.6438452791869210318
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x104,0x108,0x10c,0x80,0x1b4,0x7ff904563cb8,0x7ff904563cc8,0x7ff904563cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1768,2289165951142614432,4199135859927307602,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1768,2289165951142614432,4199135859927307602,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2124 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1768,2289165951142614432,4199135859927307602,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2360 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1768,2289165951142614432,4199135859927307602,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2976 /prefetch:1
C:\Windows\system32\cmd.exe
"cmd" /c start "" "https://github.com/h2m-mod/h2m-launcher"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/h2m-mod/h2m-launcher
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff904563cb8,0x7ff904563cc8,0x7ff904563cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1720,2522471265726773260,15919285917641727482,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1808 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1720,2522471265726773260,15919285917641727482,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2368 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1720,2522471265726773260,15919285917641727482,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2640 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,2522471265726773260,15919285917641727482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1720,2522471265726773260,15919285917641727482,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\H2M Launcher\H2M Launcher.exe
"C:\Program Files\H2M Launcher\H2M Launcher.exe"
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --no-default-browser-check --disable-component-extensions-with-background-pages --no-first-run --disable-default-apps --noerrdialogs --embedded-browser-webview-dpi-awareness=2 --disable-features=msWebOOUI,msPdfOOUI,msSmartScreenProtection --disable-popup-blocking --internet-explorer-integration=none --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --lang=en-US --mojo-named-platform-channel-pipe=5028.740.16468659114939408082
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x100,0x1cc,0x7ff904563cb8,0x7ff904563cc8,0x7ff904563cd8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=gpu-process --field-trial-handle=1820,744227852048006322,8900135957627271093,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1820,744227852048006322,8900135957627271093,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=1916 /prefetch:3
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1820,744227852048006322,8900135957627271093,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --service-sandbox-type=utility --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --mojo-platform-channel-handle=2476 /prefetch:8
C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe
"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\90.0.818.66\msedgewebview2.exe" --type=renderer --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc" --field-trial-handle=1820,744227852048006322,8900135957627271093,131072 --enable-features=ForwardMemoryPressureEventsToGpuProcess,UseSwapChainsInSoftware --disable-features=FilterAdsOnAbusiveSites,SpareRendererForSitePerProcess,WebPayments,msApplicationGuard,msAutomaticTabFreeze,msBrowserSettingsSupported,msEdgeFaviconService,msEdgeLinkDoctor,msEdgeMGPFrev1,msEdgeOnRampFRE,msEdgeOnRampImport,msEdgeReadingView,msEdgeSettingsImport,msEdgeSettingsImportV2,msEdgeShoppingUI,msEdgeTranslate,msEdgeUseCaptivePortalService,msImplicitSignin,msPasswordBreachDetection,msPdfOOUI,msReadAloud,msRevokeExtensions,msSendClientDataHeader,msSendClientDataHeaderToEdgeServices,msSmartScreenProtection,msSyncEdgeCollections,msUseLabelingService,msWebAssistHistorySearch,msWebOOUI --lang=en-US --noerrdialogs --user-data-dir="C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView" --webview-exe-name="H2M Launcher.exe" --webview-exe-version=0.12.0 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=2 --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2968 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff905eacc40,0x7ff905eacc4c,0x7ff905eacc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1808,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1804 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2004 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2188,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2204 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3212 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3268,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3260 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2232,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4424 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4736,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4788 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4932,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4916 /prefetch:8
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff705bb4698,0x7ff705bb46a4,0x7ff705bb46b0
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4792,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4644 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5048,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3788 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3512,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3444 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4392,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3288 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4344,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3244 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4504,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4516 /prefetch:1
C:\Windows\system32\cmd.exe
"cmd" /c start "" "https://github.com/h2m-mod/h2m-launcher"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/h2m-mod/h2m-launcher
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff904563cb8,0x7ff904563cc8,0x7ff904563cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,2214166230832918750,4880455508081751041,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1784 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,2214166230832918750,4880455508081751041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,2214166230832918750,4880455508081751041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2620 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,2214166230832918750,4880455508081751041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3640 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,2214166230832918750,4880455508081751041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5232,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5156,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5416 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=3376,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5572 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5252,i,15502392930520415229,9258835236314294230,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4592 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 34.120.195.249:443 | o1007591.ingest.us.sentry.io | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 8.8.8.8:53 | avatars.githubusercontent.com | udp |
| US | 8.8.8.8:53 | github.githubassets.com | udp |
| US | 185.199.108.133:443 | avatars.githubusercontent.com | tcp |
| US | 8.8.8.8:53 | github-cloud.s3.amazonaws.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 8.8.8.8:53 | user-images.githubusercontent.com | udp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 20.26.156.210:443 | api.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 140.82.113.22:443 | collector.github.com | tcp |
| US | 34.120.195.249:443 | o1007591.ingest.us.sentry.io | tcp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.28.10:443 | tse1.mm.bing.net | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 172.217.20.196:443 | www.google.com | tcp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | udp |
| FR | 142.250.178.142:443 | clients2.google.com | tcp |
| US | 8.8.8.8:53 | 142.178.250.142.in-addr.arpa | udp |
| FR | 172.217.20.196:443 | www.google.com | udp |
| FR | 216.58.213.74:443 | content-autofill.googleapis.com | tcp |
| US | 8.8.8.8:53 | 67.179.250.142.in-addr.arpa | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| US | 142.250.69.3:443 | beacons.gcp.gvt2.com | tcp |
| FR | 216.58.213.74:443 | content-autofill.googleapis.com | tcp |
| IE | 20.223.54.233:443 | links.duckduckgo.com | tcp |
| FR | 216.58.213.74:443 | content-autofill.googleapis.com | udp |
| IE | 52.142.124.215:443 | improving.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| IE | 52.142.125.222:443 | external-content.duckduckgo.com | tcp |
| GB | 95.100.245.229:443 | developer.microsoft.com | tcp |
| GB | 95.100.245.229:443 | developer.microsoft.com | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| GB | 95.100.245.144:443 | www.microsoft.com | tcp |
| FR | 216.58.213.74:443 | content-autofill.googleapis.com | tcp |
| US | 13.107.246.64:443 | wcpstatic.microsoft.com | tcp |
| US | 8.8.8.8:53 | github.com | udp |
| GB | 20.26.156.215:443 | github.com | tcp |
| GB | 20.26.156.215:443 | github.com | tcp |
| US | 185.199.110.154:443 | github.githubassets.com | tcp |
| US | 185.199.108.133:443 | user-images.githubusercontent.com | tcp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 152.199.21.175:443 | msedge.sf.dl.delivery.mp.microsoft.com | tcp |
| US | 8.8.8.8:53 | 92.16.208.104.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\MSIB40E.tmp
| MD5 | 4fdd16752561cf585fed1506914d73e0 |
| SHA1 | f00023b9ae3c8ce5b7bb92f25011eaebe6f9d424 |
| SHA256 | aecd2d2fe766f6d439acc2bbf1346930ecc535012cf5ad7b3273d2875237b7e7 |
| SHA512 | 3695e7eb1e35ec959243a91ab5b4454eb59aeef0f2699aa5de8e03de8fbb89f756a89130526da5c08815408cb700284a17936522ad2cad594c3e6e9d18a3f600 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H2M Launcher\H2M Launcher.lnk
| MD5 | f48d464ed6ab815dad5570b2ca4b8475 |
| SHA1 | 0570476028c44ad5cc81bd6669595d2bb6081f76 |
| SHA256 | 332f12570c30d9f4e52513c7fcaad1a911e909f07cedf34e20b58184173b731f |
| SHA512 | cd96b55818c6492138792c9d9f1a487d04c01f8dc1ab87db7dadb4da0cf85fd9b498d4d23d4c4ff25b3f782844f79b8dacffe0182711f93bd7b8b0d6f8533277 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\H2M Launcher\H2M Launcher.lnk~RFe57d6d8.TMP
| MD5 | 04126df2420adc044f66a41a3ffcde1a |
| SHA1 | 6ff60af92359ee40e3cba27beba7c0007cc0fdb3 |
| SHA256 | bb5cd19ee977b2931da77c4140f7fd1c8c48da52b64e211daff197eff3f94406 |
| SHA512 | b29129438c5dc142064fa1d4e2aa781f8bdb8661bdacae901c2d979050667621915265d2986712e4aa94573c8717d468e372d4a1adc0457b533311bb2685c336 |
C:\Program Files\H2M Launcher\H2M Launcher.exe
| MD5 | de148ba4e3c67336dbee582c1b68dd70 |
| SHA1 | a5e501224175765fcf1ba441b3512ebfc61589ec |
| SHA256 | 16504570dcda898c8aa2e01cde8f3f262a189b9b2c5594ef260c54786afc3cdb |
| SHA512 | b1055a829119bc84b400fdc13b158115f93d2acee1b5bdd653ee867f51097326021b85cdad0e311e89125edc3dbd82cc066d08e6f7c3fc33c30b5ab511f5da83 |
C:\Config.Msi\e57d4e5.rbs
| MD5 | dda3fa37b924dc6c8679a0540f6465bd |
| SHA1 | 06efbcc90f4536fa02b72e07a9aa7f6d9426215b |
| SHA256 | 53d6d4cbfa5bab9ceb9a9250c80bf13f75ff6b1be928b0f7001a9e21d97173cf |
| SHA512 | c294f2aff43005476ad19b988c7ba33847c56f0e7b1dc4e1afc8d571fc7a89fd0dca22b9eebd100bc8ab93da24af7a3036e8d993665dc04c43e8d2734d4659f2 |
C:\Windows\Installer\e57d4e4.msi
| MD5 | 8d970001c7e13b7e3cc4fd3a025a1770 |
| SHA1 | 38c1252823985eb212e2a8bfdaed2df2d555b67d |
| SHA256 | 6659e4a6a0327dfa5d2580ca37b3e628fb4adf9031c107e3209cad1d9b29e711 |
| SHA512 | cfcf12f9454cdca50ad9fa6f151f125cb4b74afff19d603429b7e773c1046d6fd72992fcaa01ff20c4d6088b5a19c7e44680a7354fb8205dec556471f2d4c486 |
C:\Users\Admin\AppData\Local\Temp\MSIE0BC.tmp
| MD5 | a3ae5d86ecf38db9427359ea37a5f646 |
| SHA1 | eb4cb5ff520717038adadcc5e1ef8f7c24b27a90 |
| SHA256 | c8d190d5be1efd2d52f72a72ae9dfa3940ab3faceb626405959349654fe18b74 |
| SHA512 | 96ecb3bc00848eeb2836e289ef7b7b2607d30790ffd1ae0e0acfc2e14f26a991c6e728b8dc67280426e478c70231f9e13f514e52c8ce7d956c1fad0e322d98e0 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Crashpad\throttle_store.dat
| MD5 | 9e4e94633b73f4a7680240a0ffd6cd2c |
| SHA1 | e68e02453ce22736169a56fdb59043d33668368f |
| SHA256 | 41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304 |
| SHA512 | 193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Crashpad\settings.dat
| MD5 | 5f78824f0d009e92d5a3c6524ad6bead |
| SHA1 | e43ee9e5a2e06a0c6541c349e489750a69a88914 |
| SHA256 | 8896f96fb08d559d804b3464daadf88f88cfb0b805458380f3cc6c581137f179 |
| SHA512 | f52039abf44a3577164d354609b6f241039cf158507b2b9910ec4984e4d3a5a80597f5ca423c5891c4a8ed2e80760f8e7a10fd925292c31747e866a0c814d4c7 |
memory/2732-66-0x00007FF925EE0000-0x00007FF925EE1000-memory.dmp
\??\pipe\LOCAL\crashpad_2128_AIWTBPZUBVWVKMDX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Site Characteristics Database\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Site Characteristics Database\000001.dbtmp
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Crashpad\settings.dat
| MD5 | f3c71323824d1cdd182b97aeef38a7e6 |
| SHA1 | 42cb29c8c4a8edf282bb68d3c5de88c5adf291ed |
| SHA256 | 7b825b4fc8645878debc0e828426caa47fac8ed469c53fa168523547d88815d8 |
| SHA512 | 26dbda3e1a84315434b20d3dad1ee809ad09b9adc31cf3ef2497e51b3168318bdc83888261de0ed6a9424fe364322622dde912750464dddffc11f1d7b786c04e |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\GPUCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\GPUCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\GPUCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\88658041-341a-4f0f-aaf8-c1d0fa2e68f4.tmp
| MD5 | 49a4c569f525c083e3cbe11f5c041118 |
| SHA1 | 66b36b1e609c28113e3233f3b194c34b1842f38e |
| SHA256 | 82c032e8fe6053227419c3b4bba3a5c2f076e73de9dde4f7aeb52dabc3580a71 |
| SHA512 | 5f1a03b1e45ec86b00df2c9e9840e1e3a14af6cecc7c793742ccf6e32bcb41a29ce44b07c7b97db2849d97a14cdc9e7381484c7b5bbde1d2b9360daba2a6cd52 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\GrShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 03a56f81ee69dd9727832df26709a1c9 |
| SHA1 | ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b |
| SHA256 | 65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53 |
| SHA512 | e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | d30a5618854b9da7bcfc03aeb0a594c4 |
| SHA1 | 7f37105d7e5b1ecb270726915956c2271116eab7 |
| SHA256 | 3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8 |
| SHA512 | efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 078ddb7112054f0eb6f08242f9170ceb |
| SHA1 | 3d3b0cf17b8778f953ce4fbcb790f64cf89ad5e4 |
| SHA256 | e1582edda65b5f1948f82e082c8cea731557e73937a8e291ac7a02648c3a98a6 |
| SHA512 | c80f7f4cd53cca848c7862e0cdca457087df4f34ab4a846581c8ced22973900553487cfd9f2b49466e6f0f15f6bfe5142e0588a9a5674679c688f2620737254e |
\??\Volume{626b4c0b-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{c9418c53-eaec-48fc-ac3b-52b924545e83}_OnDiskSnapshotProp
| MD5 | 0c6ce73439cd4f3ac3f953ee6b067583 |
| SHA1 | 006dfe7df9599648efc91dc7192c45d33605c03a |
| SHA256 | a58075699a6a65155a4252f92c5e98f1536cc8aa5295f723f66ff992afb50af3 |
| SHA512 | 011397e1b1ad5f704f41edfd168281cc467ed5ba5d5e3ad08dfde86e2362363e545e517e77350359e7ddd083996a4b5eed5c980c5a7962125c4058fa02494a72 |
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2
| MD5 | d625c483107700c72bf4420d4d8b6909 |
| SHA1 | 92fa95754006af27bd628f6eba093aee75a45c3a |
| SHA256 | b68bfce589df5e4fc9592ca056b11d61682cd244771d8fde58967a48336ac985 |
| SHA512 | 52f89c767e901f67a67bb29256b910585202d384550bffc4c950e1beafc1120c251e2a48bc22d24d7c4c107fc0340b001d7b75a582c91a730cc8c8b5672198b5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2b33118939956de6da35c9677045821d |
| SHA1 | 1a3568d226b850619b5c7c4e9182151966ca2f44 |
| SHA256 | f04e9bf63f57debd06cb55100a935d22907afad2bf8a7e05c0dd91b978efdc0f |
| SHA512 | 60585255e618267040bbda5751e614829c943f9e8e58e557ac2e62346e91199b6c6c84295ef7b5f20db97eb3f3efbb45f72c880d07f559cc50563f84a84ee9c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 6119c0db82ca4a1be2572e7b259cfca9 |
| SHA1 | 0529d857678a95e90c213cd12ff3a8022e5d8396 |
| SHA256 | ab566d0b982cd21f3aa3629ddb27aefccb98d872e9eb652f14838cc12e061cb6 |
| SHA512 | 0a920b5acae1426075aa87eacfda1d91767fdf137f89d0c1a550dbffedbd9fc7c7f16f3a321dc6fcd740b60570e104118f9479c288f3b8d245f46c9059205b9f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d4fead25d06c07a5c31baef5c8bdd469 |
| SHA1 | 22a0ca06fc92a7079d16db9d4bfde7802b22c773 |
| SHA256 | 2ef45ec61558afd46963ce502e2efac7a537eb137a23ae7e497c34eb98617cb0 |
| SHA512 | cc4713979cea84d7f91adc684fc3c287557649776ad280f419037d3df60edaac465612da7016067b38dafb06a3dec17a7236336e942a3aa86066420868313daa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 6e287ac179bf8bb706f1e0608a4687f9 |
| SHA1 | b04bac26aa1ae478cd1a6a4f9b0c88f812069bec |
| SHA256 | 71d1c04be2bafcfb05a979c598011c53aded92669381c7736324a35bb7d5dd49 |
| SHA512 | 037753fed9087ffd2fef9e293372935c2785b7c2a89c8dca01d672e2065a40c053cbdcfa6162f00e0e41b188ff98e8dc56669dba8a2a2250043b20c75e872523 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Last Version
| MD5 | b29bcf9cd0e55f93000b4bb265a9810b |
| SHA1 | e662b8c98bd5eced29495dbe2a8f1930e3f714b8 |
| SHA256 | f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4 |
| SHA512 | e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\ShaderCache\GPUCache\index
| MD5 | 66ac15ef25763f9142fbf738e5183c75 |
| SHA1 | 1f02245bc3ad0bb6de750efe764b574c32029616 |
| SHA256 | 9a1717602f33457d0044a6c67b5eaf9e15ece046b4684c328093a4cf848b25ff |
| SHA512 | d3410d1b4c0ac79812679cb7565aa32590bee149c4ac702297db6b6e3de24f4cda43b95b16c2ecd932d8b50c8f9372f70b513c765ccf765e9c2acadeed883312 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\History
| MD5 | 4e2922249bf476fb3067795f2fa5e794 |
| SHA1 | d2db6b2759d9e650ae031eb62247d457ccaa57d2 |
| SHA256 | c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1 |
| SHA512 | 8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Visited Links
| MD5 | b05b1bdd72c17de39fdb03beb3c9d9eb |
| SHA1 | e442c50ac1f5afc89568f04948a387771ba8e2cd |
| SHA256 | 41ea803481c0d5aa68d97a4afe1f96419d4086ff766f27aeec99506973db675d |
| SHA512 | 622599f32453ba55d0056ca707dcfb004ddec58374a9e2de6667b672486a7f5086b29ae671c07ad360ab928006ab8e8f210f9c7aec9a034388afe9810a05c93d |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Code Cache\js\index
| MD5 | 54cb446f628b2ea4a5bce5769910512e |
| SHA1 | c27ca848427fe87f5cf4d0e0e3cd57151b0d820d |
| SHA256 | fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d |
| SHA512 | 8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\c822e2a7-8572-4bc0-8fa6-453f0825dd61.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index
| MD5 | ddac544fcbacb34a8ad65f10b138d5b2 |
| SHA1 | 20bde6eab102263d4c3b9ff578300b21df2d39d2 |
| SHA256 | fb7235ada7ce37854778d3471a6192409d8997f4ad41ed9d1f0158e222d05b68 |
| SHA512 | adc91dbfb9f688afe1695d115b9f3ee73c1ee7150bcc21c62e728d924d94707f9d66974811a1c1a7a5b9450d6cf04e1db88d150f9a973cb890f28285141f6a15 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Sync Data\LevelDB\000003.log
| MD5 | 90881c9c26f29fca29815a08ba858544 |
| SHA1 | 06fee974987b91d82c2839a4bb12991fa99e1bdd |
| SHA256 | a2ca52e34b6138624ac2dd20349cde28482143b837db40a7f0fbda023077c26a |
| SHA512 | 15f7f8197b4fc46c4c5c2570fb1f6dd73cb125f9ee53dfa67f5a0d944543c5347bdab5cce95e91dd6c948c9023e23c7f9d76cff990e623178c92f8d49150a625 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Login Data
| MD5 | b608d407fc15adea97c26936bc6f03f6 |
| SHA1 | 953e7420801c76393902c0d6bb56148947e41571 |
| SHA256 | b281ce54125d4250a80f48fcc02a8eea53f2c35c3b726e2512c3d493da0013bf |
| SHA512 | cc96ddf4bf90d6aaa9d86803cb2aa30cd8e9b295aee1bd5544b88aeab63dc60bb1d4641e846c9771bab51aabbfbcd984c6d3ee83b96f5b65d09c0841d464b9e4 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Sync Data\LevelDB\LOG
| MD5 | 833dbea6aeda66ac6ebe4f8dcb6282d6 |
| SHA1 | 3d5e389c4ef4713d493f7af72d7c561b88a57336 |
| SHA256 | 850f9bcaf4562b2297ca36cf38dae74b9ee69b36a37f70aff06b08413567d628 |
| SHA512 | fa7c05ec76679f7e18cf557dbb83a1b2aad01f69fe2ead6e5310d060ade7d17170aad1d301273ca31858eb3cd1ed267738ec66c617bcfdd1a71c0cc8b847c97e |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Site Characteristics Database\000003.log
| MD5 | 148079685e25097536785f4536af014b |
| SHA1 | c5ff5b1b69487a9dd4d244d11bbafa91708c1a41 |
| SHA256 | f096bc366a931fba656bdcd77b24af15a5f29fc53281a727c79f82c608ecfab8 |
| SHA512 | c2556034ea51abfbc172eb62ff11f5ac45c317f84f39d4b9e3ddbd0190da6ef7fa03fe63631b97ab806430442974a07f8e81b5f7dc52d9f2fcdc669adca8d91f |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Local Storage\leveldb\LOG
| MD5 | 0ba148a442c6461b41678b86b94af545 |
| SHA1 | 3082a6cbaca23894694600643e3ef5f57cee18b8 |
| SHA256 | b2f6fe7bab91df5448734bdbef675167183c6e0ea50194fb7059949bcfdb28fe |
| SHA512 | a6d7ae551aae3176c13d417dbe35cceab723c9382d92943dab2d0a434e874d4be113ec7c1fb7a13bd3d4938021bbd862db47ed005cdd0fec91eff9d35a814cfa |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Preferences
| MD5 | 6ca755c683a3d97741beb55113495ce5 |
| SHA1 | 23e8e39da59d4ec9a24dc07e2a7a2032042117d4 |
| SHA256 | aeffcd0e81b95bbb48ad7099d9fa221697c5e4d5f9c3602a288192bd2cd6da4c |
| SHA512 | 9983848bca7a3424a84b05f12edf5df2a7b8943ec7ca7e589f649bc761a8527af3bec0a606eac798da15dd1ca107778d8a59a16dca3b8e43157bc52625714ec3 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Local State
| MD5 | f7513cfef44c23c70925c3eaa5bc452b |
| SHA1 | 534990c1c1c7b786c662d53f29cc41c841d911db |
| SHA256 | b805370c0a3c693efa36b7ed5e76d87624822a291687a32fbeee127217e8f1ac |
| SHA512 | 4c38d662033452e7e18bd8c4253f4d7750b4128338706f50ec724449cb570074d3d67a205947964594632900775b2d9d94bc09623b67c83004df5428386d77bd |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\GPUCache\index
| MD5 | 2b70161301f9df103f16583b79c103f3 |
| SHA1 | 8dd09154c2e69b87d9e86876a2f832a2855fb026 |
| SHA256 | 713d62999888acce3d17231d654ff500b6d342c6e9af8a9772da741ea91ccdac |
| SHA512 | ee3abb13466cd8cdb170f0b979b6667a5313dacadee886973f5c4e706924d77982051a12eb2695518a1478b0d4ca2fb911e2d949f60b4b4bc5f8b7a2a6c37ffb |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\load_statistics.db
| MD5 | 144dfaaa82df72858197f4ef7ddd34f2 |
| SHA1 | e6bbbc5593c1d782e2d23c6ba6a5f5468e7548fa |
| SHA256 | fe2844d9713e3f49ff6e5c6d5e9f3b7af671fe9165cafe01ebbaf61bb1ae84b9 |
| SHA512 | 5a53b1dfd4729dd2cf7c5fb45b4b15e3b1729c7c7dca1a029b39964a6e0f9435bde61ba5c8e7b859254798fa135264c9814533409e5980159e52cdca2b1a5793 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Top Sites
| MD5 | 325ddf165383376a8e530a8288a9fb73 |
| SHA1 | f451204bb6f3de9de42f27bd887576b083026e87 |
| SHA256 | 53eb4fcb3cbcaacd4d94036c9379715990f86185b8ef7fd18cb27665193da6c8 |
| SHA512 | edb9c49956741560f40df102b81c3b558b1ae9ce902040f89cecb2fbbf60277dcb73f68d8b7c60340a92c46915828b7a204420292d0a4906ac0e9082943ad528 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Network Persistent State
| MD5 | 4df4574bfbb7e0b0bc56c2c9b12b6c47 |
| SHA1 | 81efcbd3e3da8221444a21f45305af6fa4b71907 |
| SHA256 | e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377 |
| SHA512 | 78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Site Characteristics Database\LOG
| MD5 | f4e19f6650302661a33be0074099182c |
| SHA1 | ece8a56dae58d69d501defbee035d316c7fc1d57 |
| SHA256 | cf9047b39b7f37fb4c068542f91e5102449dc961e18c67030a8b2dc06ec5ded8 |
| SHA512 | 71b7e173dd741b949a7c6457cbfb901a1858439a52a1ff7d306aebdc61225d5f11ccffb37ffa6408ed0c2466463bce7fe9478eee69b596ce354774b5d8c0725a |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Media History
| MD5 | cf7ac318453f6b64b6dc186489ff4593 |
| SHA1 | b405c8e0737be8e16a08556757dc817bd02af025 |
| SHA256 | 634434e865f1ba1b90039bd5afd8f01bad6d278377106022ea2a9c2d8778d31a |
| SHA512 | b64e484d16222d8de31f53cd60b719b7d855bbc552a7d052e202382bc3013e0edaceb31e3a287f2ea6b7117ccfdb8a56ea9d7da78535d2c606183072ecd084e4 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Web Data
| MD5 | 12aff5c24b1e165da94cc9ddef6d752a |
| SHA1 | 345a57b067d6c7561b149b6a7de1d0cf53e42cc9 |
| SHA256 | b49ee954c97289b707fcaed55266f7c49720d1c24f4a8872038384155081aabf |
| SHA512 | fd584f3d7e3a5603ff2699e1b4930d6594b0ea09c0a194b7329f44d3d4d2e1e985a42ab512afc1b6a0f35412ef839d35f27fab1f6506e871d74c648c3adb0ae6 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Favicons
| MD5 | 5688ce73407154729a65e71e4123ab21 |
| SHA1 | 9a2bb4125d44f996af3ed51a71ee6f8ecd296bd7 |
| SHA256 | be1b822e970dfe1a120d248db7000eaf799bd6531929a1308676c70fe1608d60 |
| SHA512 | eb6452b23ea36c39d03ead154185616c13583f12f382cb2456beeb1ba6e5febdfd2a6f1064283cf115ad1c517dbf409777cdacb128e00c9d3f401335db355537 |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Secure Preferences
| MD5 | b0f60668d736073a3c505649350836b8 |
| SHA1 | f651829c4bb8397ff5bf5a4a1ce3040011aacd4e |
| SHA256 | 4bdf60dc0b77c0ed78675ef8d6ce510ab0db58dc105790f8800cda10b309c298 |
| SHA512 | 2c6077217254850aa7fec3a685bfcc4b47fcdc97c21754c2565605475313243a9af7251f92c39a447c3eaeab3559200c11c5245d4fd0f0de1adc47fccee14fdf |
C:\Users\Admin\AppData\Local\app.h2m.lierrmm\EBWebView\Default\Preferences
| MD5 | 1bd4373270281a3bad32aee49846e448 |
| SHA1 | 128925e9135160491c89ae53a3bde3c182448070 |
| SHA256 | 33dc37dbba0e0d198965ed4a9481b4a6b03dccc26011d0c011d53777a1db85a7 |
| SHA512 | d1ab21d7251fe671cf28b7c6217d30c8eb837822c2d89239e218f7550c8761480bf886c9ff18889ad934965a542ce120a825e499d1a591a5997dd5ec31705d16 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState
| MD5 | 5af3415cb944fcd5816c32f7be278cc8 |
| SHA1 | 4cd9a1aef2940c2bd5095f2048e2c81510eb704f |
| SHA256 | aa3610ac1b014f7dea688d81dc7a2c97a76e889ca48a381f0ad9a6a494f7e9a3 |
| SHA512 | b974cf728898e91d6e4dedccdd96a449ffdec70026bce5e474ab9fb5c0c49f911809d5d5fc07d1a650971934bedd682f1a84c17f677265906849f084c95b7082 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c1efc35fabebe1ec4120714b2ccd1fd5 |
| SHA1 | 8888a8bb5cd5eacad6290856f4e608949b582756 |
| SHA256 | d70deff6ff14182448a678b6e26a05451c85793e131a881e49e3214286628c49 |
| SHA512 | 40449883f835268e72e59ef44549ae23e201a7bc05c26d11c9816a7308cc4423402f488c33b09e2e8c6b9c1dccca22d05ea5c4c7ff8fb09dc00d1843ef6f167b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9cdcb249d9aa2d9f92b408b7f4574b25 |
| SHA1 | b9fa08a5ded721395c77ab55c6bce82a3aab2801 |
| SHA256 | 15cfd9dd7bd3ee6aafd5bbff764edeede68cc2ddc1b8a120fec3f936d85d14be |
| SHA512 | a70879152fae1f9e7d3f2c0ad3a6949a72610d9faf432654b2eed187ea7cbc790744b68a99861dd1735336cbfd86beb63d6ca4530619fbc58499d8cbe9f053f2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001
| MD5 | 3e552d017d45f8fd93b94cfc86f842f2 |
| SHA1 | dbeebe83854328e2575ff67259e3fb6704b17a47 |
| SHA256 | 27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6 |
| SHA512 | e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 31dbc35240fc4280a5af0b312d71f02e |
| SHA1 | e9fc8bdcfe432bea5142cd9e46a6717a1da981c6 |
| SHA256 | f5635cb6125818f702614e45616f8982b5eb76d5cb1c6e7b870435b98446732f |
| SHA512 | 1b05756b8804c7dda73a8a8a489395b99d0aef56257ed39bbc1948d05a422d972d43d3af021531f4e21380c251f016a44261946bd96aa39cfb930854557a4284 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | ee4000229793b85d0161a6a23875eb43 |
| SHA1 | 7214d3adf5d513bcf06dc30ebc56c6547cf91f65 |
| SHA256 | 8e71d0da5caec49858d986bf9b9dc06b963182f7beea738e1e5f522eb18168b7 |
| SHA512 | d0924c691d91ecf83c8615c891eb71f7fd303f0be0897f99eeddd0f8e80378a16c8cc3cb2dc732f2c05db73a052bdf8afde072961ca18c4a2826d01372ed86a0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | df02f0ef40f1407ee4c5ef0ff161b749 |
| SHA1 | 5b3176bb6d5fe158514a16d8baf1d5c3b81fe4ad |
| SHA256 | c9e87b393bf54d82b306a410795b08cfe9ae2aaaa298b78834f8df71d60ba76b |
| SHA512 | 6aa763081200e01bd1201eb0fbb86874a3831a142cb90967e31ba33d464356dcda9ad403847a3534623682d458bf2d4d02085c3ec3f2253976eb01151b598b03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4546589f-debd-481f-a2d7-7e790ae7ed1e.tmp
| MD5 | 2390450ecf7693b0f774f87ce89afb8c |
| SHA1 | 4968d5cee156d624c33bf6af3d1657793ae17c3f |
| SHA256 | 255a3b45548c203ce289ea5a67052ce235eb9d42bfdab87b2fbc7db7f2e545e7 |
| SHA512 | f3ea910d152dcfdc6c02024f675efc7588d839ecf3ab9c07058ab32e16fab286595d8a3d7fc9aa9bc2a4313fac1d0194de267893658792ee47cd48e3e4ac95dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | a77c26ee8d1925ee02d626a495b7d603 |
| SHA1 | 8276daaa2b6d62efb149fb44934f6fccaf37a3f2 |
| SHA256 | fae115db74a473b77c6cd0f4646c1ddf28f6a244d020dce71257f474da7fbf33 |
| SHA512 | b244ae6028d31813e214aa8a5ee3a6eec477351cd58a6ee2120f5d39dca1aaaeb18b841870a07d0f05afd7bfe2c3b282b239682cad60ae8b0c2dae2b9e0a8e8a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 1b8f5634afae5d597642403787c0e475 |
| SHA1 | 37a541cdffd232e953048a1b3eec33a131e6591d |
| SHA256 | fac723f9eb692d49a9b46e2f00e04a04d68e6dc15259cd85a32f626415c958e6 |
| SHA512 | dcf047be5f5e655453a482292fe3d5ecb338afff97043053bc0387011e79f047eeb3e6b41a2a9fbcd4b4323d3fe369d09757463a4cb82ae2521f2eae18e49785 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 74ec5c155f514c9f41e1ba116efe97e8 |
| SHA1 | 4b688a03a276e32100eaa6c5e18d86457a54a032 |
| SHA256 | b1a9327244e3e3efd50bce36c5e52195c2e0e0c46a06e5468e1f53032f2f3982 |
| SHA512 | 56db200c34ad40e5fad9dad427da503a244ed6c910de0630667df7495916bbec74a8bac547d374caa123557ca5a3fe81d231db5e88b7e8ad07f9483c5ae929dc |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002
| MD5 | c594a826934b9505d591d0f7a7df80b7 |
| SHA1 | c04b8637e686f71f3fc46a29a86346ba9b04ae18 |
| SHA256 | e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610 |
| SHA512 | 04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b8cfa0c961511f4a279cd6c81dec5524 |
| SHA1 | ee9f18289cd63bf8415ba9f7ace168956c3fd483 |
| SHA256 | d93fc908e91178fd9e827b7ec03a730c315228aa4fc80c0acadac8bd30a2ee21 |
| SHA512 | aa78a80b3b20ce6a0f4d46f03c59e6a0b3eecccdb1182fc2f4f7eaa4e7b4984a6c7c06723ac43ba3fc0515f211c1bb83351742981668425b90e8498e83bbc434 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 75d01d0680385dccc55840e9b4425766 |
| SHA1 | dae6b2cd4c4438d8f723f7f15f20a907098312eb |
| SHA256 | 2e587ffd3800574e8cd8f4258cc8d5ed05dac783b4aba26a4dd26a9a61f5f787 |
| SHA512 | ba3cdd7b652bd681e1abbbf4c456e7d8b895ef4d61d76328472e9e40db131a6657621d114c448fa65306610d7f89d043bdb173ec3834fd95d7b959898a7cedfe |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2ae6ddf6d7d6bce3a47310ce7b8005b3 |
| SHA1 | 79705a81f50034e3720ed61fc2685522b833ef92 |
| SHA256 | 095e9aea8629c2d25b99f614d5c195e0f00fecaccc23dc18889a2dea66ec6842 |
| SHA512 | 565b29b7e320be43213e1a463a2c3426695a73064cd51a310a43ab91896010a2592d38a71e76d0c79fd4875750820fcd6dca2ffcb1bfeecb98660606d29b615b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | f265764e1588c8cfc50677f8f6200599 |
| SHA1 | 1068a82f0e70aab9cbbd5a4339fbca6840c1cb9b |
| SHA256 | fa11b8061b8ebb43dc912e4721bafd466ac9ea778b10220cb05b1b6d448ddea0 |
| SHA512 | 2028173bf8be5bb8454fdc7e9aaae96f8f95c1918438608130cfac8746f0f4b26bdd120b62ab0f4d9d43e41d965d9a446ca811eec2169b4992fccd86e433ce39 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | b68d7c744d3a1b41f3fd68360aa111f6 |
| SHA1 | 31b9fdbdf5cb3987118af32f5d865cfc54c1d42c |
| SHA256 | d1338edbe6b141cea1fee54faf62dac89340d86b00d6e4ba95d0cbfc4a86f6bf |
| SHA512 | 46962e893408bcbd110784716845aa1b6f4870624d98c529068bce9b52268df70ea6fd376bcedfa25074a540d6985880132d140ed8571fd06e0d6da673dd173a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d20b4e2563f3e9f1bb634e01bb992577 |
| SHA1 | 4fb29132261aff56aaaaf5d4a8927bac96f74f7b |
| SHA256 | 4a5a01aa8333106283d45961e8db8447adab5b70703c7348a9c9f9923e428b9c |
| SHA512 | 61cc527e2942adfe88015ecceeb8b0816e19df84657a3f08d1aa6ab5e4a1b2bc0d0281cc39f8dadb4af0362b21aa4d9e25049f52282b3ef01f9fff0b74713ff7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | d719f2d140934d74a982e93002184f4f |
| SHA1 | 8baebfdfdbafa8aa8103937d185a64808b5b3867 |
| SHA256 | c5139461ccce72dc31dfa67902b08f58b4340e5cfc9bc7c7a701c689aad64d74 |
| SHA512 | f160b3ddcc71dadf47bdbbcc26f81d64364d79bffce2349cc27b64be70191788fc42d6a7c52ef1a72994d5cc42be7eb9f5d15ac99423cbb424d954b097323969 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ba843cf14376301559574995dac265ec |
| SHA1 | 75d36bca00301c8ea88e09dcc77fb46a027289b4 |
| SHA256 | 767fc4b68f13fe2ee6633447e3db60370624dc6c707dd50662ace581b83aee6b |
| SHA512 | b3f4c69487c8708da0383922047946537ab51990ee7933805ae4b602c97be7d49546dfb7c837d6d8a966139300e03e67aef62f3548aff3a0515ffc5a468eec03 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6247ffb8ebc3e58b62ac185d36d5fd3e |
| SHA1 | 7c61ffb9afed4246b772a914c05eefcaf8d35e09 |
| SHA256 | 127128faf38586e62772e2a962cfa1524d119a4d1849720a70bd73711f3aeee6 |
| SHA512 | 6086dda47feb592ae9d1af56788853728b1339655ac5b68d0de2a85a2467a7bd24ab88df086b9c12ac9029769e557023cc6d51665a46f6a3c39274ae30ceeb42 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | a64f2301dd68655be66eb9f27f9fce3f |
| SHA1 | de46d57bb81f401ce180d3f3ca43aa3118af4a77 |
| SHA256 | 033d8a27e6d7599ebf776375bfa79db54ff8b2cb102e64a9b8449a66d1a1b78e |
| SHA512 | e7cfd1c8d25c9529cd170b8fe5e95201c9da33875f706f02b010aae46f9b2122466969e1135899ca7bfbde9cc10be8d558560730982990c8b58d9919e43366bc |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 9cd83dce9bd4e1b5d4c3d04ae5d52ce6 |
| SHA1 | 9c7829eb231203c692817f250e8d3825f3d06d92 |
| SHA256 | 88658e43fd0a4f79a19995cd253debfa7befbbf3004775a59db3500540d0ed42 |
| SHA512 | 9e781bb348b45d4ee526c25a99b92ee4b6b41895d64223e15195c7ced0ecb7f6437831017958e7a5a424ba9ed8cb9a17f1c86544946dc818625fbc6316cb7dba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 13d455d7cfc182fe3893d72fa983d735 |
| SHA1 | 4f35c7834c54787129637a26248e7f3afa4beb39 |
| SHA256 | 86cf33b3d3f38c2efee7b0de0b59c9209ea42969098d5f2cd021aea040b9e5e2 |
| SHA512 | 8611481ff32e7d94caa4e2e25b158611ea18ba74d1c72538d3e83f9e4ec399dce3c3e7f0165a996672d47224d494bf3add46bb3154cfb3dee2241cf9410b0cc4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | c8fb4776fad89ddb0a351c447c3c4f03 |
| SHA1 | 6ea9c1137d40083f18a53d308f656d3865c86c3c |
| SHA256 | 50cc6052a6fe70fd522353bdc71520ac9dd85fb90a06a47a6425c010dd39ad3d |
| SHA512 | 8e99a23ebd8f169145abf55e31ab195759f98e7b09a88278bc64b1be457c6449173d69eafed67af164a848c6ab80a4d246f1e6b0c0ac29a78c54ba4b7ac43199 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2256f8fdd085065c19dbd63c5a18e3b2 |
| SHA1 | 2ae0eb3e2dc8d556bcdf38bfd0a2cf438a4bce8e |
| SHA256 | cf148320ea1c31d28686ffccbc47586cab10863ffb6ec80ca619ed8eb5ece91a |
| SHA512 | ee5470c958929422c8bc8f7ec4846b0625ff927a612ffd7e72153b3aafe2d46260316ea48930ce969645a1a4439aaf892ba7605a0f5f1049450df567143b41d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | c65c75dfe7042fa84f2752bfa4354388 |
| SHA1 | 2c2806a45427f943773f6a7e0f6a3d53beceb3c0 |
| SHA256 | edc5f32605924984a5a1471353a87a620133edfe12ec9b199355fa33dc64934a |
| SHA512 | e2d3bda07b1abc40a6a93738e43eae464b721c81a4dc00e6e5134b6b78d7ae223355e07a45a0d20680583afeec8306c9e455e8b7b4affa79a3c7d0b861762648 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 87cfe30e19744124c82fbc1e894cd40c |
| SHA1 | 20b010dad71c954a3d7f6f4124ab3deb8be96a88 |
| SHA256 | ad15d63cf4a872f098d2085b17825a067555ad8d2f4b572a95f0f56c8ed9d198 |
| SHA512 | c1c663cccb497559f3085f478dc20bda68a8b50da2cbb206a8155eb41c052c53b0d3c69051bae3982b44674874f3f9a1ed5d244c51720259eff4a307bb7144e8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
| MD5 | c70d62963c1b090bc02201eea9947052 |
| SHA1 | 212d27c2965c05498da055ff4b1f50a0009dd8da |
| SHA256 | 62b785e562c120c009e386a4f45ba51049823c9a831b68343bc79e8eb04a3034 |
| SHA512 | c6168f8dd6ef3f06e70339c720dcd2e694d2235c4138f3a5f123aaa22ce5e2ad9527f732d6933e4c134ed757f60493a828ac05e7ff40b0e962ad3dbae711aac1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 56f1065e6327ae6c0ca020cf09ed7577 |
| SHA1 | ecc0dcaa591a6deaf3448e04c4b20ae8e49d9da1 |
| SHA256 | d97644abc062d6644626b96e4291c40bcb34561283d9d828795d6d64462dd1ac |
| SHA512 | 3ca85ca41d51ba8b45fdf9d039b7fa539dfe805e624b78d23e83fc204ca47eb003e47157bffcd45bd247c9443eeaad1bf7649e9038012703dccf05207a91d632 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | af6250bc3a2bdd630e8319cc2f40c6e5 |
| SHA1 | a1f35912e8e45d46b116bf46249af28058591ca3 |
| SHA256 | 7a2355f9ea64748d5b8416f815aaabb907c833b2435fe9daf8d532753a3bde88 |
| SHA512 | 9e3fffa8ad36712aa510566528fb4c7c276e97632c14f7e6080b43eb5c1d11d490915e356f326d3dc08be07ae84423c38c43091d716ae71745f0ec3a6bd797be |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 510aad700b071236c9ea8dab35bf55d5 |
| SHA1 | 7de7a9fa9074c044d42c09afcde05f602bf9a88c |
| SHA256 | cec88f78c77852ec3d5b3f613d5a372494e19792d6a4d4ba118e2da99c575352 |
| SHA512 | 3d30107fec59cf40d335a471d8f2179fb932841308c0603ccc914ad8c12c2f7bda5029eeb99422974d26b708846d8a75ddc3105b3f3545922312b6a9dfcf35c4 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock
| MD5 | f49655f856acb8884cc0ace29216f511 |
| SHA1 | cb0f1f87ec0455ec349aaa950c600475ac7b7b6b |
| SHA256 | 7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba |
| SHA512 | 599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8 |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx
| MD5 | b5ad5caaaee00cb8cf445427975ae66c |
| SHA1 | dcde6527290a326e048f9c3a85280d3fa71e1e22 |
| SHA256 | b6409b9d55ce242ff022f7a2d86ae8eff873daabf3a0506031712b8baa6197b8 |
| SHA512 | 92f7fbbcbbea769b1af6dd7e75577be3eb8bb4a4a6f8a9288d6da4014e1ea309ee649a7b089be09ba27866e175ab6f6a912413256d7e13eaf60f6f30e492ce7f |
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val
| MD5 | d222b77a61527f2c177b0869e7babc24 |
| SHA1 | 3f23acb984307a4aeba41ebbb70439c97ad1f268 |
| SHA256 | 80dc3ffa698e4ff2e916f97983b5eae79470203e91cb684c5ccd4ff1a465d747 |
| SHA512 | d17d836ea77aeaff4cd01f9c7523345167a4a6bc62528aac74acde12679f48079d75d159e9cea2e614da50e83c2dcd92c374c899ea6c4fe8e5513d9bf06c01ff |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 6f5f010c8f3d046984c85bbd77069aab |
| SHA1 | 292b202fc25ac4c73fe8a437406c4809c056b2dd |
| SHA256 | 3ec48a653bd9d2e0be66d440cd6bd1f03504894197766e9a6b207ee75f08e8ff |
| SHA512 | bf3c452da4c058eebabc23ccb7506229dcbde3bfe71d6de6848317118d5d8d7cb1e35b5e3efa5f54b4246443388c48109d8b07490c314e84bb4521edb74529f7 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | ec4c00bbef04be8be1d9d368f7edd492 |
| SHA1 | 8ffbe65d2f976deb450669943e65dd2c1fc27111 |
| SHA256 | cca628b53bfbafa894297a0e567c9f847efb0556a4a4e7ee6812765bbe44d3f3 |
| SHA512 | 2f12340ee8ef62a08a72e6be4c9f5a074f986510a76d0108ac6703e84afe153b97e0c63c719346e6c1126f744623c21bd8e6512fc31a3b614699a48ad6cb93ee |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0cdffad8d4dd955adf70a53f202fc564 |
| SHA1 | 75af6a3a1611ffc51c87e02a74c1281041f7f99c |
| SHA256 | 4f425a954b4d9c14ff04ad631cc682954722a63aee484852279a850d252c7514 |
| SHA512 | d167eb364ca1256528c9843f5de96a4c4b7a30ba2c574b4f3c6a96773eaf2fd37da18259365b65dcd18e72e7b30409f8974aad4c0631904a2c2e844c62304439 |