umbral | 9ff459396b1f4de8dbca8a866ff3b9e4a46c48a9dc1071812a256fe21349caf9

Analysis

max time kernel
1049s
max time network
1049s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
02-11-2024 04:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Big clean script.exe
Size

230KB
MD5

b23d20593d9176d95302568243f60052
SHA1

fef1aa01b7a41a8255d71309c7c5badf48a7a907
SHA256

9ff459396b1f4de8dbca8a866ff3b9e4a46c48a9dc1071812a256fe21349caf9
SHA512

13a9f86ca7b7df87b4174875fb3d7a7552986a6484297c841037b054d3bf01eab724f3b080f9f1984cc58912e0a50953f5d1e2355dca1cc5366eca4870400d3e
SSDEEP

6144:lloZM+rIkd8g+EtXHkv/iD4M8RobhS6FDAxDeebSzb8e1muQTSi:noZtL+EP8M8RobhS6FDAxDeebIHQz

Score

10^/10

umbral discovery stealer

Malware Config

Signatures

Detect Umbral payload 2 IoCs

resource	yara_rule
behavioral2/memory/452-1-0x000001C76C530000-0x000001C76C570000-memory.dmp	family_umbral
behavioral2/files/0x0007000000023e11-1985.dat	family_umbral

Umbral
Umbral stealer is an opensource moduler stealer written in C#.
stealer umbral
Umbral family
umbral
Downloads MZ/PE file

Executes dropped EXE 27 IoCs

pid	Process
1176	Big clean script.exe
5944	Big clean script.exe
392	Big clean script.exe
3240	Big clean script.exe
3348	Big clean script.exe
3976	Big clean script.exe
1988	Big clean script.exe
4152	Big clean script.exe
5800	Big clean script.exe
6220	Big clean script.exe
3424	Big clean script.exe
2204	Big clean script.exe
5112	Big clean script (1).exe
4540	Big clean script (1).exe
2140	Big clean script (1).exe
3416	Big clean script (1).exe
6556	Big clean script (1).exe
6076	Big clean script (1).exe
6548	Big clean script (1).exe
4512	Big clean script (1).exe
5968	Big clean script (1).exe
7160	Big clean script (1).exe
2332	Big clean script (1).exe
2140	Big clean script (1).exe
4424	Big clean script (1).exe
992	Big clean script (1).exe
5808	Big clean script.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
45	discord.com
48	discord.com

Looks up external IP address via web service 3 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
7	ip-api.com
435	ip-api.com
569	ip-api.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks SCSI registry key(s) 3 TTPs 4 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133749944065640487"	chrome.exe

Modifies registry class 58 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings	firefox.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:FMTID = "{B725F130-47EF-101A-A5F1-02608C9EEBAC}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 14002e8005398e082303024b98265d99428e115f0000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3350944739-639801879-157714471-1000\{D8AA482A-5D90-4BD5-9658-05454EFD9A3D}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = ffffffff	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\SniffedFolderType = "Downloads"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\NodeSlot = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "2"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1092616193"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000fa6392e59718db010ac0cee7a218db011f59c24bdc2cdb0114000000	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 200381.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 26 IoCs

pid	Process
4840	msedge.exe
4840	msedge.exe
1884	msedge.exe
1884	msedge.exe
2796	identity_helper.exe
2796	identity_helper.exe
1240	msedge.exe
1240	msedge.exe
5892	msedge.exe
5892	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4636	msedge.exe
4024	msedge.exe
4024	msedge.exe
3048	msedge.exe
3048	msedge.exe
4164	chrome.exe
4164	chrome.exe
6344	chrome.exe
6344	chrome.exe
6344	chrome.exe
6344	chrome.exe
4584	msedge.exe
4584	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5892	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 55 IoCs

pid	Process
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	452	Big clean script.exe
Token: SeIncreaseQuotaPrivilege	3604	wmic.exe
Token: SeSecurityPrivilege	3604	wmic.exe
Token: SeTakeOwnershipPrivilege	3604	wmic.exe
Token: SeLoadDriverPrivilege	3604	wmic.exe
Token: SeSystemProfilePrivilege	3604	wmic.exe
Token: SeSystemtimePrivilege	3604	wmic.exe
Token: SeProfSingleProcessPrivilege	3604	wmic.exe
Token: SeIncBasePriorityPrivilege	3604	wmic.exe
Token: SeCreatePagefilePrivilege	3604	wmic.exe
Token: SeBackupPrivilege	3604	wmic.exe
Token: SeRestorePrivilege	3604	wmic.exe
Token: SeShutdownPrivilege	3604	wmic.exe
Token: SeDebugPrivilege	3604	wmic.exe
Token: SeSystemEnvironmentPrivilege	3604	wmic.exe
Token: SeRemoteShutdownPrivilege	3604	wmic.exe
Token: SeUndockPrivilege	3604	wmic.exe
Token: SeManageVolumePrivilege	3604	wmic.exe
Token: 33	3604	wmic.exe
Token: 34	3604	wmic.exe
Token: 35	3604	wmic.exe
Token: 36	3604	wmic.exe
Token: SeIncreaseQuotaPrivilege	3604	wmic.exe
Token: SeSecurityPrivilege	3604	wmic.exe
Token: SeTakeOwnershipPrivilege	3604	wmic.exe
Token: SeLoadDriverPrivilege	3604	wmic.exe
Token: SeSystemProfilePrivilege	3604	wmic.exe
Token: SeSystemtimePrivilege	3604	wmic.exe
Token: SeProfSingleProcessPrivilege	3604	wmic.exe
Token: SeIncBasePriorityPrivilege	3604	wmic.exe
Token: SeCreatePagefilePrivilege	3604	wmic.exe
Token: SeBackupPrivilege	3604	wmic.exe
Token: SeRestorePrivilege	3604	wmic.exe
Token: SeShutdownPrivilege	3604	wmic.exe
Token: SeDebugPrivilege	3604	wmic.exe
Token: SeSystemEnvironmentPrivilege	3604	wmic.exe
Token: SeRemoteShutdownPrivilege	3604	wmic.exe
Token: SeUndockPrivilege	3604	wmic.exe
Token: SeManageVolumePrivilege	3604	wmic.exe
Token: 33	3604	wmic.exe
Token: 34	3604	wmic.exe
Token: 35	3604	wmic.exe
Token: 36	3604	wmic.exe
Token: 33	3488	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3488	AUDIODG.EXE
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeDebugPrivilege	5472	firefox.exe
Token: SeDebugPrivilege	5472	firefox.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe
Token: SeCreatePagefilePrivilege	4164	chrome.exe
Token: SeShutdownPrivilege	4164	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
1884	msedge.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
4164	chrome.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe
5472	firefox.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5892	msedge.exe
5472	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 452 wrote to memory of 3604	452	Big clean script.exe	84
PID 452 wrote to memory of 3604	452	Big clean script.exe	84
PID 1884 wrote to memory of 784	1884	msedge.exe	102
PID 1884 wrote to memory of 784	1884	msedge.exe	102
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 908	1884	msedge.exe	103
PID 1884 wrote to memory of 4840	1884	msedge.exe	104
PID 1884 wrote to memory of 4840	1884	msedge.exe	104
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105
PID 1884 wrote to memory of 2440	1884	msedge.exe	105

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Big clean script.exe
"C:\Users\Admin\AppData\Local\Temp\Big clean script.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:452
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:3604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xd8,0x10c,0x7ffb80d146f8,0x7ffb80d14708,0x7ffb80d14718
  2⤵
  PID:784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3380 /prefetch:8
  2⤵
  PID:3464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4684 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of SetWindowsHookEx
  PID:5892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4716 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1168 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:2164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4684 /prefetch:1
  2⤵
  PID:5160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2068 /prefetch:1
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2056 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1872 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:6896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
  2⤵
  PID:6500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2624 /prefetch:1
  2⤵
  PID:7104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3188 /prefetch:8
  2⤵
  PID:5072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:4024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7328 /prefetch:8
  2⤵
  PID:6980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7436 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4584
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:1176
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5020
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:5944
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:7088
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:392
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:4956
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:3240
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:1420
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:3348
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:3976
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:3352
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:1988
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:6568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7380 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
  2⤵
  PID:6980
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:4152
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5092
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:5800
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:1420
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:6220
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:3424
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:6248
- C:\Users\Admin\Downloads\Big clean script.exe
  "C:\Users\Admin\Downloads\Big clean script.exe"
  2⤵
  - Executes dropped EXE
  PID:2204
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,9518821356279017817,13596674938502845841,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7764 /prefetch:8
  2⤵
  PID:5336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4036

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x32c 0x4cc
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault328eb39ahf52ch4a69hb229ha801f83c9f6d
1⤵
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb80d146f8,0x7ffb80d14708,0x7ffb80d14718
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1416,9496877643383681072,8713092868948554214,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1416,9496877643383681072,8713092868948554214,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
  2⤵
  PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultb51e0960h2b9ch4e0ehafbchaac29ebe5a7b
1⤵
PID:5504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb80d146f8,0x7ffb80d14708,0x7ffb80d14718
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,9296222884446974983,12667757340923250891,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,9296222884446974983,12667757340923250891,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4024

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault177c7f62h06c0h40b8h9a34hbee53506e60b
1⤵
PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb80d146f8,0x7ffb80d14708,0x7ffb80d14718
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1432,8645278908330400731,9493432900730359651,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:1712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1432,8645278908330400731,9493432900730359651,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault50b811c4h4dcch4fdfha7b7h45957edf1016
1⤵
PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb80d146f8,0x7ffb80d14708,0x7ffb80d14718
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,13308605888990813318,10895759270312936728,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
  2⤵
  PID:2580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,13308605888990813318,10895759270312936728,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  PID:5188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffb81a1cc40,0x7ffb81a1cc4c,0x7ffb81a1cc58
  2⤵
  PID:1872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  PID:5372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2480 /prefetch:8
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3080,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4620,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:2632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4828,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3972 /prefetch:8
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=240,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4444 /prefetch:1
  2⤵
  PID:3320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5360,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5376 /prefetch:8
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5452,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:5344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5052,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3492,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=4976,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4968,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4804 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=580,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5440,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
  2⤵
  PID:1684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=3432,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:6100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3456,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4064,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:2252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3096,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1524 /prefetch:8
  2⤵
  PID:3236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=4412,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=3500,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4600,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4952 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3976,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5712 /prefetch:8
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4736,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:5096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=4664,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3712 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5632,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:5804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=2280,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=4932,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:6428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=5624,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=5684,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4584 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=5892,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4512 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=5748,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:6720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6168,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  PID:2296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6152,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6360,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6384 /prefetch:8
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6200,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:6956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6224,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6680 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6868,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5828 /prefetch:8
  2⤵
  PID:4612
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:5112
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:752
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:4540
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:4512
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6508,i,9922921641645901375,9703275314184197945,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6364 /prefetch:1
  2⤵
  PID:5216
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:3416
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5400
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:6556
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:6208
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:6076
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5304
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:6548
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:4512
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:1988
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:5968
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:7160
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:6900
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:2332
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:5808
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:2140
- C:\Users\Admin\Downloads\Big clean script (1).exe
  "C:\Users\Admin\Downloads\Big clean script (1).exe"
  2⤵
  - Executes dropped EXE
  PID:4424
- - C:\Windows\System32\Wbem\wmic.exe
    "wmic.exe" csproduct get uuid
    3⤵
    PID:6920

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5892
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5472
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2016 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1924 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {072943ec-68c6-4c88-b1da-92d3b9e4a491} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" gpu
    3⤵
    PID:5012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2448 -parentBuildID 20240401114208 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b0a160be-eef7-4142-875c-6ed02b3464dd} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" socket
    3⤵
    PID:5580
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3084 -childID 1 -isForBrowser -prefsHandle 1664 -prefMapHandle 1472 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e100baf-7b25-4c2d-ba9a-b955825c47cf} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" tab
    3⤵
    PID:756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3708 -childID 2 -isForBrowser -prefsHandle 3668 -prefMapHandle 3688 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d9e900b-33fd-4a9a-a865-c9c66aacc8b4} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" tab
    3⤵
    PID:6136
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4900 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4700 -prefMapHandle 4808 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {019035f6-4719-4b4e-b99d-2dcd5833d00d} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" utility
    3⤵
    - Checks processor information in registry
    PID:6612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5372 -childID 3 -isForBrowser -prefsHandle 5384 -prefMapHandle 5380 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7a4fea80-3363-4ca4-8eff-2ccfc3a10cb0} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" tab
    3⤵
    PID:6332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5524 -childID 4 -isForBrowser -prefsHandle 5604 -prefMapHandle 5600 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f66e6a08-64bf-4736-86b2-1c744b155206} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" tab
    3⤵
    PID:6316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5756 -childID 5 -isForBrowser -prefsHandle 5496 -prefMapHandle 5500 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e99fe8a-01a1-408a-ba34-e352d4f6f1e8} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" tab
    3⤵
    PID:6356
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3640 -childID 6 -isForBrowser -prefsHandle 3528 -prefMapHandle 1624 -prefsLen 27919 -prefMapSize 244658 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f9a5208d-510c-47fb-9238-e7eaa5e058fb} 5472 "\\.\pipe\gecko-crash-server-pipe.5472" tab
    3⤵
    PID:6252

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4860

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6684

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:6836

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6328

C:\Users\Admin\Downloads\Big clean script (1).exe
"C:\Users\Admin\Downloads\Big clean script (1).exe"
1⤵
- Executes dropped EXE
PID:992
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:4776

C:\Users\Admin\Downloads\Big clean script.exe
"C:\Users\Admin\Downloads\Big clean script.exe"
1⤵
- Executes dropped EXE
PID:5808
- C:\Windows\System32\Wbem\wmic.exe
  "wmic.exe" csproduct get uuid
  2⤵
  PID:6872

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
43c6e8ec4478a97d085c172174284df0

SHA1
7efbfca7a9334ce1eb8ceb63ffea4777116df652

SHA256
c2d29823f744ad5d4e9c1686deefab7e6256167933f2e1069c750f6f2a8c05a5

SHA512
8b96381c96b1ff5b3b5dc59ca0b5181a606b38c2054ce3ea55f98a8dc1e62ef7a027c208b053a3b70d687f97129ebcfec10cd02b65435bd071de76f0b8a524db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
62KB

MD5
e5fc91cbce096df1d36191f9eedd3c64

SHA1
1a8076bf524b6d2b8a44c18fa8afb199a60dc1c9

SHA256
0e111dba5797ec182bf4af537a2c928ebd3957b99ed291610fbf322d6c2c9e19

SHA512
c9b064fbcb2df48dcf5bfa4387c164acb2bae075af013e6c39166dddc7e91ce993caaa0fdfac3ba1c3a12ca6c21577d99776fb1445f3009c7359b926a173f668

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
19KB

MD5
f05c6d94360e035588131e8b3c548e73

SHA1
04dd1d21d5f4eea8e7cb5c20ff2ba1c118eda89f

SHA256
e67596a7afcb0ead565313ea68c9799d005d3013fdeaa6e4823f4dd43b65076c

SHA512
49b7749b3d30b58acf152654b391521395e9295f42b80d945a003906f5924f0e4d906ac90052e0ed0c545cac9ae2201be5b59d07e8ebefd44db64fad887e4f1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
76KB

MD5
29d3f376a5538d0d755df86c19e51a74

SHA1
0ae832cea19ff604556313fcf128ad059629e31e

SHA256
a9964c712b4ec99e97fe12a88672bc843322261b52008dac9c2c336ef09fe48b

SHA512
5cc3f2fe66fc018eeddcf3d6098e764538b4d36d36bc305f68fc5e1d49f6ef9b0fc1db6bf1fd80be03e3789089464d2d15477a0903763085b5a47edb1240381d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000021

Filesize
70KB

MD5
cac01251b675a560c079d653f6bc3fba

SHA1
30c519432112f17eaae8de5c715343474377d20f

SHA256
990e033917177596696afb72318e37fe5d3b8b05b9de50e42d50fa60671f95d7

SHA512
c916a2bc60c1e3f0a89bc8a9d6a37b33f72c6938ee51c2e177821daccd5c59a1bbc994be50d4c6b4e15c6cf8352803b73f117c5cea3993754ff008a3c7e50bf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
93KB

MD5
31ba5456d5f0cbd5ae2c04020e702c0d

SHA1
8bedcc55d906ba08d359ce3fbce50f69cc99b16e

SHA256
5c05429392f2a1923c4340a3320b0af8e0e786171e3d4e6ca41ecd151b3e82a4

SHA512
0927ed39e0b026e7d0cfedfc4b2a60096e52582012f308f3691babf4f772d2bf584408d26c549a270dcc7d7e515006566608fe1fdf3e98ecb72ef14d8c78a745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
dcedc59bb55b94e900a7a70ecce811c0

SHA1
ec953c97bd117eaf9893c39e80002f0b355bde0c

SHA256
36594c44603d15ec72e80f9e9189ecb394ea3784451b22e320e6e49ee4c13c48

SHA512
343a3d42f2f52ab84ff9abd942972ee5f79b111f752910e531c435cd861786ee9362ec4fb1d56dc3f9a6fa24e4f756f6965dcb9c93383dff4f65e604aca72406

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
6671bf6fce407616f2015eebbe00fb6e

SHA1
c9f96ebfeac84e69aceb9d50d1767e30d080c347

SHA256
0a000bf81930b43dab47dc432649f2cc422d5858ecffeb3b9e8e23eca075cc71

SHA512
fc3ad56682eb4fb2ffd3c3fc4371366e79df06e42cbad272dd190f1584591ca2df7ff8d7bd3366607a9b7bcabef60d26893ed7e2f5cf5b21e7a07d6a5b803e81

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6fa08007bd0abe80340b758b15843244

SHA1
afb0380804f5ea25ae5371cc5caf854ee1ac873a

SHA256
7137a17391436ce66fb522d2eb3a77a15f7b6190370753a4cd46e326a6dfbcfd

SHA512
3ad223a51f4ab9af97d25b193624f9b134cfabc592f32f355b3cfcd8713b2ec335228b700fc98a5b5bcc95d8b541038dbf062f55dae749c33601af99868f9c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
1c1dbb65362440e7feb1c45036b8d44b

SHA1
68bc02d4d523db813bd49bbeb80016c025c7d28a

SHA256
6b395ba31efaafb5b7b201356358b4f9afbe5d0a69aa3374f15c514970e177f7

SHA512
5d894a405119a83cc5bd5d4d6cead10122386e11e74d72ff466a74932090f3725d965216e1736fb53aafe31898aefa15e92f2c8d179fd028823e8dafc8e92f9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
664dfdcb5033e2174cabc1aeade88a62

SHA1
69d9aaaafd519e10d397298a63727303131d5cdb

SHA256
a98b8246cd0771f94538cf612f9ff86b9b0c8247a553794f505f8126d84ffb80

SHA512
ee391ed443fc4422a37febd760fe7905fffb934d8b5760a6bca7a90ccd84692503cc6ed39bf5c654575a3ddc555932b6f5e300c6bbeaed6cfc17cd754e3a05f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
97a6c45a9027c0e8fa4ce43a273fe945

SHA1
e98affb7eb15ed19c759481ed3d1aa22a7faf95e

SHA256
88ed57ebf5bd484e401c1a25b26b38b6888f9ab9157df7ddb9ddb60d9b6b3bb1

SHA512
015e68fb77216abe55c0c32584cfb7646c3afa99543b0c4656e2b272ae8e3212967440b486fe4e0a70f2ca0904a1c27bf07552f77451937bcdf7caf0437ec426

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
184325a2b4197196b4db8d6995ea047b

SHA1
2c71acccd4f14aab1290070d1323a1d7bbdf56a3

SHA256
18b3610bd434ff715877af34da067109fec22c6d72b47640ed9972c7f601a438

SHA512
4dbd0a9067b84adc8476e88aa06325e4f6f486fee5f9112fb6a893ae1a2785a020ae8691522c7880503563ab31c9f20cc19b231696bd6aca8e81a17f8f132dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
96d0b488f5550bf733d0aaee1cba655d

SHA1
bb4300d81130239b676cbe5ab8ede77c8887eee9

SHA256
a6d7b5eed2917c181d62b6a33468ae93cbb3c163c76302809372e4b283b2b3a8

SHA512
09abb82e2ab09ff785ed8fc6a6a87a4a43949735d8103cb82a224317a47e7c926c8a01fdfc8da8e508786a9b695d67d2bc87ded6d138cfc94576f7618b22b292

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ca625e089acff8c7a2a390d66b406054

SHA1
b2848efef01b6db03ddd9946c2b3738fd28e1bea

SHA256
72834e239b8fd300e99eb835bbe23bb6db494d6a312fe980c92a57254e7e3fe7

SHA512
ccf0645864373d9b19524693ae1903582d7669ef4383098462784469aef4ea0de3a28f42b0a88f16d56a2edd07299f80551585b498443ef8e559ce956a0a1344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
68191360de7030d13950df8aaca6494d

SHA1
042208a1d1ff74d182086815cebbf85ee347fe7a

SHA256
77f7b42f37f9387af5cb67a9f59b504ddb58d3e7d89cc881d22e453cb0018167

SHA512
e0501143bdc7cc86ace9a9867b0c47e6f5c23ef1ebadf4a86f4a52a5e5e47db481dee5a440d3488a7926febec2fa06e7f2e4d4d3dc8871b292e5a7661cfdb30e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
f8399f02be895921d6d265d6bbcb0f0b

SHA1
89a5d0e4f5c1f7c75e2ff44bae3b29d5da565d9b

SHA256
b93cfbeda905e86d6fcfa2ecea290a77a93cfe198e1935190571f6a8484a5b44

SHA512
86e64602c15f4f682b6b2d3afc76b8697e5f469a85825dfb58506e157779403c5c3e573db4070751a4319e81a80919eb595b4c309a9ce5da842d4a18304f3fcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
128d8c698e50ce72a36f2d978b1c532e

SHA1
4c0c6b899f5a6194827d7654db903643705ff58b

SHA256
16772d4dbf6c1dc446a6bb49781a298e73da2288777b5a4f2437806b6e236c77

SHA512
233d3d62feebaa50de93f3d9b868a14d5160235cb84d9f2378ca0945e2b47b9cd760414e0160c33ff1b7309958f5da61bdd7600499a27134aebed56adb2d88bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7c811809401f996504ba445928709bd8

SHA1
e09f021b6719c8d67bcf13c35675af0f3bf82a4b

SHA256
1fee57047db85be3fbbb75828c6f8ec74025ea181df4e8ee9bcc0e3fbaed1d67

SHA512
081ae7301460487a22288108c63fa5ee9a9600dafe03143386d99466f6aab978b9772c05d0c9fa74c01a3682838a8fd614863a64360898a52e9516839863b2e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3c596e9d918309ba0e79794043bc998c

SHA1
1d1f3c97d5f8726c484dc008674b78059ced8fa6

SHA256
9887b0c61e2f32e749f568a2f80f8751d9d405b595653db397343589ebefaeee

SHA512
2e19a70de5ab706c8cd55af56a8e7ebe192f52ea64545be73d54621827adcb1ad046938065b6ae248d3135c28d8af51bfcc2c7df0e77127dd5959d072c402e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
582bd9e1b130f33853314287621c26eb

SHA1
bea6b0aba7577815ef871d46e8f3def847a8eace

SHA256
47315591411b0be881fcefdc9176556b729f990974e39b88531b2e32f64d3971

SHA512
0d2c16202d36c9228b00fce5a428473488cf8edc62bb4aa5528fd47e685bbf398269f54fbfcee53b298fc313c0850bc293c79f46ab9e7d1be08959ec3a081415

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8c8d60add71db62c6ba589ac8d009d03

SHA1
3928fe18c2e5faf1a63aedb8e0b4eb5295b5f897

SHA256
1db02fb110bbe24a3c79d7ad7b24e7ad1839925f51511e2e686f8f0f6c1642cc

SHA512
c06d4fdd07f5e94081f9daaf05e5c8fbfceadca5dba7edae6fbc72d9ba7d193c4f7a85fb909dcc02563aa3367a867bf8c1b6143af1057ad0f5b79a752ff61a8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c7cb0bd7eb827971f544980c8e669c62

SHA1
067355d4db6684b01ac36f5b8ed25ffea3410ce0

SHA256
35e2aa3f308c562104a35e4b3e028ea06bd8a31348c9beed8490e76a7f836e08

SHA512
a08329b92d2618a6a5d1b87a169cd44cedc8699e957859d01dd3c170ded62b9ebddcb164898e1cdca8e4b717680b449cf435bbf4961371394ebf1f3cc590bcaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cb6ec52f23b2e837ce9e65c57ddb163a

SHA1
cefb8a62640af1fdc8e7c962bff3b83600d6757e

SHA256
3c6761e7673457495c6a14b43613378a164274f682b6ccbe2a343a92f9be520a

SHA512
7d4c4acae024a438008a7c0cb83306297d4f84c88aebca729d2b8c4316c11b39b3d514d53e5fd65f6ab0bf7da93287bd4cb94871eee5bd892cc007df5dc47307

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a43560334f0fff1f2d4c9283449775de

SHA1
820583bc09c9899afe0fb080838b8fb217b22273

SHA256
b460712aca8ecf99a152cde812728ae2de754c02c02e585ef012822a30e76df8

SHA512
4ad83139dcd70690b0d5f2d55ebba304fee960a3030f0d3c662dcc98470fe5213c85a5b93c5110542682b34334d5c331632ceef836992f1ce9ffcedf432c7eee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f0459d7ac8cf0d2db4104a2ff130caed

SHA1
89ea838f32cc90d36d5c190e72220ced7bb9aa7e

SHA256
533e0d21d691a54297ab6dcb95a655a00084b7dd2bb62d07c45c34063ce05b66

SHA512
024443154f9181925396747f3db34d656f133b7bd04d8a76b62e1db8a4f98f028e3a7e4308b6fbd668f9b68d00c8827735121ae378bdb4076f6b673609f738cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8e7b738dd5991b2ee4c3bbc4739d5ff3

SHA1
c72f41adb1bc637874c4e8ce31f608bc90e23cee

SHA256
c3a2f44cbc811071d018a7c1fa83e7d929bf85d549d765662403364f2e1bf664

SHA512
9a56a58940c74b711f16c8e0a8d346073f99555071be86c9c5c435e7c8d86fb5b5a7a75f93d0cb3d4b06605e1d7a073d801aa58f107a4189710028c79d777120

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6dda3f79bf0e1247572f9400151eb6ce

SHA1
895f51d21c72cb2353a48005dfac7f4136cc3ef1

SHA256
7254f254fe1291a1e62275328dacffd8dac40a35568d0a03e1ef4bf782d54964

SHA512
9577c66a31eddabb8ec120f58603e113870d5b3ba48fc125bfdb70568ec888808bf2dfdfa5ddb5507995d330049f225640d8a44073f4dca83595753153149391

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4fa0c55a06926867daa811d18124a587

SHA1
bbe36de92ed19dca8898f9fa54abb3ee62555d86

SHA256
50e021a30a666aabf169cc36eb96f487f3aa8a135888d2d7e7982dbdce72ccd7

SHA512
a305c33c363f7007e5eff0f4bf7196d89cb2359c5ef26d5d3db1adcc2fedbcd3ccb0624a8d5681f35859b8727e65aff2d081982209429009a60d29c1b468f717

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0c2806c973ae4068e88dc58d7dd4a484

SHA1
0bc54b313258a30cd0fdc775263725277e986024

SHA256
bb3a3ea8606632c98ad5439abba634f35632547d8ba27d2c4615e7f01104ca13

SHA512
b8a11824c88ed618b081268c36e7750cfbb56d5909b03e812c5a4c50a4f7c8d9ae2e7efaf05e3367cf5b404beb40b42681d03ce41d9d6d3f9cabbf53efac979d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
26e3e8895818b071672b11ed66fae8e3

SHA1
99c80cf33798207abcef21062edfa90621af1734

SHA256
0caf3230deb05537cf2b7bd4c668d5b61e5cdaa27cfa53b601fdcc887db38b0b

SHA512
c1c767413f0e0088b9b7270574425a4a4fe4c3927533c47a50beb41af2a5d8ba537e4819bc42df86d5dcfd0b61061ac9e79a4d449e09498281b44a8c90234311

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1fccfcae6887a3931c5ef5a2689639ba

SHA1
03fd02833340dd08e2940a33601748e64189f0f3

SHA256
14e0267cfce2977635ced2b1511c81ff2f1f39aaec97574697dcda98ca85ba64

SHA512
21c03020e4ea4dd8916936c30bca5455e91e244ed8f3999b1fabfcb5352aea39c3f663b47eb82f70156cff7e4188696ba3f977b504e00265a331874554b5c237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
10f86f500eb83a2f83b27ebb344e0e9b

SHA1
0116a44bfcdb9eba25a19f7b1a7098d20674abe5

SHA256
10f24e7d94126a6ac9a985f3181cf17da9e4f9b017dbbf8c42fec8c19e9f1c13

SHA512
f5773a60e923455795785162b4f1092a7a5f5cc4b7aa7e397864cf4fd54fed8bc088c461505c0096ba20d144f10d10f6d4ad5582d9b380c8b4ee947113de2ec7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d6ff6ccf9cb7228e7b9e2545c9e33232

SHA1
521099478e5a667bdd8bed7b0113e96121421476

SHA256
2b082ae7a54a1f93933f3fb3ba425950dbf1f212d3bb6f39c9c764710fc1e6b7

SHA512
3e2b85e21fc83ce53d4c4113995eb30ba5b6a7e62bba34258073f14baaea32301f651ea976fadb06b597ea99a9a32b76c53cd44d5ed698cdfb194dcd3813425b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
15c0f91bee1424820a4e1ca1465c59de

SHA1
1bfe777b63b6c7cf5866e3f941842b01fed44503

SHA256
f0a2827a83ae1aa1979a31774de91e3f61d63e7edbf59eef8336e7517bb65e45

SHA512
08336bb9aa49b13d56178ffaf5e9263186b329e423c096d1b78439fa5d6c1c73d2a6c8577ec5531e036b91af685015771e0c2153c1a983e770c26f7e34486517

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b344b5e968c0b3a2fc220dc0c1ce28b6

SHA1
d7f1c88e18df7135d9d244d59704474d2a929a29

SHA256
f6da6b0fb1b7fe74ee3eb323d77cb57463f4d6765fe8778b178a300495227184

SHA512
51163783c9f61828dd5f4c686efd5c77de57ee6674962af9574316d31442bc4511b449b07d814d048f487cd254241a80072cb3acdca4ded1c4989e51375e203c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b23aba5ca9e4f1c076d74ba28f0b23fb

SHA1
2c36980a8a3c18f58024e57f9d8a96f35f7b13f1

SHA256
23bbc5cd5acc4b021b2edcede6b370e13e65654aa397797492fe6dbbece41fbe

SHA512
c3ffbd091b3374d0b9a10dc9f65e514004ce82338780bfd87143c75c180c195c1e38e5e1ab6a970afb9c8ebd38a89e8fb17aa5ed5aff20a33c11267d494c36f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
82e1b92a5b2a3cbd8f4b3ec3aa7d2c16

SHA1
049d6f4ad5969ae9825ca3732e7c62d9eb7296b2

SHA256
71fc1dd6ee7fabf39282819e5962d2ab3509329ecdf5147c48b734ef3d56752a

SHA512
837341af510ece50c650b74d334e94f978ff2463517afc496fd960ed786519ca1b5e097e2ea34c8040951a2f1c3c2ce0d7a8f00bcb21519867fbfa327563653b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c65025b2d66718074e46678fe4a6a7dd

SHA1
aea554c0b72b2f4a9ec7755ae9734edd8b6581ce

SHA256
fca21bf4a351d8b8ec8954e22b8d544b79a1e4d4e4a5865de7607b23a2145076

SHA512
6e7fc9672e9cfbfb967cd28b4373bc5f79b5bd1ba25a104bc831700789063c70705c1d3c04d546c8bfec09fc353c1fb70df1af4a4946783722fe5f0053f33ac6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df7e20a7118b3345b092837747b51b12

SHA1
dc23c764a021d583e09e44cf0d956a923f1a41b1

SHA256
04a968b7d9139e34d87e373256b5969a2ab7aa23e6f5d3a15f4268b2fd12cea2

SHA512
ea1a9a7d534650102d0089ca1437f864c463b48f2bba031f450941ba2b519f8d4d2d9316507f4b2ddc94adb4f76f921a2b2dcdd858f686307bdd6109686b5e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1222892a55147f1985f643289353d8ac

SHA1
f408f339cf5bfa3cc6519651f8268fc0ab65c20e

SHA256
efa196e234ed65b9500f1e80dd6d92fa2937c1f69f6815d45b471d9390b86def

SHA512
ab460ad1d7cf3a59960adb6793878996e371aef70d4037e1c151e98d33f4e601fbee9c17cdcd92212c0e0c9bc765972a14f0b5f98277efaaff19dbe4c407b6e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
89668235bac89bea628b843dfc42986f

SHA1
943120ce2d610b92d4a4caa0c9baa38460784305

SHA256
010d8a8de21bf4cac415381f682d2cc638dc2ec469a2d9212325aecf7c712095

SHA512
f2ce568bc7cdc1062697148052910b35ae20389467cb3f368c14d00d5e5790a60c61d2264c88209715758130d93ac1ae51f979c5224221d33c536b415c33c484

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
85ed7edae837455fbf8c39760fd04cd9

SHA1
8d3d777c415ea74c0cb932c8bbf513aa1dd7efa1

SHA256
3685ef4b52d5b721a32496794582153562ff4cdae6043ab33120498913671b84

SHA512
4aa46001c5a7ed86aac15c4d2ad6f78d0241d3f6da8c4d0624b969845be55a8f91296cee781e5e2028b60449e7348cae0ac72fee8d625efba3acb947a8a06600

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1224805192f4b03d3c60b5ba1007ce91

SHA1
c63cb7bba935ec65ed52878e290ab8bcf2bad42f

SHA256
76846c67c1eef9da8c2d97d8d498aefd2e3efd31c0e45e421b62f3fddc390754

SHA512
486f9c4320c3514529c69687f821c679139d95d843f530fbd4f0a7774086e0cac64c51c7db727efacb50e72ad582e47b601c9e51e5233166b336b26d6cf7a206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
24525586fe6e0825f248985994238477

SHA1
068ac42716e0ce7a8d5d49cf9763ca262e101a5b

SHA256
c571bb5bec301606c8ec8f763e3e832b02232c6ccae8586675811b49c9c7c1ef

SHA512
03359d919bb29b0892ca6c2d2a217bf0f2056f74bcb9c015bb4657171890ad9cb8ca6a311f855ae1b273b3ffb1cf5a42287d4fab0443ec1c039b0adda948c161

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ab73d01ec690562b4c2e04c35988450f

SHA1
0342ed3f3aa69930755e6e380d92d93eb99f7879

SHA256
4c5ba744e705a4b229855cb21d74fda4efc613adeaa217834bbea0d30344675f

SHA512
856e841835003f28275cfda67805228cc97cd8329f4692cf6f74b01af53664d4244c3cf1c6e3c6287f26c147d7eb2b2a1b9a85eb440be4337c09034caca495d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f40621652c029cb258b1b54248a60429

SHA1
fcce648cd3ed705dad01b738c817ad0aee7c4487

SHA256
f21d0cd9596b290abbee2728d779f90d23164fba1060cd5beab9504fbd88c549

SHA512
4cce0c88fe390fc79823f02111ca54be9ec22c57fc9fd43f705326324274ebcd7e232d0e0a8ac3b1494b2748496c438129758f7cbc6e1b985bf586683f04fa7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9f9fe314565d7f9ccbd1742ba31b111d

SHA1
193dc6f64d02e455773ae178aff8db3eef1ac388

SHA256
7f02863c398a9136f439deb12310671fb4a77c0e319d217f37ed7c57f40e425a

SHA512
60f5cacbea68082961c9c5393aa55ed955ea3178d3f7990d5db7c82c818a03eb6443ee3e308ca2ae2c10183b887716ad9b0a1598b0fcd598b4f2af2361018837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f40e93611c1b66af033ed7a9c2e97c3

SHA1
0a0c0b7b943d5f510f72dc712d17e1678f01d4d0

SHA256
9d0bf34c121d551ea54f8f151b8400c3ce27b250422069a1b2021e14fe94e1b8

SHA512
155a3a68a09e81441940dc170c64c79edc4535581ec82a526c404c9123d371ea4d34a011de48bcc3c337c4deb4068f3e83cff36ce2e4feb661576ffbc24ce480

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
07c65d397283b13af307189ec8291f0f

SHA1
af1adac9deabd2cf539b1423783481f732afe644

SHA256
cd1c22455cc4104460c6488816791df82b3cfe9f90d4a5c73ad321f5820ac33d

SHA512
c932f41c003f16fce480f9b619beedf423157e418148b2515364a0a5f6e54467e3d24d3ba17a0162f389233c422377bb56da51f9b7c9d2e1c92e96bf0651da2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4be8e21202630ec65d3951829b4284cd

SHA1
77e31c72c0119ed25e5da91269d16d57ffca6519

SHA256
72db880173828391a6254332325a0492e186a5307d7cd04f1dfcbccd9834ddb4

SHA512
a4eacf4fff0a671e4349a378134aa29010a62ad42d18cf4fc64ace0d2a1b4b5854de49491b84ec88a799fe85e4f8a29cfe39b127433814bb017e4055fe0c4c38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
248d6e6460d2ac22f52b845d7cf3705c

SHA1
aec5d2c92736a2ce22f9436f3b115876e8300418

SHA256
f81bf010bfc48d660d2bd642bdcfd3c3dd611570d4a3b5b47fafda01382c34ee

SHA512
1d542ff875c0776c5f0f4128a40ca508ffe7f45d989ac2a2248fef8840649e862673ce0b835a44be2aa9eddfaeca00381366de5100be741c4e8fb049f2142d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
406551970d7bc123a84bb62c9e8584b8

SHA1
901e020ddec8fb1637573b4e898bc728c4d1e121

SHA256
a288fff95b15dafcd0cc25aa44c393092c8528adbc2011c907e7a98360043d20

SHA512
31f014179369d53a35c8747e5310357a0a60c094045651858ddd197f2036f4fda3ee9639179ebfbcb73480237814553ab65eab64a319aba04fb68e587f82a206

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
9878a1e988a7e48ae6713a02e6367dc2

SHA1
c9cec39d4f3dfc5e36167d6ed800640d4cd4e90c

SHA256
1d297855b48527f131692f467160bb3b497306c66b3154f5e4916e8af985012d

SHA512
9f9b0d9050c1475c8e87b031616ff51e38350fe4cb2481b50a945d771b6c71db735e7c78fe18a8eae5ab43a2c691da976bd76e968fd5ba5c011935efa49d66da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
55086b23daea73a0f632aeec0bc4290b

SHA1
001f68fbf7f33f4f44162c922180eeb46e9bbf5c

SHA256
700b9d3f365b2cae172ccf05293180db844a59d8d9386384a29593fadcd29540

SHA512
f90f7be2319060c41c2bfad519e785654ce5dcf659de8795788a245f94b6ce0d4e6f6fb44474fadd3dbb48ccfd0e5a11db97a91e435467ff56ca2a55e4b3c38e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
642cd0e85ecadec9d3731273541f2f82

SHA1
6a0934040222a152d916fc4f89474f84d17cfdde

SHA256
2923cfb5d3f49267d04fa4587d207d7a99bc95f86ec1af82948217818208f3ec

SHA512
6abeafca34b52f8d7c4db9f8fe61119fe8b0be71ec806783934a75924d635f7ee3478aabe2fbc408850b8f660f66486d7edef0f8ec97b492b7f037e1daff27b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
29e28a8947954ceb90b8bcddebf132fd

SHA1
cab39b574d44784c0f9cfe0ad8f53f050c2529b7

SHA256
a486b6865482ab0ef530bd3835ba710054874182f30caa3e941e2a1578f944f6

SHA512
e03fd735e14c6145417368bc543194e8124020abc0b23d5e9f197cb0e1c93faae5dfe1c6c202136ec301401906609cb776fa858b07fc500a493129bc7976e714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
229KB

MD5
a3211b27fe0c4b44ebec974b284bdfd3

SHA1
4321fc0778b919cde29bee6b567056514d3b26b8

SHA256
a39952c80d28f6b81c60d02dde7c7e69511f1e6a77587d3bda10288945ae8383

SHA512
f6ab566a05677e4ec8fb50cebc2972820d4502d2df7590b41fc960166e02942fccb6825b7c7a8a5248c7d19cd9a1039089c9cc1facf33b0154ff4d6278cfcee9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
17b35d8d1795f121f74db55f7e4791c2

SHA1
01f02f19a9be11074a23c5efd58369b508899860

SHA256
40da4d53c9c10a3d317bc83329b13a31ede8415d89ece6d443bc67d9f0910a70

SHA512
4f10860b671f9b921ecedfcee13ca9cb8c74ede178c342c7118c6d0ba3ad75eda74fcd7b2c97d6df09763577ccb712c4a6deb1b17d15723aea6a17a5e02494ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85ba073d7015b6ce7da19235a275f6da

SHA1
a23c8c2125e45a0788bac14423ae1f3eab92cf00

SHA256
5ad04b8c19bf43b550ad725202f79086168ecccabe791100fba203d9aa27e617

SHA512
eb4fd72d7030ea1a25af2b59769b671a5760735fb95d18145f036a8d9e6f42c903b34a7e606046c740c644fab0bb9f5b7335c1869b098f121579e71f10f5a9c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
55b0b2afc92500b232a453d2e9e15f76

SHA1
78a7e3d2ddd4fa9334f55d7a741a0337a56c4c61

SHA256
d9b09e08b768799ac5b3685755aa8e4a0e666af9aa7d5e23726168d7679d44d3

SHA512
ae0d31297597ca4593ed3ff1aa19486abb627ac886da5148e722022944c0d18f4b29feca4e52e788c5b86c5042a0fb476611c155b1dde71ef0c470b65a4686ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1488cf7f43831ee577f6df9bfbed02a4

SHA1
d6ab53fe4516177d9951d58f25dc929a9efd4eea

SHA256
a08faf301cb13b9360a6337b2d44881b76d3eebf0aa433103af0e902c7b3688d

SHA512
b8a0ebc77a80384216554bbd33c4bf63a3851dd04bf2155d058a6a1f3e945971e92e78239af2392c6d722cdf36adc963dd6053d3f849bd03f8f6bf1cf18d5404

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7de1bbdc1f9cf1a58ae1de4951ce8cb9

SHA1
010da169e15457c25bd80ef02d76a940c1210301

SHA256
6e390bbc0d03a652516705775e8e9a7b7936312a8a5bea407f9d7d9fa99d957e

SHA512
e4a33f2128883e71ab41e803e8b55d0ac17cbc51be3bde42bed157df24f10f34ad264f74ef3254dbe30d253aca03158fde21518c2b78aaa05dae8308b1c5f30c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
94860ce8beb93aae9c67003bb8e3fd8f

SHA1
d9e9d5d425234d2155bfa4a4a774d56ad972eac6

SHA256
cd4d2e93d5933fc4106e92d26c64c6078d7643de114b044d570d62af56805627

SHA512
e6bcc4bb87a9d4b64690b6802af082802f59eccb499c6b31b48ed7c4754a3450f98a7df895b5dc8d7ff476b08352cb3b800377a6053fe3e3246961ee46df9923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000069

Filesize
40KB

MD5
6e0683a9b8b254690e4d9b0a81c9ba77

SHA1
704cc8c1cf056eb1aeea80ebdf7c44abb159268e

SHA256
81886f9df5b1b0415fb28be2d280a463e57ebfdd685be5f67b03d0109285acfa

SHA512
cd7aeb2eed0a7ed3b14c9a25faaa4dacfad833b63841235eb078007f2d0ee001b68134d4c3b328e3379dafb7cf44c9bb948207d172c1312e7ce9b40e6e1a7633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006a

Filesize
27KB

MD5
7bb8cece90d590e26ba2503667319b60

SHA1
1c6f703040565f7839522042b4085a7fb3cfa173

SHA256
94a8c83660dad8698ed3771c3a0aedcb9cd6f88b16ff43e8e80514e24d6cab29

SHA512
670f521cf0df7bdd3bb47a3c34a1052a3f24bac34770ae361a01b6d36a6bcffe2e1a28a65a7782d84b0408a375a50b0656525e3816486698c251ace1c533e7d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00006d

Filesize
811KB

MD5
dff84d33f28cb14ead6e80e5d8bbb428

SHA1
3c5fc558156e54b353103ce4a3fe905fa6fef83e

SHA256
c85fc5aaa588630e9d4a2177bae46ac1a616161b8a2e467b6437d4133f7a6382

SHA512
7edf0d0c9eabb391e31607e5ef676f0890878f7d61b8e8de1bde54cb190ec324a65923b7106e4fa808961101f695897620a6f5594ec9b796d9fec1efc2709f70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000084

Filesize
38KB

MD5
d4586933fabd5754ef925c6e940472f4

SHA1
a77f36a596ef86e1ad10444b2679e1531995b553

SHA256
6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

SHA512
6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
6f0b3f32ada3a6f570c6776acb4d8664

SHA1
1e7ef7100b160914f90734cfaeb58f0080237f8f

SHA256
58fd51e60d3f7b69e8e44f8b0797f6cb7b716c1106b2cdb0b46cf5368ed0dc7d

SHA512
402809e20281b7983894c059b50b01541053f8884534898fe95049a7d0eda2001f6c8afe9bb6490ef73d9b5b485119ddf51a232c764341bbf9993edb7bb5ad7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5ef82250364c4e00838baf3e1b1f3611

SHA1
0f5a2b9c373d99fbe7f5ee1f6848ca2d94f2f76c

SHA256
139f0e3002781621171e5af228419a65ef6648081610a7852f11d1c2758993f8

SHA512
ebc449ab8a79f8499d2481dd306443f1871a0a80dd5cd68db77819e212c61611637b5d867d67403a9de575eea9647947e1b87b5f164a114cddb54f852750436a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d978d42e4804b03c2e670341906f0b65

SHA1
d7ac670a874d679f385c8812be5a87b64bc0011d

SHA256
65379e5a426be613cbac4e2967ef958f5e91abc1dfa407e8bba6377476fbd9ba

SHA512
e9ba5cf4a7866ebf0eab623f5e360a1482b85839b55f63c6dd1ddeef7c20b473f5fbc32de4c30daef3f19fbcecc425246794cd814554878025312c5d07aadf09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
227a4db9a2b4e27f4ecba955c96e59a4

SHA1
ea4f00f9435958615a39cf145ed5890e287bad7b

SHA256
0de5d49dc8ead656dea5f343da43ccf4d5bb06cc85aae692be5d3b3ea148231f

SHA512
cbaae2259237d08880d0fc684115d4e38e3211f1154e1e2867157acd7b5dfe31b5fc4e903bc8307f335a1b4aec2f4acfd059377244700a1102b7701f04e6df74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
c947c4993b5a1a5d9423dc5fb5df59c6

SHA1
d07a26caf2ef553395e3bf94aea04ea2809a6e6c

SHA256
bd53c4a6846dead395235bab941b7f3d34f0354c4c0dea432a5d0e36f0e5ac26

SHA512
2dade2bf8fce9d3583c9944817a4154235d105162b6df0353e2d3bd3d136b6cf56e8690ee41b65ff11af48225413fc3dc43a0e230de44be0b5da049085b95a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
583ead562c0d359defa2fd88efdc995c

SHA1
7527a2d72b3f23650a2a234da857e5d75092cc73

SHA256
d0a09c0a7fc3d82af9820277fd8f6be7a2714b699e006f9b54c294a38b4bbd8b

SHA512
75d654c79506dec431552f9d30a96fbefebe298235f8e77b7120597064279e53b76a38834ac601c3938bf7d6786a01c80dde081b7fc16334bfd49f461e96df1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
d1c12b55d8ce630b46f8c10bfaba54b4

SHA1
00f58d7492c0792fd8507d10419286940386f569

SHA256
9458f6244a14d4eaa500242e96652ea7d58c48538984242993ed5094abfcdb2d

SHA512
e4077080fbee180adb83f4bfcadd17e8b9d2bf40499639761b24db30cf450b57f3b179166b3d9c29b731ae5d34316370a7235d7308fe7694e4e93d4bc1e8019e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
861ecb60b157d3193d6ae8be64f3967c

SHA1
cb0de7eff5b573b8769fae34d6700ed9d85e3a39

SHA256
d362a6d548a0112e6b058a58f31fac42016f138ba06360100143dcd6dd2b889c

SHA512
2d4ab06a3fab0ae81da6b3f61646fe0748eff593ba75b104dee37ab16662cabf55042b4f3b8e696530936cb637b1ea5a43d05712b28632311ece4579bbf029bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
0a2f1f418999c33427b02f787401fb05

SHA1
7acaf9cf597cbdc28b4bc2b1fd0f46ba64d16f2f

SHA256
2e3600a3456e39c5d66dd7e81f3e53e530c93a268755ec855fee66dbab872652

SHA512
cba91a77f50b19d05b84d5faa3121721788db5efbcddd1e913eb455156660c0e3171cf3d24d0587e5dd9c1e1083cd2106e780a5a90432dc1e9e7cdd543f6df8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
71948572a722f9234e74bf18d9a4541e

SHA1
efe254a12f9c208ca635ef55a44105bfaab3c7f2

SHA256
83a77fc8804ff6d52228a6e043c1b780196b897495c0bff2235b9a6dba2956ed

SHA512
b601305af1cf5c52a4675834cceb36225df85d5a4442f599b965665617b2a7b73cfdb314d2f34fc7519c17d4521c1f043e0833f0d9cb993eabd52a82ff229d32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6c042d029ddafce2d8eabd80a0d65739

SHA1
e2f0cdaa210b65c444abb0e4483c8c4c5f99db81

SHA256
65002470f07c8dc2aa59b8b48537779577f4e644a8974377bc8b2c32d4fe6c96

SHA512
2e57a3fbda7f9fa681fb2c91171db93002fa56cc0a89bced2b5dad79bcc867de17ba43ab32beed69b2c6f17439dc6cbce387dc70344fa79f70b82e1f5782670f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a0d931c7abb1829cc60334add1d871c

SHA1
77ccd44014a63297a16f71b9bb893b809e8416e6

SHA256
4a4814cee1bcdbd073e6f7a22e0ca5e6032233be2b7271774660cd1f44105ec6

SHA512
4db90f9ccb2112c45dfbb2971d1ca115315013c27a9d17d04c23beed144f3593dafe869bb504d74a3da628c030afd60ac3fbe634649a640a5f196a8a58de9010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dec57c985ba8e47d6ae0c8ed12748c07

SHA1
cfbf575bde3a7ddd1568d5f0a26997cb0a1bce24

SHA256
2f9cbf1a052fe7ef6c5e23e72cfb46b2540eb0a41dc92f74fd7bd83bc32dc09b

SHA512
730a4e83d5091ffbc9314bcab93494545dd48e8202284154f89910411a73994b724bf1f931dd28f3d649f5dd7650fe891aebd44935c167b463ca987f66903d21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
44b20984f626442443c1b1e79b621a9a

SHA1
a6287a8eebe667d5e367959530e6d721e735cde2

SHA256
5275b6cab04995e5cf545d899d74611e18cec1f9e5f745cb00ab87d03cacb54a

SHA512
ed260fa6d7d76122a25cabafe913d56e2607ccf5ef4aebfa2fbe322a110359894aa0ef4a31c613ea22a9605677634cc0fc7ec1e1867440d174715d45f9ebfe8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
20ce25de64ddd33784c53874e0a865de

SHA1
349aca49d2c3ff1e6e389a35c1ae5549c8e25f41

SHA256
23c5bda385d30080f6cf564e94e01b2b100c0a2539b2844da01592a9c9c4db31

SHA512
d7896cf3dbedd06cc8f402c25fceea9d0d5026afdb9b4a9ecb1415505ef9566bb4cd67db9b465f52bca7e34fe84dfc7d1dfd53f7aff4c5594426833c43af95f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2ed38093e1e109468ca0c6e6a6a79a30

SHA1
71cf8bb2f0f29d8ccf676dace74a5218c30d0788

SHA256
afa706e396c3a0afd19d0937bbed1ab09944351128d49034c6c2c386aa57b731

SHA512
3c7bace81af69c1906188a93b8492ba53090640cf1350c9d8b2d71533accf5c1c4b16949c96105f9bd0cba4bf0a7674b5273e4ba22bfc4d58c862d4131b48557

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2ace71725d9c07bf3f3aa8eb81902459

SHA1
32c2ed2311dff7115794aecdb0c4ef98b6ed0d28

SHA256
1b14f4047a60d3b116507a9097296943bb933fb23ea7199edcff706028c511d1

SHA512
7fe2e229ab89c8be4ca8c741982644ab4ee5a1f13ff95233c629523a330a986d87aacfc74f99c339b3f841ba3baa75b34b97e2319f7bc819cfd00ea933f572a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f5068241a00f3a6b7d89c8114441f9b

SHA1
acf03de4b7019d4fef8efbe1f9df41dbe54c4ab5

SHA256
dd5e3bd7c9d6274913ed20fb6ed5ec9dc01a542b8c8e3caf730458077652cf8e

SHA512
10a58b7873ebd1f56b12487b878e3c474762584359921923af3a859c509b54965476c03abecf8243a6b200d005cf41c5f8bdc0c43ec8181fa8c6c36a4c19a42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cbb0a2661f77244fbede542a3f0ec799

SHA1
b02473e8b34730ce92f91abf3fc18910e8c5ae5b

SHA256
3c0c0692703adaae0540ceca42e8ddb88acad2d3ce8e512cc6e9dda7e5c55d24

SHA512
84265c72c629f79c2c9775fccd1e0873554d96e08e7cbcb1454cee6e8f2701214725923146f39f48a93892e7becf6af71a3ef35cf3e48024e2b01eb2266849f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0342c4c294da94ec8f3d6f1c2f6b9190

SHA1
884e85c7c72653b1bc3a3987ce248c37656a2252

SHA256
8786faada43549637b10649d3d719e61a0e7695284ac16547af7382951aad50c

SHA512
be44acebe81c65d51fc7a96a365848d2835a232a336d998dcdcf5786c0c11b87f889d2b9c9aab74e09ce630d8a018826e314fdd02d93c003799f6b2a7e0f45da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4090b224a6560962965aa3b1d16176f

SHA1
ae14f51e2bb33a00061da0aedb6c71fc4eb0e41f

SHA256
36afef3aa8975e0a596ba030e9b421b6a8d69f63906fb1a6549b5b220c36dea5

SHA512
ac534acce8be0ca0e3a4dd09e5f229e44c73d79b397ef0cef8c361158e6224495ae1050bd9e231cd88a30092e82958abf976174ae3c6ce21ab5bf304571ea27d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f8ff34b31590b0f208a296f20fc44c0a

SHA1
840521fbdfc6bb5d675e3de2be99ac02e6c3a2f9

SHA256
86e8ac9ca7c32a3a4e0042ab3751f82406458d78b79c995c4ef30df53ec011d9

SHA512
aff3683da8892c2ec7f791841893797703e07a961badca34b10f56dca1dff386714f9887c155302fdc9c693655f07d5b763953b589fabb626a73b5647275e475

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ee8a045a53670f665655c04d9b541baf

SHA1
e04d6f67f7adc46ad15ee32afb8d1fc21e2afd83

SHA256
f9d2d1c8424b9b5833ab9654925d60c85d1a5d610203839647d4aff55eba0e51

SHA512
bdc194fb2947fbc95e1df8e70b2c0a796950b50e7a8fba289ec4fa599b2580519c7204ce6f40423d1be4bef57bf31db47a127cbc2a0ed0e8b066a59e3bf22ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
09bab82438fefa02c1ab16f765f5aa12

SHA1
fc90c5732fbb6b915a21e5d00f120e3571f05226

SHA256
a2be152e1132cbf316ef679a20f38a11e54867542db7b54bf20b697417d1cd92

SHA512
6511996ad84d5e975ccca0b9ebb8a7887f1c566048994a711b0f6bb03379793e9aac162782b6316dc886ba3f6923901a1f18085c8937a3369eb311364086c287

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a048481b954fe028dd3e2eb225d8a7a

SHA1
fb4e0873267789212499e0e0b84dd4bbe65051ae

SHA256
7cf98dc4990dbab4c10936c300f7b5ac05edc8943d4bbc29ee8b1057be8066e9

SHA512
f1c1f032de3afe4bba9ee5265cc5a1a3405601f4ac3709639946b5b63cdc8224e406f625835484387f0d828d6dc8d68eaaf810be7975a22376ab7c059ff17f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26dcc962bdd8238639a0e3faee682c90

SHA1
39f2b8ed3e628c80eb2bf8e7e16ce36950176bda

SHA256
189a79feb40cc66af600a28279ab21d6a2040119e3a41626ac9c6f3ce9f1ecea

SHA512
3de1a2600f606d0b5029318b22b1bb83659c81dde0d1f74b47ec3404e4ee9df7469585ef57b73a8db86d77515d723f994b5109bad93400e9a93be03abf81019a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a786f6e3bfaeab2984bb50ad4afbc218

SHA1
f857435c6c34fb6a4b480da5947d983eeaba2a52

SHA256
5f500d5670160b60fac8d15bc417eccf509e47babec47ba7a6be8fc4863cf3e2

SHA512
d9a9ce43ab28e1bae905e1de74f924d6c910c093999a171035a364ead4b6b60d772f17711c8f9efec15faf0611867e9782122debefa3f0262fe8233761956fde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
dade5949cd174343264c3f379e7d462b

SHA1
b77669b79adbb87027b4428d7aee1597b3d0faef

SHA256
b4c28315dc003559c526fe24218e0afb6f05ab36be1e66aa2c8863fc45ba5663

SHA512
7b8a3b3ad5395428fca004bfa5c4bdd10d4800eadaf30c26f299f43e07b13048186167301c5b9ea1242507909be06315fa4f10c2c1150d3f17a6c04b305ea9e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
6ec4e4fcd948c6a9dd370a2f96f969fd

SHA1
05c126ada82d3e143fb593cefd0731d23ee09b0f

SHA256
88ae352f2b4ce074fadf7ee65662f692409e878fd5452850e3a41261dc2565d7

SHA512
45b4bb90c96de69447caf2e161d16519d15836f069436240002757b983b7d8b956e818b97850f168735863ebb39289adf0695330d0c26cdea5ddd175f65f2280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
4f6bcf03360070616839a03c4290f841

SHA1
e86d1c0d682e77aa991db82ec35dc50cfc4d5bf4

SHA256
94ba0f7576f3fd298fabcd60f73ea2004d3d36a7a5870647913ef6a6fb4c63d7

SHA512
2a58a2f2603de831e4797e07d05b208d397dc115f0929501ea1bf4ee0a267cfc4578b4ffb5db41e1a485899b9257a1c5687e0768ba71233fad0bb5c0bda873a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
1ab838ee07b75296c106762b8a77f751

SHA1
61d993e4b987f2536cb45b1d0da6c7059467d090

SHA256
954f40a288891c588ebcb21d9d1f2796d7e8cfb6f0f562d340829a63449581af

SHA512
0ba354a77b0c73960b2ca8a3137e7ed85cca15d67428a362987219b8297142494db3199255efa859d5fc8e1f510f067e63106e17f693b20ab0c30a83a539cea5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f001e87ad529d8b463866d0bed042a15

SHA1
6b142b25bbc8e2c03a414da50856e1e40e548cee

SHA256
0af0f3cdd0f2cb0e5b67c6ab8bf237ce2831caa910b03ad1455ce8a02abf8551

SHA512
4178626e6033daad5968c0cc2af4683c8941461a488eca6ea1f6a987bb0db0d3fa14c18d7bd05813c780477cbef69e6d439b564ef0f9d47802e60161c9d4b230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7a6745628dd7ce40c920539789393299

SHA1
90271c741edc43f06d0e788395bae0dc0ec9f320

SHA256
e7a78921e59880fb32b52bce91b6c2e38dbefa85a780abb261c718dd2083dc62

SHA512
97683991096980fff8d8ed02c68470a9589a6af683c60fd8a33192778803cadf1fa9dd7d04578786e8dae9dc22efebfc9332102d8e65ee83f238e234f79e840b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e032cd0d13b27a2c41d0bf6bfe371c86

SHA1
4b5c5ef41c9f704b62ed7c37b8fb059ecf22df77

SHA256
325ba8c9f48f5ca629dc3ff788e5b789334702fa53bec08107cb84443b768d1b

SHA512
986796af917261bb2d26239befe31e322c986c873f53b24f7485eb7b9426a0515cdd4ef54b95e05790b10c39638e63c790356fd69f125ad50a4a85a5a08c8c97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5818c3.TMP

Filesize
1KB

MD5
4a856d09b40dcc28eb131b6d3b9a5b75

SHA1
c5c8f6285a696a9efd4bcdf53120717c70274fe3

SHA256
8245c4bd1336f1e6909eb065e178b9509ca5834cf469456b2f04f5d5ada7da5c

SHA512
49655bafade9b29cf06b365e92b3d9baaed3fe212edf25dca27030ed7fa1326b9423e970e02a2a01e7fd54799b7c7609b6a1d14a23aefdbe670c23d8a91a6dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ea31016f35ea4635e955924e391638f3

SHA1
6e71454b9db3b963b013729ca864f5eb2f528d13

SHA256
b17e8b8bf4453be4563d2cf6d0c21459852a55ef461e6c3ceae3fe342b1c26aa

SHA512
5a2dad8b29ec8a0a1ddf814368d2d46dab71e4f24ae81fb45e7a3aff55f4a579160ae1a8177512a762bc74b0e6f46ac7401afb17a6f3f6be59deaa05811c64e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9a181968f3e2c4d3cc023631883c591a

SHA1
2a22205b8561035364243867e2c03435dfcb9ef6

SHA256
34b793fb5e79e0d01ee93b1dd8d1b8fa618d7c2c3e59f7ecb90d4b48a4bb35c0

SHA512
84e28a47ee94877dd9e17da8488c00a6bff8d7cef115f8e5400f438f1fbb60707a9685cdb426a6b15813e07e87944087a361a129aaded09a72e9ba5be11a570a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
76ca6dddb193cc9f6a3f540211a8acc8

SHA1
3372340888a0fb076f31e5bb3bf59fb67c4e6eba

SHA256
b72b62207a408cb406524605b52ed0240460c814d3fedb7deb8276f34f4d1380

SHA512
5feb3198621fc256e5640bc44b079cdfaafc8189d83eefb020cafa145dfb04599b5c45a8de0118a886b05770e609d2156927c7e6ceba2c132758c6471ed9f2dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7eba9a7f8e2e1040dc248013fadd27ad

SHA1
d7fd70f061a0769c02faecd21e1474b045567510

SHA256
8d01f794bc18f4b0b1ebc7b76700f16d0e742723b09bec584fe42e6233791487

SHA512
e8a1c52f8285e1d02dd759320a42416f6c900ea8defda5575091af2420f2f0fa0b3ed0af6bb1464a89597be5b1bc007b3dc69e63add1b42bfff015e5c94838ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8cb7ce25729626ebbc33d62f95d9c088

SHA1
b6086c49eb7d95f5aac01abe36959b1726f06f39

SHA256
463df2cfde967bb7a94b804fc62faf66608d44ec8af80f98734ad93734a55b02

SHA512
a5995931e2877db8a11f5e273e65c43087e97e0ad0fc4581e786c0ab9476a329a8ad4fb29bf52b4709c7a537a68b7734b6e8cfefaecef3d1a60e6215068e7801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
dfb2e6c60986bccb8e5c2898a748fbf1

SHA1
d5d7f1615515c39bc6eacb800c182e1e7b54301f

SHA256
66ef92beea564ee68498477365ae3c626c7fe880e22880d33d1d28ecc9a0f524

SHA512
151d8bc743237e32e3926b48894431747daa4a78c4c666e152e8c8222c07370044e455e055cb3d73a9ef32e4b8461192608beb6941b465b935d0eb0a0ef0e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a1c5cab1d07fdd5f5f9d063f85987456

SHA1
e41ce5ac1d83c94da6f1c0dbe66830ebc318d44c

SHA256
93e7f0a5a5aee5c385d4c4e7ff3a3aa8047eaeb2ce10443b67249b2ed2bf1e40

SHA512
ac7ade19dbec29384af787bb495b1368b69aaa01a2c7a64a96ae201d19497d752af16867aa0bbdfc378c50ab99ea69fb2e25fce63a78be4000944ee2e477e078

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
395b23f7cb525f5275fe068693a4a2fe

SHA1
95d3030e3929313c46b01c9020dbcb6493db8d02

SHA256
f87fc452006481fa03ac1f920873b869d3ef850a30aec32b80a3e6f106de7040

SHA512
ef0a34e94479c6ede5913ad439ff47f4aff268f392eba2f0b4e590d04a49cb1227cc30db0cc508270f755f305c05896ccf394c76e325ac1ea31fc52495c271cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f752d6c26834a89bb80bffe890313abd

SHA1
760553ab961e40a8880f2987c9051bdfd1e26d2c

SHA256
c47c10d702765f41767d5fe97e657cc4e02cd9c204f8e0e35b3e7d7315c3563d

SHA512
4d1840cf5ee2dd9d40a7250372b03d696601b3374100082b66b642d6bed648f27c2e6b1d9face40dd06dfab97fcc1c2e03d10d36c8d1ef4997d9c924a8e481b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8c91da76e6a42325e630b0e22f5f8bb0

SHA1
2fa1ce54b155398521285664c1bfe4de4e3937f4

SHA256
423c0658c5cd6b7225d29bf2236ba236ef000c2ee96586aad95c5daaa0e10d43

SHA512
dfd8e01a8838811e1e4f4e752d38611f0959d02540c5a47aa2f502ae0762605e8d293b04f6f9a5d52dd71bb1f71b5dbf4694953bbeb3195fb1f11f2f87dfef01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c64ff130229a94e2e368cbcf2020a025

SHA1
de164a65efb414e1abe4711e2ebb7d0d08f2b038

SHA256
f9151a40557b243fb3d96013671127f1fa15777d63d9cb53ea79289f5a728a3e

SHA512
4eb5a330e62d2f7442fdc247881dc8b30218bd14b93d748dc690d1e8f551bec27a3af3be3fa56e60497b25354bb6ed0dee968ac3f46313b3d3fbe4aa692d49c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
587eac4e5368111890d4486464e7a67d

SHA1
66f84cc5ec1f5cd2d1382f694be2493de1cf23c8

SHA256
1a84016dae299e5354f195e5a16aa2c3cd42ff18dcb46511a0e04a9e280a2e8e

SHA512
64916cbfcbb5934dd64d4c2d7004a88cc4d7160794ca8c0f19db854c488133f23dceff221a180a6cbff274d7d06ba0960ea708b16403c86974a959289b7ba2f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
b71bb7f06ac8b18669cb69464f227ccb

SHA1
4b47b5f01220fe64cff00074a7566ac74bd1812f

SHA256
190e3f535091ba20835d338375e41e12f09de137e6bc9496319d350ed661d0ec

SHA512
546e06472cb570020fb65f6f93d900f7f4e950db4cdfb69e9fa4c37dd7d2c07de9eba7672b3e13f219b2322faac1728c280138911db7986ff8579cbaf4bd3084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
104b7d24b0a2407a396e5591f254df68

SHA1
afbd71db0d8ed1ba2d4f9039649f53076dc8b779

SHA256
587e63f623e37aa8cd1726eb164a7f8eec59d47703bcc10630ce5e65cce1a6c4

SHA512
a4e33849e64bd99a837e19bf21e5b73f832eb1316528f3e245e74b1604fc7dc574713305adeecb96141cdd8f8ab810364bcbe044d64c7a9eb9b56309c5bb73cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
184d63037827bf9d240727f313173c0f

SHA1
7584a4d6eddcc645fc1a5de67a571e15ca8ee2e6

SHA256
35eb74ca8fa7a0cce57e1b301aefaf0ca46665349bcde2b4e4c975e0c3b4bf2d

SHA512
d0bc448ea831655b3d3c548ea2e0e72003d82c07dbcc7ae9527e17cdc6fd11776a4bfa2359ff1416a9e8057f1d35c7a332c658fa3681e7b400173df61921e776

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
648040ab60ae6b1c2f69e8bae8858671

SHA1
ed3bfc06353e30f6c0d369fccb9444694c3e07bb

SHA256
2fd938297e3c3560bd3c4d365db2b5778e27e95a1d9aa1539776adde8c5256cb

SHA512
afdad8ec533ba4097dded289bd763689e273e47d4a1490f299fd35f32c582e7bcbbc260c533200961ffdbd01a8f3628c848ef7da57972fcd58e3c247318fc5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c31b54e8f5f08c890eda300bf9ae84f8

SHA1
6de3d7776ebd0c70d8eaa00d68a40e72e42d0759

SHA256
7afceda891bafc34cbfd872ad5779f3a74a5356f3d03e2a1c6a69da064349ab0

SHA512
e5f7b17772a9b24645409c52c698eb57735912d0c449e15df39b0e5a5d4bf3a97f85000cb9ba9e92c4ee642bf8454617468bf5bd34a479f8d0ece2b494893e8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\42vejdix.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
fc08cc015a87e6e2948d913c1c657c67

SHA1
4c55b4b7c19e6a3e3c8c96fa380afeb0eebaa86d

SHA256
30321eccfdea58fa68db75d26f71973a6f64b34b4fe0a863c9bf641d1e3e75ed

SHA512
2ea7a04231a8affffd3fa47ce0db8df92efa8c2ca21bf5a32b606136521ed3e498e713927bc5899629f9884b87b23757458e48662a87d7a6b0242cece97f68c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
534b765741840fbc0a7fcae8f6d5b3e1

SHA1
57a91493ed2d32a106d94341b391b041c8518364

SHA256
54ab6ec57f0f4a3d42e471bb445176468699a6144f963fb99b67be992d73094d

SHA512
b755ca2786bd2650cc8f957f2e34358b4868fdb4881571ad64cb80c9c030fb9ed3807c2a26fd07cbf04dd45246c517fca8dc752d7c02a00ee43ee3a282fa912f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\AlternateServices.bin

Filesize
8KB

MD5
39d6e8d63b006433d861eca12f13a95c

SHA1
2cf3817a265967a856290a9e61eee3d8eee45fd8

SHA256
efdf01f078e377d967b5b5c582289e6b4296d900d54f2f6829ff86379a55abca

SHA512
d4b932214cf07e8f444ec0611775d8d5ad422a31def84636b282cc9b5d7e85e6a970a442435dbf0fb88196523b61ad409de1431f2cff34ef11f7a1f3f642fa45

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
55b4249c52a24b9d6ab0a7be0e875e14

SHA1
7a207bec9d6764a21f06bbe00b4a43ca410fc776

SHA256
4344bf059d82fcfc84f7777b7937cc4e7685eb5930fd824e6a69d5b5114c2146

SHA512
fa4216efbc09c3844aa5301a2b02305426c4791f95744549c3cb99c9a7106d8e72ce049c430fe69d392ce5e1187d1626032ffab64ecda0235f36b5fa4ba08cb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
18714d9b0613f630e879a5cef814b364

SHA1
c60d8f19fbf5e0be4735fda2f7c56bd86584fd46

SHA256
65a841cef2c28aecef70c9e080c7740ab26f07258b2d8ddd1139f0c26d8a7396

SHA512
7e03c6c960f3a216cac699a1d6f16a07667f66e405caac945d179cb00ebcbc4337d3320e91e1edd23ab45f83f2d8bbb9ca4b1f9595242f50505a3e6eaf10eb17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
0bcc101c3830b101cc23016dfe84467b

SHA1
e99d5bc25b60f5ff558d9f873eb635a71e374e37

SHA256
60635a0bbcfb7d00d8b3c8b8ec04a3f0d1f4ad600da23120373a8fd1c4f7bc87

SHA512
ba86c32980beee35c3505266777165681010e06fa11e0c95d2fa395b7c96e931befbfd51c7ee35f9ebea8bf5cce0ea2b4f85ac9d07884bf3a44c6c935f68d727

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\6f9021d7-ff92-4c45-9803-304e3ecc0ef6

Filesize
26KB

MD5
16277b7dbe650a45e4448006bc1cf218

SHA1
923b4f749434b3eec316e8c83c33d68c94bfc403

SHA256
efe03e38e72df06d38c6a9f8bc1502ebfad07115171aa18fc27147a8040a580e

SHA512
5a1838c341489501b05232b185ffca2c8109cc688f9e6a9cbc087d599b7401324352b7d0c20c3dbc2527e88356e001a62be3f93c4d8524b88a624c2f48bd0c93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\74e5a308-2ad3-4818-838b-8eb594b06ce0

Filesize
982B

MD5
2c284905149afc8010d79cdac63f92d1

SHA1
2a15dcaa3bd3fbd547b2fb6a25ef6db7d24a9808

SHA256
b4ff0dfe3131318dfdc6738fee171afec5c186177ef736e52777b9111f52d77e

SHA512
7e4c7e550af8df79752e0233adaeca4709101202a90ffec2dade2f2d92500225b7fc1e4ea6443abb4ba46d81f418412f374033477c882156e073c01e1d47bda2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\datareporting\glean\pending_pings\c50cabb0-b307-49c2-af49-2eb5eff769aa

Filesize
671B

MD5
38282221edd0dba1600dcb1d0db20aa8

SHA1
402944e38c7e0a4b6ef4786a0fc0d242dc2219e2

SHA256
c2e861e5c88f75734477e460f5d4d34ca47483c6e04267f3372c1aee5d5e6414

SHA512
4e18197c6e8e16c2b515c5cbf4f42165c9e048bb80987a729c85762efd30219bea2e545433b8675598d8a0b25fc43551f3a57a27c51e873ee23f101240efb081

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
11KB

MD5
c44f096f93ddc803ffaf6a0e3b2b2c69

SHA1
2004b3b3c361feba38c23aa8faf8ddcfcba37480

SHA256
bcfe81f6764b0ac4689704363448f8e8c4763aa4d79e9a67cc28fefde1998873

SHA512
6c5c51637364fefa993ede4fc1f79a3b9636408b138a3cfbe85fe803ca04bd671f31fee7a78cd3a69f698a0e8bcaff9cfcc47227898c9052368fc8c428bb176a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs-1.js

Filesize
12KB

MD5
c6a077c3e64a5087c27898c12e2b7760

SHA1
0bad66b45afd05a00666c0ec81663348e72a1cdc

SHA256
2aa25ed67e680772b8ad32c5b2204d82652d28b257fe4467b1a88890975f3930

SHA512
842e93f49187d97e90af36fd1431e9953bf5b09deaf34eea0063d446222ca9aef7fb03673c01e2eb68fb667c50443695fcb8a86581f651c77e4fa31937f91cbd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\prefs.js

Filesize
10KB

MD5
b9bdcb2904868fe5bba536decd043fd6

SHA1
f494575a1504eab5811def3ba1946b3de27159fd

SHA256
5124f60916eb71b61dd5feea4e3fb3d649637e7a18ed63688245ba9ed0d5dc9c

SHA512
1c89f5d51da58d718dab6113dc3ee49c155321cfd778e84e34015c6b820bbc8edb594d5f4148f9a12911e329dcc3a5f4f723c18e86408b4c14c2673c95a302dd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
329f4681cc7810a0d1ed49eb5ea42449

SHA1
841fba6ce6f05888afde76d699003ef28476e426

SHA256
94ac8839a1a3285f71eef8f0563946fd4ee6faacb4919a4c1ce2dc92ccfa6390

SHA512
26e352cdb583f651881d122b20378bff41874fe9f8b76056380f3dbf642db93be109088ce828ffb9263fe64a4849afca38e526080f35e5585ef3256ac0c72254

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
e4a2cc7256d3f303a6cfb1759d51aa9b

SHA1
d9292fdba515775b015253d11a2c7cbdc7dff20f

SHA256
23a2b62282b54419b56685724906ea531b60a5bb67cc666acc7d2d72b4050090

SHA512
8735d596e07dd1f33755eb49f7e1b3e172a7e47690bfdfbc6f4545fba4872970a83ac4a52c0f05402bf2ede13990627696123630cf8b31b46948f5c5d29ef0c0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
72e6fbd51ca5b29959af799402ef7ea3

SHA1
1c4df1ccd52e8d7b526af07893ae1d5564b1124c

SHA256
6efd459d6254a86d81e5c75245617753e081fad7ca17c6b1e1e3b6db3227a7cc

SHA512
e25a76e5f8eee5c595c95be6fbb2cb15eaa4082ec7f6af3283d12c77e4ebc579561bef242c921195e620da5dd5a7d577a9535d102bc66e2a012583908c35d103

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\42vejdix.default-release\sessionstore-backups\recovery.baklz4

Filesize
1KB

MD5
4e7d754ced25bdf0a45c14f5dfb71ded

SHA1
280798ea42244a0d60535be4ac0c9bba4b434cb3

SHA256
a58ff38f5572fd152b09e02f58b1a030fc0db02ff19ca6585a65d5619cd4b5b6

SHA512
d4c820db78b04e045f99e45a76b83c15c4359efb39fc8a4c9f43846746311bf0893911f1435044a9c0a07c1afd3236dcd675b6474a7db939b213aefc584b7fe8

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 200381.crdownload

Filesize
230KB

MD5
b23d20593d9176d95302568243f60052

SHA1
fef1aa01b7a41a8255d71309c7c5badf48a7a907

SHA256
9ff459396b1f4de8dbca8a866ff3b9e4a46c48a9dc1071812a256fe21349caf9

SHA512
13a9f86ca7b7df87b4174875fb3d7a7552986a6484297c841037b054d3bf01eab724f3b080f9f1984cc58912e0a50953f5d1e2355dca1cc5366eca4870400d3e

Download Submit
memory/452-0-0x00007FFB80F43000-0x00007FFB80F45000-memory.dmp

Filesize
8KB

Download
memory/452-4-0x00007FFB80F40000-0x00007FFB81A01000-memory.dmp

Filesize
10.8MB

Download
memory/452-2-0x00007FFB80F40000-0x00007FFB81A01000-memory.dmp

Filesize
10.8MB

Download
memory/452-1-0x000001C76C530000-0x000001C76C570000-memory.dmp

Filesize
256KB

Download