598959308399a249c33e9249cd7511fa9c0c23df00b56ac1d71a7b9743bab1af

Resubmissions

07/11/2024, 17:46

241107-wb98ysyrbr 10

07/11/2024, 17:39

07/11/2024, 17:38

07/11/2024, 17:38

07/11/2024, 17:32

14/10/2024, 22:45

Analysis

max time kernel
304s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07/11/2024, 17:32

Sharing

Copy URL Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

mxbikes.exe
Size

3.6MB
MD5

49ffb1b624e1746698c05aa962353768
SHA1

94f4083ddbfa537e08aa1f0de55a56146a8c6351
SHA256

598959308399a249c33e9249cd7511fa9c0c23df00b56ac1d71a7b9743bab1af
SHA512

8dab9e208003d37993b978a9e2e6cf1c5354c4e3300db97a4d1850227a438af28796b7f902f7c05b9251ea604fbb1557f6bdbb25c4bb4ba43f3dc009e5842862
SSDEEP

49152:eJRTFGeek0zge76irmN0v4Ck1HpDDCwo40mjwrvX6OpePuboh0DW6NnCn0hFToSJ:duupCHlmoSDW6NnC0h68b

Score

8^/10

aspackv2 discovery phishing

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

ASPack v2.12-2.42 1 IoCs

Detects executables packed with ASPack v2.12-2.42

aspackv2

resource	yara_rule
behavioral1/files/0x001400000001e53b-1554.dat	aspack_v212_v242

Executes dropped EXE 6 IoCs

pid	Process
1240	ChilledWindows (1).exe
3136	Flasher.exe
5320	Flasher.exe
3020	Flasher.exe
4980	Flasher.exe
4256	rickroll.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	ChilledWindows (1).exe
File opened (read-only)	\??\K:	ChilledWindows (1).exe
File opened (read-only)	\??\S:	ChilledWindows (1).exe
File opened (read-only)	\??\V:	ChilledWindows (1).exe
File opened (read-only)	\??\A:	ChilledWindows (1).exe
File opened (read-only)	\??\J:	ChilledWindows (1).exe
File opened (read-only)	\??\R:	ChilledWindows (1).exe
File opened (read-only)	\??\W:	ChilledWindows (1).exe
File opened (read-only)	\??\Z:	ChilledWindows (1).exe
File opened (read-only)	\??\B:	ChilledWindows (1).exe
File opened (read-only)	\??\N:	ChilledWindows (1).exe
File opened (read-only)	\??\O:	ChilledWindows (1).exe
File opened (read-only)	\??\T:	ChilledWindows (1).exe
File opened (read-only)	\??\U:	ChilledWindows (1).exe
File opened (read-only)	\??\X:	ChilledWindows (1).exe
File opened (read-only)	\??\L:	ChilledWindows (1).exe
File opened (read-only)	\??\G:	ChilledWindows (1).exe
File opened (read-only)	\??\I:	ChilledWindows (1).exe
File opened (read-only)	\??\M:	ChilledWindows (1).exe
File opened (read-only)	\??\P:	ChilledWindows (1).exe
File opened (read-only)	\??\Q:	ChilledWindows (1).exe
File opened (read-only)	\??\Y:	ChilledWindows (1).exe
File opened (read-only)	\??\E:	ChilledWindows (1).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
194	raw.githubusercontent.com
195	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flasher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flasher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flasher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Flasher.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754744051457195"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "64"	LogonUI.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2045521122-590294423-3465680274-1000\{E484389D-4B22-4FE6-B614-1B8CFA1171F8}	ChilledWindows (1).exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 235589.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 377698.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 821759.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 812113.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
2040	msedge.exe
2040	msedge.exe
4844	msedge.exe
4844	msedge.exe
5732	identity_helper.exe
5732	identity_helper.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
208	chrome.exe
2320	msedge.exe
2320	msedge.exe
2460	msedge.exe
2460	msedge.exe
2460	msedge.exe
2460	msedge.exe
6024	msedge.exe
6024	msedge.exe
2216	msedge.exe
2216	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe
Token: SeShutdownPrivilege	3624	chrome.exe
Token: SeCreatePagefilePrivilege	3624	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
3624	chrome.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe
4844	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5140	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3624 wrote to memory of 1376	3624	chrome.exe	98
PID 3624 wrote to memory of 1376	3624	chrome.exe	98
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 988	3624	chrome.exe	99
PID 3624 wrote to memory of 3200	3624	chrome.exe	100
PID 3624 wrote to memory of 3200	3624	chrome.exe	100
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101
PID 3624 wrote to memory of 2340	3624	chrome.exe	101

C:\Users\Admin\AppData\Local\Temp\mxbikes.exe
"C:\Users\Admin\AppData\Local\Temp\mxbikes.exe"
1⤵
PID:3884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffb25efcc40,0x7ffb25efcc4c,0x7ffb25efcc58
  2⤵
  PID:1376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1964,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1944 /prefetch:2
  2⤵
  PID:988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2024,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2016 /prefetch:3
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2212,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2372 /prefetch:8
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3180,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4560 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4412,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4420 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3812,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4436 /prefetch:8
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4804,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4796 /prefetch:8
  2⤵
  PID:2136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4824,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:3524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4464,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4800 /prefetch:8
  2⤵
  PID:2412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4880,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4752 /prefetch:8
  2⤵
  PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3756 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4864,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:2
  2⤵
  PID:2440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5376,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5212,i,16969803909120504940,17102241248040777878,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5524 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:208

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1352

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb264246f8,0x7ffb26424708,0x7ffb26424718
  2⤵
  PID:1564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3012 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
  2⤵
  PID:5180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4492 /prefetch:1
  2⤵
  PID:5188
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4604 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4328 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6316 /prefetch:8
  2⤵
  PID:1372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1756 /prefetch:1
  2⤵
  PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6240 /prefetch:1
  2⤵
  PID:5640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6472 /prefetch:1
  2⤵
  PID:4608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6736 /prefetch:1
  2⤵
  PID:1776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7164 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1816 /prefetch:1
  2⤵
  PID:4256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
  2⤵
  PID:3896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5940 /prefetch:8
  2⤵
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:4920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6296 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6508 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2320
- C:\Users\Admin\Downloads\ChilledWindows (1).exe
  "C:\Users\Admin\Downloads\ChilledWindows (1).exe"
  2⤵
  - Executes dropped EXE
  - Enumerates connected drives
  - Modifies registry class
  PID:1240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1444 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 /prefetch:8
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6872 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6024
- C:\Users\Admin\Downloads\Flasher.exe
  "C:\Users\Admin\Downloads\Flasher.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3136
- C:\Users\Admin\Downloads\Flasher.exe
  "C:\Users\Admin\Downloads\Flasher.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6688 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6828 /prefetch:8
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2016,431486245697481859,11621927402501457096,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6864 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2216
- C:\Users\Admin\Downloads\rickroll.exe
  "C:\Users\Admin\Downloads\rickroll.exe"
  2⤵
  - Executes dropped EXE
  PID:4256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2192

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3532

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x41c 0x308
1⤵
PID:2196

C:\Users\Admin\Downloads\Flasher.exe
"C:\Users\Admin\Downloads\Flasher.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3020

C:\Users\Admin\Downloads\Flasher.exe
"C:\Users\Admin\Downloads\Flasher.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4980

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38a4055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5140

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
9ebb4b148a0f351c18b620664db8056b

SHA1
db74c98788780400c6372aa9656e4856bbca52b3

SHA256
070a9230681cad3802741bc02d4f2531e37be19483a6daec1feba161f3d29172

SHA512
f1cd604e1827857eb4262ef086ad11069a838bdf58ea531bf59c4acd84a6b3443523f9b045b858f17987759cf130f9cad87020f1509fb694a9bbc720298ee8f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
4845869e584f4688167d24c35ef09668

SHA1
f215f99b9e9af23c3e720b34ebcbbfb310eb8fe5

SHA256
c9e0a3841f9fb0653c520f0c84a4ad268e00e45912b1925333faf9633d8c6503

SHA512
ba190c115648372c965ae7b93b00a4b54ac796e4f9dd5952456db0c13ace413b624571b18403d720252c7d34c1519403b69ec5c717eb7a7d0c141df35e853289

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
c3751386eb8abc8d67d3d64f1632322c

SHA1
fb4e5f26274144aa1833e30b155c620a17d14177

SHA256
ff7ca6df22f1a631f73dd4d0e2fc92b3e95473f22bbce1214ac2d151767f6253

SHA512
a49fdb776390bc58ff40f3e12f41788ed13801dfbe2e3164a9234af53e103fe4f3857dae01c69b13e818e6fe19b5f272997cd86925ce80f202a06176b2b24c01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d5e46b4cb2c0192d5464dcac3d0976fe

SHA1
2f229c97cb3b555aa00fba7f784c8243a6d64f8b

SHA256
329c3d8b57b0ff4ff6c594e31787f05c1ee3e03449b6c088cf711dbea0a7f2a9

SHA512
16097d30f0602dc1e026d52ae57daf2eb4f024a714450b7c808ec05340aaaca3160852e34d9a06dd105d5f66a773750f1a71f8b939c2227091c3da1a01e829f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
58b1bf8e75804a9864b198796e190820

SHA1
309896ec692abbdbd07fb8476ede79bc809bed30

SHA256
7a1da7903e8d7fedef0a8d0d691a2f88232030087d7df31891908c1c1a6bb1b3

SHA512
d1995e48dc39cdd454d6887e6036e0ff8e73782c3ec6179b82601110baad038c85196b5f94314f92976400b4f14997ef62b1f7a1ed5fec1b2a2deb6545c0a6df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
4582b1135c57a4909b4ead36e3cab736

SHA1
aa83e59db8e9b59842d3edf4bab829aca3fb3b1d

SHA256
196f808ebf67ab132ec3711612cff8355f6c9e4eed1906ee89b1aca84ff267cd

SHA512
1e9cadb0375b947c069d402fb803b4857eb3596ab73dbb0e6078ca641eb02ba0283fdea09618edd18d92127b9770033699c7a35a1d45f392a4e75b73d0ff931d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
efe3d40a7950254564e4404396d362ba

SHA1
b93414f5123b1e7799bdad6b1fec5a193004d8ba

SHA256
d846b5a0f6218ee05ba7376ff4c4a12fa9c41f24825ee569778ee69b3ad952e7

SHA512
4eae63d129ceb3a13e5f6028402846f323325e39c7bc569aa3d289dc436a0b39970ead3c4f0d7c994bd445fb3ee737ebf0ace47b9988a6e7b5af6dc1c3b71bec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac280516f27a86e8e54b4bd214a669f3

SHA1
8a1dc957bf986ab718b5eb21274c9788eaad0835

SHA256
8fe5d82e3fb09dc60b3f2b40ee86fcf8d5a0942006d17b86ada7749f89fa963f

SHA512
c52bf7ef2e38659c2d8c43d5539865a8c7168abfde84eec9714b9462c5e45e4f4a02153516b83c37ffc2753435f5981bc1847e20bac221ca4356e264a12df6c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
941af8d4d618e8a1dea09b795107f398

SHA1
eac8acea8cfe7ed32365c7b4ef7d3124d65e7ebd

SHA256
635d6a66463db0117ecff7a68a8d1ee47d1d89d93db0974ab5feb6196b3f7af6

SHA512
717b9b8975786a625b043e1c299d324b2193b94f97806f44089494608363a20e0cb24b01ee5f84d7de1b1284ef50dc227ba0089daf0a5868280aaafe23b3cf9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0f700b6774c0060cc07321add767d1e2

SHA1
ce47a9e0410843b7b8a75e9984b95bf29829fe14

SHA256
ef812b863c00cead5c08b9f393923d31e7e1d997fa43d589454730355f4925d8

SHA512
d9696d9efc1f3aa99f2f63a0bada4b3c6bfe84d1a601e0f8fb5ea3c9c42e10a7dce37770abf38630c259a692332690ab9e65579866cdbed9fdc94275c0e4b52d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ac16b61fc8d43a63ad001f52288c9163

SHA1
d65893382f819fe74fe80c23a623cb60726af98c

SHA256
61d11c9fff0875d81e06d2ee47d5165f898756dac6c9e50aad5f1b94efb15249

SHA512
88174fc94019d0721d04d9baff9dbc8244bf1c685953536332588a83530648a5382b991c260b474f5bb025529a0b410be288607f9fd9dd24f7e0c18fa792b3dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c8a47132022baeecaa3917363886e1a9

SHA1
8ec147dac2a79888f92b0cb0d7efda01a689304d

SHA256
2cc4efac31059ec00ba8f589da78534123c371c7428381715f2f02858cf1302b

SHA512
651b4194d8babd1f9fb3e0ab1e85d9576c46f2d440984e11168cc4c9fbe7a42f633e0b4b5384baf9f4301247ff615aec924075d7b851cf21f409816e76516c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cbdf747bbfe78c6e8a6187bf19fb3f02

SHA1
b23c6b2f193487955acdab9854e62a45123d2fb1

SHA256
6c260064e2071c0f35397191db9e92ebbb52104474115b6cabc7fdeca241c001

SHA512
d3b45d05bcdd94fecdd23772c58c6f56bc5b47b2a29525c142db8636a9b73f86370728fd9937ff8094f6d86fe449b151b934bdaa0a70934e04480dc4d231ba3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e707efd44232cbf41e2f2e350a0b64ef

SHA1
3d5f32da038aab935073c1e9b857671572fc8e78

SHA256
f064e76eaf9c5392747fafe7cdd2ed582f65c0348b1ebca9cb2562d9bb3b25aa

SHA512
0ee86676b8ae112209f9d73f5b48322f68f9758bba665b04d83ebb11f01aba63ba709290e8c266b8e4332dfab7a44625036651468b9dcd0ed0b27deeb2153cb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0d5686d13ecdea519dd0baec7dbfdac7

SHA1
9a6cc6a64138fbd53ed54a10c057fb1f770d04b0

SHA256
d25b97b9e0e93a8e023573769680be4088218d6d863ac51a874d72cc73c359ee

SHA512
7cd9193cb50970d624e46ce3d8f2f81ef71c7b49c462f0d72242fec66b3ba2532e1ac226798c0ed79e019c9de617b31d380e9f238b7b16d5a1ccf8103d17487a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d11a2f49eb1ec8ecd674a6fd688a6bb9

SHA1
334899184b5fe7e9410bbf54f060f3e0d7faeb7a

SHA256
f3ab9b085558fc29de8af6dff01dcd8284ece899b71ec649bee7bd094f73b1a3

SHA512
f09954e96a1aaf2c7e7e99da5841519f5b23a056828cf40ce12928e993f65b9b3a1e0dc13067377d574646aa0c7fd4aa54689d5d2fb8b181e5aa48517bc806cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
cefdfd6ab6e1a71442929711f656065b

SHA1
e82b9b3406b75f9ce37a5f11511c3960277f73b8

SHA256
492e6162077e79c13c2aea3825fb41f0232062e4684acb1a8dd194acabf84497

SHA512
a11ecddc18d31f002be81108d2bee33ad2753b478edf032c301ffea0a9f74fb67106e941dac39fc8c905ef5cd9a7029f81cd62e8a662a9162e79e5bfdc105d5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
124d55145e9865b66ac581025b1459e9

SHA1
7744f4e46db56f562f7ff5cd8ca23ee03ba971bf

SHA256
1092b35460bd6a7e00a452c054c39eeb81d1ce5c005098f5ddd660b7432e7662

SHA512
a3fe1b975581bc071faa785e8ceed48cacb5d567861e98fc37106fb277dd61fc78ee65e73d1573c45ef66a132f631c950819c0272662af9b8b459179efbeb5ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
70c6d3438354cf3e8928a746161b583f

SHA1
9b4f7bdec3f66a1b1b5fd6d9c486162bb56949de

SHA256
8e4f4b69bd69f51161efe6cf1e9a49e7fba36ebd8efd8af81e033d2b5aa7477a

SHA512
3ba72c253fcdfa87d866d0d605c2c44039df19ef55d078d76a87560365eab02b2ff1c304b500a25a57d13a08d99a6bd36d512fdcaa07240b92b4bbd8298e6f02

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2e4329ca7bdfe61545c9395df1dab711

SHA1
65c1fbc078c193bee0b7910086327d93cf8321c8

SHA256
ec4bc99fc8d9f2d5d926b5deb7e0adb70abb29bad072d0f1a5b28afeec033c1f

SHA512
742f6ac90cee1ccc351d5eca8c658d5d576d24aad9c5cd251fc7efcecc298c8bb178199fce75b1f25c4e3c48a17688ad1f94021662be583d96e8453174ab6885

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ed56dc265d89ae9c2cc64b154d550b6b

SHA1
55c2273dde5fadf834b1a71107add28067994545

SHA256
a5a83b42c0f470f95c35ffa57c6e22c6fc9f454de36a6916cf209fef1aecf31e

SHA512
5c1cfddc59d90f21dbb34eef53bc7393db770a2b3e4b6fc27569da80119c10b63093c6c232dff86336826fdbc716328c5240daa3d6715bb4f72fad895202f996

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
12c19d7ae7260fa8ae0f539c1513721c

SHA1
6296863181c0e0f9f2a07cbff8dc21c53ec6637b

SHA256
1aa777adef2dbc7e9287fe04a80f0bf2af01976e4ad4c4807102fc9c60fef434

SHA512
1da6d8bb6794b2f6d04439199d877030d7afce2e585414433ea6bcf9da0538efb51b547e728c8682103e75690fab9ad5e274263b8cbc5bd25c06e744a74c5a71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2f1049bcdc3fc40a1cf6a8cf7d9ec33d

SHA1
14ace332dcb85a9af75bee913909336f5b143369

SHA256
4e314cd1c1aadb57207ea79f7deb7839991ea65f497cf1f2709e1ff51c4ba0ec

SHA512
cb362d9a01cf8e9fd97ca532834f5d3a4af1edda387f46595eec4d9c0d4326f1ce461b1a636afabb1d579c2cfa64b9673f7fe611bb53699f2fa81011240b963b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
dcf4b1be02cce90f49b9ef8939495016

SHA1
3246296ff8b3f1dab4f8d4b28d3027055fcbb146

SHA256
27fc7fa844a95955bf8a267295e9f895eccaacd99912175c39cd7b5aab3e905a

SHA512
591299ab77039289a05acf6db8cecbed9f75fdca77ba19a8587611aa0fb1868f005d5f52afbd1e451c4b849ee7bc0212c091f72187825016e4937e6bf1d4eb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
69dbe0b6bac8f977ceb362ccce170d7c

SHA1
a7605b61571a054aae2f72093c53659d4c11b696

SHA256
70043569d9fb7fdb86dbee82d3f47f4546a112105a2eef9ae2233fc13e37f305

SHA512
4f5c095637c6a71f29e2020a42220eaf6a66c11fc99519d2763a09119b22cba2f1003d269fd50fbaf75b3619408187b18edbfa9d44177debc34bdbfc711e821f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
945f1659859d857ad03d08f4d6534f09

SHA1
fc69330c28e543507bdaa2484f5307441b47ff08

SHA256
8043eb990101f509f133e4ad9403263ef3d8126f1dd9f09dd112e14aadad97fe

SHA512
1146866f54f6010522b8bff2fb87143ffd2fcb7e2f0f953cc5e78c95290da3c2daface853fff73df7cc2435a6a9be756cbf0637baedc74f9bbc0099dae73650e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
131c7a2261b6cf9c516a775e6f165b9a

SHA1
7fbf6f3b73f34994089a82167682647ccbda33ed

SHA256
9f1de19ad9f4c7ff30b1252daa0cb5afa9c015913eb9dd3ed2a06a615cff6f72

SHA512
318e8e1f5433fecb16ee62334fcecb20d26a13721656b72d8713cb77b9cf7588020ffb93f838dcfe810f583cdc13c224c4388cf7734c2b71e438f7996506bd7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1f590c2cf87372f5600c858dc1035ea7

SHA1
662342e6b8704cd133a09b6b0229810e6a41a5e8

SHA256
a58ed3729533a6a2d683c39aea9bd7941cf9bcb6945dc7cc9330527c0a411e0d

SHA512
2e0e7b707256369aef245e79c61599d08990fe98a2a6109adb07f9077653e8012b06d797b1ff95f33623cdf607257f810fc54ed13eb2bdaa5d5ef48d223aa784

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
8b71e680fdf49366af43a634bc30c5da

SHA1
ebd1aa972d84d385bb3eab072635e2f1df4ff313

SHA256
a8408b16b746475e702bfd81d8c8ed31322ca43933f97062fb74b0ab861e4f75

SHA512
31c0b7d77cd5f386010690ce46536b323510a088c1e957715b6c9189420937be5c79742a5a95f09e6e016eed5fdb1c911dc755b7050d6e42bccb6e533ac6f6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
2c7e3ade0483a2b7c5534b876b332d8c

SHA1
efcc3eeebe364018d0b73104978b09fabdb6ec08

SHA256
c6eebcb7d2db4009f8bdbdabccb0d616fa8d4800e0a7ed6330cf744c90d0a412

SHA512
03473262ab66342998b1e4e607de57ac989c42e0135399b59eb5714824b5d32dadde790381b2b1799c6951e7acb17ff5b77c07141ecb19742e4af27241e2787d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
232KB

MD5
a32d3f6e82d2785a6365e27af6d1f193

SHA1
64505b5e49c1e2cb427ccfe18e1ba39375abdfb1

SHA256
0760a651033590930550bc3d3f6e202c78d78866db54f646589c3f7f8a490313

SHA512
11aeb7fc471be3e7d09eb407a58976fdb0b86c7a5be55adbb9b1b251da7aab45cfecf75ab97d13f26d73a9b45ffb2baffb02b3440e2f253a56ba80b66694a18d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\34ede75f-85bd-4115-99ec-a4d78e4f0ec6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f64de9eab8259e6c6a6e2926a69ea912

SHA1
7d5713c111f58cc8de6cb91fdb0bc45375964aad

SHA256
124d8edd944f9a0a41a4db157ad0f08ffe8219fd7a27538b40736473122324c9

SHA512
ef4e75d97e2a2b170aef5433d97fe047b6c21852a42c4ee8afeb8896ccb9a487b3b046a24c7b749e60588b5f9eb10874c58cd45b7aa07338db930984952a41bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f57224d06dee951f0acc81e08f0fc083

SHA1
8909d1296d8513842975bef51f837ec73b07539d

SHA256
7f1038af46a45649048da000129c8a050f49d3935943734d59fee71661d9203a

SHA512
b565271c6505c73fee4dc5de6d6cbfdeb9fed7d2d4a944ea3a5839ba13faff3bd33ebf803d5b9f34200046d9f2ddd4dd8cddfebf526c7236fa5a2adc06c60c95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
795B

MD5
c339d6470f8b3eb14cc2070e51cbfce9

SHA1
d305e06a529fe13ba715389e49d1b70ff200bc8b

SHA256
87650babe062fbdc92c418629fd479399e182a7dc3dbd8df8965029cfa74339f

SHA512
40d13d432fa007dfc0038a40f5fda4fdb1f15f3b9abad725dcd2a14a32d70f273b354afed76d281b65f6b7d973730a8b4aae69635f30cbf6767ddea7629c3b44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
878B

MD5
1092990ae9fb1578baaa329c97d62676

SHA1
7a9a5122fa7fae7a11e88a6e5d6ac4b94e02d218

SHA256
ffdf44bba6ae3b8e6e2b80eb5cf05a98f1f29b8f482083c15f41d6fc7dae4326

SHA512
5cb4ede25bf0eb909ccaac8343409fdb714ad473be5f859aa197ae2a36502c1561ccd06d14f711a7099574eada3a1c9657d8c7acb85fcbc0940e48053738a0a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
878B

MD5
5411fcd44ede846620f8de58f4040fb5

SHA1
3f78eeeb1ee50556d7f3b995757f091e0427870e

SHA256
4cc96942d06a20c4fb10a5e0076a225322decfa17d55648ba9f8f8d01371faa2

SHA512
0bec19f5a925c72373502c03cb09f81b838a61ca3483814aa8365d74543f800c6fff3d0787880423127725637fea9c2223351650913e5bd9726f2d6deced052d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f6415342be2c6fa3cb798ced4f032df0

SHA1
eaefce598a1453e30666c58ad5b8d10da942cefb

SHA256
9de603dc8949a0d28e63928a750c9ec0dbd392f8d41095d66075d8125d1ee38f

SHA512
ed5af4c76c2f30820fec4db3bffe99c26116d5ee3061735f0b05d48f7939504f4f702ffe98942ce061abc15dbae3d122c37c868406884ffc21e58ffbe5661f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
e2843402b39974bba69904ea6d3158b4

SHA1
9d41e82d695db5997c06cf18a8f132482c7ce785

SHA256
3803275f129da0dad83e0a886e319ab018264e9dd989a85751c5210574424498

SHA512
da674f01eeddec8107a48c95f7be62df6c0e617da3b4c2fc48addbb2a26c9263247160eb172f210399a17dc895dad27b347ca3365ff475bbac0b5c7f632b51dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4a082738a5d64aca78d1ded2a8afa314

SHA1
6bb85da5c159be46a6090403ce37eead63700630

SHA256
fb3ac9e7883f737a75c40d157e23b8f3bea7536971d4524467a95772aa6a9371

SHA512
fab2a02eba4cdb5bce5e527eef3dd26bc656003b9f357e45926cd4c8ddbeffaa903a521fb6a6cb9fb46c3160fbe7650d67f564db1b6d5b62fab12320d9f02877

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a87a8f67faf99cfa7eafd506e508ea94

SHA1
b326b48f398df24a15578b853b963f6cada278ea

SHA256
3d5fedad17283c8c83aaf96efa30cb6e4ecc1fc91989e8e8c763690eb503128d

SHA512
d34d94bf2ee1e62c715bf92caed2c8b59dae435fb99b55dcc1ad6ed8a72d1b4beaf49b46eb138fc1f7a5676a41ea6ff75569f030f8eb9559690ded874602caeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8cc82fc07069f5af07d9cde606c934c9

SHA1
2039e3f2dd8e03e2cd723466803078ca581bdee7

SHA256
ede34ec05eda2c81f07e57eefa77582168cb2305f441cda99e9a99277b31f3e7

SHA512
e4cb08a4bd254dc01471094b23041f0f1307b439df92465780bb469c71dd837b9c3b8eab8a107a2271db1332d87e530cc98d7fd638b3014eed882a8716b9626c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e63fa3fe8953ff495416f463eaf0858d

SHA1
448fc5a805906a4b13aa6b7cb31be5739ec00aac

SHA256
d20cd5ec9d8be00b1d4ea337da9336b382a2e49796fb9296620a6f0e362d1f5d

SHA512
bc6babef1f30adb6a76496482feba0066a7fdf01b0e50f506abcfbffceda42a3bcf0ee91c51a329ea9c6404b0b18d1e75a773ecd1a33f45cfb724b956fd9028a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d18b54fb0da7bdf7a9447293e4312bf1

SHA1
e9f9b0a607323d0659b51d0db193c16743a56fcb

SHA256
7b92302887be43e993efdd67ab290c1206f3e9337d287bec76a00a58825fc0ef

SHA512
49cd9be8bf041515eaf7e9f08d48b441c346e05ce8f2bbf92c29e358a06b7ea6e78988ffcabf18b7ae720851b47af655183f7aa8237ece0357eab3e6a29db652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8bff3d76d74223ff72f915af6b62066e

SHA1
3b43363e5a03e523f6b8bfe95b71ea8dc6e879a4

SHA256
cf4e853da64b522fb7aab0e44286c27bd8b8bf6363757eb4a50083ae2a305937

SHA512
b768038e7412ef7f462bda8012909e331ec83a66d3f329ba9536c2bbb4d814a80733fcf6eba3dc5a840600bd88dfcac1092861d68ff87397dde98cf9354f0021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2653423a50707c30466e094c9d5f029f

SHA1
116fca69dd74bf6be7ae7247acfc20197b6aa03f

SHA256
bdc4146a39c7f89625fb73127247f016423812444866e2ac5ee058e9af520b9f

SHA512
9a09369121b4f74290cbfdaecfd1f753dc86f0b5a49859ddab33c4152522a2dcb5897178107ddfc04a99bf445b81867fff2bd2f67657981ecbd8d3fd6a9ad111

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
58d67eee9169ecddf92038ed7f9340b7

SHA1
8389046c0f52b8508c4db28f6d45944c48580ebe

SHA256
08d1a0ef44d46ffa4ff813471136694bbc0c24e8ffa2af8c569acedd810a52b5

SHA512
8a63b7d924bc84bc7f0dae990fdb6ac66bee6e966d6b6fd22fe18f444e8b4ca37139071091a5e1b8f626ab3df56f1a022a0674493bc460ca52d59173f1aa3f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
925528d24f56032af74341b8f438fad0

SHA1
3b539bd9126f351931d82cd9169e12c0148da0b6

SHA256
20886bc2d9e795537d6c38cc4c8767454270bf20af7fd8103bb78b16e9fbcfbc

SHA512
a6600b06f557368dfd80f8e83c7c0c2764707c3c8ebfb028dba79e296b55332eb3825bc17bd5595250eb2e68f125a12aa9012453ddf9154fd9b786f037509d92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
b95fac98a12c2da1cb138e558e7003dc

SHA1
b8657db0fb0b7dbaf0ad056beb01d355d6abda0d

SHA256
c6861e9986e230ba779b01099b7898c0150b26375e4617133eede0c28e3c3e4a

SHA512
f83ac1a9c9023db94f8997cca4e28738b55c159d55c3003206e94e68e94b5c843f07e4d066b9f1e341be35b171181fcaa827566ac2c5debffcd6e68ece7965da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a077ed01458e3a3bfde962e6451a915a

SHA1
0e107e2c95dc67e5f033b811a22ffcd65ba16b34

SHA256
7610ad33dfadcfc09e0802f2ca0c6a3d142f367cac62b79f7920a21ca8ec6574

SHA512
1e2d7d62e79191583dde4ed5c64019c076557a7568cc4d72aa1bf6333e3b50635816d34846c95b65bfea2366bb400ccc8a7743ad1d97a8e812ec16dbb31aeb58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1d69c4c698e6ad8bd1fef9d3658a70b8

SHA1
f321a7c73e890aa70767b21b48f6f689578bec60

SHA256
00c3bf303a81f4b41f2c5ee9f372b96b264dfee300286b2e5f1005fcf52a1fa3

SHA512
b65dfadbafb65a603a23c10af8be9543672ad92bf2729585075eec1b42ae49f63fbdf52b9125f7afbb3ddb3db3acd4839ee7faddccd5ce2a7af465ed756b6a09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0d668348c8796930ae3f3d0034c46ab6

SHA1
76eff2dbe1c312f2ca099a07b93aade6a7b15da9

SHA256
d300da9120d7162f40cb11daff8ed3a7459d918cbc4179a1a84015f18a79f286

SHA512
1f130ebc5a0c4b8668d86a128c80fc50fc04e06e2bb33f492e26037d62d25411da580a1e13bb4978a4563c68332a5eae26152829efae73b407a723661876906f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6636c998d2823cc6449d675082e46f87

SHA1
6a78d9ad4d1e5f1743ba4fd500437262e27200b6

SHA256
a8fc38434f54c5e99819b9b8181a708e7bfcc8125e63f176a5d6e136268c5973

SHA512
ef2c8e7b407e1daebe5f26f56f6659286dd1024d1a1f1e798b27566e243c2f51b3e691203dc720d6667c8f90cedfcdb5d2d0135d2abd7822e4d7b4ee2214dda7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d510ff6f074e18995998c06078590ef7

SHA1
0a24b7448fcec1e6f1d54b77157fae0decfc7164

SHA256
aad5337922368c4dd8cd25603bbaab7da05988d7d1fcbd0e21af6eb59417b8b5

SHA512
2147e4403d34d7a685f5f58fc1172be9641b45f27cb0ce14b437ea97b251e244b263f6b3498f5f41bbbf92ea9b00aad69e6de63ecf92cb65a2c9f6a6ef32553a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d0acf2de386454ec6e27d007948117b

SHA1
54b6ad03d906c0a31a8fc38726a87ed9e35458f9

SHA256
13c96ba7a0e56c9d00e07f2a4127e4795e7b567603e886e717eec9a1fb4d7f5a

SHA512
04c45a96e89bff80fd95e91b0ce19c30d6864319c7c45b8b201aa1af01b99c5c069bd2aa0450faddb9faad8433805c039ea3695e8a640a5ddb7ab759a77e647d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c0af117cf5cdc14dd36bac58104935db

SHA1
cc05b59a6926d85e7f4abac539fa8614d4df2b20

SHA256
2b92d91178163133d21fc14dca85ea068338557796bc4994a9bde749582e148e

SHA512
013a11fd147017236df05c9348891f7d3c1e88e03a7ba9df51b6b0c9697ddfd635d69fa29d50e583f9e8229ac869e71793adcd64d3b8228a95b4995887cd6f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58cf70.TMP

Filesize
369B

MD5
94641b84ac0fe8737e830794078026d7

SHA1
af60057b34fa557d6075d8ecc81446aea9d025bd

SHA256
f3b6b3f9acb265fc670c3446a6938d0e309b6a2653dbc00c38c5abebb7d5c545

SHA512
6b38450a2343768afd516e57b709386057289d164b5d24eb0be225424624b4805db3891836f329f25ae12f1772d96c9201bc4ec10cf6a9453216555a0742b0ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
153f3669f8e79924cbb15b1755ac7dca

SHA1
355cb10588529dddadbd15bb02dae7470b35f682

SHA256
da25b3011d30e68857019597dcfba666be2a5103cea9a19a740cc8c72961e73b

SHA512
6c52021f1dfcb03b34a3befcc377aa8ca4a34ba94008678f161fa747633a9230b6d5adbfe041540a4f425b89d3559ed47b54e8f94ed791d123bfebc4cc677af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5c3f4b8375470d790ef379ce00c66270

SHA1
a2fd6b0df5105d355fa90ef8b44f5eba29af215a

SHA256
a24bb8373f4f3c7ff222b7e5bc03656ebe84a59b67626d5c5882d09f6fbb7535

SHA512
b0a86e4724d0a37c7a70739e88bbc1e3c6efb0176f7adead6091c8ee5433a3bf5285cb2fe2a84636b8a10cb28acd904b66bdd9a1fee9572d94fe27ad73149bc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
50c55b6facda2316800188b2af93072e

SHA1
0ca9dda88bfaac1cebfd032f1352b2ece1bb91f6

SHA256
d36dd72f599338b6a31e3263c56d37750f9dcd35703c2f9f568adee366955ec1

SHA512
6549e98ee6ce9fda2e9b57bf0384f8b145487d761434b9ae4fde243252dac61aba56d6322e1a76574ef7018f2bfe54f9923a13d3e3277f31cd3c0cb2b7df81a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
847390463bdca69911188d2d1d741773

SHA1
8118fde521767c566bfaf8d7bf8559947c2d1d1e

SHA256
f698cfe84410dfe052898c573badfc92e8b6797cdc7bdedaa556f092e9a8e7a1

SHA512
9a925df0719b521aac802c2e7f1d1a08602c02f9642102c767d833d8d9fdf5de2ba076ddccb179877f49d71bd2fe183407c104b249c2c59ea199702cec322714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
0060752d0c071315bd1df8998d01883c

SHA1
6da947a016458bde9487ef9d0243ced00f71ba9c

SHA256
185af3d0b151c9fa60cc8e10d6dd3ab30b75e7a351a88d64548acbca16efce9a

SHA512
8d9428d6d5badbbdc9d39098a61615eb025b50ca857d3f9d448aba74f6a8c772881ae2927560823d2aeb31548734eed38cd86a10e2fddcfa9e05a6bf83775e73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
896KB

MD5
caf65802568c1ffb1d2c5f7ebdc003f5

SHA1
793c752e867ef472174d187beb4b95861daa7e28

SHA256
ced2784b35f8867f2462f781de211cebca0d80f64a3b472177bf23e7d0a3c87d

SHA512
12e19f654318c5a995fd9adefbbf63bd5dbdd93be442919d7130818da8406ba139cbf07f4c1547e02c8e836f813a8b7d3652d173b87df6f929d47610836bea7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3624_1635915106\19af8e7e-dd45-4d52-8c9b-1b8fe59fa5fb.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3624_1635915106\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 235589.crdownload

Filesize
4.4MB

MD5
6a4853cd0584dc90067e15afb43c4962

SHA1
ae59bbb123e98dc8379d08887f83d7e52b1b47fc

SHA256
ccb9502bf8ba5becf8b758ca04a5625c30b79e2d10d2677cc43ae4253e1288ec

SHA512
feb223e0de9bd64e32dc4f3227e175b58196b5e614bca8c2df0bbca2442a564e39d66bcd465154149dc7ebbd3e1ca644ed09d9a9174b52236c76e7388cb9d996

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 812113.crdownload

Filesize
129KB

MD5
0ec108e32c12ca7648254cf9718ad8d5

SHA1
78e07f54eeb6af5191c744ebb8da83dad895eca1

SHA256
48b08ea78124ca010784d9f0faae751fc4a0c72c0e7149ded81fc03819f5d723

SHA512
1129e685f5dd0cb2fa22ef4fe5da3f1e2632e890333ce17d3d06d04a4097b4d9f4ca7d242611ffc9e26079900945cf04ab6565a1c322e88e161f1929d18a2072

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 821759.crdownload

Filesize
246KB

MD5
9254ca1da9ff8ad492ca5fa06ca181c6

SHA1
70fa62e6232eae52467d29cf1c1dacb8a7aeab90

SHA256
30676ad5dc94c3fec3d77d87439b2bf0a1aaa7f01900b68002a06f11caee9ce6

SHA512
a84fbbdea4e743f3e41878b9cf6db219778f1479aa478100718af9fc8d7620fc7a3295507e11df39c7863cb896f946514e50368db480796b6603c8de5580685a

Download Submit
C:\Users\Admin\Downloads\chilledwindows.mp4

Filesize
3.6MB

MD5
698ddcaec1edcf1245807627884edf9c

SHA1
c7fcbeaa2aadffaf807c096c51fb14c47003ac20

SHA256
cde975f975d21edb2e5faa505205ab8a2c5a565ba1ff8585d1f0e372b2a1d78b

SHA512
a2c326f0c653edcd613a3cefc8d82006e843e69afc787c870aa1b9686a20d79e5ab4e9e60b04d1970f07d88318588c1305117810e73ac620afd1fb6511394155

Download Submit
memory/1240-1379-0x000000001B7B0000-0x000000001B7B8000-memory.dmp

Filesize
32KB

Download
memory/1240-1381-0x000000001B830000-0x000000001B83E000-memory.dmp

Filesize
56KB

Download
memory/1240-1367-0x0000000000520000-0x0000000000984000-memory.dmp

Filesize
4.4MB

Download
memory/1240-1380-0x0000000021560000-0x0000000021598000-memory.dmp

Filesize
224KB

Download
memory/1240-1419-0x000000001CC30000-0x000000001CD5D000-memory.dmp

Filesize
1.2MB

Download
memory/1240-1492-0x000000001CC30000-0x000000001CD5D000-memory.dmp

Filesize
1.2MB

Download
memory/3020-1792-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/3020-1637-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/3136-1739-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/3136-1619-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/4256-1752-0x0000000000400000-0x0000000000422000-memory.dmp

Filesize
136KB

Download
memory/4980-1647-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/4980-1795-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/5320-1741-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download
memory/5320-1621-0x0000000000400000-0x00000000004A4000-memory.dmp

Filesize
656KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads