Analysis

  • max time kernel
    380s
  • max time network
    381s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    11-11-2024 17:12

Errors

Reason
Machine shutdown

General

  • Target

    link.txt

  • Size

    139B

  • MD5

    b158f6f6f236146dbb84f01382f7b288

  • SHA1

    6044e94429a90711f51626f628a3a9d51d4afd60

  • SHA256

    ac87f8dd3c4ffb6ebfebe7e23be8ec298263cb5103bdd180e156997db328c85c

  • SHA512

    9f52cd6d10066c7033c239494c513698ada42881768d23ad52785a3f787c53bbaafbc51e66806753e7b104c5d23c2a46eeed6d4740b5a0a9420bbbed85edefe9

Malware Config

Extracted

Family

vidar

Version

11.5

Botnet

8b94a7bcafb394a6cda231fd95b94a68

C2

https://t.me/gos90t

https://steamcommunity.com/profiles/76561199800374635

Attributes
  • user_agent

    Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15 Ddg/17.6

Signatures

  • Detect Vidar Stealer 45 IoCs
  • Vidar

    Vidar is an infostealer based on Arkei stealer.

  • Vidar family
  • Downloads MZ/PE file
  • Uses browser remote debugging 2 TTPs 36 IoCs

    Can be used control the browser and steal sensitive information such as credentials and session cookies.

  • Executes dropped EXE 9 IoCs
  • Loads dropped DLL 8 IoCs
  • Reads data files stored by FTP clients 2 TTPs

    Tries to access configuration files associated with programs like FileZilla.

  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Unsecured Credentials: Credentials In Files 1 TTPs

    Steal credentials from unsecured files.

  • Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

  • Drops file in System32 directory 1 IoCs
  • Suspicious use of SetThreadContext 4 IoCs
  • Drops file in Windows directory 12 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Program crash 4 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 13 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 3 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 8 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Delays execution with timeout.exe 4 IoCs
  • Enumerates system info in registry 2 TTPs 30 IoCs
  • Modifies data under HKEY_USERS 21 IoCs
  • Modifies registry class 3 IoCs
  • NTFS ADS 1 IoCs
  • Opens file in notepad (likely ransom note) 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 36 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 64 IoCs
  • Suspicious use of SendNotifyMessage 64 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\system32\cmd.exe
    cmd /c C:\Users\Admin\AppData\Local\Temp\link.txt
    1⤵
    • Modifies registry class
    • Suspicious use of WriteProcessMemory
    PID:2876
    • C:\Windows\system32\NOTEPAD.EXE
      "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\link.txt
      2⤵
      • Opens file in notepad (likely ransom note)
      PID:3600
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Modifies registry class
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:2968
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6e07cc40,0x7ffb6e07cc4c,0x7ffb6e07cc58
      2⤵
        PID:2192
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1832,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1828 /prefetch:2
        2⤵
          PID:4572
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2064,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2124 /prefetch:3
          2⤵
            PID:2164
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
            2⤵
              PID:4456
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3104,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3268 /prefetch:1
              2⤵
                PID:1536
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3184,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3304 /prefetch:1
                2⤵
                  PID:4952
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3584,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4468 /prefetch:1
                  2⤵
                    PID:2076
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4600,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4592 /prefetch:8
                    2⤵
                      PID:2652
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4740 /prefetch:8
                      2⤵
                        PID:832
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4796,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3580 /prefetch:8
                        2⤵
                          PID:4804
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4940,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
                          2⤵
                            PID:4032
                          • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                            "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
                            2⤵
                            • Drops file in Windows directory
                            PID:3776
                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x244,0x248,0x24c,0x220,0x250,0x7ff7cfe24698,0x7ff7cfe246a4,0x7ff7cfe246b0
                              3⤵
                              • Drops file in Windows directory
                              PID:4872
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3580,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4948 /prefetch:8
                            2⤵
                              PID:4560
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4676,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4876 /prefetch:8
                              2⤵
                                PID:2576
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4592,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5124 /prefetch:8
                                2⤵
                                  PID:956
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5260,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5364 /prefetch:8
                                  2⤵
                                    PID:3328
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5604,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4780 /prefetch:2
                                    2⤵
                                      PID:5096
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=3740,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:1
                                      2⤵
                                        PID:2880
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5176,i,14918880671145847948,7409017589158291884,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:8
                                        2⤵
                                        • NTFS ADS
                                        PID:2408
                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                      1⤵
                                        PID:2084
                                      • C:\Windows\system32\svchost.exe
                                        C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                        1⤵
                                          PID:4824
                                        • C:\Windows\System32\rundll32.exe
                                          C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                          1⤵
                                            PID:4812
                                          • C:\Program Files\7-Zip\7zG.exe
                                            "C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\" -spe -an -ai#7zMap26195:122:7zEvent25514
                                            1⤵
                                            • Suspicious use of AdjustPrivilegeToken
                                            • Suspicious use of FindShellTrayWindow
                                            PID:4852
                                          • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                            "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                            1⤵
                                            • Executes dropped EXE
                                            • Suspicious use of SetThreadContext
                                            • System Location Discovery: System Language Discovery
                                            PID:1280
                                            • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                              "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                              2⤵
                                              • Executes dropped EXE
                                              • Loads dropped DLL
                                              • System Location Discovery: System Language Discovery
                                              • Checks processor information in registry
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:4044
                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                3⤵
                                                • Uses browser remote debugging
                                                • Drops file in Windows directory
                                                • Enumerates system info in registry
                                                • Modifies data under HKEY_USERS
                                                • Suspicious behavior: EnumeratesProcesses
                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                • Suspicious use of AdjustPrivilegeToken
                                                • Suspicious use of FindShellTrayWindow
                                                PID:2992
                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb6e09cc40,0x7ffb6e09cc4c,0x7ffb6e09cc58
                                                  4⤵
                                                    PID:556
                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2092,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2088 /prefetch:2
                                                    4⤵
                                                      PID:4060
                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1860,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2124 /prefetch:3
                                                      4⤵
                                                        PID:4796
                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2268,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2244 /prefetch:8
                                                        4⤵
                                                          PID:3256
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3208 /prefetch:1
                                                          4⤵
                                                          • Uses browser remote debugging
                                                          PID:2068
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3212,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3396 /prefetch:1
                                                          4⤵
                                                          • Uses browser remote debugging
                                                          PID:1688
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4560,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4596 /prefetch:1
                                                          4⤵
                                                          • Uses browser remote debugging
                                                          PID:2752
                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4556 /prefetch:8
                                                          4⤵
                                                            PID:5048
                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4828 /prefetch:8
                                                            4⤵
                                                              PID:4456
                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4568,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4936 /prefetch:8
                                                              4⤵
                                                                PID:1220
                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4504,i,16744914773432041194,1309009546585368384,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4532 /prefetch:8
                                                                4⤵
                                                                  PID:3312
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                3⤵
                                                                • Uses browser remote debugging
                                                                • Enumerates system info in registry
                                                                • Suspicious behavior: EnumeratesProcesses
                                                                • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                PID:4180
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0xfc,0x130,0x7ffb6e0a3cb8,0x7ffb6e0a3cc8,0x7ffb6e0a3cd8
                                                                  4⤵
                                                                    PID:892
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
                                                                    4⤵
                                                                      PID:836
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2336 /prefetch:3
                                                                      4⤵
                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                      PID:2968
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
                                                                      4⤵
                                                                        PID:456
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
                                                                        4⤵
                                                                        • Uses browser remote debugging
                                                                        PID:1924
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
                                                                        4⤵
                                                                        • Uses browser remote debugging
                                                                        PID:1756
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1876 /prefetch:2
                                                                        4⤵
                                                                          PID:1216
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2244 /prefetch:2
                                                                          4⤵
                                                                            PID:1148
                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2016 /prefetch:2
                                                                            4⤵
                                                                              PID:2216
                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4580 /prefetch:2
                                                                              4⤵
                                                                                PID:2204
                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4780 /prefetch:2
                                                                                4⤵
                                                                                  PID:2072
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2244 /prefetch:1
                                                                                  4⤵
                                                                                  • Uses browser remote debugging
                                                                                  PID:2124
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
                                                                                  4⤵
                                                                                  • Uses browser remote debugging
                                                                                  PID:2792
                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,16664262538629924640,9211131853878926562,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3560 /prefetch:8
                                                                                  4⤵
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:4004
                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\CBFBGCGIJKJJ" & exit
                                                                                3⤵
                                                                                • System Location Discovery: System Language Discovery
                                                                                PID:2084
                                                                                • C:\Windows\SysWOW64\timeout.exe
                                                                                  timeout /t 10
                                                                                  4⤵
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Delays execution with timeout.exe
                                                                                  PID:1472
                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 1280 -s 324
                                                                              2⤵
                                                                              • Program crash
                                                                              PID:1604
                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 1280 -ip 1280
                                                                            1⤵
                                                                              PID:1456
                                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                              1⤵
                                                                                PID:4616
                                                                              • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                                                                "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                                                                1⤵
                                                                                • Executes dropped EXE
                                                                                • Suspicious use of SetThreadContext
                                                                                PID:3012
                                                                                • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                                                                  "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                                                                  2⤵
                                                                                  • Executes dropped EXE
                                                                                  • Loads dropped DLL
                                                                                  • System Location Discovery: System Language Discovery
                                                                                  • Checks processor information in registry
                                                                                  • Suspicious behavior: EnumeratesProcesses
                                                                                  PID:1200
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                    3⤵
                                                                                    • Uses browser remote debugging
                                                                                    • Drops file in Windows directory
                                                                                    • Enumerates system info in registry
                                                                                    • Modifies data under HKEY_USERS
                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                    • Suspicious use of AdjustPrivilegeToken
                                                                                    PID:2256
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6e09cc40,0x7ffb6e09cc4c,0x7ffb6e09cc58
                                                                                      4⤵
                                                                                        PID:3208
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2348,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2344 /prefetch:2
                                                                                        4⤵
                                                                                          PID:5004
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1776,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2452 /prefetch:3
                                                                                          4⤵
                                                                                            PID:1072
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1956,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2572 /prefetch:8
                                                                                            4⤵
                                                                                              PID:3608
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3164 /prefetch:1
                                                                                              4⤵
                                                                                              • Uses browser remote debugging
                                                                                              PID:3400
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3172,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3216 /prefetch:1
                                                                                              4⤵
                                                                                              • Uses browser remote debugging
                                                                                              PID:764
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4392 /prefetch:1
                                                                                              4⤵
                                                                                              • Uses browser remote debugging
                                                                                              PID:3352
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4680,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4628 /prefetch:8
                                                                                              4⤵
                                                                                                PID:4320
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4636,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4672 /prefetch:8
                                                                                                4⤵
                                                                                                  PID:2324
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4908,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4964 /prefetch:8
                                                                                                  4⤵
                                                                                                    PID:4796
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4916,i,10942318210003451403,11847958584250213741,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4744 /prefetch:8
                                                                                                    4⤵
                                                                                                      PID:1620
                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                    3⤵
                                                                                                    • Uses browser remote debugging
                                                                                                    • Enumerates system info in registry
                                                                                                    • Suspicious behavior: EnumeratesProcesses
                                                                                                    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                    PID:1400
                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6e0a3cb8,0x7ffb6e0a3cc8,0x7ffb6e0a3cd8
                                                                                                      4⤵
                                                                                                        PID:1472
                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
                                                                                                        4⤵
                                                                                                          PID:940
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
                                                                                                          4⤵
                                                                                                          • Suspicious behavior: EnumeratesProcesses
                                                                                                          PID:1996
                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
                                                                                                          4⤵
                                                                                                            PID:1452
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
                                                                                                            4⤵
                                                                                                            • Uses browser remote debugging
                                                                                                            PID:4972
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
                                                                                                            4⤵
                                                                                                            • Uses browser remote debugging
                                                                                                            PID:4320
                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1892 /prefetch:2
                                                                                                            4⤵
                                                                                                              PID:1796
                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2528 /prefetch:2
                                                                                                              4⤵
                                                                                                                PID:3208
                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4784 /prefetch:2
                                                                                                                4⤵
                                                                                                                  PID:5100
                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=2316 /prefetch:2
                                                                                                                  4⤵
                                                                                                                    PID:2964
                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4856 /prefetch:2
                                                                                                                    4⤵
                                                                                                                      PID:3768
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
                                                                                                                      4⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      PID:4292
                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1888,4748077263743607548,11418494200782114523,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
                                                                                                                      4⤵
                                                                                                                      • Uses browser remote debugging
                                                                                                                      PID:4924
                                                                                                                  • C:\Windows\SysWOW64\cmd.exe
                                                                                                                    "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\HIIIIEGHDGDB" & exit
                                                                                                                    3⤵
                                                                                                                    • System Location Discovery: System Language Discovery
                                                                                                                    PID:4756
                                                                                                                    • C:\Windows\SysWOW64\timeout.exe
                                                                                                                      timeout /t 10
                                                                                                                      4⤵
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • Delays execution with timeout.exe
                                                                                                                      PID:2548
                                                                                                                • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 3012 -s 272
                                                                                                                  2⤵
                                                                                                                  • Program crash
                                                                                                                  PID:912
                                                                                                              • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                C:\Windows\SysWOW64\WerFault.exe -pss -s 528 -p 3012 -ip 3012
                                                                                                                1⤵
                                                                                                                  PID:1672
                                                                                                                • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                  1⤵
                                                                                                                    PID:3668
                                                                                                                  • C:\Windows\system32\NOTEPAD.EXE
                                                                                                                    "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Readme.txt
                                                                                                                    1⤵
                                                                                                                    • Opens file in notepad (likely ransom note)
                                                                                                                    PID:2816
                                                                                                                  • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                                                                                                    "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                                                                                                    1⤵
                                                                                                                    • Executes dropped EXE
                                                                                                                    • Suspicious use of SetThreadContext
                                                                                                                    PID:4572
                                                                                                                    • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                                                                                                      "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                                                                                                      2⤵
                                                                                                                      • Executes dropped EXE
                                                                                                                      • Loads dropped DLL
                                                                                                                      • System Location Discovery: System Language Discovery
                                                                                                                      • Checks processor information in registry
                                                                                                                      • Suspicious behavior: EnumeratesProcesses
                                                                                                                      PID:2820
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                        3⤵
                                                                                                                        • Uses browser remote debugging
                                                                                                                        • Drops file in Windows directory
                                                                                                                        • Enumerates system info in registry
                                                                                                                        • Modifies data under HKEY_USERS
                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                        PID:2992
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb6e09cc40,0x7ffb6e09cc4c,0x7ffb6e09cc58
                                                                                                                          4⤵
                                                                                                                            PID:2812
                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1892,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=1888 /prefetch:2
                                                                                                                            4⤵
                                                                                                                              PID:4668
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1828,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=1904 /prefetch:3
                                                                                                                              4⤵
                                                                                                                                PID:1176
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2216,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=2188 /prefetch:8
                                                                                                                                4⤵
                                                                                                                                  PID:4624
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3156,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3184 /prefetch:1
                                                                                                                                  4⤵
                                                                                                                                  • Uses browser remote debugging
                                                                                                                                  PID:2464
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3196,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3212 /prefetch:1
                                                                                                                                  4⤵
                                                                                                                                  • Uses browser remote debugging
                                                                                                                                  PID:3528
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4288,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4512 /prefetch:1
                                                                                                                                  4⤵
                                                                                                                                  • Uses browser remote debugging
                                                                                                                                  PID:1480
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4672 /prefetch:8
                                                                                                                                  4⤵
                                                                                                                                    PID:3668
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4792,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4636 /prefetch:8
                                                                                                                                    4⤵
                                                                                                                                      PID:2392
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4876,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=4840 /prefetch:8
                                                                                                                                      4⤵
                                                                                                                                        PID:2272
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4900,i,13164151289968934554,12699120127595853536,262144 --variations-seed-version=20241110-180057.762000 --mojo-platform-channel-handle=3836 /prefetch:8
                                                                                                                                        4⤵
                                                                                                                                          PID:2724
                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                        3⤵
                                                                                                                                        • Uses browser remote debugging
                                                                                                                                        • Enumerates system info in registry
                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                        PID:4272
                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6e0a3cb8,0x7ffb6e0a3cc8,0x7ffb6e0a3cd8
                                                                                                                                          4⤵
                                                                                                                                            PID:480
                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
                                                                                                                                            4⤵
                                                                                                                                              PID:1644
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
                                                                                                                                              4⤵
                                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                                              PID:3184
                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
                                                                                                                                              4⤵
                                                                                                                                                PID:8
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
                                                                                                                                                4⤵
                                                                                                                                                • Uses browser remote debugging
                                                                                                                                                PID:4936
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
                                                                                                                                                4⤵
                                                                                                                                                • Uses browser remote debugging
                                                                                                                                                PID:4220
                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1868 /prefetch:2
                                                                                                                                                4⤵
                                                                                                                                                  PID:4340
                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2268 /prefetch:2
                                                                                                                                                  4⤵
                                                                                                                                                    PID:1672
                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4392 /prefetch:2
                                                                                                                                                    4⤵
                                                                                                                                                      PID:2216
                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4376 /prefetch:2
                                                                                                                                                      4⤵
                                                                                                                                                        PID:1964
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4296 /prefetch:2
                                                                                                                                                        4⤵
                                                                                                                                                          PID:4728
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
                                                                                                                                                          4⤵
                                                                                                                                                          • Uses browser remote debugging
                                                                                                                                                          PID:1396
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8477805851381031518,11196880635084295594,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
                                                                                                                                                          4⤵
                                                                                                                                                          • Uses browser remote debugging
                                                                                                                                                          PID:1364
                                                                                                                                                      • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                        "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\KEGIDHJKKJDG" & exit
                                                                                                                                                        3⤵
                                                                                                                                                        • System Location Discovery: System Language Discovery
                                                                                                                                                        PID:4732
                                                                                                                                                        • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                          timeout /t 10
                                                                                                                                                          4⤵
                                                                                                                                                          • System Location Discovery: System Language Discovery
                                                                                                                                                          • Delays execution with timeout.exe
                                                                                                                                                          PID:4112
                                                                                                                                                    • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                      C:\Windows\SysWOW64\WerFault.exe -u -p 4572 -s 276
                                                                                                                                                      2⤵
                                                                                                                                                      • Program crash
                                                                                                                                                      PID:4144
                                                                                                                                                  • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                    C:\Windows\SysWOW64\WerFault.exe -pss -s 356 -p 4572 -ip 4572
                                                                                                                                                    1⤵
                                                                                                                                                      PID:3888
                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                      1⤵
                                                                                                                                                        PID:5016
                                                                                                                                                      • C:\Windows\system32\taskmgr.exe
                                                                                                                                                        "C:\Windows\system32\taskmgr.exe" /0
                                                                                                                                                        1⤵
                                                                                                                                                        • Checks SCSI registry key(s)
                                                                                                                                                        • Modifies registry class
                                                                                                                                                        • Suspicious behavior: EnumeratesProcesses
                                                                                                                                                        • Suspicious behavior: GetForegroundWindowSpam
                                                                                                                                                        • Suspicious use of SendNotifyMessage
                                                                                                                                                        PID:3296
                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://appdata/
                                                                                                                                                        1⤵
                                                                                                                                                        • Enumerates system info in registry
                                                                                                                                                        • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                        PID:2392
                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5d763cb8,0x7ffb5d763cc8,0x7ffb5d763cd8
                                                                                                                                                          2⤵
                                                                                                                                                            PID:1476
                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1964 /prefetch:2
                                                                                                                                                            2⤵
                                                                                                                                                              PID:1148
                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2012 /prefetch:3
                                                                                                                                                              2⤵
                                                                                                                                                                PID:2720
                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
                                                                                                                                                                2⤵
                                                                                                                                                                  PID:3432
                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
                                                                                                                                                                  2⤵
                                                                                                                                                                    PID:4284
                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
                                                                                                                                                                    2⤵
                                                                                                                                                                      PID:5016
                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1884,10794708012715116967,7377360237455130098,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
                                                                                                                                                                      2⤵
                                                                                                                                                                        PID:788
                                                                                                                                                                    • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                      C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                      1⤵
                                                                                                                                                                        PID:2988
                                                                                                                                                                      • C:\Windows\System32\CompPkgSrv.exe
                                                                                                                                                                        C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                                                                                                                                        1⤵
                                                                                                                                                                          PID:3240
                                                                                                                                                                        • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                                                                                                                                                          "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                                                                                                                                                          1⤵
                                                                                                                                                                          • Executes dropped EXE
                                                                                                                                                                          • Suspicious use of SetThreadContext
                                                                                                                                                                          PID:4936
                                                                                                                                                                          • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                                                                                                                                                            2⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            PID:2548
                                                                                                                                                                          • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe
                                                                                                                                                                            "C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe"
                                                                                                                                                                            2⤵
                                                                                                                                                                            • Executes dropped EXE
                                                                                                                                                                            • Loads dropped DLL
                                                                                                                                                                            • System Location Discovery: System Language Discovery
                                                                                                                                                                            • Checks processor information in registry
                                                                                                                                                                            PID:132
                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                              3⤵
                                                                                                                                                                              • Uses browser remote debugging
                                                                                                                                                                              • Drops file in Windows directory
                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                              • Modifies data under HKEY_USERS
                                                                                                                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                              PID:3940
                                                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb5d61cc40,0x7ffb5d61cc4c,0x7ffb5d61cc58
                                                                                                                                                                                4⤵
                                                                                                                                                                                  PID:4544
                                                                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1972 /prefetch:2
                                                                                                                                                                                  4⤵
                                                                                                                                                                                    PID:3932
                                                                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1816,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2012 /prefetch:3
                                                                                                                                                                                    4⤵
                                                                                                                                                                                      PID:4860
                                                                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2204,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2220 /prefetch:8
                                                                                                                                                                                      4⤵
                                                                                                                                                                                        PID:2576
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3176,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3196 /prefetch:1
                                                                                                                                                                                        4⤵
                                                                                                                                                                                        • Uses browser remote debugging
                                                                                                                                                                                        PID:2196
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3204,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3240 /prefetch:1
                                                                                                                                                                                        4⤵
                                                                                                                                                                                        • Uses browser remote debugging
                                                                                                                                                                                        PID:4628
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --remote-debugging-port=9223 --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4540,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4260 /prefetch:1
                                                                                                                                                                                        4⤵
                                                                                                                                                                                        • Uses browser remote debugging
                                                                                                                                                                                        PID:2880
                                                                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4648,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3180 /prefetch:8
                                                                                                                                                                                        4⤵
                                                                                                                                                                                          PID:3972
                                                                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4784,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4776 /prefetch:8
                                                                                                                                                                                          4⤵
                                                                                                                                                                                            PID:1592
                                                                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4860,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4656 /prefetch:8
                                                                                                                                                                                            4⤵
                                                                                                                                                                                              PID:392
                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4980,i,11576836437265080423,14736619475730684286,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
                                                                                                                                                                                              4⤵
                                                                                                                                                                                                PID:2224
                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9223 --profile-directory="Default"
                                                                                                                                                                                              3⤵
                                                                                                                                                                                              • Uses browser remote debugging
                                                                                                                                                                                              • Enumerates system info in registry
                                                                                                                                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                                                                                              PID:2580
                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffb6d923cb8,0x7ffb6d923cc8,0x7ffb6d923cd8
                                                                                                                                                                                                4⤵
                                                                                                                                                                                                  PID:3324
                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1896 /prefetch:2
                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                    PID:1964
                                                                                                                                                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
                                                                                                                                                                                                    4⤵
                                                                                                                                                                                                      PID:3992
                                                                                                                                                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
                                                                                                                                                                                                      4⤵
                                                                                                                                                                                                        PID:2164
                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                        • Uses browser remote debugging
                                                                                                                                                                                                        PID:5048
                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                        • Uses browser remote debugging
                                                                                                                                                                                                        PID:788
                                                                                                                                                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1852 /prefetch:2
                                                                                                                                                                                                        4⤵
                                                                                                                                                                                                          PID:4700
                                                                                                                                                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2780 /prefetch:2
                                                                                                                                                                                                          4⤵
                                                                                                                                                                                                            PID:776
                                                                                                                                                                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4780 /prefetch:2
                                                                                                                                                                                                            4⤵
                                                                                                                                                                                                              PID:1708
                                                                                                                                                                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=1884 /prefetch:2
                                                                                                                                                                                                              4⤵
                                                                                                                                                                                                                PID:5076
                                                                                                                                                                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=4908 /prefetch:2
                                                                                                                                                                                                                4⤵
                                                                                                                                                                                                                  PID:3120
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • Uses browser remote debugging
                                                                                                                                                                                                                  PID:4220
                                                                                                                                                                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                                                                                                                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --remote-debugging-port=9223 --field-trial-handle=1856,8483190692358323740,3257879979809603758,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2248 /prefetch:1
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • Uses browser remote debugging
                                                                                                                                                                                                                  PID:2300
                                                                                                                                                                                                              • C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                "C:\Windows\system32\cmd.exe" /c timeout /t 10 & rd /s /q "C:\ProgramData\IIDHJDGCGDAA" & exit
                                                                                                                                                                                                                3⤵
                                                                                                                                                                                                                • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                PID:4432
                                                                                                                                                                                                                • C:\Windows\SysWOW64\timeout.exe
                                                                                                                                                                                                                  timeout /t 10
                                                                                                                                                                                                                  4⤵
                                                                                                                                                                                                                  • System Location Discovery: System Language Discovery
                                                                                                                                                                                                                  • Delays execution with timeout.exe
                                                                                                                                                                                                                  PID:2068
                                                                                                                                                                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                              C:\Windows\SysWOW64\WerFault.exe -u -p 4936 -s 292
                                                                                                                                                                                                              2⤵
                                                                                                                                                                                                              • Program crash
                                                                                                                                                                                                              PID:2116
                                                                                                                                                                                                          • C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                            C:\Windows\SysWOW64\WerFault.exe -pss -s 512 -p 4936 -ip 4936
                                                                                                                                                                                                            1⤵
                                                                                                                                                                                                              PID:3560
                                                                                                                                                                                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                                                                                                                                                                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                                                                                                                                                                                              1⤵
                                                                                                                                                                                                                PID:2204
                                                                                                                                                                                                              • C:\Windows\system32\svchost.exe
                                                                                                                                                                                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                                                                                                                                                                                1⤵
                                                                                                                                                                                                                  PID:3196
                                                                                                                                                                                                                • C:\Windows\system32\LogonUI.exe
                                                                                                                                                                                                                  "LogonUI.exe" /flags:0x4 /state0:0xa3945055 /state1:0x41c64e6d
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                  • Modifies data under HKEY_USERS
                                                                                                                                                                                                                  • Suspicious use of SetWindowsHookEx
                                                                                                                                                                                                                  PID:1456
                                                                                                                                                                                                                • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                  C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                                                                                                                                                                  1⤵
                                                                                                                                                                                                                    PID:1232
                                                                                                                                                                                                                  • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                    C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                                                                                                                                                                    1⤵
                                                                                                                                                                                                                      PID:3184
                                                                                                                                                                                                                    • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                      C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                                                                                                                                                                      1⤵
                                                                                                                                                                                                                        PID:1588
                                                                                                                                                                                                                      • C:\Windows\System32\rundll32.exe
                                                                                                                                                                                                                        C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
                                                                                                                                                                                                                        1⤵
                                                                                                                                                                                                                          PID:3724
                                                                                                                                                                                                                        • C:\Windows\system32\bootim.exe
                                                                                                                                                                                                                          bootim.exe /startpage:1
                                                                                                                                                                                                                          1⤵
                                                                                                                                                                                                                          • Drops file in System32 directory
                                                                                                                                                                                                                          • Drops file in Windows directory
                                                                                                                                                                                                                          PID:3468

                                                                                                                                                                                                                        Network

                                                                                                                                                                                                                        MITRE ATT&CK Enterprise v15

                                                                                                                                                                                                                        Replay Monitor

                                                                                                                                                                                                                        Loading Replay Monitor...

                                                                                                                                                                                                                        Downloads

                                                                                                                                                                                                                        • C:\ProgramData\HIIIIEGHDGDB\BKECFI

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          114KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          1ac9296bf54211fc69a717d265d08da7

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          84aa58b01e344562626c039a6befe45aa50480a4

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          2663aa18fa523dd88df4d099e859c78e8f488ed3ab2037156a0218d9d00ec46b

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          9df862aca72a3f706c1fefd02fbca3f6f5b4e2b2c27fe336a5a60e86cbc81b4ab5edce0e618d766d08ed335a84f7b8617bf94fef48f6737f3b04f5a612e11a3b

                                                                                                                                                                                                                        • C:\ProgramData\HIIIIEGHDGDB\HDAKJD

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          10KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          a6ac8b6edf32a108b43903e68f593429

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          100a1dd3c0dce4142dc987f71a7b6719e58c2cb0

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          4c2c8c6c8cf4d458b97e9572832f3b7d3a91b2d041199c94cdf3addeeab3c39c

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          066fdabd384413f1fcefcce4b6f9a64a9a7c8bcfd2dc7ea44dd9fd9b4960b6a9af812a1d051aa9eb7197913d4915c9208ef72fdbc3de2a865c9fa91438eb9e54

                                                                                                                                                                                                                        • C:\ProgramData\HIIIIEGHDGDB\IDGIJE

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          116KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          4e2922249bf476fb3067795f2fa5e794

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          d2db6b2759d9e650ae031eb62247d457ccaa57d2

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          c2c17166e7468877d1e80822f8a5f35a7700ac0b68f3b369a1f4154ae4f811e1

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          8e5e12daf11f9f6e73fb30f563c8f2a64bbc7bb9deffe4969e23081ec1c4073cdf6c74e8dbcc65a271142083ad8312ec7d59505c90e718a5228d369f4240e1da

                                                                                                                                                                                                                        • C:\ProgramData\HIIIIEGHDGDB\KEBGHC

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          112KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          87210e9e528a4ddb09c6b671937c79c6

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          3c75314714619f5b55e25769e0985d497f0062f2

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          eeb23424586eb7bc62b51b19f1719c6571b71b167f4d63f25984b7f5c5436db1

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          f8cb8098dc8d478854cddddeac3396bc7b602c4d0449491ecacea7b9106672f36b55b377c724dc6881bee407c6b6c5c3352495ed4b852dd578aa3643a43e37c0

                                                                                                                                                                                                                        • C:\ProgramData\KEGIDHJKKJDG\CBKJJEHCB

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          40KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          a182561a527f929489bf4b8f74f65cd7

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          8cd6866594759711ea1836e86a5b7ca64ee8911f

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

                                                                                                                                                                                                                        • C:\ProgramData\KEGIDHJKKJDG\GDHIDHIEG

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          46KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          14ccc9293153deacbb9a20ee8f6ff1b7

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          46b4d7b004ff4f1f40ad9f107fe7c7e3abc9a9f3

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          3195ce0f7aa2eae2b21c447f264e2bd4e1dc5208353ac72d964a750de9a83511

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          916f2178be05dc329461d2739271972238b22052b5935883da31e6c98d2697bd2435c9f6a2d1fcafb4811a1d867c761055532669aac2ea1a3a78c346cdeba765

                                                                                                                                                                                                                        • C:\ProgramData\KEGIDHJKKJDG\HJKJKK

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          96KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          40f3eb83cc9d4cdb0ad82bd5ff2fb824

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          d6582ba879235049134fa9a351ca8f0f785d8835

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

                                                                                                                                                                                                                        • C:\ProgramData\KEGIDHJKKJDG\HJKJKK

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          5.0MB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          ef92db00a08398092891d5b25d4950a2

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          18f078cfff3a4fb1fa40974e2999ec7ae9268be3

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          a0482b9c521ff1b1ea4a7f7eb7b7aab1d473455184c662cae75d382751ca8020

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          8a0366ebd34ec0c632427fff62b7d4fc38b470c57bcfc150e51f180d42140d969d41522683f857b8e7dab65f4c58c07b0bd830c2c339d4e242ba642b36076f84

                                                                                                                                                                                                                        • C:\ProgramData\mozglue.dll

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          593KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          c8fd9be83bc728cc04beffafc2907fe9

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          95ab9f701e0024cedfbd312bcfe4e726744c4f2e

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          ba06a6ee0b15f5be5c4e67782eec8b521e36c107a329093ec400fe0404eb196a

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          fbb446f4a27ef510e616caad52945d6c9cc1fd063812c41947e579ec2b54df57c6dc46237ded80fca5847f38cbe1747a6c66a13e2c8c19c664a72be35eb8b040

                                                                                                                                                                                                                        • C:\ProgramData\nss3.dll

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.0MB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          1cc453cdf74f31e4d913ff9c10acdde2

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          6e85eae544d6e965f15fa5c39700fa7202f3aafe

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          ac5c92fe6c51cfa742e475215b83b3e11a4379820043263bf50d4068686c6fa5

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          dd9ff4e06b00dc831439bab11c10e9b2ae864ea6e780d3835ea7468818f35439f352ef137da111efcdf2bb6465f6ca486719451bf6cf32c6a4420a56b1d64571

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          40B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          76025b9fb7201faad57e95ac873e37eb

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          25c01eb7d9a63723eac365d764e96e45e953a5c1

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          03bb8cf70d96e562ff19d80ef9a01f8255aaa1a6ffa2005dbc004bb718e05269

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          6f5c8680823f3fc01c4668585518a1a535959ec456bca88f81eebe0484dc6cf6bbc40044db4ac7d18798529a20feca039bd986f243db817f27df220a7917a28f

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\690dc1d3-7154-401a-8aa4-1de5c5d955de.tmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          1B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          649B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          11bcbac99ca3e63af4f1a033031f6ad1

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          629c5a06dc8b5caec032d9e237b55e54d35f89dd

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          35e4531eab3c9c2b38c0248b50804366e2aa0456e75bf9ebca511a8405d192aa

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          2b428763c4e9438c4df20b940d6cbb94f1898844eba10b910428548e6c3547302648d0410d15e4e88755d9f8318f3e5c3ba52ff7118c840093bf8f4e3b7e3323

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          44KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          abe981778ae776a933a949dc421b146e

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          b245efe1664ed04a1dd6dea336c978f6aa906305

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          cf5bc2c79a1fe6f2992789718d16c9c3ace4a959ecee76a6bc54919de8d5fd8b

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          f6d8a53f1ddfd5c761c66aa547c7fcb395f51ca3635e1fa99c1e97488602e9f0c01e26b8735a976cc0cded3fabe55542238d39d8aea55e767ee48d2ecb50c1a8

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          264KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          086c411a70ceeb61458e1c3be9588e89

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          22b6ee84a5f1099ce0abd428c70725f52186e7e5

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          4271a71e2b6c912004840d86a33092c6d8dbd2b6c09b6adf1431a809b7bd619c

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          10a4e08467108b86750ecf73a10ee3af793f57fc419a4f26b5a8a8d8beb5f6fc717d7ad64d63d940d0a2711853891897e723bcc6087abd3dfc8efcc9135d2688

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          1.0MB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          cf217d712c4bf0982f5b4cbae6ddde5a

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          ea362dc171ac45038fb7771d2182c72d368d93fb

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          47bae565499a3df35910a66663b3a138ccf93dd55a23f65def59614c3e425467

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          961f9a710a18919decae3530b1b53b0ca7816712cb9ad4277b00ef49de0066d49003a2696754519fbd577f82f7b05d1c0859e8a5215793c909a9abac4b362442

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          4.0MB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          13f611ecc23835d577808f7cedcf642a

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          22bc223009aabe957da735724c32b93980a798c9

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          06ce2a9cff4f538db09c3d92f6a3ae3fe88ad056e2c0b2b004938f1e2ce278ba

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          cea2db84eef00d3ebd07f41e7cbb1f59249bc14c7ac204f6ec4b443060c438bd6c2f0420334eb18829b5849ba83ecaee1942c00c66482d7d16db88fdfc4eac93

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          36KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          2767f16817ff475686ffb8da264ee4e3

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          7b91a3814c30032c1e86d22bf2afdf1ec64eaeec

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          7b4168d3a1ecacca7b55c7b746e52c37a3a0370fa725a1d72247adcfa73fb730

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          bb614af4914558bc2050fcba9d0a49a95bd5663b15cb897d156c2b1519430a6d50cde3601b3516bcd4aeca167837a17ac927456d399cfc746e5f6bdebbe2dd68

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          62KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          24393e2ccc4e7a164f062df993d27335

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          c8f960244677439e72295d499440f295ae5be7c5

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          3ecbdf289749ebf07b749a91eb3db3d1f8fc338e5cae2dae22730fb893736130

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          a675af57b19197f17a1be1351c3cee6a291f23dc2614081bd7bd71adbe5eb0d191c4d50b295d43b3a002d48454a24ef9e4dc52510f2db54dcfe0c8e71948d10c

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          38KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          d4586933fabd5754ef925c6e940472f4

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          a77f36a596ef86e1ad10444b2679e1531995b553

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          6e1c3edffec71a01e11e30aa359952213ac2f297c5014f36027f308a18df75d2

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          6ce33a8da7730035fb6b67ed59f32029c3a94b0a5d7dc5aa58c9583820bb01ef59dd55c1c142f392e02da86c8699b2294aff2d7c0e4c3a59fce5f792c749c5ce

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          264KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          f50f89a0a91564d0b8a211f8921aa7de

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          112403a17dd69d5b9018b8cede023cb3b54eab7d

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          851B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          07ffbe5f24ca348723ff8c6c488abfb8

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_metadata\computed_hashes.json

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          4KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          7a3448db5fa5835d53a800aaa881be43

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          2648c873fb8f04ab6ab5ad08f237d9960ec9da80

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          73c4b3145bc4cc4c936ddae8ec853c3bd6302b7ad4a98cb82df44563b3e0995a

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          f7d91d6dfcdcc2a14ef69bfdd6499eedf39c65700cf96c2474c067fb2f02c31eb344736ef5f66d37facc00858620e1e501bfae2f3596659b93368a44041abb4d

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_metadata\verified_contents.json

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          11KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          f897300492e3ab467e56883d23d02d77

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          decd6dc9e70eccf9b45983147680614c019b99ea

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          f9b3a5747dedcb5aed58fcfc0f4fd3bd2f2e903f2ccef90a92a73dbc0f8c3dbd

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          b8ac574e24814baf04a264e7f3f00b4285cd7b66104dfc77897440a898fca5230775300ec7def723678975a04c2cd1bc73a44f77da26262e8704029930990c62

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          854B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          4ec1df2da46182103d2ffc3b92d20ca5

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          44KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          2cd6def41399a166ee7e007fe372df32

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          362b64bec21f65f6b0cb3601b42ba3ad34a0f1c6

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          aaeed4c46667bf90ec619ab538ecd5e9cfd5701c1ad2b8b6d4d270258ac87693

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          78e95c7fd6737b97305f8990f16405398a021d6fbb3f50cc59d6294462c113cc1054d91160c21fa7e8d9adc1db6b755f30d6da8454f017d98acd6749793bfc4a

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          264KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          80f5be18640d239efc41cf2264194838

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          05ded07d5b5c44f6d2d968e1513127a4f36890fb

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          1bae550632e6394a62ece90f1b36eb8825b638ae9599fab7019537d6a721eaec

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          7fb38717771954b8a85683d1ea8215dcc16960e65930dd764d47262709b77f1ff7a4f4aaa680bdd402286287cb790e2109d6c2fdd6b4fed368793b2bf7ec87a0

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          1.0MB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          61c252bd092f4508e9e14239fa38b6d9

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          9f7ba481f9062f575542131f9c820dd6acaba3a0

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          00d5a696462456ec674917095d57e6b3b40b969b7a08763f50d8438853c720a1

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          f7fd84993b390fdc95e7c6631a97d5de3fb4f754f305e82fc9a754dcf9a0347f1df2c35e762576a2e9e3aaf44db72d1bb9d657cef88e53b4f61181e0ff8d3108

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          4.0MB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          cfa172a650b84b3abdbcc47097ea7b57

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          5b45943b506c37225942826c102fcca6bb743847

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          74581baa80a130006b3dd5628aa4845b20089bb80a5c5710c459e2708c95b038

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          fd8626ec91e0b48a17bfe1bbf51ff8419717f631109ea2ca39b908dbc06d7628b4ff5d861bee7bc2070685c59a63c9c3759db1cb589299a0cf430a7d3b5dabfe

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          160KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          a3e51c1be31c3d89f6b33facfc9704a8

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          034aaf77352e7b62e2a09c68763ae27b652a3a56

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          c6de67b918175696827ca98b3ef73daf73186d3d2e7f68f0df3d93d95ec43fa2

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          347b86c867e735b7a23ba687f37927b22cdaabcf80a3ada4e27917de33b89e5039ce165e118308ed7eb86b1a7efddd6c9536c8eaf6e7e27eddb17abbc43688b4

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          332B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          f9186304f713a120525552dfdaff2b45

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          8a7df2d472ba47047b2237d02485cd4b86ac8965

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          faf4c9554376136f6339b88b5a110300c60cae60d9828fda8eb394c0289598da

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          33cd0e5cbeb710813c0d9ffa25e43dfbadf79b0ec0cb9f4bb0cb9005662fc44c3417b87ab9cbc04b45cd1bd36cb73656b5f016caf4987f0f595c1351359f91b2

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          20KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          33be0c8c3f5bf7c9edf049611efed046

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          f357acc5b935a3faee9732c0e19dc615ab8d0498

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          52b7e77ca813671aabba0f98ea5177d206804b0319757e68291d03ea3260feac

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          f5a52a0a73ee5e1c48f197b5365d07cb3286afcf4cf256a7c2dbee3058453ed56a704ed17a4fe1092418b3767a1679495ea36175d2ddd85a63b0c2531d8bca4f

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          54b1d341225d015b82f0112ad4d3f983

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          db4a83f597416254b4aefdffc9d52f3b26193ad1

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          3f4e01599f063047c70894f2edca74f4839ce78493b0f3e7cce9d91b0afec56c

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          37f8aac791a7d550c4495d4bad14ae824a4aca64557a8d6b023953ce4193a6fb7d918083d24e533d8d0fc45355736088c428bacda403458baadb587097b7687e

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          36KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          b02551a75bacdae2619ec235278995c9

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          dffc20cbf439e317071030d258a1b9ef6539a864

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          26429e8033ba48db60ce282da2955e48ed9b3d70c8ebfc7547d84caede0d35db

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          d7a370eaa418bb9a7a3ccbb93fedd11b27f834c6da5184b70f87d10536703d9ae3af075058a7b6c9493af3f12e80f834de4f181d0ea6003e6d2f39dd5613bee1

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          d751713988987e9331980363e24189ce

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          690B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          e342f2d50875abf37d38903b517105dc

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          45d1eb932663caf0f625414ada8f4d481a93d837

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          5c12a4515fd9ecf250a3720e8073283f7e5249c1cd6b8a714fafdd4e163b36d2

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          d1110a288f7a306d54072ba04329003d35d28ab35e0d0e1604b31fbf68ccc0bc6b6fd58e9fd63ef3b872392f377c58a4af8056db259c6012d695cb4a7db54c3e

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          9KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          cebda50ade32a4158545d006bb127bf0

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          fa4f0dd455470be9061065c00de0692b44b9c1ee

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          a4dcdbccdfc679320a4c991320dea1250f04e237e33f485fa7799bdedd8ad7cd

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          1b257d8d8dcb15768159501f81edbcbe077fea9163b626bedbe3da27c426743c180523fc5d7c80a8f7347aa22db47b44327db7acc729119ebf0d19ca97e35459

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          9KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          296a787dce9bc9b03bd39f9fd5ca6524

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          a3187468e521807017d4c3cabfd2338266f45436

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          a9a4a94e9a61711bcedc13468f6db1e15ed170a8c5bd6176f0ec3c69ec167c37

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          d891d0eab6980bd292398a1de3aa78aaa336920a4dd2d477c990c46a8ce39dbc6e014398f7f5944d42fe4205ac32132442290904e99119bcc17a6b83a8559513

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          9KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          de278fe7a5dcab21f2fa8bfcd2dc17b3

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          2a929f95e2a75eff49d308e8580d49625c62fdbf

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          857d5b330a437af6945e75bd7d4a04bf4adb1caac0e9ad0768386935dff2c48f

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          728c4cbef87bad322d88ce1196b93d13e7313188d36fcedcf8b91d43436c0b5d0ece6e3c1e5fd9cd52ab2f866b3c9e7f925bbd3ff22e2171b25f8916109a92d3

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          15KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          ab967d234c9dad2c1d1fff64c801ca1a

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          9f6dbc09edd76345e68c9a717d12c215dbd64425

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          f8d210bc62c11fffe7fb7dc00e54178710ca40a3980038fb6b8f84bf57ae6688

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          b3dfb0a96bf5dcb8b6595fee24e885a296e4672f090e68693b4d8472d04403e0e0b5f73e85bbeeb51c9d5a3ab63392aafe62e343b7acc15d4ae1b23eafa72e4c

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          3KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          615f3fadee975b48cf9e7ab10fd2ac57

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          c8701433b9dee915bd657a29a1cd858a62fa704f

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          b2e58e4a9cfc11488459655159b6a95d7a90a5b547a26b4b6b25e435903cc20a

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          a76444241c069e6cd25fbbfbd5c5d0317e150e53c430018d220bb3e5e9dbcc13405d5aaf6a7a522319a1b6762303c1164eb4a43a19afb801082c28ca9ecbfb2b

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          336B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          265397158c84fd4c5c498d260523a8d2

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          1a3ff443e2d2a3e3c6395f5a20ca75a2d6ab8356

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          0000eab1b4aaf3d3375c3202e4aba39bdb789115af294917acabd15d35b67e55

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          5b292e1656a9b3586188480daedf7f80b35785cfe0cf4040aac7f162ce6b70aaa53814a62355dd5a15f207614ca1928579ec0df6be021a1ccbe17ead382378c0

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          72B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          a4345860d2ba5f4a9d0e9c0156d7abfc

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          a668be9105a4c34d9bc2e3f571263d79885155d6

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          1d5161549b5053f4b6ea780af5decddda06927205333fe671066f6f026ff694a

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          6a2e3cf3fe779ccda8ad72a99ef099a1f8f745e388e5226301b72722a6000d2ed4a567adc24f32dfeca8ba3611373fba87fc90b26e13cce17f70c95ab2882dc6

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          320B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          38e4357ac9053858e1f8afc8766b41f9

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          27d7f104dd9dbaf669a5ef727f1a856fbc961422

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          cb587b18db0235545b8bdcb471158eedf78c3100c121f9582875250b3b71a5a4

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          bffe5d8b895f5b7c46d7a5791e0bbedadbae9d367f1b3c2f1b1016660921c65c552e17ef8220a3a8c2bf31b2461894af52fcd12d4d2abaa88432becd68ddc642

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          348B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          ee1facbe56770a070fae0d2967fc526c

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          4d815f34636db41c3b4918bb1213f87de306f593

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          4c797f2822972e691ee999d3ef2b836c00741551e82328d3805a84442518c111

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          9edd0cea8c9c9812a2f5dfb8e174a972b4772905d36e5b38ebb39dd63976e1b272eb87921969c744f24e7194203ab69f7443be9439ee037c9e28367ad220632c

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          321B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          227ee12d525a1aef1bce5034a3eb8c37

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          a708983aa4b82387ad88bcc1c710edc2103078a1

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          c321e04101a7c310d6febc2fee6b2e22e08e0b52e075457c1423164c307d2650

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          915a66e5546ba03dcb79a3c330d4d3df87f3fb3903abc1aaad63c14a1d0459b8c52364ce9ef054ea204f1254bb32c226bcab7fcd9f79f767e5e068db23593076

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          40KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          0c62ee6bf74cd8447df5d9fc9511656d

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          a5cd62808320981dfbfea3953c335d9fe1b63380

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          6b957cfd2d5b69bfcf3fc5c9ff873f9fe030d617f3016a84887ef8d1fa200aaa

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          67eb36ea260bd7d6e5d1f93e7fc04573e2733edcc0520d6ef2424b46d1f46c0294487c21084f2ba38afefdb78e26cc4be6eb80ed9a6d20003eceab8886c0b956

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journal

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          8KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          4042d51cfc96ca87daca393b8ee4978d

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          8899ec40d409c6f1232a3c31ee0fca67c25bccfc

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          35ac8dda5a5e7193c36bd0a2e76de8fe804829dc549b7755b0575ee9c4d04706

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          7c25b0137c5815806d2f2aa86866f17d886522bf347137bf319b3e167b40245cd93316d4fdb9c14223261aa187b57a7b8750eb2476b33ca3c97a35101b3724e4

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          338B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          b837defdc04490323306ea6230a57471

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          1751e0f6d37c2cd5b02cc3e0f19fa7143e89975d

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          8fa1dd2c92c5fed92894d557d597d76818aee3ffc040c1e4eb05f771947ac99a

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          34e1d59c0e257f9a41b0ed78587e3f5860e23b7b482c7446f6800c88f8902b4c81822f12f5d866d77c98dd227eefb99a551e679b2a8c833aa2a2a469f019ec0d

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          106B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          de9ef0c5bcc012a3a1131988dee272d8

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          fa9ccbdc969ac9e1474fce773234b28d50951cd8

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          14B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          ef48733031b712ca7027624fff3ab208

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          da4f3812e6afc4b90d2185f4709dfbb6b47714fa

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          232KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          81549c23c39fa8ba226ad99bfc050a31

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          ca468231f74c7941c29d6901672b7eb045f31d64

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          31cb21f3ac8817797738e63b53eef3f4836d4faf5f0ef827ef00f42200dee7e2

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          09e5ed3c62baee3e06316ce57bd7e8b7e20d872289c073f1549bcc85b85d3f3ee622f248763917484ec4468880cc84515837f1c1301c1379d2b2e94f36c4f488

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          232KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          9dee893e396c487bf7372e5576e4b3ed

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          868c3d2da2e81eb2bd1f9300ea2c94c2c1f417db

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          03e01d09b9878474c0229fc113332c07a240a06ae41c1363e9c86262682c0aaa

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          0c2ef74ad24e557bd353ac35a431f2ad2588137bb8142f491e5a3b9ef144658347e38b944872f6802d0ff896adaca19fccc1f50c3d5d2155df97b4def7f110ef

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          86B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          961e3604f228b0d10541ebf921500c86

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          6e00570d9f78d9cfebe67d4da5efe546543949a7

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          152B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          a28bb0d36049e72d00393056dce10a26

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          c753387b64cc15c0efc80084da393acdb4fc01d0

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          684d797e28b7fd86af84bfb217d190e4f5e03d92092d988a6091b2c7bbbd67c1

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          20940fee33aa2194c36a3db92d4fd314ce7eacc2aa745abec62aa031c2a53ba4ff89f2568626e7bd2536090175f8d045c3bb52c5faa5ecc8da8410ab5fc519f7

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          152B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          554d6d27186fa7d6762d95dde7a17584

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          93ea7b20b8fae384cf0be0d65e4295097112fdca

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          2fa6145571e1f1ece9850a1ac94661213d3e0d82f1cef7ac1286ff6b2c2017cb

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          57d9008ccabc315bd0e829b19fe91e24bab6ef20bcfab651b937b0f38eec840b58d0aed092a3bbedd2d6a95d5c150372a1e51087572de55672172adc1fc468a7

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          152B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          b01be3ea3b6721e56c5435f4aa038cbb

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          2c21a031cefa8996de1338ced671bf97cb35efe5

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          10a459d7b410fc54e547cdc7add584e3fb07f13c7885ab1dbb8b124fef015e9a

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          2b168c10314490869abfe114af170cb3469fdc1011f2d19abc508e42e3902d49f313d00afcc09cafabb5436830e7d5a32004a1152a48317a7b413f55482094c3

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\087b6d10-21a0-4b76-a620-29267b7bd92c.tmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          de45bff3cdec175deb9233f692a7976d

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          8d4eb3ff07def9961d264280110359950ba07194

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          ec3eb1344510b47abd59cd4c3b7d3d0e6453ca164de71779f5a6553177f79a3c

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          ed80d2f7cbf104ec36636abdc9a53b4d4cbfb76a5a7528fcd2101ec0c3978ac59709e59807273df76036b6a977c3a14a35b93f0d44e60d65acd9b75e02a11ccc

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          3df3f4fcddfb542e8430d3655826dc44

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          ba27470273d81fe0db08653f14f38aebe24fef0a

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          aa6439905b3706eb61d5c0692bdb1712cb1608693e40e3e1a66246c90cc893ec

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          02d05a167e2acbae28a6d170df1521ece4db55f3cb2db2679aede93138b7bf0abfaf17aeff1d314002026eed3189ccff5536d117ede6044ac342f1c4c56a5a7d

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          888173291f04dba82cb807d63b1f8263

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          3a721f966b907b58d1ecebcc96ea1f4701b43c6d

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          3d9f363ec60b4647c9b4556739e95e97c8ef328d8d626f6ce8782d4552424cb6

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          a7a3b686c459f0417f161ac3e261075eb583c40c4fd77e08ca615cf3572b59847da3cee5cf666284cd8ee618ef220aa73d16daf8d4d159b6035041f79e298897

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          71f58cf7563a8eb096ba84c9c218d5b9

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          fb869427119987270670c62616ebacf04a5851c6

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          b22624e2a570a9c26760b8bed70e72997370fbc003a13f27a9de89c732260488

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          aac5400d9b1ea5f53d4337ad4ccac0711b8b607305c56d0f3ef9f3dc91df71f856699eb9f20653c5f9314a32cc4a03dc6d621b42361c2628bfc9e85cb00f9046

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          5KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          f13f47e67916f4b7f2d61b65b95f34ad

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          2567255b68b4784dd916f795f0201752b8d290c4

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          884dcf365d538a8846450537684fe9f61ba6694775d41100cf33872364a189af

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          8b743e48a5c072f055fc08708c20dc0ca4f47ce0e8ffce71914014d06fa428f9644f2f9e3902f9da92c99d12e03db5a5f8c0d490e2365042c40462557280b18c

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          6KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          b1adb98e2b741449fb165894cd10d01c

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          37833ff164f2f657f7d75fc91bbd2932db67fdda

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          b6ce07e626bd7c6368b43e0e9f1ab63698366ec2f47199026d8eb966d9910438

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          ffb6861101e628c155776537f4a385c2eec0a2dd36e61bafc6f536b58f9e93df855e4fe832daad424c821e4531b17cb2f2fec4fb11b2eef444f9fdaf5a0a800f

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          11B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          b29bcf9cd0e55f93000b4bb265a9810b

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          e662b8c98bd5eced29495dbe2a8f1930e3f714b8

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          10KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          9ec2a0fb2f88429238a8a36d21b96447

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          c20937f64a11ea3099b25f0432a860b7e5300807

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          2e6fc4e924bde18067caccfad20df22e06dbe0d12838b14dfe69fad8c5f39f77

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          887728dfc51482728d5f53c8a54f725fe3f9a0d70d96426b296043d386f06a4b4c037ea82799ca8f956313ee523174bd2c032594a419a9fdd4ed5d8b7cb9a342

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir2968_1306068921\27333311-e4b2-43b0-834b-e55dcb70af8f.tmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          132KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          da75bb05d10acc967eecaac040d3d733

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          95c08e067df713af8992db113f7e9aec84f17181

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                                                                                                                                                                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir2968_1306068921\CRX_INSTALL\_locales\en_CA\messages.json

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          711B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          558659936250e03cc14b60ebf648aa09

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                                                                                                                                                                                        • C:\Users\Admin\Downloads\Unlock_Tool.zip:Zone.Identifier

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          26B

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          fbccf14d504b7b2dbcb5a5bda75bd93b

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          d59fc84cdd5217c6cf74785703655f78da6b582b

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

                                                                                                                                                                                                                        • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\Unlock_Tool_v2.5.7.exe

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          1.3MB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          d5385fee466644e901e083397bc43e68

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          21c93293c172c6f7f8db95cfb8075b0710ea62b3

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          d40bf69fa85a3a178bd29f371880c7a8b15bc2b81368ff0695f9f8a798f0d1fd

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          1b26331e2783d3925ddfc2f163de6a270025e0ad4e24d30f5e4876797ec2e495005d9c8668261c91b55d551d554646eda02e3a97501efecbc88b8647d5263e8e

                                                                                                                                                                                                                        • C:\Users\Admin\Downloads\Unlock_Tool\Unlock_Tool_v2.5.7\locales\resources\Data\level4.resS

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          128KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          64d183ad524dfcd10a7c816fbca3333d

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          5a180d5c1f42a0deaf475b7390755b3c0ecc951c

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          5a666340f42f0f985772024d90a83d15c9a241a68d58205cd4afbb1a31f1621a

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          3cab59dff09981f49d1070fba06a781439bb1ea2dae0cfcb937d9875bbe9e866be2c951cfc6a3ca4a92aea79dd3e9c4792a765f5a06f230a57dabcab2f0b3c1e

                                                                                                                                                                                                                        • C:\Windows\System32\Recovery\ReAgent.xml

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          1KB

                                                                                                                                                                                                                          MD5

                                                                                                                                                                                                                          80d4d4c896fcad74a4d211874305a9b7

                                                                                                                                                                                                                          SHA1

                                                                                                                                                                                                                          f869ea7bf79246156f0b596dce410a79ad4fc979

                                                                                                                                                                                                                          SHA256

                                                                                                                                                                                                                          a7f882784498257e2df60128e44031380934650503b86d3391ed4a841668d894

                                                                                                                                                                                                                          SHA512

                                                                                                                                                                                                                          75a3e66ead67e0eb937e7bc8ad5149736daaeab102815aef108ff78d4764a590cd58cb7fccade5db696dc4343b2b947e0945a1ffc86bad0cde7678687761f189

                                                                                                                                                                                                                        • memory/1200-1476-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1538-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1567-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1566-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1433-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1434-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1435-0x000000001A130000-0x000000001A38F000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                        • memory/1200-1441-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1442-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1457-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1461-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1458-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1462-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1467-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1475-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1559-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1468-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1558-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1539-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1530-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/1200-1531-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/2820-1574-0x0000000019EB0000-0x000000001A10F000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                        • memory/2820-1572-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/2820-1573-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1420-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1212-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1333-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1403-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1419-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1327-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1428-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1427-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1397-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1389-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1209-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1334-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1316-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1319-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1320-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1315-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1243-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1235-0x000000001C3E0000-0x000000001C63F000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.4MB

                                                                                                                                                                                                                        • memory/4044-1242-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1234-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1233-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1325-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1213-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB

                                                                                                                                                                                                                        • memory/4044-1390-0x0000000000400000-0x0000000000659000-memory.dmp

                                                                                                                                                                                                                          Filesize

                                                                                                                                                                                                                          2.3MB