hxxp://allmylinks[.]com/gdssava

Analysis

max time kernel
484s
max time network
485s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
16/12/2024, 19:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://allmylinks.com/gdssava

Score

8^/10

paypal credential_access discovery evasion persistence phishing privilege_escalation stealer

Malware Config

Signatures

Modifies Windows Firewall 2 TTPs 4 IoCs

evasion

Windows Service

T1543.003

Disable or Modify System Firewall

T1562.004

pid	Process
3116	netsh.exe
2288	netsh.exe
2532	netsh.exe
6052	netsh.exe

Uses browser remote debugging 2 TTPs 9 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
1516	chrome.exe
4112	chrome.exe
3160	chrome.exe
6128	chrome.exe
2044	chrome.exe
4896	chrome.exe
5392	chrome.exe
1076	chrome.exe
1040	chrome.exe

A potential corporate email address has been identified in the URL: GoddessAva@gddssavaonPremiumChat
phishing
A potential corporate email address has been identified in the URL: GoddessAva@gdssavaAllMyLinks
phishing
A potential corporate email address has been identified in the URL: sweetalert2@8
phishing

Executes dropped EXE 8 IoCs

pid	Process
1216	GoonScript.exe
2500	GoonScript.exe
4368	selenium-manager.exe
4756	chromedriver.exe
2836	GoonScript.exe
3016	GoonScript.exe
5308	selenium-manager.exe
1056	chromedriver.exe

Loads dropped DLL 64 IoCs

pid	Process
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
2500	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe
3016	GoonScript.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
418	drive.google.com
419	drive.google.com

Looks up external IP address via web service 9 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
463	ipinfo.io
513	ipinfo.io
555	ipinfo.io
462	ipinfo.io
464	ipinfo.io
512	ipinfo.io
523	ipinfo.io
524	ipinfo.io
556	ipinfo.io

Detected potential entity reuse from brand PAYPAL.
phishing paypal

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\DawnCache\data_2	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Local Storage\leveldb\MANIFEST-000001	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Cache\Cache_Data\data_1	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Variations	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\shared_proto_db\LOCK	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\44223d6a-6929-4bf3-81fc-2367d62ee552.tmp	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Code Cache\js\index	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\first_party_sets.db	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Cache\Cache_Data\f_000004	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Safe Browsing Network\Safe Browsing Cookies-journal	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Feature Engagement Tracker\AvailabilityDB\LOG	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Local State~RFe5b8ab8.TMP	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\BrowserMetrics-spare.pma	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\DawnCache\data_2	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\ShaderCache\data_3	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Visited Links	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Top Sites-journal	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Code Cache\js\467c9891ac99ba34_0	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Code Cache\js\c4824cca05c72371_1	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Network\Network Persistent State~RFe5b5c07.TMP	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Safe Browsing Network\NetworkDataMigrated	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Extension Scripts\000001.dbtmp	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Extension State\LOG	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Segmentation Platform\SignalDB\LOCK	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\DawnCache\data_1	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\GrShaderCache\index	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\Secure Preferences	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\387b8260-ca18-431b-93ff-a322a7429d78.tmp	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\DIPS	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\e73f4440-9295-483d-adda-c8931b88e187\30fbcd9bb7466093_0	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Download Service\EntryDB\LOG	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Code Cache\js\index-dir\the-real-index~RFe5cb916.TMP	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Crashpad\settings.dat	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\shared_proto_db\000001.dbtmp	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\Shared Dictionary\db	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\8fdec231-6663-48d4-9e4a-5d436a085d86.tmp	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Segmentation Platform\SignalDB\LOG	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\GrShaderCache\data_1	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\Code Cache\js\583480e73ac7e29c_1	chrome.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\debug.log	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Extension Scripts\000001.dbtmp	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Cache\Cache_Data\f_000001	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\e73f4440-9295-483d-adda-c8931b88e187\e9d91a2127a0d812_0	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Local Storage\leveldb\000001.dbtmp	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\Code Cache\js\05cf05598c8c9087_0	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Favicons	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Favicons-journal	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_s	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\BrowserMetrics\BrowserMetrics-67608128-5EC.pma	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\Session Storage\CURRENT	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\08098e9c-a84a-42d2-b2e9-ab7107c8f1ea.tmp	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Sync Data\LevelDB\000003.log	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Local Storage\leveldb\000001.dbtmp	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Default\Session Storage\CURRENT	chrome.exe
File opened for modification	C:\Program Files\scoped_dir4756_1822510458\Local State	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Cache\Cache_Data\f_000011	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\segmentation_platform\ukm_db-journal	chrome.exe
File opened for modification	C:\Program Files\scoped_dir1056_1950045546\Default\Site Characteristics Database\MANIFEST-000001	chrome.exe
File created	C:\Program Files\scoped_dir1056_1950045546\Default\Cache\Cache_Data\f_000008	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\GrShaderCache\data_3	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Code Cache\js\f3ae0d23e488645b_0	chrome.exe
File created	C:\Program Files\scoped_dir4756_1822510458\Default\Cache\Cache_Data\f_000003	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Event Triggered Execution: Netsh Helper DLL 1 TTPs 12 IoCs

Netsh.exe (also referred to as Netshell) is a command-line scripting utility used to interact with the network configuration of a system.

persistence privilege_escalation

Netsh Helper DLL

T1546.007

description	ioc	Process
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key value enumerated	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe
Key queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\NetSh	netsh.exe

System Location Discovery: System Language Discovery 1 TTPs 12 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	selenium-manager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	selenium-manager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133788512369644264"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 12 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2878641211-696417878-3864914810-1000\{6D39E7EB-454A-4B9A-899E-0F55C9A4891C}	GoonScript.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2878641211-696417878-3864914810-1000\{1A64C6C6-2396-4FF1-B2DB-269892485E14}	GoonScript.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2878641211-696417878-3864914810-1000\{AF8F179C-81EB-4078-8162-C91DE352C2A1}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000_Classes\Local Settings	mspaint.exe

Suspicious behavior: EnumeratesProcesses 29 IoCs

pid	Process
4940	msedge.exe
4940	msedge.exe
4880	msedge.exe
4880	msedge.exe
4908	identity_helper.exe
4908	identity_helper.exe
3568	msedge.exe
3568	msedge.exe
4412	msedge.exe
6124	msedge.exe
6124	msedge.exe
6124	msedge.exe
6124	msedge.exe
2796	msedge.exe
2796	msedge.exe
3136	mspaint.exe
3136	mspaint.exe
1076	chrome.exe
1076	chrome.exe
1516	chrome.exe
1516	chrome.exe
1616	chrome.exe
1616	chrome.exe
6664	msedge.exe
6664	msedge.exe
6392	msedge.exe
6392	msedge.exe
5588	identity_helper.exe
5588	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
180	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 50 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
1076	chrome.exe
1076	chrome.exe
1076	chrome.exe
1076	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: 33	5076	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5076	AUDIODG.EXE
Token: SeRestorePrivilege	2296	7zG.exe
Token: 35	2296	7zG.exe
Token: SeSecurityPrivilege	2296	7zG.exe
Token: SeSecurityPrivilege	2296	7zG.exe
Token: SeIncreaseQuotaPrivilege	1792	WMIC.exe
Token: SeSecurityPrivilege	1792	WMIC.exe
Token: SeTakeOwnershipPrivilege	1792	WMIC.exe
Token: SeLoadDriverPrivilege	1792	WMIC.exe
Token: SeSystemProfilePrivilege	1792	WMIC.exe
Token: SeSystemtimePrivilege	1792	WMIC.exe
Token: SeProfSingleProcessPrivilege	1792	WMIC.exe
Token: SeIncBasePriorityPrivilege	1792	WMIC.exe
Token: SeCreatePagefilePrivilege	1792	WMIC.exe
Token: SeBackupPrivilege	1792	WMIC.exe
Token: SeRestorePrivilege	1792	WMIC.exe
Token: SeShutdownPrivilege	1792	WMIC.exe
Token: SeDebugPrivilege	1792	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1792	WMIC.exe
Token: SeRemoteShutdownPrivilege	1792	WMIC.exe
Token: SeUndockPrivilege	1792	WMIC.exe
Token: SeManageVolumePrivilege	1792	WMIC.exe
Token: 33	1792	WMIC.exe
Token: 34	1792	WMIC.exe
Token: 35	1792	WMIC.exe
Token: 36	1792	WMIC.exe
Token: SeIncreaseQuotaPrivilege	1792	WMIC.exe
Token: SeSecurityPrivilege	1792	WMIC.exe
Token: SeTakeOwnershipPrivilege	1792	WMIC.exe
Token: SeLoadDriverPrivilege	1792	WMIC.exe
Token: SeSystemProfilePrivilege	1792	WMIC.exe
Token: SeSystemtimePrivilege	1792	WMIC.exe
Token: SeProfSingleProcessPrivilege	1792	WMIC.exe
Token: SeIncBasePriorityPrivilege	1792	WMIC.exe
Token: SeCreatePagefilePrivilege	1792	WMIC.exe
Token: SeBackupPrivilege	1792	WMIC.exe
Token: SeRestorePrivilege	1792	WMIC.exe
Token: SeShutdownPrivilege	1792	WMIC.exe
Token: SeDebugPrivilege	1792	WMIC.exe
Token: SeSystemEnvironmentPrivilege	1792	WMIC.exe
Token: SeRemoteShutdownPrivilege	1792	WMIC.exe
Token: SeUndockPrivilege	1792	WMIC.exe
Token: SeManageVolumePrivilege	1792	WMIC.exe
Token: 33	1792	WMIC.exe
Token: 34	1792	WMIC.exe
Token: 35	1792	WMIC.exe
Token: 36	1792	WMIC.exe
Token: SeIncreaseQuotaPrivilege	2440	WMIC.exe
Token: SeSecurityPrivilege	2440	WMIC.exe
Token: SeTakeOwnershipPrivilege	2440	WMIC.exe
Token: SeLoadDriverPrivilege	2440	WMIC.exe
Token: SeSystemProfilePrivilege	2440	WMIC.exe
Token: SeSystemtimePrivilege	2440	WMIC.exe
Token: SeProfSingleProcessPrivilege	2440	WMIC.exe
Token: SeIncBasePriorityPrivilege	2440	WMIC.exe
Token: SeCreatePagefilePrivilege	2440	WMIC.exe
Token: SeBackupPrivilege	2440	WMIC.exe
Token: SeRestorePrivilege	2440	WMIC.exe
Token: SeShutdownPrivilege	2440	WMIC.exe
Token: SeDebugPrivilege	2440	WMIC.exe
Token: SeSystemEnvironmentPrivilege	2440	WMIC.exe
Token: SeRemoteShutdownPrivilege	2440	WMIC.exe
Token: SeUndockPrivilege	2440	WMIC.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
2296	7zG.exe
4880	msedge.exe
1076	chrome.exe
1076	chrome.exe
1076	chrome.exe
1516	chrome.exe
1516	chrome.exe
1516	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
4880	msedge.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
1616	chrome.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe
6392	msedge.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
3136	mspaint.exe
180	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4880 wrote to memory of 1688	4880	msedge.exe	84
PID 4880 wrote to memory of 1688	4880	msedge.exe	84
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4112	4880	msedge.exe	85
PID 4880 wrote to memory of 4940	4880	msedge.exe	86
PID 4880 wrote to memory of 4940	4880	msedge.exe	86
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87
PID 4880 wrote to memory of 3984	4880	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument http://allmylinks.com/gdssava
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9ed2946f8,0x7ff9ed294708,0x7ff9ed294718
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:5020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:1844
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:4796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:3684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
  2⤵
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6160 /prefetch:8
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6232 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:3568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2768 /prefetch:1
  2⤵
  PID:5516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7120 /prefetch:1
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:1
  2⤵
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7304 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7340 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7580 /prefetch:1
  2⤵
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7748 /prefetch:1
  2⤵
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1776 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7192 /prefetch:1
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6944 /prefetch:1
  2⤵
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6712 /prefetch:1
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
  2⤵
  PID:2400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3480 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7240 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5284 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7584 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5184 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,6145795156766267813,14196488479781345990,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2796

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1176

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2468

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x414 0x33c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5076

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6068

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap5858:92:7zEvent10810
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2296

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Downloads\GoonScript_v1.1\default_image.jpg" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3136

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:5336

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:180

C:\Users\Admin\Downloads\GoonScript_v1.1\GoonScript.exe
"C:\Users\Admin\Downloads\GoonScript_v1.1\GoonScript.exe"
1⤵
- Executes dropped EXE
PID:1216
- C:\Users\Admin\Downloads\GoonScript_v1.1\GoonScript.exe
  "C:\Users\Admin\Downloads\GoonScript_v1.1\GoonScript.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:2500
- - C:\Windows\SYSTEM32\netsh.exe
    netsh advfirewall firewall add rule name=OpenStreetMap dir=out action=allow remoteip=184.104.226.109 protocol=TCP localport=any remoteport=80,443
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:2288
- - C:\Windows\SYSTEM32\netsh.exe
    netsh advfirewall firewall add rule name=IPInfo dir=out action=allow remoteip=34.117.59.81 protocol=TCP localport=any remoteport=80,443
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:2532
- - C:\Users\Admin\AppData\Local\Temp\_MEI12162\selenium\webdriver\common\windows\selenium-manager.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI12162\selenium\webdriver\common\windows\selenium-manager.exe --browser chrome --language-binding python --output json
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4368
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /c "wmic os get osarchitecture"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4348
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic os get osarchitecture
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:1792
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /c "chromedriver --version"
      4⤵
      System Location Discovery: System Language Discovery
      PID:4472
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /c "wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value"
      4⤵
      System Location Discovery: System Language Discovery
      PID:1524
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:2440
- - C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe
    C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe --port=61859
    3⤵
    - Executes dropped EXE
    PID:4756
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-search-engine-choice-screen --disable-sync --enable-logging --log-level=0 --no-default-browser-check --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --start-fullscreen --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" data:,
      4⤵
      Uses browser remote debugging
      Drops file in Program Files directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:1076
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Program Files\scoped_dir4756_1822510458" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\scoped_dir4756_1822510458\Crashpad" "--metrics-dir=C:\Program Files\scoped_dir4756_1822510458" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9d933cc40,0x7ff9d933cc4c,0x7ff9d933cc58
        5⤵
        
        PID:5676
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-logging --log-level=0 --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --enable-logging --log-level=0 --field-trial-handle=1908,i,7553791753748100346,12024765046898569658,262144 --variations-seed-version --mojo-platform-channel-handle=1904 /prefetch:2
        5⤵
        Drops file in Program Files directory
        
        PID:5380
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=1976,i,7553791753748100346,12024765046898569658,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:3
        5⤵
        Drops file in Program Files directory
        
        PID:5384
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-logging --log-level=0 --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=2324,i,7553791753748100346,12024765046898569658,262144 --variations-seed-version --mojo-platform-channel-handle=2340 /prefetch:8
        5⤵
        
        PID:3164
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" --no-appcompat-clear --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3184,i,7553791753748100346,12024765046898569658,262144 --variations-seed-version --mojo-platform-channel-handle=3212 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:1040
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" --no-appcompat-clear --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3952,i,7553791753748100346,12024765046898569658,262144 --variations-seed-version --mojo-platform-channel-handle=4236 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:5392
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" --no-appcompat-clear --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4572,i,7553791753748100346,12024765046898569658,262144 --variations-seed-version --mojo-platform-channel-handle=4668 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:2044
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=3412,i,7553791753748100346,12024765046898569658,262144 --variations-seed-version --mojo-platform-channel-handle=4852 /prefetch:8
        5⤵
        
        PID:4412
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files\scoped_dir4756_1822510458" --no-appcompat-clear --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=796,i,7553791753748100346,12024765046898569658,262144 --variations-seed-version --mojo-platform-channel-handle=4968 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:4896

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:5940

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6060

C:\Users\Admin\Downloads\GoonScript_v1.1\GoonScript.exe
"C:\Users\Admin\Downloads\GoonScript_v1.1\GoonScript.exe"
1⤵
- Executes dropped EXE
PID:2836
- C:\Users\Admin\Downloads\GoonScript_v1.1\GoonScript.exe
  "C:\Users\Admin\Downloads\GoonScript_v1.1\GoonScript.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies registry class
  PID:3016
- - C:\Windows\SYSTEM32\netsh.exe
    netsh advfirewall firewall add rule name=OpenStreetMap dir=out action=allow remoteip=184.104.226.109 protocol=TCP localport=any remoteport=80,443
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:6052
- - C:\Windows\SYSTEM32\netsh.exe
    netsh advfirewall firewall add rule name=IPInfo dir=out action=allow remoteip=34.117.59.81 protocol=TCP localport=any remoteport=80,443
    3⤵
    - Modifies Windows Firewall
    - Event Triggered Execution: Netsh Helper DLL
    PID:3116
- - C:\Users\Admin\AppData\Local\Temp\_MEI28362\selenium\webdriver\common\windows\selenium-manager.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI28362\selenium\webdriver\common\windows\selenium-manager.exe --browser chrome --language-binding python --output json
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5308
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /c "wmic os get osarchitecture"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2000
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic os get osarchitecture
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:5836
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /c "chromedriver --version"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2808
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /c "wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value"
      4⤵
      System Location Discovery: System Language Discovery
      PID:5304
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic datafile where name='C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe' get Version /value
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:780
- - C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe
    C:\Users\Admin\.cache\selenium\chromedriver\win64\123.0.6312.122\chromedriver.exe --port=63433
    3⤵
    - Executes dropped EXE
    PID:1056
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-search-engine-choice-screen --disable-sync --enable-logging --log-level=0 --no-default-browser-check --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --start-fullscreen --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Program Files\scoped_dir1056_1950045546" data:,
      4⤵
      Uses browser remote debugging
      Drops file in Program Files directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:1516
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Program Files\scoped_dir1056_1950045546" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\scoped_dir1056_1950045546\Crashpad" "--metrics-dir=C:\Program Files\scoped_dir1056_1950045546" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff9d933cc40,0x7ff9d933cc4c,0x7ff9d933cc58
        5⤵
        
        PID:4140
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --enable-logging --log-level=0 --user-data-dir="C:\Program Files\scoped_dir1056_1950045546" --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --enable-logging --log-level=0 --field-trial-handle=2064,i,11234110694360365750,3431681583641522362,262144 --variations-seed-version --mojo-platform-channel-handle=2060 /prefetch:2
        5⤵
        Drops file in Program Files directory
        
        PID:3924
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files\scoped_dir1056_1950045546" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=1908,i,11234110694360365750,3431681583641522362,262144 --variations-seed-version --mojo-platform-channel-handle=2160 /prefetch:3
        5⤵
        Drops file in Program Files directory
        
        PID:3736
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --enable-logging --log-level=0 --user-data-dir="C:\Program Files\scoped_dir1056_1950045546" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=2112,i,11234110694360365750,3431681583641522362,262144 --variations-seed-version --mojo-platform-channel-handle=2456 /prefetch:8
        5⤵
        
        PID:960
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files\scoped_dir1056_1950045546" --no-appcompat-clear --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,11234110694360365750,3431681583641522362,262144 --variations-seed-version --mojo-platform-channel-handle=3228 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:4112
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files\scoped_dir1056_1950045546" --no-appcompat-clear --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3988,i,11234110694360365750,3431681583641522362,262144 --variations-seed-version --mojo-platform-channel-handle=4284 /prefetch:1
        5⤵
        Uses browser remote debugging
        Drops file in Program Files directory
        
        PID:3160
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --user-data-dir="C:\Program Files\scoped_dir1056_1950045546" --no-appcompat-clear --enable-logging --log-level=0 --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3844,i,11234110694360365750,3431681583641522362,262144 --variations-seed-version --mojo-platform-channel-handle=3840 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:6128
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --enable-logging --log-level=0 --user-data-dir="C:\Program Files\scoped_dir1056_1950045546" --no-appcompat-clear --enable-logging --log-level=0 --field-trial-handle=4796,i,11234110694360365750,3431681583641522362,262144 --variations-seed-version --mojo-platform-channel-handle=4804 /prefetch:8
        5⤵
        
        PID:5516

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2008

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9d933cc40,0x7ff9d933cc4c,0x7ff9d933cc58
  2⤵
  PID:5152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1952,i,4659174192299967475,5301874389903709617,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2212,i,4659174192299967475,5301874389903709617,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:4332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2292,i,4659174192299967475,5301874389903709617,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2312 /prefetch:8
  2⤵
  PID:344
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,4659174192299967475,5301874389903709617,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3192,i,4659174192299967475,5301874389903709617,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3216 /prefetch:1
  2⤵
  PID:5192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,4659174192299967475,5301874389903709617,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:1
  2⤵
  PID:1028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4420,i,4659174192299967475,5301874389903709617,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4400 /prefetch:8
  2⤵
  PID:3132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,4659174192299967475,5301874389903709617,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:1764
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3148
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff7cf864698,0x7ff7cf8646a4,0x7ff7cf8646b0
    3⤵
    PID:4940

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:6392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9ed2946f8,0x7ff9ed294708,0x7ff9ed294718
  2⤵
  PID:6412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
  2⤵
  PID:6656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
  2⤵
  PID:6680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:6828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:6840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:5656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:2060
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4052 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5832 /prefetch:1
  2⤵
  PID:636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,16607862263243331420,862475231885767378,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
  2⤵
  PID:4464

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:456

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Modify Authentication Process

T1556

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Event Triggered Execution

T1546

Netsh Helper DLL

T1546.007

Defense Evasion

Impair Defenses

T1562

Disable or Modify System Firewall

T1562.004

Modify Authentication Process

T1556

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\scoped_dir1056_1950045546\44223d6a-6929-4bf3-81fc-2367d62ee552.tmp

Filesize
3KB

MD5
80a1275a632489e3aa5419ed25e26e61

SHA1
410e567755d409653b15501f59da8009dab434cc

SHA256
8947b7ae46b900380cc2cf4633a35ca45614077c78622be62fe30612e7bb5cfa

SHA512
ff80d91c92c2dd197b816dbb64341588f9c891e41334cc0dab18bb7b1df1463169b08300c8cbab28b77c8e6997228e34830f2e5b828a836b071b1141fd7b295d

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Crashpad\settings.dat

Filesize
40B

MD5
5ed7f7855d26c2ee78ffa9b4593b04ba

SHA1
54c90825cf308106173a439c469d4a7da38f1fed

SHA256
b365123cc390506ee905a3741aa0813c289b499b102c59c4537137aed73e1660

SHA512
265b687a6861416bed53194d55f145a4d70359f02e2cc79d25852fe24beebc4cbbdfb52d20426a858f8a0170232489a36d39dd95c77318096cc612380c2969b0

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\08098e9c-a84a-42d2-b2e9-ab7107c8f1ea.tmp

Filesize
5KB

MD5
d61e6bc0ed7f8eaf0d84af38e5c1be66

SHA1
fb73c9ae829c54eec7bd79c57ec88d569718b963

SHA256
992c650f96a1ebdd064793812a8a0d2b844e22a760a661ff07d7bb55d94d61ef

SHA512
725c9f523804012eb5718ab92af27d3ad3a8995646988109c34433880f8030dcc28b1f95a912a8f7b677b674cd61cb5bdcd341e64830362ab05887842ee09527

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\924f89fb-fead-43cb-8210-80f8c9d7d5c2.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
92d656e4aa644e36896e2d3d3835b08a

SHA1
bb2abb99aaee854ace55b977b4a19c0ddb4ab5f2

SHA256
37a9588cc46139f17a642ea71aaf50ec2ca5ec0089ab5d1804a6afe236dc0175

SHA512
b9244ca87417ca65f5ea0ac41d5c93015904a8f63f557e6267dafc0e374422799356d6183cf4be9aebd21b22cb66e40fd707a85069d4bcfc1e202d228cbd4a2d

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
67d010980897a1c4a52b1a66d30f9d6d

SHA1
f34e113df82557e12b5ad8f53cf2ca635521a7dd

SHA256
7d1590fdce9a9dd2ac65e460e9c139e96ec72ba2a67ba1a91d9b349ed062173f

SHA512
0524625b69791e5fd1bc1b02d7faa09be994cedcf0d8e9fc9ea5a0ce1b8f1a3739072c587ffebe75accc7003b62387ea730f103bebb40901155033a95ab49432

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
862a03b486eb32d8256a659e13f9b36c

SHA1
54d62ad945c194b7b6280b729de4578985e54adb

SHA256
7ec21f83074eeb0ca14d2a8d552b0481761f0707eb780606e7737a564d4bca09

SHA512
f266106e26a53b353c6b21123bd8d540541e84f75044772440bf1b78ca4275a1e73cfc49b54d1169b7c5cf2c5a3a7ea73a85c76ba612fad02e47f599a04c5b71

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
c7506448ac158855922676cf16820482

SHA1
0464dc4e7fad26d130a36746481c929c25258c34

SHA256
a879cdacfbb552dc9d1d1cc0e4c96921054103109385b715130be3a38c121f9d

SHA512
cfc46af0838cff7a8a618b02a935c629fa707876854948cd1be7ae491ac1e71853d52d116ce5ca08088c2f5deb7cd33f8330a29c61e9c91eea9ea5f25cf185ec

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Network\Network Persistent State

Filesize
1KB

MD5
6b85a9c1323734eea1a389678ae54eff

SHA1
5fab86640ca1ff5a2abd25b3c4fdb9096c9ddabe

SHA256
cd19bc4e5372d45e96817015bf89534f633fd1e1defb94c188bd79a99c19fd95

SHA512
9c3c322b66933a4cce3f1ee7cadcad2368881f6d4d540b550dae8d02cb451f0f6d117f7113ccc97a1cfd90835626721e646963d4cce37aaf939f651eb7051c42

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Preferences

Filesize
5KB

MD5
a0eced3151f62832eccc4c39190a9a1f

SHA1
644481f68800609c248128f410d25194b78bdbe4

SHA256
dea362e5d289608919424810f1e80a735be9cb50a77acafc63f4d0f6234a3c2f

SHA512
61ed41b1139a3fa5619d991ecd444734ff0af3407560f872ea1a5902c781bfbf2e61f6f1438c60aeaa40a958bb95e3c435e87880c47295978f804409d13ae1ef

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Preferences

Filesize
5KB

MD5
d2ccaed12641d05a406d798f94e28260

SHA1
960be3bcd2e3a0002afe6a71393a8588d674ad61

SHA256
e635def35b1997bfdb1dadb4fe73b0d83708c766f59176e2158490c82e8627e2

SHA512
9e9f0f62a057d36cdaab11a61ac5a347edb7ae3408a03da84712c2d932cc9bab1ff08e7058b87742fdbfa6d8ebaa1b48f17213dc85e8e32db4a82258d8d7934a

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Preferences

Filesize
5KB

MD5
94f5a1bda8a4639e0fdb2ee9d6f8d887

SHA1
2bb3e79fc1b54e3419c0f91da41ac36e0403df9e

SHA256
c6effa54558b2d49cc75396f5d186808c60355cbe2ac5c1c9ee59f9c1998b3dd

SHA512
c2d93d6c480383fa0b1fe4dc18b61c9562928c870e48678fe5c75fe5e435ccbd1bad47f56a551d0cc9fd327cee473334af6e4cd844f4d12cb47a34ad9c86740d

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Preferences

Filesize
5KB

MD5
14486d0c0426c779f3a1ac746d535159

SHA1
170295b3dd4eb43ac5eb9943822e3e93dcbc784b

SHA256
526a8ef68181195a03d10aeed8c7ea496d537c56fffc104740ed44cdec06b43e

SHA512
e7832c32ea9a1a54eb81511df17c9231f0eb6f52ee2c88740715f3f17a2cf656e71298a9323396990c185fdbcc2b94d59e1957e7849a24488f975d66789f5413

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Preferences

Filesize
5KB

MD5
523cf402d882c756055229c6de195110

SHA1
da01db998746d93df9c6099a6dcc9da4168c5750

SHA256
6ef6427b0e5e13d93c819a4ad30c092ada243d2349f59870ed937b863c126c6a

SHA512
2059dd352c78c820dec28b6911b740c146bf3addb247be559ed649bb7f848874e4d92abbe0bea956ee073f929abd686c7a67256154b819942c012a442e57c0fd

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Default\Preferences

Filesize
5KB

MD5
07436b119619135648220414c02bb1cc

SHA1
213f6e58a2e715ae3d2806048e33c736b240c42c

SHA256
c3202f034288ec5f753ff5a358394b080b40a0483f339ce91b2ad8c7c58b41a3

SHA512
9e2800ad0b1e4f6f23453c69151966f08cca885aac06e3db3c69d5f06f5a62f685af547a8b75a2547842fcd10c977d5f610e81055efad69609fe30a9f0e71537

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Local State

Filesize
963B

MD5
9f6f625c63592e84b54aae057931e7c4

SHA1
5ae96893c745764fd924a201a38e5c7e30ebfc78

SHA256
f3e4b2e006da0374bd76d0c49ec71fb4c53fd1fb7f1635b3b9ddc9d7d9b69f3b

SHA512
f5c508a8286820e4d43ebc137d71c0f92979ead8720aa57a10fff2910e27d059c43f4999f7e2285a59c0bdabfbc0de402fb9b1f94eb25d60807db796679ad927

Download Submit
C:\Program Files\scoped_dir1056_1950045546\Local State

Filesize
3KB

MD5
db7dfe4aaecf73bf2f51da0b7deca896

SHA1
c9d8f33cfb449582e6d6797873bbb02d59a9d323

SHA256
a98c0609cc4c30f70c63ca1b7d069f4caffc0a7b4c524033f5f7e1af5ede9e51

SHA512
d5af3e29e8368ea9929e5051d71e65b91f4b3d3f48b0ed1d5e76cc8eb891e8880dadd3ef5b21d1b183fb9fe9283178c0b6ef74d9f01d7ad5886cd708d43dd03e

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Crashpad\settings.dat

Filesize
40B

MD5
22004f773e2dd171ec7bad0a60df124d

SHA1
265cde4132b7f017e73e8dd8625dbd75f9935fc8

SHA256
b9ea5d73daa749fcf756aefa78313e34298461078f6e6280ec8882104d87cc50

SHA512
dc1050341d2053e3d78721a956772759cd148bbc6c675899e1353d5a0d0c3c2068ad58309fb5ff985778573d79db3025c5b409256c830e1fb01fb049c4a0ba82

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Cache\Cache_Data\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Cache\Cache_Data\f_000002

Filesize
41KB

MD5
ca9e4686e278b752e1dec522d6830b1f

SHA1
1129a37b84ee4708492f51323c90804bb0dfed64

SHA256
b36086821f07e11041fc44b05d2cafe3fb756633e72b07da453c28bd4735ed26

SHA512
600e5d6e1df68423976b1dcfa99e56cb8b8f5cd008d52482fefb086546256a9822025d75f5b286996b19ee1c7cd254f476abf4de0cf8c6205d9f7d5e49b80671

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
f121b14137278759212987c1411e76de

SHA1
579f95caa6d7b6de070fc5ccdaed193093d96621

SHA256
0e35776498a271b8d8d760fcc3f86bb8348a6d3ea6855f0d9fb6ea71c2afaf55

SHA512
9869e93af2fc027af0468075881275ce9a6950891190f3e57de7ab7f965814a0b3b4e6c0858b34f7e277728646e03647ec0c16653aad53d342f7250f0fff0b66

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
01853c12b3cfef74f0f02d36e719d549

SHA1
9877e429fa9804d1fa4bfee3c46f849410a653fb

SHA256
d8da382683aef7589f721f597fa525e67bd89022cd2fde6de22f08ac9a7ed524

SHA512
d190952689de7d1c5afa7ebe12396b901f7a5c81bfbe0f7c1192272ec4edd04324941190579f34a45e6df74299d03e26625c20da0733a231ea2a531dd564ac92

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
169dfa347c46523b4ae56dbabc01f0fa

SHA1
d4dda3d3b069816ecfd21aed87312e1e33a8fed8

SHA256
5b38a595e0c36450c117768b4f05566cd222a469a8aae960ab71204b5570f4bd

SHA512
0cf5b331425cd14705203823bd6a5478ce4af21b5368ebe9c4ef763a2e3956813ebd7a6e41ef7d24848b1966b690e0df12c0881d56707e3030302829dbbb7e98

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Network\Network Persistent State

Filesize
1KB

MD5
8b90a96bb812599de77cacc5d44c0df2

SHA1
461c5b41854ce27a3e88aaf776fcfa0fa80ec9f1

SHA256
00ba1b3ebe5fc63d88b28ed86209897289bd58fdc9fa8fe3481383c7d961bb6b

SHA512
4fd38b86bb4e28ef43ad6cf0ceaadf2ff4f99e97ffb1f26c51a8d5b9997d89d0d2a4629b6d3e242c153a88c542ddded30e1cc7d27aed8c92f81f0617b8394636

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Network\Network Persistent State~RFe5b5c07.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Preferences

Filesize
5KB

MD5
742184e26ea07f2593d4ad6139a946fd

SHA1
c51f61cde07fa39c10b928f2c905a29d433bf086

SHA256
071bbf156036baa1c2512c37ed160c3ac407e5fb027f166e9389d97b3dfa123e

SHA512
9f66755e5a3afd418ea4ba957d7a80689fafbd04ae8a4e5b55e500440d0cce51910d71e9e4d6bdacd73901e963633a14fea5e6b0f72f285e8bf1f3bea76c6bb4

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Preferences

Filesize
5KB

MD5
bd1da2899add82066d43c0642cff0bca

SHA1
a0b0f2759ee4dea8831562d1d3ca31c1b658a699

SHA256
a145b54bd99d2c13a041e39aef2b2243108765f13b91646b52d4faa321de6dcf

SHA512
0b2cc0579dac286658a84c4ad5af3d2fdb075b5d7c13333ca2c9c52de665ff09d01560fdc35dd783e1b26fe2c92dfc801d57b5f56ec4aec8b0c622677039cf00

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Preferences

Filesize
5KB

MD5
bbd362357c49033d8f1da5135e410a11

SHA1
45308ff1f2489ad5cd603b0a08dd710ab3068f40

SHA256
6ec8abfbaf84a02691289eb3de460dad03ade809c1138efb0c20384487171f9e

SHA512
8a0fddbc0cecc56e5f14c763beaff65a04e1fc26a35f1b3ee5b20c27d5e9f03b6710e721f0541f0a6548b1860bf0fea3c6913174da11ac818df76c6d9b6996f7

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Preferences

Filesize
5KB

MD5
512d1d88f23199b121bfed785a44ed21

SHA1
b35a917b008a1bd96215e1d47645fe6ba9c53cff

SHA256
3b0e6e25a90a677f2525495cd0cb262cceb3154325f1d1e4bc2a492bbab1d34f

SHA512
83fe2230f72eae263cc636d051f2148330164bc7bcc41f857e4952d7f3563cd31a8ebe7692f628348726cb4c7c00cd8b0426ab98cc72b76b1832cf41848bc454

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Preferences

Filesize
6KB

MD5
470bed964bb17ffca1ce15402c60a710

SHA1
875c1b173642219be9fa9f3257fffc6835289b3d

SHA256
09dc29e0d08eac8cd4658be66355dd8367400d0f2a17362dccf90d7133fa86da

SHA512
7ab71d3f84b08a3f00f866bd3cc1be4a44f182e8758b36d1eded0556812ccaa73aaaaddf07ef4e8264e671222bf7778427e99196027b4c5c5e00e2d38c02646c

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Preferences

Filesize
5KB

MD5
c7abe0f7d7f683f5e25249c1cf301684

SHA1
151e48d79e1c7b7ff7d7fd2674a7529311f99e23

SHA256
b7e153555e277981925cb5be9983241a956fe4c252d9246ac9ec26c7addc22f0

SHA512
a67135f7b1b1eb1d135939f9a4af91f6a583b322594e95269bbf485c4b4e522951beb02d4d10ada590da8a07ba5a9f367b248dc056f8f3b4859958c3cc3d509b

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Preferences

Filesize
6KB

MD5
975166322bd5be61a5708266f987783f

SHA1
f38cc84cd8c707671cad358bac8a96df83274eab

SHA256
17c22814070d7af4f3237ed1a303e344acdfc043fa9926e41ee2961d9ac12714

SHA512
c2b20fff9c4a932cafc21451e25ab7efcf082606241516494087ca46758d8882170c7c54a3c14542b6d06ebebfeef0ffe495ff2bc4cf902a8bb0f3073b068b49

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\e73f4440-9295-483d-adda-c8931b88e187\index-dir\the-real-index

Filesize
456B

MD5
e92c6e4b0525122b96a196f3848445ac

SHA1
2ff9aaa1cbac56edad9d79d669c2157f459b46ea

SHA256
f58451c895729d89a0d09cdf1f3c1de5bf33388a007952b5d6907b718d9b3e77

SHA512
9fd8e80d397b95dd2c5f9b79d3e5718696138e6dbf519c455a4666a0da0b4289756a513fb21fe8de83679c935971869fc0bbb5e89a6669d9b91f05632581f527

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\e73f4440-9295-483d-adda-c8931b88e187\index-dir\the-real-index~RFe5bb8fc.TMP

Filesize
48B

MD5
ab8d483ca23321238d28a174a5e1dafd

SHA1
b56d28503e9ddfd43b6c2f5b00125cb877fbfc32

SHA256
8329c7b46f956f39b30fc544f21b1e82de1b12cae5407ae4659c238cabf25bf5

SHA512
2053b4f7b2a3efedc7aa5ccf9da16c591bea40278dd3e8cb1138d5b776fcf58b8ed6e672b34d6cd4eb2e496a0f069fce158a461e05ff6a66d2839b5f41e62710

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt

Filesize
145B

MD5
72660fad34d02aa4e7d165ebbeed66ea

SHA1
f502764ccd0c956c8f78fcd0d8193e100996e6e0

SHA256
ab70528a6245881250b872aa4d13f84d4993770d7a0caa4075710586e363f9b0

SHA512
2d0d96f315bf70a3182f64749b7342ca054151a4debb6afd2bcdedb321c7bd0334b8af537210f7b3a4ee1f432f2b5d5ed9385c20433b0f044119829ce02c8824

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\CacheStorage\5ce50966647b163092d864b9f37d981f5bccd871\index.txt~RFe5bb92b.TMP

Filesize
147B

MD5
7b850a17af6b4fcca4842795ff13fd2a

SHA1
d8d39d8ca236007b039bf0bce65c101aff5444ef

SHA256
bc814c79ea02c44f4b60a9004bc0152f0b8fc71f1f3d6157286f6026d7007e3e

SHA512
57f92c4b2ff0e598c8a81ed00d2197276f10eace19cab56bb1fd398a22751a3c2839e77c1952e074077ba0650766c222ca3c78975b5ed597a793bc32f61930d5

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\ScriptCache\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
ddd11f3cc957b161287b21fb11f90c8f

SHA1
8629ca62d6f7aabbf58482e84911f821a2482a89

SHA256
ac1682f3756bf0609e0b5718a247cf1b2ab65870cd86ca39a0bab864e7379498

SHA512
89a38fafdd8e025666052998cffe6b341e6831282c916512f0fa16e3afc92965a4093c600ffea85efb4b48a8555a74887831b7772ed7490b16d90fd0c724158c

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bb60e.TMP

Filesize
48B

MD5
9bc1f8cfd8b8340c9b32a2ab8d1b8c07

SHA1
96015238dfaba5078dc9fb243a537bb24ebfeab4

SHA256
27d33dca96366b6e205bc26ca12140768731d36cc3d64303bb3ed578d7c10005

SHA512
843d64f96bd4931a411a715b00c0f1b870a6eb9554f4e3625fc4454e2e7506161c59c54770f92cb3932b915548193b9d396b018d66a03a692f678220c6321c68

Download Submit
C:\Program Files\scoped_dir4756_1822510458\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Program Files\scoped_dir4756_1822510458\GraphiteDawnCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Local State

Filesize
962B

MD5
919a08a84a485f4a7073f52dea2f2628

SHA1
0db07c4678b39d4133e3cc5aa976ecf89ff98668

SHA256
8bffa583ec2f75c0dc35e06c22830ac7550216d9448040467747cf05cd94effb

SHA512
de41690149e9d7eccdf895d18bb3b3171203b046d4d5341c8ec4b90b54d36b060faca2402e0d13d3e7cdfeacbd15a04cdaff42f726e4250d365ed7738b446192

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Local State

Filesize
3KB

MD5
582d8c21105a08a1f728ddc47e705501

SHA1
7e1037979987946bebf600506efd10460b3d7696

SHA256
58c7f3e486daae13b2f0f93f53e5e884cb6b50ebc2e578bca2542d22f2940f4e

SHA512
5ca0aca0b9f55d410a4876650eebbf0ad1dc21535eb5d65b6e192b822864cd3c5867d5add72d7b7ed5fef49eaaadc17430b1bf52f4dcee0616a850c4418242d0

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Local State

Filesize
3KB

MD5
fb63636c2c50182b5f9e3ee90ea0a12d

SHA1
24c5c52fd7d5a929ddc4526d724fe948ccfaaeed

SHA256
f730fdcd3d79e8629fb9c604e947dd73e760719143d512b0fdbd2c3e7e0a4c53

SHA512
88bb6ae0e262b83f591a20b3b9d5c83072a35aebcdda60bf30a6ed0514cd86d681717eb584281836675b125a428389b2a5f81a5ef422434b4625e9a517754351

Download Submit
C:\Program Files\scoped_dir4756_1822510458\Local State

Filesize
3KB

MD5
18a4d3c543d345453fdea6a67fb18d78

SHA1
411a53a56d9b4996c7c11300513296b51e3beec9

SHA256
4ed5274c384bd34c19f2d59279342e78c02fc1ec8dfe7775e1633373b0d02211

SHA512
f9008da98d5069e1c99a0cbffb6855657892541e05da3620452300712316405523873e21c244b3e3249d5921b05aaffbd633de19280eedb03a3121335919e142

Download Submit
C:\Program Files\scoped_dir4756_1822510458\ShaderCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
16845e0878e9c1d50fe278d00d6acf49

SHA1
35c39d1d0ebc4a8959446caa1f0a7ddce521a8d9

SHA256
8e51954c7673a800c8328b22ab41b91269506fe0658c6d118d89142e752f6f73

SHA512
a59ca4d2846c5ca2ef678086423d0443fa1dde768a0591d67e21b2d92826607ccaa7bba2ad0e1920babf5ebe01ea0b4eb74499eaccd97a0bdcd724b63b4b2535

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1f162fed002fa093421ee9e6c75a62ab

SHA1
70c77032e4d9d3e0c9e167ed08d5d1c3bd73c398

SHA256
86f3560041db5912ef2f7c7e52715ed9c39ff8600be7b31300d460bd29eb07ae

SHA512
9c376fb1cc99d8cc82286f1065aae00e4c269be2c6db82c748de9b43945123df4db549b97afee86cf6145bf7170110b4a17e4ff4ce44724df8d84ef1e6ac17bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b78809131adf40a798e594c50586f1bc

SHA1
9250a89d2c457fe757e19d2e88147b7be830326a

SHA256
cf37890f7a637558e6c95286a447a36d6c6f59d30173ca54942327be456f6245

SHA512
4ea0f890accd91a96775ff01ba548d36754e9ee2b97abc643540b593a067db9abbc6c95aba865653971d35d5021fe5f45a1bd5f338a12101b4f3a19c4f38dc76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
879f46ed890993ef0c2848d21647cc32

SHA1
7106742b17f5e27e781248eb21cae2bef4db8cbf

SHA256
812310ec654c2e9440a84bdf86933e1c2d6dd17c866732cf83e16da5a85abc5c

SHA512
789a4ee220560b5e5bf828ec8ea8ee877d71b6231c6e0b95ca8abdd28098f507a24bba4d7a1d32998f99ecc1de708d64571e6efdc4c0ee1dc2e5fb64496baf10

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
035ed79158d54888c31218e8b1d24e63

SHA1
832372d4d2a0436b6d65b7152dabdfbfef24e028

SHA256
2b20abc1de364e70fe158e5f78ecd4d5743bcfd51eb965ef0109a18a845400a7

SHA512
091131a46f78dfe0ebfccd71f020c25805fa12de4521eb15ee8341a3a69c48351ce0eb86b99260ad9c4f1c05370f6c609eb7cfc5e04e271c5e3ce282386aff69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
989d15e78d889a2e68cc62fae7f1d39b

SHA1
e7c6df7c00dd5c28d4b2160b611246df64780521

SHA256
4ac8d054d25b31395cc8e53591f3db3350f32deb55c3d60e0455038787d5e56d

SHA512
f492a486f6cc21328adc4958ac203aab8334288ec4a54618148a146feb10f944751d30d44160492575e094b2460f39be641a4be3a59d5a98ad1f28c3264559bc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
230KB

MD5
410c4f9ea9fac70811b20a50798cf1f4

SHA1
86bdadcbf15934e0b0543980eef56eea0cae44ee

SHA256
abd8766efd342ee779bff521fe39161a6cd9011df03a26e985c4798bfcf99b95

SHA512
a01d49fb1fcd7c18a5249dfbc0f95422e9f60a0a9b85a58090a31451308f6661ea0e85cb1af1533a3cb7ea79b48ece97fcf0a7aa9a238d10d9c454c9849c8f0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8749e21d9d0a17dac32d5aa2027f7a75

SHA1
a5d555f8b035c7938a4a864e89218c0402ab7cde

SHA256
915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304

SHA512
c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
34d2c4f40f47672ecdf6f66fea242f4a

SHA1
4bcad62542aeb44cae38a907d8b5a8604115ada2

SHA256
b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33

SHA512
50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f6f26e56c49f397859e372b17f70a386

SHA1
73a15c3fac71f444d5511da147d8b3a511869238

SHA256
1d78983939aee1f1744816d1dff61b4981df49686116329d569b8a215c322057

SHA512
6bdb020f2e7a2fa3f1d9fb4a1b02b77b1497d63eb5334c140ef4933c536b71ab78db637135ba103677a3d53946791398dfa261561641e3a56fb419f7c8cfde66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
744f97229b32e80620d853346d83bb92

SHA1
6b30b09595a71bf09d0592fd807060c0f5826fdf

SHA256
680013a5168def4d0f617cd15e76fadb2d7a90b8115ec8f19bf2fc1c6ca679d0

SHA512
00fc9115124f41baf0429bf01a1149ae89f6209ac7ee0610c825bb3abd3b4a14dfb5217802958f9ddfceb22d3b6167d481d51949102504289785a81953abd5f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
80KB

MD5
c68f8352346b69b33fd2a66e9c6cac8f

SHA1
3281d6315fe63434071ac92523fd4f3508c443c8

SHA256
6b47e8c257d28ab0115b1cab0831c3e84309de7bdc1539967c9a4e1e19e3fd30

SHA512
f7007de57f89fc94635b0845c0c864486b0c11315501abf02a3dd84692995b688266e53c4c58f4f644acc84767235746bde121bae60e838e0ed6ee3eeb6d464f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00009d

Filesize
24KB

MD5
2b77b2c0394bfd2a458452006e617f96

SHA1
11eff89a8e3e64401818f81a02bdc84e8ecc4325

SHA256
c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f

SHA512
21dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
9KB

MD5
ce58535227733107b87dbc90aba28a6e

SHA1
56fef36f52022a21f978641e0e6416bc9e8a9ee0

SHA256
42e7585449e6e2048f949b5651ab0fe1bbd0ceda414a00e6870ff7085397932e

SHA512
d7a85a79de4821bd9c2e3da33fed430158b6d251073468dc02086ab438c8c5222943770d810dd551b6feff37cf3140773d4cf989e05c64f0c16a98bbe35511a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_premium.chat_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_throne.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
ee22a72b046dec5a9da28925b285d7f7

SHA1
f4e00bc16ee55de98e0b8a3e219e06179b0b06c8

SHA256
93f00aced3c75115ed91c9556876c4bdd50cb2e9d6075f6288393fd17dc5bc15

SHA512
4716f7265505e3bec4ede9eac3d1c457bc2202a10e578f2cf57e87873efc9f4c4e1adeb8f09488a09b5987742895b737787c62fe854532fd27210bba7a4c3c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
d627203917a4eac579ea7bae6394f875

SHA1
c64ed5258dc7d6c46a4a26dd842ecada7136f329

SHA256
2cc2460cf84926613272f4ee373e0dcaf16d8f1a5b8f3d9b2e57ed8598faf19e

SHA512
369f1bf86195ed37fa26f1e08498ad7200b6b56d43182d6542b183b9d739f9f0ffbc1fafd24f680ef7ac209516de0731b963a8782cf8d957b257e589f1de7456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ed0fadc8e3d9ed4af8b7bad8ee30e54f

SHA1
6e16ec25fc21f2eac338d9671252368ecd4cee0b

SHA256
1a3e0119f4d4b3b7d07d95a680bdd7010c2e1aee6d36c84a0b8d22eff11b955a

SHA512
63fdc8aeeb6412219e617ddb99201f56c43e3242570e29267717d6bf385433f4599bc9aacf2c024d0e69a3f07d4f67177883ff1097394bb6cb46acfea15049f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
60182b5d85dc7d00a8275c43e470017e

SHA1
e07cc5214faf86dc5acd243c83d1ed9678e94760

SHA256
da7d713b2038bedcd1ac2b74e29fd772f1d21cc5a596960ff02d6b52faef150a

SHA512
1b0f9bb4c826b1c8e66d62ff75055fa1518e0ae3af56d915baefc329af7494e4147e662989eaebba976bd2a3fd63864ef6ed61975093201b93c9a25e7718c805

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
433166386a4fbacc3f47a9b4550eb23e

SHA1
ebab0edab7e86807b371be67d63ea4e5a750f88d

SHA256
86b2111aa045262d632b149b6b07199a99239b94aabc26193bb672b1a23e3516

SHA512
5925e54c16c9a3606dc2ff75f7969dc03e66f19cdad64860b10c917494208f0ea28580b08540f90f0de68e616e57823b67dad24f4b085b627b65075f6785729e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
b10f7cf20c58a770efd6838d83a194fd

SHA1
bcbe8c91aaffe4ef25f413e42055b06a71f08046

SHA256
da952aa535bf6cc41c44928716d23601946e36478b23702e236ecf5c7c8f5875

SHA512
6f8a14f83a78a53a63461cbdd465c4667ff7cb22629bf257591ecd5c12bffae86aa4663ccf850098b5884e522da972935e49b83c1e60e67717d87f0a5fc75a0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
cd6773fdda7843be129e653fcec732ae

SHA1
3efde01ed3f04cb024410155113c9655b1eae489

SHA256
0182cbc5cd05ab7301f0b604164abea8654a8ec0b3b5d9729879a37e2e189d2e

SHA512
5a1dba2df92814c672a3f6c502e3246d7e8511cb7b8230d259c99b2a138e9fa858380fa102fb5a8a22876dad91f81b49581106c859724863f43a878781e73cfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
17a0624acb925c44ab4f4819eb40b02f

SHA1
c82ac4833b0a6da6b2a71c9442a6445690b02be4

SHA256
4719c697648a9fb2819774283401b8b3ce443b84df061605e4c230af70710244

SHA512
7b1928669579dd944d1fcb2d5974527c15e9026f732cfee9ca879ecb5c38babe6fb63e6335102498b2905879a02482af533f99a9ee7f4b862f52571a52e26650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0c295119b890d90a5b04b0285f85f945

SHA1
beab69173a683dbb2d0aee850e415e76ecb5231f

SHA256
88b2a8e4e9d302d2f16fa2c97234de82a0544267a6dec6d017d7993b764a13ff

SHA512
51228f6856bc2c1d413e9b2ab5ad5f1e382e7be6e23eec1559bfc63e416423194a0c423b8b09d6e72ea8ecebb247302558529722d93076f8cfb9823a7a70dc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
52b7af8269da858e8e690662449625bd

SHA1
dde4c7c93d72a08eda0a8ec48d5439b983d7e31d

SHA256
e2fef44577f1e30797f336888f2627b519dd5b373d33af44109af06b893bce0d

SHA512
f130e3887f1329d812a22e2936dd179223efe5cd8d7304ea90be0a73d6e170780ed1ebe262480055d180ac324f19cf8ebd90797a6dcb60259b809396f3d6c21f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
574b04a095655edae2481e1e2cf87dd4

SHA1
fedfda9669a6f9264b2b63149522aca4b11e88b6

SHA256
3c8a47046d0af8010fd0eddbb5d490ab029b0169afaee290c39fa33db8adf7ce

SHA512
25225b352ef842b61be99d44bebeedf5daa82b1205220e11ee35f1c682a1d763174fd16b8f553c2d4b4ae6f6e66ff88da117e87fa35f45a1b1d688ca7134f454

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
90f69a16a209b4b7e4840b0d313bdae9

SHA1
0401f287ca3aeee2da9dc588b3a6d7f1905adc75

SHA256
6f5375d26005c21aba84c9b923760d0c526750f169e183bd102b80d0d37d977f

SHA512
5aaf156274c3589ffb4c1c1351416bc9d3815630ec1ddf30fd6c351af92de83981828cf8048acb4f7cfe89ce5c4c989ae352678129a4f9f6e06f6f2973405175

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
f28f9d63fcd5b2797d91bc23304fea26

SHA1
0b517e09a8e949936acdf7bc3d040bb1a4afc174

SHA256
2b59595af5e8b0601c2702ab971c4bd0d450471dbd66d5a201977e228bccebbd

SHA512
7a81f18ba2ceba3d6cc9ba350985a0459d2b484848db716ec5b82ec63620d5d390b861dc7eb62a51a192cbc5e948c2b5c9acdb45c022ffe044c7cc9c14391d09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8291ba937355e9ab9d1c4d8979923ac2

SHA1
7c6f8c30cb3e4e4c37cb616da2a9107588d9b5a8

SHA256
2298375fbe742d7e41a758fad0fe8c93d08901e8d4c3da514dd81a3a38fd660b

SHA512
2bf60622525b83b9a78f5597ba5fa0af37fd983d7909501ce40be75b33eb4f60adfa0ea23e196fa5f3a76da46d50fecc53f51347e0cfa17efd8fe8b7e07513ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
dc0e348ce6304f8e2e28ec63a5b2b2f4

SHA1
68629735b7c6070cf24f86ffbbe90ee357ff7525

SHA256
4d02ec3de72c3551ec82ac7db2303ac221702c74e73334a9b299a711d72a4349

SHA512
91207cfcad8e3fb77b9e20bff8f69a8390d5b6eb536e43aac36b6ac6c7d426f4a1324c5ab7df712ab8e66246079b69101d9e6a76445d029d6ca5752ae810be5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

Filesize
6KB

MD5
f4f25a606ae2c997f7d16d9658f7d3b9

SHA1
f1e2b14fccb7698011301bf26747185259ea839c

SHA256
bc06f6dd53a39d742ac93bafeaa63253e9098f49a74668fbd5684ff22fd7a094

SHA512
7ccce58faf5ce8f91ea719671d0d0bf2835053adbed9c36ae063497ae776f894453d320d7d38bf9826058acfa5bb3a4a6f7281fbf9a3167d073a8feb88ddbad0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
144B

MD5
924d07ee2f8a2f3a874556e8d1ffa8f5

SHA1
5faf722f35fbf8a080a0a5e1c438f264aba014f1

SHA256
97297bb04cf64ada25cdc6a1f91e54a3c886e23cd04cb85e3c9fce98f806d80b

SHA512
8a34f35b8f317b4fdf100a5b11973eaff3ad47f80c6642b138e3fbf23928884cd9d0d0461fbceede101134657486127ecbbef67945aa60eebfa49306ba2efd08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5875e7.TMP

Filesize
48B

MD5
7150f316f8028777301dbc691ce1ddbd

SHA1
33df170af4807fe5162a606b3f9d80d5ab3693bc

SHA256
21cc6997094a8e535e60e8818999424d14a1477c72d9a0b91ead715240e45146

SHA512
743677284f3679e022a1766f808727020a3f21cd9879077b32abaccb13f93f2d46949cd0a5473057b4d856fdb8f1393a6c13a1199eef08c08368bc835f2241f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
852f01d87b590429e642bc17ac7cf96f

SHA1
305ccb6133c6bd3b9e42ce767b7b75c195ea4fb1

SHA256
8fd313cfae2c2589677d28ece4567c8a6cfe4e8ad494083907ef3686c2c5a447

SHA512
bbcedf9652b8d7ef2badea1ac5ed5cf30fe53f2787b603dc7249c170b14ac3192982c4265f830c1e37970ac191a41e95b9026655aec1a69eeb91c51f00aeb9ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
180d410c86da3449b548be0018c9eb42

SHA1
b96668df5c3dda195ce2239ec04f0ad26ea6ac2c

SHA256
071ea04a90cab0ed142dae41bf4fabaf2123f35f029746ef2093dd85d0d796df

SHA512
7e94437c16c78ece74691f10b406f6ba9c1d0fb029e263d2656e16561c3d992d014853120f3aa4919fa8ce07e28e21699d404ceafc67d8feb3061ac1feb97c67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
c034bc6f545da5b98d97ef9d034c31b8

SHA1
e1ccb0bd98acff8963a6435f5997d5f2a54ba6a3

SHA256
a0b8108dd44a38425046c97683ec4a5bf1e80da34efdb3543c996b6b893c693b

SHA512
a37f037b45e86916a2aedf31f3ba4acc6569ccdd7ffeba32d12e70f023da0ea752a8bef7b1d433bdf93a79019023ee210f162942abe3c80c23b700f12fdab7a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
7KB

MD5
9e913b3d67ab9ff3a943b29f8f86ac46

SHA1
f6aba83c60cf8d69416a7282e47307921d737b38

SHA256
9e82072b39aacd545e50894fc9cc0df725d19f19931671d088b4361dd2ba49f0

SHA512
503546c2f2c3127c6343f3192e40eecf4df303deead4d076eb3c26f20c477ffd28b530069c99bf2ce1f662896a686b607608b1fd50fa949c61c2eb25adcdea23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
3ab1e3e8c2ff730ddb29826d0da0ae95

SHA1
e4ad4c3f57ddf35df8d9a43a9ed627c954ff2fb5

SHA256
87779a2974f6a16e56bb18075fea2178bdc2e235d3df369e3c2e4834a7636121

SHA512
7ed758b57e3eaf26e1b823a53c3f19811b5d3ce779c24483d2677612e45c9deb3732c4f6329ac843faebd6194771582469ee4d443ad0f8b2f772105927de09f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
4d8e2e9ecf21628a544fc0d4a3df2bda

SHA1
f8acaf47c2b6935f1d214719573482920334bf14

SHA256
523ca743a38cc26b3d7bf55a3edb63fa9f1bf6563219645f12a1ddf124020ceb

SHA512
cc4304acc4b3dec4b8c89cd604aec7260296d4c4e7f165f33142ac2ea46f8af7c41c2b2444e662bf40467410bc7931374363aa9afb898185fd7a5febab056030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
6bb6d54add8431575cbad984041dfbd2

SHA1
c11751e560330996f33ca03d2966e45987d4c3f9

SHA256
7db90ab820075fb37e6967e0732ffcaee2fc96fdf6d12354996b3ab95d93fbe2

SHA512
d7519ff871aa8934801afd31b5d41f6fae0b95961392e5ca2dd14ea304741838dcc4c66b50794624aa6dc66f9f628aef261d7909b13343859d24046a1b2839c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
6KB

MD5
8ef3248dd2f1445195ca7408c01d9320

SHA1
7c97b05f8e4ffbeb440ef9213e78136e6f03a75c

SHA256
7fbb419e5d3bd26422a03d9c87f85de95297c949991010ba0bcf63f7f261a140

SHA512
b6b6ca8267a8b0f196f2cabf6b3ef48e2b13b0f04a6471023e162e80f01036e5f44d4db0c043c83097b9fed4856c80e5dd0ceff06f914668dfa32c777295d3dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
cb23778346aca56bb70fec877fc317be

SHA1
a203cb6721ec8749d2cbcdbece5f749ccdc11ba1

SHA256
819233dd65e1fd832e4095dcd3720132adcfe1fba4bc91124ccc85f6a0d73397

SHA512
73c31da7d367d7843f9911c7c026268594988e0b65a0c182d38266ee831c013d488bd901b44c43a208e89cdf74e0cbc3b842b31cbc2c2f6adae7bbf055ac66d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ecb75f28845ad03d1934fcee5dbbda84

SHA1
55e9315492dd7eefc368d483b38f50592aa8991d

SHA256
6534ff32fb537e0c803e2291c120bce5917bf72bb417b90a854f29571fb33399

SHA512
39aaf958574c1e9b9535ff482c6c4d2d2d78a44028ac3750667c63ab4e7f2b4ee2f42b5818345871bd3a069fc3a4d4c4c4c26efab28566dd6d411a2f2cc60ba5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ef90.TMP

Filesize
704B

MD5
e978d65cb0544b98c21a8197a8726301

SHA1
f889eaed98c3033bdf95727ef4b56e4d9005cd99

SHA256
dc1ee59e770484ec09d256b6007f429801f8c9edaebb16874fe781d3b4b5b941

SHA512
8713d96f0ca7647fb13a7fc21d7e34a99f8b3b8e017e9979ce48e40b574f55dc5a46c35014198c8ba2df0fa6e115e2decdda64336e1b575c881af82e523a705b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cb36c649350c831d12fdb8f724d7e9d2

SHA1
010d7f02c11cd78b4bc6f5e0919a5130169da70c

SHA256
5392b8e0a52e88e1c78e494d47fcdaa1f1dcb83014bbc0ba7d04dffc7f0d4739

SHA512
cd50c1cf4d890b7b953677986fe308afbad03af5d9ae2a838364cbfa4fe4544709c6af80cdabce870e1564f23a1567dd46596272771a98f52027f66c8f9097b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4e1f4959f972ac7ecaedfb68586858f

SHA1
3e81636761be9d32ca05990d8060324b8d410dba

SHA256
a7603ec9ebce61d8ff3216022ab6891f7193735d68754be4cd4057f27f5f9683

SHA512
f8457dfe4f998f61b2bb1a0b210426c712800ed69095f236f2db07f52bc07a6af46824717cd3de88b1a508fe61ab9059ea9ba793bfecdec1b42c07de8273cce6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\VCRUNTIME140.dll

Filesize
116KB

MD5
be8dbe2dc77ebe7f88f910c61aec691a

SHA1
a19f08bb2b1c1de5bb61daf9f2304531321e0e40

SHA256
4d292623516f65c80482081e62d5dadb759dc16e851de5db24c3cbb57b87db83

SHA512
0da644472b374f1da449a06623983d0477405b5229e386accadb154b43b8b083ee89f07c3f04d2c0c7501ead99ad95aecaa5873ff34c5eeb833285b598d5a655

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\_ctypes.pyd

Filesize
122KB

MD5
5377ab365c86bbcdd998580a79be28b4

SHA1
b0a6342df76c4da5b1e28a036025e274be322b35

SHA256
6c5f31bef3fdbff31beac0b1a477be880dda61346d859cf34ca93b9291594d93

SHA512
56f28d431093b9f08606d09b84a392de7ba390e66b7def469b84a21bfc648b2de3839b2eee4fb846bbf8bb6ba505f9d720ccb6bb1a723e78e8e8b59ab940ac26

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\api-ms-win-core-console-l1-1-0.dll

Filesize
22KB

MD5
e667175faaa5b00b2bd75ef17a3e4464

SHA1
4ada861c3b8b0f6236cdb92b0bf8150a912023cb

SHA256
13f8e079a1bdf3e0cfdacacc12a04429138405856d731a46e11e21488bf9b611

SHA512
78fc59d0d802ab642b64ae3475a366d9c6a611185bbd6913339a1d7fc15445305cff5ec705ce83df9200de8f91098ae4111a7f82caa3d9396d043a65c0f1c69e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\api-ms-win-core-datetime-l1-1-0.dll

Filesize
22KB

MD5
1d31eafb0e2e3fe78c43f08925ab32e8

SHA1
0dd1a361cb9975bc338989d1213b6c9cc5e52749

SHA256
c40fa3884422e83b6345a02f3ef3122b86d5903b3f47c700a88716b1024c0bf1

SHA512
1673c6eae04e81bc17d01f4d0c2a36641381bccbaa2357d6232d928acc6b94aa9865046713f0b5ebd22bd33171ca2658a964753131b606246be15fa259967c5d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\api-ms-win-core-debug-l1-1-0.dll

Filesize
22KB

MD5
cc58df3b4a3c56802de6b609dd7e3c1a

SHA1
1c50a279ffd593e0bde4df6764eb783499f99b0e

SHA256
301d30ac8bb2aceaaf11b6da7102b56f726afe962d8a95e1918040f46469d689

SHA512
9a6a95438ecf2817635a0ee873f610803871849f64cad021dc6d33edc78db85ce858bd48de4523ebb5066abf68bd754b27dba2ed31c354ff7c96c43b0b744f65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
22KB

MD5
5db4eb52248d1f0a9100946f62fca2d1

SHA1
8df3dfff4e6d3d58d3500b1f7eb2e8207670af11

SHA256
c32594648af1941e4c42571b5891ab5b906ace0514fc9dc94fa2573c4b9becf7

SHA512
82e93eea06e804b120f6e3f4536f274867afb008669126550e9752cdae2bc1b221788512468856167a5800890383daf4e120c534af2b79fed5afdd84bd903f28

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\api-ms-win-core-fibers-l1-1-0.dll

Filesize
22KB

MD5
b9edc5f6f446f3b3a048752b05d57497

SHA1
bd9db207f6471de065805dc30e3f6c8b426195fc

SHA256
35d0f6a02e46cb3eb4f70745fa5042d574a4996cc1be691c5a43f3cc716b41de

SHA512
2fe77e3fc9d7c80608e746fc56a1a23681e40047b6b1de2753fdfc998bac8cfc8aacb24764aae8ee5c1b71707e677071959b852510f19285eec0bed517efec0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
8fd951de1fba04696c2a8669a6ceb3c9

SHA1
26ba1836198d0a7b73a97b40e903d4b394ab65f9

SHA256
6d03c7c5c71f3d0480d0597dce98a96d0176f7db299b3329320313aa703dfba4

SHA512
2c8425183747708d0534ac5d1cc328dac2b5a86bc2cfed1e446c962d6824bc5fa47aa249a03392c9036b170ea1c113f4d1a1334b03116f3e7f1762e7193adf71

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\base_library.zip

Filesize
1.3MB

MD5
21bf7b131747990a41b9f8759c119302

SHA1
70d4da24b4c5a12763864bf06ebd4295c16092d9

SHA256
f36454a982f5665d4e7fcc69ee81146965358fcb7f5d59f2cd8861ca89c66efa

SHA512
4cb45e9c48d4544c1a171d88581f857d8c5cf74e273bb2acf40a50a35c5148fe7d6e9afcf5e1046a7d7ae77f9196f7308ae3869c18d813fcd48021b4d112deb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\python3.DLL

Filesize
66KB

MD5
5eace36402143b0205635818363d8e57

SHA1
ae7b03251a0bac083dec3b1802b5ca9c10132b4c

SHA256
25a39e721c26e53bec292395d093211bba70465280acfa2059fa52957ec975b2

SHA512
7cb3619ea46fbaaf45abfa3d6f29e7a5522777980e0a9d2da021d6c68bcc380abe38e8004e1f31d817371fb3cdd5425d4bb115cb2dc0d40d59d111a2d98b21d4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\python312.dll

Filesize
6.6MB

MD5
166cc2f997cba5fc011820e6b46e8ea7

SHA1
d6179213afea084f02566ea190202c752286ca1f

SHA256
c045b57348c21f5f810bae60654ae39490846b487378e917595f1f95438f9546

SHA512
49d9d4df3d7ef5737e947a56e48505a2212e05fdbcd7b83d689639728639b7fd3be39506d7cfcb7563576ebee879fd305370fdb203909ed9b522b894dd87aacb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI12162\ucrtbase.dll

Filesize
1.1MB

MD5
e382650083113f1f2372f80d429c1df1

SHA1
d320de40a15b51ae6107f563bd8bb9976260834d

SHA256
fd579c729469a4a7ae27fc1df0f5dfdc403232650d50e59226964b10c4eb4486

SHA512
c5cef23f9d3b2b6fb3cb64394f8a44f77ea575494d73de7e842a04ae954c911bcfcaa19733f7f902395d1dd54a7fdc9a91fa3502a45645229b8ea85a6f643e05

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28362\attrs-24.2.0.dist-info\INSTALLER

Filesize
4B

MD5
365c9bfeb7d89244f2ce01c1de44cb85

SHA1
d7a03141d5d6b1e88b6b59ef08b6681df212c599

SHA256
ceebae7b8927a3227e5303cf5e0f1f7b34bb542ad7250ac03fbcde36ec2f1508

SHA512
d220d322a4053d84130567d626a9f7bb2fb8f0b854da1621f001826dc61b0ed6d3f91793627e6f0ac2ac27aea2b986b6a7a63427f05fe004d8a2adfbdadc13c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\selenium-managervvsJ90\chromedriver.exe

Filesize
16.2MB

MD5
3e9504b3472d017bdbf79ff995d8f575

SHA1
156d196d47b5025f575e19a7940aae51fbb59690

SHA256
3bd48933f56e62e23a9a6a999c66d944fa3b82d794da1549723662244cad6e4b

SHA512
0dd25ecaf86292c2085650c49de21cf10e24cc8e549520573cbb21e1793631985e21199f8e2ee10f87eb3a24cdd5da79024944fae9fb4c0528110a4aad433e21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
e0afeb7d06e841f0220fe8b0d83b1259

SHA1
3f667aef39eecbb4978a18676c8c24185463bab5

SHA256
108615f0c9d1d09f911f578bbd2aea618c20184deb6694a33b270e2f461379fc

SHA512
cfca0c56dd288cd5aaa2a195e56ee791c1bae45c8989ea066c764311c28b4e06a325ad2586c96cad8b7c5e0d30a33dfc4de6520ee3d9b5729309870ad4fbcc39

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
47b0cc5463c80299c654f47c7d5024aa

SHA1
cca0ee3fe69f35e3c9996e8ed77ddbc3d45aec8c

SHA256
d8e4c40622dd71848dcd82eba385b5001a68c5d8d559299b23ec07ee1f35349c

SHA512
457f973c9fd20d30f790fc3360288e07b219322575d97f0f01d40b92f0f0e9eef65ba9b92f220a874d37ad6e0ec762f5e8f82c0786d07b9a14a3ea6cc5873167

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
02fa4c158b3ea5a072c15ac3f5177f65

SHA1
cdb819878ad3b6a152ae1eadf4bbcc36f4bd1d2a

SHA256
8d84ed25f6539c6089a04506ce3d277d21d5a6df0353abf361565b3dbbec41c5

SHA512
c6f8f357450d47cb3be8480fdd6e3b11b3963783a9c99edbf629ee7c77ad9ab3a91fa08a6fb43d24949335a3e639a2bd3516073f4ed09602f3440e3ed85cbee4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
ec1b8210c0d964bd68e97643fedaa0b5

SHA1
9df33e11e6ee13e4411c92b1a90dcb04fbf5f95c

SHA256
e1f5c2fcfb76ec02f75f4fd122504c6cfb86c67b609c0b9d8164b87bb94c03e0

SHA512
8db138bc7127a8d3f9f2920eeab0111bce377340021dd745c75d0e115d9cd701001dfb4bc867589824b2409eee9225ae5ce70c01dc8d26b884dacff9271e4181

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
a18f842d584bd12be64d67af98283500

SHA1
4e8c69bdc61988a4e7149b008cf80016ea14a734

SHA256
0bdd8c5b31248a11873b7ffbc1f4b47ff7503b188cd852191c63dfeadbc4bdcf

SHA512
168737a6c85a84797c59901c892051794d97d9c76dfe5ae884e0e4c7b251f0182631c1e09151ca396daba0adf379a204994059c0c8096c3ec0c1cfb42f5dc115

Download Submit
C:\Users\Admin\Downloads\GoonScript_v1.1\default_image.jpg

Filesize
512KB

MD5
dc87a04d7878050f3b5475d373b81667

SHA1
74f24942cf9087c14fae01b4b3e6315987f0e248

SHA256
345f89cfd9aa7eeb6f00b03ad68bc0d3107049c5e115c81cb86b2a3d74e3a78d

SHA512
dd8887d2e9812943ae33a0eeea01d9bdc54dafc9b3baf31fe17856bcd63ec66931fbb21bebba9465e18d772be206e27ac2d980def7892f017a25bdbcfc974c67

Download Submit
memory/2500-4396-0x00007FF9D99A0000-0x00007FF9DACFD000-memory.dmp

Filesize
19.4MB

Download
memory/2500-2797-0x00007FF9D99A0000-0x00007FF9DACFD000-memory.dmp

Filesize
19.4MB

Download
memory/3016-4328-0x00007FF9D3FD0000-0x00007FF9D532D000-memory.dmp

Filesize
19.4MB

Download
memory/5336-1556-0x0000013359BB0000-0x0000013359BB1000-memory.dmp

Filesize
4KB

Download
memory/5336-1554-0x0000013359BA0000-0x0000013359BA1000-memory.dmp

Filesize
4KB

Download
memory/5336-1553-0x0000013359BA0000-0x0000013359BA1000-memory.dmp

Filesize
4KB

Download
memory/5336-1555-0x0000013359BB0000-0x0000013359BB1000-memory.dmp

Filesize
4KB

Download
memory/5336-1548-0x0000013359A90000-0x0000013359A91000-memory.dmp

Filesize
4KB

Download
memory/5336-1541-0x0000013350F60000-0x0000013350F70000-memory.dmp

Filesize
64KB

Download
memory/5336-1552-0x0000013359B10000-0x0000013359B11000-memory.dmp

Filesize
4KB

Download
memory/5336-1537-0x00000133507A0000-0x00000133507B0000-memory.dmp

Filesize
64KB

Download
memory/5336-1550-0x0000013359B10000-0x0000013359B11000-memory.dmp

Filesize
4KB

Download