44caliber | hxxps://download[.]oxy[.]cloud/d/UnQd

Resubmissions

06-01-2025 19:59

250106-yqw1zswmbv 10

06-01-2025 19:53

250106-yl922swlbz 10

Analysis

max time kernel
352s
max time network
348s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
06-01-2025 19:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://download.oxy.cloud/d/UnQd

Score

10^/10

44caliber discovery phishing spyware stealer

Malware Config

Extracted

Family

44caliber

https://discord.com/api/webhooks/846439149581893662/hBBSrbxFHiAbnd1pIRcuKL1aQRyQJ93Yg0OxBAgKickoJ69NStLaqKmmoghPQ7vaml0W

Signatures

44Caliber
An open source infostealer written in C#.
stealer 44caliber
44Caliber family
44caliber
Downloads MZ/PE file
A potential corporate email address has been identified in the URL: =@L
phishing

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	GameSense Crack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	GameSense Crack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	GameSense Crack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000\Control Panel\International\Geo\Nation	GameSense Crack.exe

Executes dropped EXE 20 IoCs

pid	Process
4800	GameSense Crack.exe
4848	system32.exe
5820	Loader.exe
5812	GameSense Crack.exe
2104	system32.exe
2380	Loader.exe
3536	GameSense Crack.exe
4556	system32.exe
5392	Loader.exe
4868	GameSense Crack.exe
3272	system32.exe
5276	Loader.exe
1200	Loader.exe
5364	system32.exe
5708	system32.exe
2376	system32.exe
4316	system32.exe
4512	system32.exe
5808	Loader.exe
3176	Loader.exe

Loads dropped DLL 4 IoCs

pid	Process
4800	GameSense Crack.exe
5812	GameSense Crack.exe
3536	GameSense Crack.exe
4868	GameSense Crack.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Accesses cryptocurrency files/wallets, possible credential harvesting 2 TTPs
spyware

Data from Local System
T1005

Credentials In Files
T1552.001

Looks up external IP address via web service 9 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
447	freegeoip.app
459	freegeoip.app
462	freegeoip.app
437	freegeoip.app
449	freegeoip.app
464	freegeoip.app
466	freegeoip.app
477	freegeoip.app
438	freegeoip.app

Drops file in System32 directory 11 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameSense Crack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameSense Crack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameSense Crack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GameSense Crack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Loader.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
behavioral1/files/0x00040000000229a7-520.dat	nsis_installer_1
behavioral1/files/0x00040000000229a7-520.dat	nsis_installer_2

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe

Checks processor information in registry 2 TTPs 16 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\Description\System\CentralProcessor\0	system32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	system32.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133806668970416698"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-940901362-3608833189-1915618603-1000_Classes\Local Settings	mspaint.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
1764	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3468	chrome.exe
3468	chrome.exe
2112	msedge.exe
2112	msedge.exe
3532	msedge.exe
3532	msedge.exe
4848	system32.exe
4848	system32.exe
4848	system32.exe
4848	system32.exe
4848	system32.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe
5820	Loader.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
5948	OpenWith.exe
5832	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 62 IoCs

pid	Process
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3532	msedge.exe
3532	msedge.exe
3468	chrome.exe
3468	chrome.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe
2808	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe
Token: SeShutdownPrivilege	3468	chrome.exe
Token: SeCreatePagefilePrivilege	3468	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3468	chrome.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
3532	msedge.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe
5832	taskmgr.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
5820	Loader.exe
3268	mspaint.exe
5948	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3468 wrote to memory of 400	3468	chrome.exe	85
PID 3468 wrote to memory of 400	3468	chrome.exe	85
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 2524	3468	chrome.exe	86
PID 3468 wrote to memory of 1864	3468	chrome.exe	87
PID 3468 wrote to memory of 1864	3468	chrome.exe	87
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88
PID 3468 wrote to memory of 4560	3468	chrome.exe	88

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://download.oxy.cloud/d/UnQd
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe8148cc40,0x7ffe8148cc4c,0x7ffe8148cc58
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1904,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1900 /prefetch:2
  2⤵
  PID:2524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2164,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  PID:1864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2284 /prefetch:8
  2⤵
  PID:4560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3088,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3116 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3104,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4464,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3640 /prefetch:1
  2⤵
  PID:3632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4328,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=3132,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3100 /prefetch:1
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4452,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4648 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3124,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4944 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3316,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3324,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5160 /prefetch:1
  2⤵
  PID:932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5336,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5452,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5636,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5644,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5764 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5924,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:2088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5628,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:3480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=6220,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6252 /prefetch:1
  2⤵
  PID:2472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=6196,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5956,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5684,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=6140,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5472,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6052 /prefetch:1
  2⤵
  PID:1360
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6152,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6772,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:3152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6504,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6896 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=5840,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6964 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6968,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7124 /prefetch:1
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7812,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7764 /prefetch:1
  2⤵
  PID:216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7960,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=8044,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7792 /prefetch:1
  2⤵
  PID:4596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=8236,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8200 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=8188,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8364 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8348,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8556 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=8080,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8668 /prefetch:1
  2⤵
  PID:5264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7828,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8040 /prefetch:1
  2⤵
  PID:5468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=7936,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8632 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --field-trial-handle=7132,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8552 /prefetch:1
  2⤵
  PID:5484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=7172,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7208 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=7160,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8912 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=9016,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8988 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=9020,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9004 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7216,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8036 /prefetch:1
  2⤵
  PID:5936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=8016,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=7980 /prefetch:1
  2⤵
  PID:6036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=5356,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:5348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=6332,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=5524,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5540 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=6228,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:5436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=8240,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=7944,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8128 /prefetch:1
  2⤵
  PID:5316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=8164,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=8848 /prefetch:1
  2⤵
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --field-trial-handle=6876,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6800 /prefetch:1
  2⤵
  PID:5700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=6856,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6828 /prefetch:1
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --field-trial-handle=8828,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6832 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --field-trial-handle=5476,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --field-trial-handle=7952,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9156 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6824,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6120 /prefetch:8
  2⤵
  PID:4276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6820,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6448 /prefetch:8
  2⤵
  PID:5380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5796,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9028 /prefetch:8
  2⤵
  PID:2292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5308,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9028 /prefetch:8
  2⤵
  PID:3800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5004,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9028 /prefetch:8
  2⤵
  PID:4376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --field-trial-handle=1640,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --field-trial-handle=7740,i,11776869857848557195,2798632550792630715,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=9308 /prefetch:1
  2⤵
  PID:2132

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3604

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4984

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Downloads\1d7c10fec87a6af7ff73699f4f019027.htm
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe6d5746f8,0x7ffe6d574708,0x7ffe6d574718
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,8557048903738567612,7202153182739149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,8557048903738567612,7202153182739149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,8557048903738567612,7202153182739149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:5848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8557048903738567612,7202153182739149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1996 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,8557048903738567612,7202153182739149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5732

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5472

C:\Users\Admin\Downloads\GameSense Crack.exe
"C:\Users\Admin\Downloads\GameSense Crack.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4800
- C:\Users\Admin\AppData\Roaming\1337\system32.exe
  "C:\Users\Admin\AppData\Roaming\1337\system32.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:4848
- C:\Users\Admin\AppData\Roaming\1337\Loader.exe
  "C:\Users\Admin\AppData\Roaming\1337\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:5820

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SendNotifyMessage
PID:5832

C:\Users\Admin\Downloads\GameSense Crack.exe
"C:\Users\Admin\Downloads\GameSense Crack.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:5812
- C:\Users\Admin\AppData\Roaming\1337\system32.exe
  "C:\Users\Admin\AppData\Roaming\1337\system32.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  PID:2104
- C:\Users\Admin\AppData\Roaming\1337\Loader.exe
  "C:\Users\Admin\AppData\Roaming\1337\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2380

C:\Users\Admin\Downloads\GameSense Crack.exe
"C:\Users\Admin\Downloads\GameSense Crack.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:3536
- C:\Users\Admin\AppData\Roaming\1337\system32.exe
  "C:\Users\Admin\AppData\Roaming\1337\system32.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  PID:4556
- C:\Users\Admin\AppData\Roaming\1337\Loader.exe
  "C:\Users\Admin\AppData\Roaming\1337\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5392

C:\Users\Admin\Downloads\GameSense Crack.exe
"C:\Users\Admin\Downloads\GameSense Crack.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- System Location Discovery: System Language Discovery
PID:4868
- C:\Users\Admin\AppData\Roaming\1337\system32.exe
  "C:\Users\Admin\AppData\Roaming\1337\system32.exe"
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  PID:3272
- C:\Users\Admin\AppData\Roaming\1337\Loader.exe
  "C:\Users\Admin\AppData\Roaming\1337\Loader.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5276

C:\Users\Admin\AppData\Roaming\1337\Loader.exe
"C:\Users\Admin\AppData\Roaming\1337\Loader.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1200

C:\Users\Admin\AppData\Roaming\1337\system32.exe
"C:\Users\Admin\AppData\Roaming\1337\system32.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:5364

C:\Users\Admin\AppData\Roaming\1337\system32.exe
"C:\Users\Admin\AppData\Roaming\1337\system32.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:5708

C:\Users\Admin\AppData\Roaming\1337\system32.exe
"C:\Users\Admin\AppData\Roaming\1337\system32.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:2376

C:\Users\Admin\AppData\Roaming\1337\system32.exe
"C:\Users\Admin\AppData\Roaming\1337\system32.exe"
1⤵
- Executes dropped EXE
PID:4316

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\AppData\Roaming\44\Screen.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3268

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:5272

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5948

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Roaming\44\Information.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:1764

C:\Users\Admin\AppData\Roaming\1337\system32.exe
"C:\Users\Admin\AppData\Roaming\1337\system32.exe"
1⤵
- Executes dropped EXE
- Checks processor information in registry
PID:4512

C:\Users\Admin\AppData\Roaming\1337\Loader.exe
"C:\Users\Admin\AppData\Roaming\1337\Loader.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5808

C:\Users\Admin\AppData\Roaming\1337\Loader.exe
"C:\Users\Admin\AppData\Roaming\1337\Loader.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:3176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0x78,0x7ffe6d5746f8,0x7ffe6d574708,0x7ffe6d574718
  2⤵
  PID:6052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
  2⤵
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
  2⤵
  PID:5888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
  2⤵
  PID:1644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
  2⤵
  PID:2004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 /prefetch:8
  2⤵
  PID:6092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,7854339129799381440,15251675856639552838,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3684 /prefetch:8
  2⤵
  PID:5164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
210B

MD5
1267f4be35fbe5510886cf08ddee9fdd

SHA1
04e714a1c8a9d76e860c7cbbe7ebf62c71dea6b9

SHA256
ab038447adbfd1faf46f0d3bf6dc387621dc8435ab552696ec8d9bbe7a6a9ab3

SHA512
6f1bc0ad9eb850f37cddc2422e738f0cbbfe8a7a7e064c0c989cafbf0f7d5ae5bdfced4b3f93952688de3bfa338ff5a8c7258aff8397cdaccb36b23b5d16686b

Download Submit
C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
315B

MD5
71227f862899452aa270d580a8b090c8

SHA1
13a6dc9506be2066777ec34acbe5ab62684c4929

SHA256
22e5316f3216208507c8ae67cbb2a90cfcf4389dae87f8f71c3388593eca57c1

SHA512
126c549e82d679bb9d3e229b09c3dded86b72aa5a98cb956a0d2a740ca43a4da14049134c3836c49ef50e76bb0a69fe158bb776a4c86a7e7b04893ced8ba5b5a

Download Submit
C:\ProgramData\44\Browsers\Firefox\Bookmarks.txt

Filesize
105B

MD5
2e9d094dda5cdc3ce6519f75943a4ff4

SHA1
5d989b4ac8b699781681fe75ed9ef98191a5096c

SHA256
c84c98bbf5e0ef9c8d0708b5d60c5bb656b7d6be5135d7f7a8d25557e08cf142

SHA512
d1f7eed00959e902bdb2125b91721460d3ff99f3bdfc1f2a343d4f58e8d4e5e5a06c0c6cdc0379211c94510f7c00d7a8b34fa7d0ca0c3d54cbbe878f1e9812b7

Download Submit
C:\ProgramData\44\Process.txt

Filesize
2KB

MD5
7bcc1f08839e2099fad497a91f05ae67

SHA1
b965af685e61fe41c4fb4ef6c9fa27d3ea1cb90e

SHA256
f069e0cbcbdd7a2e7613ae37063fb6f7163783856fa85bc07a4c37a075534c36

SHA512
44e431d674fb12671e532a9b53ba1f7c93da43b0fce24eb3e6e546a9f603c248cb13274e535a6236b927c90010a14d6892eea4fc940c9378ad89b995e4335221

Download Submit
C:\ProgramData\44\Process.txt

Filesize
4KB

MD5
d2e5b0b7ddab27dd57eddb20caab6a0f

SHA1
775ad645041d6cd0c9f43f0bd4670a34d1cd6bc2

SHA256
bcf0c85b41999b47e53837390d7b1859f7876491a4315fc197d00772b666a1d1

SHA512
b7f2d1687fc88f9bb4edbbe6d3f48983e9c2f1aa21de77c8ef26026a685de17165ef1630746fe1fe7a687c54bee8833ca032d5d50422c5d4bcb8c7f6ac7b9dbc

Download Submit
C:\ProgramData\44\Process.txt

Filesize
377B

MD5
f7bc57b833da32be9f03a8363aa9d978

SHA1
db3aeb19f461aad42e73c8b47ec87311056584f6

SHA256
9fd806f8c1b7d34277d61579240d58866198806b9b3028130dfb15f054294dc1

SHA512
f92caf50477ef921cf305c258470dc3baa13b4428169735d933e902289f6f585415c12cdda23dae1cbc6f1afa8f728e68f009aeaa8d1d131bcbd9477ff8f49dc

Download Submit
C:\ProgramData\44\Process.txt

Filesize
1KB

MD5
9ee501c8918a7187348af6ccc4cc25ab

SHA1
8809d2c9ddab90a0a78ffcae82e0334a4a46ea83

SHA256
01e3a713a140f4004bffcc346e969b891f9830342a8c95259f8b7cb21ac305a1

SHA512
67dcafafa096d3b8573dacec2bc02a6db15fef71dfc73552f1a8e76ce0f654513b0c3b7dc61a23ffd1cfe38dd52de2d183cfe6315cf97fa2bf90acee8555fa0e

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
1KB

MD5
fd73e11523968761aa38bb0b7d972941

SHA1
0928a48b8da8798a8019282d9739d419b5eca419

SHA256
a325946704ab7227337844cf6c7a7ae19cb832cc4774e473d3d2697179b7d3ad

SHA512
d05b9a0ffa82a49453d561b7e5064769228f3e4a528c1d4b748d4e9a5514526600d2dfb85c09e76dc54ff4a05624f1ed01d3f1b025ee3d35ef3d2437777ba970

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
2KB

MD5
3860bde2e13db9755101bdd82a6e605c

SHA1
1e3dbde28244efca5b2edd43b71fcb4762bdf3c5

SHA256
5b405d246405f8a9b10814b0ddabf4470fdd6c03091748d5cafd9347df5c6eb2

SHA512
9a006d3c5a08d0d24c4eebfd863f62eae980a3bca5d04939750c9aa7672bc960c2fc84d2601943b7920c1d49576f726de55969b35dbd4652faaf22f7f222fa5f

Download Submit
C:\Users\Admin\AppData\Local\44\Process.txt

Filesize
4KB

MD5
5be5902abbfa2b6902483deeee860361

SHA1
cfcf142fbb87d579adf25d093805f480c6dc2c38

SHA256
1d7389b894eb178cc6410f58fbbb60f6a2eedcadffe067f48fea43b222b6ec5e

SHA512
3256d5db99ecfd76ff8e3c551e84e5436bef8f5c29591f782a333e6814b8ed42253a8434ac4b67047eb4c4354bf224b1baeda382d8960084fb83634c2b914b26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
4a6b08c05c9e989332f2289dece71a66

SHA1
0c377d9fee0b13da25028f4881d3c27f696b63a5

SHA256
7a386005df693fb000f37389b6f37bce852e0b8b135063cbc4f953c013571169

SHA512
2f2df9904701f936c22fdb2e6cc485bfffe82dd3772a7fd535bfca3d44ce22f29facb029f21d41d91cb7f1a6a673a90f6d9ece84cb3fb36a91ae0e48d887aa43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
c4bd35205774066c2445df6fa5cb3da6

SHA1
68e2bc8d66926023d75564b6981333d1b9c2ceea

SHA256
7bfc7b32fb08b00eeea26300152cdf63acab95b74e542d7a3766732481c8ab83

SHA512
ef159aa23282a46db59938d106c56a1fbfb583c6931f997929068eef695c92b38229dc48f0a447ab8d31b1d0d6086edd81e3bf2f589a6aba35ad62863e339a21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
960B

MD5
fa13b26b74919269a11369c325df6552

SHA1
4b12be24f29d30546fa487068fecc3a362d3c820

SHA256
77d136375fe013a57d93c67832d5a2416d666b7f09122b74a6d907e48c7b0c20

SHA512
976abb925339e84a83249b8bc76d10a366dcc5a805ae5995d883d21deb0cd34790989260617c5be4195136ebbd9b93cb60b0228a8f66f84b5bfcac32c431a5a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
8ea53ac491bdac1116ebfc6b2b927d5f

SHA1
d33abb75ca95abf3d1d5650ba9d645a11bb2c94b

SHA256
1c2cecd981bc3d3e31b7d6baa9f2999a4cb6f3ccff8ddf36bedd4734063f53c3

SHA512
c5bdc796db063b31af6e3de53e2f5304ed457805990d76e7ca3a3e184b6ca463f7c14d3a4e27e395a37f9fd6cd81fe27a94e742129a26b6842753a88e84cfa48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_download.oxy.cloud_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
f93499055a89a135839f7acb5be43110

SHA1
b7d564b1c27c0e7533ab3f04ad3fd79fb3ff0c4b

SHA256
ffe3f53729b92cb9e38dd7d5d79d15f2e5a8ad09e7244762567f07ea447299a8

SHA512
0da92bfe5f9791a736da79a36274bdd7796d0bad5a513941eb2cb33df5e31849a8056bdb498b1d2754377036e03e5713d08544da0d0520494d838e4095a85ffe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
1a8b35fbecf815a758f352963e0e87f5

SHA1
21ebc175543e1651d491733b73c3603c8507364f

SHA256
5ca730b0afe8ccd762fec89a30cae36e28797a00b6bbdbd512c5bc3493f01e6d

SHA512
817c84714083390ef60673d80800e99228e8df82ccb1975bada19047201eb9db2a448d59a7b4ac6a60ca512041d14cfb86c9a6a0d14e40c4e8a0b50d29dc832e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
7ef294680faea3291db9e0176d61bdee

SHA1
42403b472a8bfc524fdafc772fa6c208b9c838e3

SHA256
533f8c322ef50a2fbed4bb963d605b5e2dcc050d93ae06bbe93ef3f51b0ffd09

SHA512
38e387b866a2a6af669ddffbd38f339426d44f563a0d2d0f991ed23f11cf6ac472e1b1004669cb7c03099ad612a08e5e774306c57bed3bee3c61a5eac3b9cc8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fc8114bfa3ec75c90d27270a2bf86474

SHA1
7c399ffcfc5d6ac16a7a127738c11f1e9f96bd90

SHA256
c67982ec36dd1537be0b4567de4ef6f36a217c8befe46959b7d599808f8fa39f

SHA512
3b1c4a931b66d6842a031c0bcffa47d1a825b414b9f5e5488f4ecc02b350c28eab2c0e01eea67644c6cad7fd63ed5ffecf5d9d5a98621cc49b1d49b0679bee47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
224579523d71884357721a8efc36e686

SHA1
951b80606f5517ce340051fc05dfd2a048df6fda

SHA256
8ac3e442ca4e579e040bcf42e4698ba0e9b6ccf8e13e45b0c10b3ca802e7d63c

SHA512
ed8c7e822b64cf8e4eaa0d0f056752a0623372b74b1d6308963d30b4acf292d7abb21cf5fc961ee681394ec09825d27302aa50b99681e8cca74724d45bdeaea8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
05216d7b4882ca6d60d62ee2043635fb

SHA1
90979c8aab2eeef5bab4555dd825448e87236bee

SHA256
da31673056c645eaf9ff8c8e14a10e9507a04d6d73c91a04726a64f367a34b35

SHA512
35aa46d64295fd34a1a9cfb48f67131d745279e4ad47c1a59eb21cc01c5e2f6fe4725e2bb3ca72bb8529c08a3582afb8c6a88dd1a0903ad7d36822bc268fc08d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
bdc8b8441a323065f131f3b319a7dd43

SHA1
804559fffe9581df30ddee09a23a5c8f5d5d6075

SHA256
6f5c243103cac4edf078e4a797e35412cf9a5d7b97b620003abb7a0da9401862

SHA512
8bdc5d98a71226612e92f6a356421db035bd4d2bd3b6f65567ffa6329c31d4042d3f46527c0cefd75af0b912a20cf7e6b4ed325b19553c98010994e8f22b2e4f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
94488d979617586105561705d613affe

SHA1
b2e52466d9a6468bc7559944048772a444903f75

SHA256
0803dfb14773ee1ce0b4080348fb2fcc45d16b997ce772d1b901ec25bce37bf4

SHA512
e1d84b949a52f2d7ffe6b0bb220dab8ee200e48f3bed18b6dfc5063328132c8abe25ce573106400a640c5e04c114317e303882194dac67f08a63d7e68d12447c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
aeda1412af0c9d1148f9ebe2cc1557bf

SHA1
5839462cfd3ae5b0e7c14cc927049e54a6f0e0d4

SHA256
1fe19ee8f1555aa3cf9f53b5c5a36b58683ba8f23307e8e7ac13ddb49aa04738

SHA512
0b6f0cfc1bcde9065beb35fb20f06e1f97cf489c3c905d57f011730b5d814c4a952a4214af320235cad438021783b46d922140437edcbfea5dc018fa5ea32fe4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f34416b7ccd72946e9bc09ab9b341014

SHA1
af7b2eb566a940fc641d96192d745eb27d59ff41

SHA256
4149b6f9347befdc41e92486bfaa3179ca52fc1fe31f766452ad316abb2d77c9

SHA512
e6de231fe9aea54f4335955285c8ffeccd5fa7e5ca35d325a35f7424a39ad1e7f2ba6610205f4e8f6936667da7c88d30a3ca12f303da0895e3d9a8c4674980b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f77ce64c4a11e9639781c7b807413708

SHA1
d2daf9af096507876c08b7ea71e354e13c45b9f6

SHA256
f3899a6b649d0588a545a8bd046320f624f8f358346626b22e5c5c328bd39615

SHA512
2adcf0db6ce18bcafa438fe4237bb5defd1106e0abe2f37664083add681a09bee6f4408e4c808e6e14cfddf761772d7b58a1de9e13cfb630153198a7edd39935

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
b0c69fdfc4872365518cedc51c601681

SHA1
38db0b439f37f01f549dad708b4eb1e18095e517

SHA256
6749ae6bf38e08ebb6348e4da9b52bbde51dc6421626e2b63300b8ae3a794330

SHA512
a8f2577e722957e6754a2cf17c730bd4f71c8bb739deed6373e1b8ade72039003a0c87c19f0dfacd1b64a9a254e27b0cda3e0681755ffc93a0180e3e1e4797f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
588d1e92181103d0ea358fd265a5e893

SHA1
299a90947735365ce132b652cd86acab4d4a63ca

SHA256
8c77da8dbacdddbc9bf3d9ca0448bcf5648e183bef842d48f9ee2d52706ee694

SHA512
3aa3674155fa13b6bac1e2134a8625d5dfb88275341dcc8deb418fd82b87a4584a598af523110b9d5d0e4a80743907b94f5f11582652a96872dcc9ad0887e87c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
98ae22ce1242d0d0ba83d186dcaf1630

SHA1
603215f882d1e1909330c06af2c8706833dd1d0c

SHA256
36d2ec7ee2e760b1db69ca8c2af9fb51d91df402dd1497c39ad24c53768eea77

SHA512
35217c2bd111e9f4c32817704773f01026702ad39e49cc10e5ac1d349333e701a335382b7db1e67ccba765a7501dab5973c32338ed715c607baf788e9ebb3e01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
e3e488d2f1bf11de0ae34679a46f7d39

SHA1
8970a6e19a2294a9001d439de1d021a58d0a84c9

SHA256
b57e691b5ba6c25ede9f86f0e794ad8641474bdc970ea885f6e264af814747b2

SHA512
79cf31d15450581fb348ff0132aa9347c842565c2a555992658b32a536c6a3769522488a4d5b2c0e515697a9fe50f999d37f744d453065f1170ca30dd9cce7f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3b48596620ed4e609600f9f71f2a639a

SHA1
a011f1cca6acb20ea435471bfcfbfe043724f216

SHA256
f3afe8f865a39881cd7c3213e90aad22a7a84058a24396b50000a1f80173037b

SHA512
facd2a437da31cf19d44991043cc1235eba9e1122c9e550ca8fd917029a7715a0a91ab15c80021b772f69b3e417e44ac88555c321dd68e332db4aac3eaac035d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
b6fabdc7478d46b4303d6015262cb340

SHA1
b0b5316b1223fcbea8de1a746fd9bb5249788eda

SHA256
a4596a4a18e32a4db842402df39998ee0d6ad4e4726d7f880683702d21dc862c

SHA512
b9f8ea7dd0e5e3b9860a672b1c46a201179393979f0cd72108437c10e85441f7b331671c7c8e331d3b9ca71949c4c880ae0eaa8d2ce4c97b55e1c6a384ae48f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4235b0f2096279e26246b654d40a0ec4

SHA1
35cf05f81a89f831365d2946c8c36b6881a07331

SHA256
2cf48a900756904d0b2d92c5f9fca34ee4290bc4e47f2ca47fe009df6cab2d4d

SHA512
0a7547c5e7d5d297b95153f1da29c54d9f3d90983def7abf692b476863388ec5a0fcc838ee3d6dd983ccaee52c897c11cf4c4e6c5cab7c19ceb4b99f026d6814

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3549590ede0f2fe5a37eb2cd6543a270

SHA1
8f0dba8c5577962c199b9f34f4b088293157b7a4

SHA256
340b4dba116031f74cd9120f5a5f3c13929d3dc27a51c7f2001f733b04e39392

SHA512
b7df5d5b21a905210b5222315ea2d2c78c38e223ac967aabe8ef04b44cdb9fe6355c105416f2abe829434a3e69cf9fe1cbb561c14db2b11e1daa5d6b79a696ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
0aa83d2c7c62c90396898d09575d2eed

SHA1
d3ba8a7b243979a2db1a01678f609600ef741f49

SHA256
1d00c9a5fbaa7abff4fdd698368ea64e6b17ff86d0a27ea71c4c69bfc282a7cd

SHA512
66431a5e47d66a4ad5c32b4bce4ca8e9827b6d040c246fdc35a17c9c230863164d1e92d78a6375f51b28e2a5850b15b29fe7fbfe0d99795c4a5746378346d055

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3eb1d45a32911e8e81d62a6fdaab137e

SHA1
b63dede9fd3412657aa77bf265be1c3af474f8e0

SHA256
6b59af8cb65b56b2da2e49db09956051f3786366d759c9bbc1179bd55d265db6

SHA512
42cd4732dbe406f4eade637ccf2dc1f264ea6c99b6724dd9b239d565b42a7707dc645ba7566542543f0e3316cfd91d5d031c9d30dfe8381565862e8f4d56d107

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8055e3ab3967512d3b10c3fccc7f0f89

SHA1
2c73cb939429eead90825f32737ce59f0d214d6f

SHA256
f25bf6586e9057fad32241207673fcb185da8878d4219585d7c9e1c4ffb7e7f1

SHA512
f7c00d4e79896559d76a1eac884583be545463bbb21b11bd405de7fa607e1f83a156f418e687dd1668a10fbf50753320c59cf8703c03e3feb7db7a23c2354c04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
63793b3adb577e114dbb8dede63697f0

SHA1
fd03206b027ba1667f092f439a19386f05a87b13

SHA256
14753ff1613a66faa5903d5094d19e9b6ada9b866e28a9ce5fce28648884cecb

SHA512
80a57966b9ced7672f025490cf92ad66c9bb681947b48ee6ee3e3e0fe3bee0d4e3b6893ff12817b1b7d73c86ff631720c0e1306e48cd3c826a4574350009ec2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c6f200c92d0645d2ff403691dbb02137

SHA1
29096f7ee1f4199abcc672aafddd6abcc9bdc6a8

SHA256
6ad5552d22048d7f1a59c7e2bb980f72999fdfe65c79380c77f2eda293248428

SHA512
a7b99cc0f99bb70ece02e6aaaad1b049b3ef96a428b67848cb6f0fd40e4b9a7ca953b7797e8b6f7fe0cd0f4da9592b38124822490528c5e88aa83f7855da9859

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1d42abba4170840d3f364e24b82347df

SHA1
5fa6eff5cd1c99e082f6336c37d35a5eb3eec6f3

SHA256
451042593f1c8452ec70e6fd37c234674a2feae84cdd774993d224b08f0a183c

SHA512
affb29d66321d8f44cb7180920bd1c5a15ac148767f8b1a0a23745b5396a401cab61cbaa6525eed1c2ad5c97db462c44400b05067a73eea66b7b455f7c84f2c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1b81ec31d22198228418636f76895bad

SHA1
3e1259d609704dd0f822ec25fde2021c0487b319

SHA256
2ea2e4077437d5bc41d774d6982f0ec6bc76b52b193727cfdc4094b1803dc933

SHA512
b333e526754d978fcea27851f928bac1ff93a6fc6f44af40065d4920a7690b08d7d5323bbb77571af510cdbe29c8150cbe06dce6799dc03ed05982a983769cc6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f16045bb7233c68600c9b53c9dbedb08

SHA1
15392db58d02012827947299e298fdd4e59c4d40

SHA256
95454b0c0da8c4e9a1139e5b3adbd64466e7a86f05216df33a8e57c03d1ac15b

SHA512
7619cd261a9699bb4dc8eecf427dc1e4c6881ca622ed686b01e5d274207ef081dd9ee3845658f890cab1a5750d5fcd2f7161d313790d929a62318a1ae0e00a1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
046476806927f1f7ecaf2e94c69271ac

SHA1
e35a30d556af5f9c92cee403972a04d9b4cd7f82

SHA256
b9a51ce4094975bc05b51c503dc3aba4336fa068ce85a6bee2d36a055c5bc0a1

SHA512
b32a1ba508c4d4d3ba8649af8cffa167e6f67e893030f4d5802b0ec4f17844710814b7b3cf2af40c51842eaf124ca5a618a859eb7811975b5cb319f8b18d45a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
06ba5da0b294a2bded25ee3c4b52f854

SHA1
f64fdb0886405099ad172efcee04d3c04a22ff9b

SHA256
59869e5c6a0c60e80c0cd7a29a0e1a0d46992514eb585c299604dcf3ee32ccac

SHA512
c8a97ff01a580b8e37f90d35cff867508b24b5ef30f1b8dbaa3854556067f5600bf4f82d6c4f491f81aa09ce0c2073b84c39c8ed4126144370ae15cc28871408

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
85359697254fcb570a7d3d3dab3bf834

SHA1
0f5fc5a036d901812fc200bc47b247add25619dc

SHA256
2ff8c62588d7a967a483ddf2814a4e2a42e3fb08f7df721d67eab68a6b27b3dd

SHA512
ba5543a1f91227524811017fc88731d571a47539eb173386a0da269e38ec9cbbc7066144d4a098657a4863755d4360b5922119e11fdbee7cd393fac7dafa06e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c7ace5f899bb25ceae950be74698dfe

SHA1
ca5a560e7a2eb25cc9258b14b7ede18389562319

SHA256
7a3b026b4e1fd1cffe4ab9a4e8f010c1e7434795560f17078256bdcd0f8e2762

SHA512
142b6008d933b81c830c0ef3dd8fb5396e97f1d0c12f2e1ad6eead779991ad531237ed9aff9e462f772fb758c1fa84a45930451929f00c57c8162e9276165dab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f160c6d2ec26ad0b29b1af62951d56a5

SHA1
3f38cc6ba53de8f1551325bba7eeff786987cbb6

SHA256
20bb39f215de4989bd8ef0245e475ffba6811d4fbdaae4c6b8a4f66946f6e2c5

SHA512
ca872d4144c5a2e711212fae9a3c316069c0d9f9ea6a642d4e2f234b2771355c806e2ccd0bfdb044f1d05f8cb620c1e9775ea2dd6dc456d652bade5e6933ca50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2502ab545735ecd3383c267ac381e01d

SHA1
528d82d2de13dc8aa1062d0f2e4c6f821ec54729

SHA256
9484811dec6c5cc1a1038180fbfac62574d58a9d501382dc2e21e3cb189a6f68

SHA512
6e47b03f612741719c9f7c8221795106dcf4661cfc6f5a32fd1175d972d35f865768a9a996c654a91ebb6e86a5c824cf05b15dd20ccb025c2e81df3eaf50609d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
7ee4b162c39e2094aaa5fb050b846118

SHA1
ed832d8e9b44d62a42f9d8ba0f37587c3c26c687

SHA256
eba9d79df904bfc87e7d2fbeab25b0e807b7e5f8e9208106986ee08cab177a20

SHA512
ccf29105f13298c8b6593b31ec653e9c5d514854e8d77e7390c11f6f998ede951a088ee10912e16d62b12bb758155c32a1d5f3097b599af8e341aca05575e04f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
77b89f53007f33379ca970ddbf8e704f

SHA1
3f5931d8f8a112624eda2cf8caa384a7046a0c3a

SHA256
45f1010e908f6340701b973fd3a8e562b816db41b32b782cf1a4c6dcf6733a59

SHA512
672cbdd15cc9017af2917a3a18173a9f58e8e53602f69c652a9cb25860ee95612a2f767a69ed9d4f6497379dfe503d4908f9df6080f41e8679d8b6092b12c4b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e7dbfee5acf2e5bb4a43e3376d5436c

SHA1
8ccb97e8eab80bdcc1d4038b75d7f96905e908c5

SHA256
0adf6596e8baaa68c0e1a25aa096f40d5f8d18ccfee81328bdc2d4802cd11c98

SHA512
17b41aebad6b34f3de149813ffe4360bce5b44e6ebd6cccfb146881bfe0148a15edf2fda6b5494ce607aca64316f094f702042fb95d5b5c0d9a38ca866c4c706

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
93d208e993fdc51e6cd13c86bce28eb5

SHA1
15be2d567fda74cf6625fc56f0593ef2acd0d1d1

SHA256
119ebe5aac4f65435e618d04aa9eb85e7600c599f91c2f8d7d2210d7e6bcc3f1

SHA512
a19d856ecb0329a215b09496dd769a9e015a5f79d4f23837d8fd1278cce608e8262821e924bcb9ce1868d04dbb7a5c641dd36a29cbb72528ec9ac549a7d933ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8af44c920244941f13d4434bfa345fb2

SHA1
827d24f24976c256c2052b76248a6f9e1a727641

SHA256
248319d88fc54f961cd1ae5767d524533a3cff8ce198c4b6cb316f9b7ac8f33b

SHA512
8bc1852345287d5e8bd61043ee27e8a8673994900c3c303f7fed2a6c5b7ab3f00bf0dc633cc21539bb68e640b90a7cdecc05d532e4e224effe994e7afd949d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
1aa381aa5192ac78fefdac57487cf469

SHA1
a8b4e5eefab8bf0a6e3c2e0e4291b22d2364224a

SHA256
339e785194bd5ce909774de2c97f5e064e41f00cb36a996a846958cbe58db6e7

SHA512
724bf75d312b14d178d53ad6a57a6d94fc9508f11e8acfeaa8f7c456b51ae8e898b9444686f502cb22ed3b04bb5a0fd98f07be74fea9753c8abd4c9c65197dfa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
40ca6448dfdfd778fb3d9d223292ab22

SHA1
0f2a924c08a5e6bc91e18de27cc0fcc76845a2a9

SHA256
da2a942c994f8ecc2f4dedaee8309fbea3d7d249e9b76f3405bf3b3a74d455b9

SHA512
20445fe1022728e76adfb6cdc1d7848e757b53cc2dc67a1d35eb484e6cda0e8b40bb3a4a95788224c25e107e26de357729bcfb8ee03f5c16f6d2d87688c38151

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
116KB

MD5
db6165fe86b588e1724d1ba9df786d90

SHA1
cd594c95023183c3f0c1fca0f1012667ac65d8c7

SHA256
2998a76d9df20ab815b666c6319d7ec45bf0715b1c42963f32dbbe26f64ef783

SHA512
ff8d339dafce1298915bb532b88baccbfee7cd843d38413bc72c0ff992613a1c9a4ad0875c2bc9fcc1ff67eb3909149c1ca2b3a168860e97eb45ad47f1ba26dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\17aca21a-3dea-4885-a9f4-e731518460cb.tmp

Filesize
10KB

MD5
dce9f113f31bacc0e91e6fbd8525c3fd

SHA1
19078ca4d5147c058d9273d73193a2d9f077dc69

SHA256
e220c18e19866ee03451f5f3d511ae7518b543b86231cba5bbe13c01bc2b7acf

SHA512
89c1aa3549186f654fc69ca7ef9c4bef99946ffc4259ba61e4c54e546c16a8d100609754e809d12f204691412d5448b6c74f0ba112a7737bd77cdecf5b8320d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f0f43f6b2ba5eb4024b5f8ff71b9f436

SHA1
57446562fafa3f2fdca146af456e1319a1becade

SHA256
8aa2acd12dcd0867bc78ad1157bdd8840808afb3d21f448d7fc0bd958c45f339

SHA512
dc2475ad30ceb0d8947523cf8dbdb047d426974da0beb3440810f5d4e00ca964f9ce04a09144c774eb3c1e435003555f1269f1736579705c0b3fa98e5a4c0029

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8b29aaa93eb4048ecd8d6c97ac6e7b27

SHA1
fe76ff76f840a3ebda680321bf3e8bb0c0eb14c0

SHA256
25a33f09696211c7099e2ce39d9a9606389829db5c24c00fdd3e6b75d626ac0c

SHA512
07fabf45b5341c6928a2d1bb13aa5f8953713e7b281b581e886fee53a0d81a17d5c9184676d4db55b0dcc1a4b630221d087772640f7b5aae32e995774f18ff28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c2d9eeb3fdd75834f0ac3f9767de8d6f

SHA1
4d16a7e82190f8490a00008bd53d85fb92e379b0

SHA256
1e5efb5f1d78a4cc269cb116307e9d767fc5ad8a18e6cf95c81c61d7b1da5c66

SHA512
d92f995f9e096ecc0a7b8b4aca336aeef0e7b919fe7fe008169f0b87da84d018971ba5728141557d42a0fc562a25191bd85e0d7354c401b09e8b62cdc44b6dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e55832d7cd7e868a2c087c4c73678018

SHA1
ed7a2f6d6437e907218ffba9128802eaf414a0eb

SHA256
a4d7777b980ec53de3a70aca8fb25b77e9b53187e7d2f0fa1a729ee9a35da574

SHA512
897fdebf1a9269a1bf1e3a791f6ee9ab7c24c9d75eeff65ac9599764e1c8585784e1837ba5321d90af0b004af121b2206081a6fb1b1ad571a0051ee33d3f5c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\6788a8ce-f860-4012-a73f-d475330ce3da.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
654B

MD5
d98c63d87dcc585bebf0036b5fa12fd6

SHA1
4a7da79e8e008f5fda5edc822f428ead176729fb

SHA256
1cbe5e5aab18a2e1b80d2bf7c41660973f89ffa32e018302ca9781339d24dc80

SHA512
c6aca0dc63cd93a164077dc6bb9f158c22d0a4cc01633d349b78f5d66a7c9ffec54e10b5b42380871f86d7e4fcda55cd74baffc2b37c07974dead0aad9fbcca8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9796d90b60ecd12a444cee04c9e21155

SHA1
ab4294a9dca867d118e1fced070409a89045218f

SHA256
148a09c48ff30a7f453e2cf7338cf94dfffab7103a6ccd73e2b74cab6c9cc508

SHA512
25116fe0a7a23eb7be8d27cc06f6aaa6b10621548c13015d5129fb93f06f51b4f8bb773e6f5cb7c6b4e1ceef25ccd771e2d9767f5b4e07eed706d24ae5565051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8fee1efd89e87e7860090687ee5af71f

SHA1
0f6ffd234b5d79a080738d3fcb8238808327256a

SHA256
5be97611dba1af6264349a9533dd2420d2c82c2924a6c1769317a8ce88be6258

SHA512
81dd45567b0f9f69df02c969ab1410eaf2c99bf1f45b6e4c98e7467308c17db35d444fd0bcd9aece8c72228e92d26b166c6a98795b557ed773218f3692e4b56a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
babdb720931db55827fc08463d64d88b

SHA1
5a4dda3469b8b6a2e2f1c2729f361900b84b1439

SHA256
933f75a144ebdd26c084d118576ea26ad9d28a61188e6a7955c7c61a35586019

SHA512
07c65498399b5b4d30d63ec409f11b7395660719eb6c8143833b18da9a2152ec971792ca4729a4be169bdca38a2cc4db93dfa769f4f7bc01dccf503609a2d47d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c34a18c7-bb4a-4278-8533-ecde212e195f.tmp

Filesize
6KB

MD5
001f8706f8da41a855ea93921030079e

SHA1
7056d8bd15af3959503fd8c318b9647b14bbdd70

SHA256
c38e0c7c1b9f0485917a448225076c969c70f5fc4d95046dc57c0514988af9b0

SHA512
ac954690e473a87ed1f11b8f917aece5a0605cd12b981624071da22ca053948d9cd7b7d323d0c5ffbb5bf4a88969910863fb8125d0eca85cc574bfa8027d4324

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4d8e301b859b366f7e569e43205d6390

SHA1
566d9ac504ad3c3836874959167a0e85d5ab165a

SHA256
0bd0bbc8ad36af4337dea774c85d839491edc4a37c3adf61a2df27e09f5bc2ba

SHA512
87386fe161430bc1e86615950fb75c19eade6c3d1420795bde530dd6ffd8346c9d55e9dc32cc43dfb2eef4f62c7d6a42203d3a14631b2b8933e129556b2614aa

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsc22D2.tmp\System.dll

Filesize
11KB

MD5
2ae993a2ffec0c137eb51c8832691bcb

SHA1
98e0b37b7c14890f8a599f35678af5e9435906e1

SHA256
681382f3134de5c6272a49dd13651c8c201b89c247b471191496e7335702fa59

SHA512
2501371eb09c01746119305ba080f3b8c41e64535ff09cee4f51322530366d0bd5322ea5290a466356598027e6cda8ab360caef62dcaf560d630742e2dd9bcd9

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpAE28.tmp.dat

Filesize
114KB

MD5
eb8c6139f83c330881b13ec4460d5a39

SHA1
837283823a7e4e107ca7e39b1e7c3801841b1ef8

SHA256
489d5195735786050c4115677c5856e3ce72c3ecf2574be55021ad3d71caf40e

SHA512
88411dca362f0d9da0c093e60bf2b083340d0682b5ac91f25c78ac419cec1e325d0a5a0f96fd447d3d3806813cad7f1ca8cf9c423061327fbd16c8662f3cbddf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpAE3C.tmp.dat

Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpDC4E.tmp.dat

Filesize
40KB

MD5
a182561a527f929489bf4b8f74f65cd7

SHA1
8cd6866594759711ea1836e86a5b7ca64ee8911f

SHA256
42aad7886965428a941508b776a666a4450eb658cb90e80fae1e7457fc71f914

SHA512
9bc3bf5a82f6f057e873adebd5b7a4c64adef966537ab9c565fe7c4bb3582e2e485ff993d5ab8a6002363231958fabd0933b48811371b8c155eaa74592b66558

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpDC52.tmp.dat

Filesize
48KB

MD5
349e6eb110e34a08924d92f6b334801d

SHA1
bdfb289daff51890cc71697b6322aa4b35ec9169

SHA256
c9fd7be4579e4aa942e8c2b44ab10115fa6c2fe6afd0c584865413d9d53f3b2a

SHA512
2a635b815a5e117ea181ee79305ee1baf591459427acc5210d8c6c7e447be3513ead871c605eb3d32e4ab4111b2a335f26520d0ef8c1245a4af44e1faec44574

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpDC53.tmp.dat

Filesize
20KB

MD5
49693267e0adbcd119f9f5e02adf3a80

SHA1
3ba3d7f89b8ad195ca82c92737e960e1f2b349df

SHA256
d76e7512e496b7c8d9fcd3010a55e2e566881dc6dacaf0343652a4915d47829f

SHA512
b4b9fcecf8d277bb0ccbb25e08f3559e3fc519d85d8761d8ad5bca983d04eb55a20d3b742b15b9b31a7c9187da40ad5c48baa7a54664cae4c40aa253165cbaa2

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpDC54.tmp.tmpdb

Filesize
5.0MB

MD5
1eddb525467bcf043c506e69478b14c8

SHA1
d445210bba3dc2c7b211db2cd9e34e9842477d4b

SHA256
9ded238cdf3fe55e7e197a29351fec52cc9fc767b4bd7fe977561959579dcfa9

SHA512
e19c9dd991fd3cda19c58a7eb388140ff0b009267e07dee18dc25ddd4ea1a81b7bbe52f6c4927e3e9155948f841ab14180fc6daa3da1b5db14aa979fa6794f2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpDC64.tmp.tmpdb

Filesize
96KB

MD5
40f3eb83cc9d4cdb0ad82bd5ff2fb824

SHA1
d6582ba879235049134fa9a351ca8f0f785d8835

SHA256
cdd772b00ae53d4050150552b67028b7344bb1d345bceb495151cc969c27a0a0

SHA512
cdd4dbf0b1ba73464cd7c5008dc05458862e5f608e336b53638a14965becd4781cdea595fd6bd18d0bf402dccffd719da292a6ce67d359527b4691dc6d6d4cc2

Download Submit
C:\Users\Admin\AppData\Roaming\1337\Loader.exe

Filesize
687KB

MD5
8cd81a6a6e30a3fd9bad4e33fe95f08b

SHA1
97366bff5bac673bd8a379f4a7f0446e848028a8

SHA256
ecf3831d6065faa89dcf3ebadb9da5e0923c8eecaf3c4e84e358a29121a6de04

SHA512
62a35ad38e2ee81d7aa91e8284d75d9b6168d040587f7fb4acf3b68bfc3f52e02e07eb69ce69d1cc725b50b6c1138b4563d77b272d410956d0f842fc7c2fbad9

Download Submit
C:\Users\Admin\AppData\Roaming\1337\system32.exe

Filesize
274KB

MD5
1cb2458bea83729dfc26cf1df69b8705

SHA1
9b604164959f732b9a1cb2fcfa6c2c08f6a8f742

SHA256
86606d9387269f1c5b2ebbc78af904b9f5ca94770f713e616418a8a0df269e8e

SHA512
2fb5fa40e7ed02c93563d9530a9bc1a4d83b3d6b3faf3a7ffc67ad24ba6e56b158acaa76d818241128b4e997dd34e9cbbaef20acb079a2481a66b541b911f525

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
3KB

MD5
2cbbf0556e5ca607116fb5e1eebe30ad

SHA1
b251b4505bdca2223912a834233154130c6a82b9

SHA256
08da53cb892511cab8bf739844a0f309fb83f9714520f436b4eb952f03505474

SHA512
0ce4b845056d17430102cee8ef626328e6f97b1f5b197ba9ef21d6c977f2c65f39298817467761f3e8df163b65457e77bbc468f42f434b74f6ff505803b95515

Download Submit
C:\Users\Admin\AppData\Roaming\44\Process.txt

Filesize
1KB

MD5
8839f9106483965d09416912dedaf829

SHA1
c004531e24e6f32a2898f895c46013d0cd278c17

SHA256
8b47ff8454489b70ca5f951b3e972ac18e1db7f8ab01be2ef097340925409d94

SHA512
1d6536469180a0db94c4803d1c80ee77148b58ffa011a781822fbd496536d54cc440e782b0159f4ecc70b7d7e3bea09f01f8c7b6c6c705c2d8d61344788111e3

Download Submit
C:\Users\Admin\Downloads\1d7c10fec87a6af7ff73699f4f019027.htm

Filesize
24KB

MD5
ebb695be757e69af98788d167811f895

SHA1
2e8dfc04fb7db8510415e8655316fec3e1dcf051

SHA256
f8f488f86391aff17b64118b338b01c190843c71b08c886e4e7d72f89b1a93e0

SHA512
1688a8d2e77ed154507677e3388df5e27582913dd0d8417e35b42b5cdf84f0f9e0eb1f13df1789371a18f64930397d6b3caaaf4dfb51267214199ea8904cf822

Download Submit
C:\Users\Admin\Downloads\37f3cfb4-139c-4d07-b783-7f41685679d8.tmp

Filesize
453KB

MD5
4ee2c1f1e718aee5fdacf0ade0d78b0a

SHA1
745bc53b7ce3ff01c20a9ae334f2c6410687a0fa

SHA256
38f0f18905e2702e212f57481e6822a725c4937465ae0af6c8d4d4d5c17a33ec

SHA512
4dc36224a18193f4329661b34bc3ba2285cc24578bd6651f13d130927ab6e95a422ab39411a7e3d985486850f867c962f4711310b4b65bd5be01f673dce56e2f

Download Submit
memory/4848-571-0x0000000000920000-0x000000000096A000-memory.dmp

Filesize
296KB

Download
memory/5272-1702-0x000001A0C8420000-0x000001A0C8421000-memory.dmp

Filesize
4KB

Download
memory/5272-1710-0x000001A0C8540000-0x000001A0C8541000-memory.dmp

Filesize
4KB

Download
memory/5272-1709-0x000001A0C8540000-0x000001A0C8541000-memory.dmp

Filesize
4KB

Download
memory/5272-1707-0x000001A0C8530000-0x000001A0C8531000-memory.dmp

Filesize
4KB

Download
memory/5272-1708-0x000001A0C8530000-0x000001A0C8531000-memory.dmp

Filesize
4KB

Download
memory/5272-1706-0x000001A0C84A0000-0x000001A0C84A1000-memory.dmp

Filesize
4KB

Download
memory/5272-1704-0x000001A0C84A0000-0x000001A0C84A1000-memory.dmp

Filesize
4KB

Download
memory/5272-1695-0x000001A0C0160000-0x000001A0C0170000-memory.dmp

Filesize
64KB

Download
memory/5272-1691-0x000001A0BF790000-0x000001A0BF7A0000-memory.dmp

Filesize
64KB

Download
memory/5820-705-0x0000000005070000-0x000000000507A000-memory.dmp

Filesize
40KB

Download
memory/5820-603-0x0000000005100000-0x0000000005192000-memory.dmp

Filesize
584KB

Download
memory/5820-601-0x00000000006F0000-0x00000000007A2000-memory.dmp

Filesize
712KB

Download
memory/5820-602-0x00000000056B0000-0x0000000005C54000-memory.dmp

Filesize
5.6MB

Download
memory/5832-748-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-752-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-740-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-742-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-741-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-751-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-750-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-749-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-746-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download
memory/5832-747-0x000001C98B9D0000-0x000001C98B9D1000-memory.dmp

Filesize
4KB

Download