Overview

overview

10

Static

static

1

Pixel Firm...x).zip

windows11-21h2-x64

10

029eba5f69...68.png

windows11-21h2-x64

26b7543091...59.png

windows11-21h2-x64

2e6c645f2e...4a.svg

windows11-21h2-x64

1

39c3553c73...85.svg

windows11-21h2-x64

1

3ae121120d...20.wav

windows11-21h2-x64

6

441d10a288...08.svg

windows11-21h2-x64

1

6474b710d5...b0.svg

windows11-21h2-x64

1

6ed6d8a8e3...bf.png

windows11-21h2-x64

747c1b576f...b9.png

windows11-21h2-x64

83a9787d4c...67.wav

windows11-21h2-x64

6

83c36d806d...ff.wav

windows11-21h2-x64

6

9d89e27da9...1f.png

windows11-21h2-x64

a1892a9c76...8e.png

windows11-21h2-x64

a1f941cd04...29.png

windows11-21h2-x64

b61b1077b0...ff.png

windows11-21h2-x64

b7affffe5a...cf.svg

windows11-21h2-x64

1

be386d4600...2b.png

windows11-21h2-x64

c0787d4875...6f.wav

windows11-21h2-x64

6

d9a7d9c3ed...71.svg

windows11-21h2-x64

1

e71ee248e3...55.png

windows11-21h2-x64

e73f69c960...03.wav

windows11-21h2-x64

6

f32620d2f2...79.svg

windows11-21h2-x64

1

project.json

windows11-21h2-x64

3

Analysis

  • max time kernel
    126s
  • max time network
    169s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241023-de
  • resource tags

    arch:x64arch:x86image:win11-20241023-delocale:de-deos:windows11-21h2-x64systemwindows
  • submitted
    07-02-2025 07:15

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Pixel Firm (Pixel Shop Remix).zip

  • Size

    2.0MB

  • MD5

    d0b106eb48239091954c100cae4c471c

  • SHA1

    e3484c2ca2363168fcea8675ceb66fa7ebcc18ad

  • SHA256

    9173e9ef902be1dd114e2266ffa40de382e1664cbb144df862e1248b85624133

  • SHA512

    3649aab36e9a67e63a645e616d3b89ada8a75661b4be5ccd8395b03a22626389f8ab4b078ed8e1053ed4528c1179c6691b851ebea2f48f1da1dfa20e7ca8bed3

  • SSDEEP

    49152:+lpAdK6OVyIj6aa/umkp2I4wfOAhhnhh0tKfGO/p6Bqh7ua:+bAdhWmvumw2nw2AhhQ4fV6YFua

Score
10/10
floxifbackdoordefense_evasiondiscoverypersistencetrojanupx

Malware Config

Signatures

  • Floxif family
    floxif
  • Floxif, Floodfix

    Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.

    backdoortrojanfloxif
  • Modifies WinLogon for persistence 2 TTPs 1 IoCs
    persistence
  • Detects Floxif payload 1 IoCs
    backdoor
  • Contacts a large (1299) amount of remote hosts 1 TTPs

    This may indicate a network scan to discover remotely running services.

    discovery
  • Downloads MZ/PE file 3 IoCs
  • Manipulates Digital Signatures 1 TTPs 12 IoCs

    Attackers can apply techniques such as changing the registry keys of authenticode & Cryptography to obtain their binary as valid.

  • ACProtect 1.3x - 1.4x DLL software 1 IoCs

    Detects file using ACProtect software.

  • Executes dropped EXE 3 IoCs
  • Impair Defenses: Safe Mode Boot 1 TTPs 6 IoCs
    defense_evasion
  • Loads dropped DLL 1 IoCs
  • Modifies system executable filetype association 2 TTPs 16 IoCs
    persistence
  • Adds Run key to start application 2 TTPs 2 IoCs
    persistence
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Modifies WinLogon 2 TTPs 2 IoCs
    persistence
  • Drops file in System32 directory 41 IoCs
  • UPX packed file 17 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Drops file in Program Files directory 1 IoCs
  • Drops file in Windows directory 1 IoCs
  • Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 3 IoCs

    When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

    defense_evasion
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

    discovery
  • Program crash 1 IoCs
  • System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Checks processor information in registry 2 TTPs 10 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Enumerates system info in registry 2 TTPs 64 IoCs
  • Modifies Internet Explorer settings 1 TTPs 1 IoCs
    adwarespyware
  • Modifies Internet Explorer start page 1 TTPs 1 IoCs
    stealer
  • Modifies registry class 64 IoCs
  • NTFS ADS 3 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of FindShellTrayWindow 63 IoCs
  • Suspicious use of SendNotifyMessage 16 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Windows\Explorer.exe
    C:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\Pixel Firm (Pixel Shop Remix).zip"
    1⤵
      PID:4136
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
      1⤵
      • Enumerates system info in registry
      • Suspicious behavior: EnumeratesProcesses
      • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      • Suspicious use of FindShellTrayWindow
      • Suspicious use of SendNotifyMessage
      • Suspicious use of WriteProcessMemory
      PID:2692
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff9ba693cb8,0x7ff9ba693cc8,0x7ff9ba693cd8
        2⤵
          PID:3352
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
          2⤵
            PID:968
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
            2⤵
            • Downloads MZ/PE file
            • Suspicious behavior: EnumeratesProcesses
            PID:5000
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=utility --mojo-platform-channel-handle=2536 /prefetch:8
            2⤵
              PID:2244
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
              2⤵
                PID:3764
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
                2⤵
                  PID:4316
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
                  2⤵
                    PID:1064
                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
                    2⤵
                      PID:1752
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=3224 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:3896
                    • C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=5352 /prefetch:8
                      2⤵
                      • Suspicious behavior: EnumeratesProcesses
                      PID:1596
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
                      2⤵
                        PID:3420
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
                        2⤵
                          PID:5020
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
                          2⤵
                            PID:3804
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
                            2⤵
                              PID:4616
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
                              2⤵
                                PID:3300
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5824 /prefetch:1
                                2⤵
                                  PID:2016
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=6096 /prefetch:8
                                  2⤵
                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                  • NTFS ADS
                                  • Suspicious behavior: EnumeratesProcesses
                                  PID:3752
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6052 /prefetch:8
                                  2⤵
                                    PID:4480
                                  • C:\Users\Admin\Downloads\Blaster.A.exe
                                    "C:\Users\Admin\Downloads\Blaster.A.exe"
                                    2⤵
                                    • Executes dropped EXE
                                    • Adds Run key to start application
                                    • System Location Discovery: System Language Discovery
                                    PID:2104
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
                                    2⤵
                                      PID:2932
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
                                      2⤵
                                        PID:4948
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
                                        2⤵
                                          PID:4808
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
                                          2⤵
                                            PID:4820
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1248 /prefetch:1
                                            2⤵
                                              PID:4900
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=6792 /prefetch:8
                                              2⤵
                                              • Subvert Trust Controls: Mark-of-the-Web Bypass
                                              • NTFS ADS
                                              • Suspicious behavior: EnumeratesProcesses
                                              PID:792
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6644 /prefetch:8
                                              2⤵
                                                PID:4732
                                              • C:\Users\Admin\Downloads\Floxif.exe
                                                "C:\Users\Admin\Downloads\Floxif.exe"
                                                2⤵
                                                • Executes dropped EXE
                                                • Loads dropped DLL
                                                • Drops file in Program Files directory
                                                • System Location Discovery: System Language Discovery
                                                • Suspicious use of AdjustPrivilegeToken
                                                PID:3928
                                                • C:\Windows\SysWOW64\WerFault.exe
                                                  C:\Windows\SysWOW64\WerFault.exe -u -p 3928 -s 456
                                                  3⤵
                                                  • Program crash
                                                  PID:2016
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
                                                2⤵
                                                  PID:484
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=none --mojo-platform-channel-handle=6328 /prefetch:8
                                                  2⤵
                                                  • Subvert Trust Controls: Mark-of-the-Web Bypass
                                                  • NTFS ADS
                                                  • Suspicious behavior: EnumeratesProcesses
                                                  PID:1148
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --lang=de --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6728 /prefetch:8
                                                  2⤵
                                                    PID:3992
                                                  • C:\Users\Admin\Downloads\Fagot.a.exe
                                                    "C:\Users\Admin\Downloads\Fagot.a.exe"
                                                    2⤵
                                                    • Modifies WinLogon for persistence
                                                    • Manipulates Digital Signatures
                                                    • Executes dropped EXE
                                                    • Impair Defenses: Safe Mode Boot
                                                    • Modifies system executable filetype association
                                                    • Adds Run key to start application
                                                    • Modifies WinLogon
                                                    • Drops file in System32 directory
                                                    • Drops file in Windows directory
                                                    • System Location Discovery: System Language Discovery
                                                    • Checks processor information in registry
                                                    • Enumerates system info in registry
                                                    • Modifies Internet Explorer settings
                                                    • Modifies Internet Explorer start page
                                                    • Modifies registry class
                                                    • Suspicious behavior: EnumeratesProcesses
                                                    PID:1696
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6392 /prefetch:2
                                                    2⤵
                                                      PID:752
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1712 /prefetch:2
                                                      2⤵
                                                        PID:400
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2024 /prefetch:2
                                                        2⤵
                                                          PID:4092
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,8242769647401855214,2038737721261310472,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=swiftshader-webgl --mojo-platform-channel-handle=6900 /prefetch:2
                                                          2⤵
                                                            PID:3604
                                                        • C:\Windows\System32\CompPkgSrv.exe
                                                          C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                          1⤵
                                                            PID:1144
                                                          • C:\Windows\System32\CompPkgSrv.exe
                                                            C:\Windows\System32\CompPkgSrv.exe -Embedding
                                                            1⤵
                                                              PID:4736
                                                            • C:\Windows\SysWOW64\WerFault.exe
                                                              C:\Windows\SysWOW64\WerFault.exe -pss -s 352 -p 3928 -ip 3928
                                                              1⤵
                                                                PID:1640
                                                              • C:\Windows\system32\LogonUI.exe
                                                                "LogonUI.exe" /flags:0x0 /state0:0xa3a17855 /state1:0x41c64e6d
                                                                1⤵
                                                                  PID:3540

                                                                Network

                                                                MITRE ATT&CK Enterprise v15

                                                                Reconnaissance

                                                                Resource Development

                                                                Initial Access

                                                                Execution

                                                                Persistence

                                                                Boot or Logon Autostart Execution

                                                                3
                                                                T1547

                                                                Registry Run Keys / Startup Folder

                                                                1
                                                                T1547.001

                                                                Winlogon Helper DLL

                                                                2
                                                                T1547.004

                                                                Event Triggered Execution

                                                                1
                                                                T1546

                                                                Change Default File Association

                                                                1
                                                                T1546.001

                                                                Privilege Escalation

                                                                Boot or Logon Autostart Execution

                                                                3
                                                                T1547

                                                                Registry Run Keys / Startup Folder

                                                                1
                                                                T1547.001

                                                                Winlogon Helper DLL

                                                                2
                                                                T1547.004

                                                                Event Triggered Execution

                                                                1
                                                                T1546

                                                                Change Default File Association

                                                                1
                                                                T1546.001

                                                                Defense Evasion

                                                                Impair Defenses

                                                                1
                                                                T1562

                                                                Safe Mode Boot

                                                                1
                                                                T1562.009

                                                                Modify Registry

                                                                6
                                                                T1112

                                                                Subvert Trust Controls

                                                                2
                                                                T1553

                                                                SIP and Trust Provider Hijacking

                                                                2
                                                                T1553.003

                                                                Credential Access

                                                                Discovery

                                                                Browser Information Discovery

                                                                1
                                                                T1217

                                                                Network Service Discovery

                                                                1
                                                                T1046

                                                                Query Registry

                                                                2
                                                                T1012

                                                                System Information Discovery

                                                                2
                                                                T1082

                                                                System Location Discovery

                                                                1
                                                                T1614

                                                                System Language Discovery

                                                                1
                                                                T1614.001

                                                                Lateral Movement

                                                                Collection

                                                                Command and Control

                                                                Web Service

                                                                1
                                                                T1102

                                                                Exfiltration

                                                                Impact

                                                                Replay Monitor

                                                                Loading Replay Monitor...

                                                                Downloads

                                                                • C:\Program Files\Common Files\System\symsrv.dll
                                                                  Filesize

                                                                  72KB

                                                                  MD5

                                                                  ccf7e487353602c57e2e743d047aca36

                                                                  SHA1

                                                                  99f66919152d67a882685a41b7130af5f7703888

                                                                  SHA256

                                                                  eaf76e5f1a438478ecf7b678744da34e9d9e5038b128f0c595672ee1dbbfd914

                                                                  SHA512

                                                                  dde0366658082b142faa6487245bfc8b8942605f0ede65d12f8c368ff3673ca18e416a4bf132c4bee5be43e94aef0531be2008746c24f1e6b2f294a63ab1486c

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  5431d6602455a6db6e087223dd47f600

                                                                  SHA1

                                                                  27255756dfecd4e0afe4f1185e7708a3d07dea6e

                                                                  SHA256

                                                                  7502d9453168c86631fb40ec90567bf80404615d387afc7ec2beb7a075bcc763

                                                                  SHA512

                                                                  868f6dcf32ef80459f3ea122b0d2c79191193b5885c86934a97bfec7e64250e10c23e4d00f34c6c2387a04a15f3f266af96e571bbe37077fb374d6d30f35b829

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
                                                                  Filesize

                                                                  152B

                                                                  MD5

                                                                  7bed1eca5620a49f52232fd55246d09a

                                                                  SHA1

                                                                  e429d9d401099a1917a6fb31ab2cf65fcee22030

                                                                  SHA256

                                                                  49c484f08c5e22ee6bec6d23681b26b0426ee37b54020f823a2908ab7d0d805e

                                                                  SHA512

                                                                  afc8f0b5b95d593f863ad32186d1af4ca333710bcfba86416800e79528616e7b15f8813a20c2cfa9d13688c151bf8c85db454a9eb5c956d6e49db84b4b222ee8

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8d3be54b-1dae-492b-b644-0e2446a9d7ff.tmp
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  df6b50104e97e509aa8cf4f478221541

                                                                  SHA1

                                                                  9ed402214d3b6174e649e65950340b74b2c07e8f

                                                                  SHA256

                                                                  c2091dbf392a875fe70998ea7af58a189dc57cc660c1c545843587a396ccf166

                                                                  SHA512

                                                                  c45fb8b14c43efad16949dc57f2e5d67f85a6385ad009c659b612f3bbed2eed2b70643288bde84aaea58abb562acf56899b58c7dc3203ce1c777e4379c1acea5

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                  Filesize

                                                                  3KB

                                                                  MD5

                                                                  2579a5d850b89ed0966e0363f460a8db

                                                                  SHA1

                                                                  552b1d76ec6edb1d24ff9aef355c1ea8ab011842

                                                                  SHA256

                                                                  25ef346f9361117d93fe3c0767deeb084940354e1ae65b5aebf1d9d2d7cb7e1b

                                                                  SHA512

                                                                  9aaade29ecd139fe5e1a40c8621bf0dbc4ea887dd1a7a81fc322ef47159be9482642e3aa2d8f6a1cb848044d39afd32ddbd576a93305c5801b6bc02b5c7668fb

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
                                                                  Filesize

                                                                  871B

                                                                  MD5

                                                                  363e2690e127cdbde17cedd383c60a01

                                                                  SHA1

                                                                  6bbb4355c4878577e8339ae11249bda8fa214284

                                                                  SHA256

                                                                  e063b377ffd843660b05995170e3f3ad640213f8fc4a35980bff4f2db78d72ab

                                                                  SHA512

                                                                  9b89a16bee124690126f93c771331dba532528ff67ce8260b5bf27a91f24a7050d1451de57d471d7305f05fa4b4d388ea9b0e924254350cbf2d6e55fdb95e5be

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  d6e73e87aa0476a730bbdddb3b415601

                                                                  SHA1

                                                                  fd9260736a14445535e47ac5267b97427194d915

                                                                  SHA256

                                                                  289faa3369e341adee855668877537a2ce0348a94810206d06afea18eda6ff05

                                                                  SHA512

                                                                  3c153cc705311aa1e37c626f805e8c12410d9fc84db712e5d09780f1add3126ac061da899db7a3d32d1b515571af892eb65e2030f0007d24e3abe8575ac6700a

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  5KB

                                                                  MD5

                                                                  bf6e421605256bc86384efd01bded33e

                                                                  SHA1

                                                                  caf15300e0775096d0b38d02d361e6d41fd6c716

                                                                  SHA256

                                                                  e9b1b1fd7971640fb0379dec65b397506d6efe8e489118c140770662786242d7

                                                                  SHA512

                                                                  5140886a945f22cb1654f747e9e7e0a0cb5049b1f10342ff46004a36f2501227d45bd00175e9e0f2bc5ec38fa495f35a3f978c917e786952485b95bfd2ad1d55

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  b73739d68e0ab431f367e2890df0f562

                                                                  SHA1

                                                                  fc983a7a5ac80f22c4afba1acd761db9e8449951

                                                                  SHA256

                                                                  b6f908c54e04ca8609b70acbb2924f1dd55f42ec88df6579dd84878673c6ae47

                                                                  SHA512

                                                                  5d0b59c3dec0c44ade7760325f9aaa7a366da2560268127305e3490676cf4ac763a7c0706583155e3835de24bc0d894e4476527635612b8b26e7f99af72b176f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  b2e26d73224ec03c32207ea1241215ba

                                                                  SHA1

                                                                  fc68ee49b8f766bee10c72852b7d4542aea38637

                                                                  SHA256

                                                                  82eaf5ac6a498a63f0bded21f2c0b543c4b9b25fa7fcefbab2a6bbb56cdcba0e

                                                                  SHA512

                                                                  e138d35f900e3e89f3d85d25992c25dc5a7eaee89952d16811db449a2edd41a20f1ed503f2d723b2220d18fffe6b6aac7f72c9635179fc9be84ba8356f385dbb

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  a650d23fed5580e604c7616b84add482

                                                                  SHA1

                                                                  2a8f9ef51a6b49ea68f93699abca12050f67aee2

                                                                  SHA256

                                                                  795e0ae69df24d715e07be9f059efd1d7d877c7678c5125b4a1f06ffd618e928

                                                                  SHA512

                                                                  a95ed9f6b39527cc96f75e15681cffa03778528ec98f7f50b5df8351fdaad8975e109f85ebad860c5fa7e26f799dbd458742107b69673815c63fba5ff8846631

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  a8950a45407daeb2e2cc51c740bf59f5

                                                                  SHA1

                                                                  953bdbdaa463c9c8f9172a10c66f0b76183ef529

                                                                  SHA256

                                                                  e7574b3a11ceed40ce2911eb04d881f98824e316b97a4644a6a2664564c4447d

                                                                  SHA512

                                                                  8340830581a13724470337d828bcdec63e8c7da7fac49c4e1e1dd5227df53163b60068f2c3b60aeac1a6d032642385f53509020f9b96f17b424c81a7cf0911bc

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  292974dad7d2e2983dc5da92f822bc5a

                                                                  SHA1

                                                                  43ea216d9fbc9350b54a155dfb48904d9872c53c

                                                                  SHA256

                                                                  c662b416230412dd8a3f5f868a95558928e47a4b0d14bbeb0bde19087b8c7a38

                                                                  SHA512

                                                                  c973191583a85628f0a192f3ab5a84d83ecaec22b9298c54be4bad3103d2f9377eee837b044f0ad92ca2e3ddfb22396090eea5ed23da9891ce6590111e88f570

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  847f493a0cdcb136f07598f56da07fbb

                                                                  SHA1

                                                                  f31bfe1d50bba8f99efd870fa27fda74f154b69e

                                                                  SHA256

                                                                  37abd8fb27fe62320f252e641ae098aa1fe3b119a9c5c169817ab49298174779

                                                                  SHA512

                                                                  a9d29d70d7c422a3828286babc65a21af41c547593d8b12148c501d837dce744fc3776c71a3504ca14baebe7f805ad24deca4db1b76f8f05cd7165894bef4a53

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  98daa024c9210513ef5cb1d38c427d68

                                                                  SHA1

                                                                  03c69616dd8f2210298e276e4ebdc9ab2e5b8528

                                                                  SHA256

                                                                  12df1142e66c14ce6785f46b6384307e98efc5fc9bcb5ec26f0cbe02eff34930

                                                                  SHA512

                                                                  51cdaa6a6e03c5bba24e596ca3926351eb3cd763cd6b2a7ecfba75a62a48c1470c55d341816eeb47fa070b977947a9783850022a577aedc8ae5bfd626c13946d

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  f07bc14403a982118535bb10b70b9272

                                                                  SHA1

                                                                  fe4ce49ea2086a91c25de2ebe98d8ab5a8cdd7dd

                                                                  SHA256

                                                                  7b5d12ba3c838b86ba2642b4f08812a66546d5675546f137b04152ed26261371

                                                                  SHA512

                                                                  d6c26e37c46413f6424fc765a249b529a6df89fda0e8bdb81b5a4d3a587d8779a26e97487868c27209751d599adc8172f0d108d21bc42e0aedb776d7be0af3df

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  d27330cc3d453ddeca3712af6d2a931a

                                                                  SHA1

                                                                  787267c3ba82a20015052710280cff5f896911e7

                                                                  SHA256

                                                                  c67bae28a6b4d32227a46a4658bd1f06c1f680f8222d59dac01aa97fa250f00e

                                                                  SHA512

                                                                  cf8adbe503b2e5673e044fa8e317888291ffa9a24cb96708caf88f4b55fda87843c0a5f2378f1a26ccf3b283efa4fb6323c65bfc58e462eddae630aea22a89f7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5827f5.TMP
                                                                  Filesize

                                                                  1KB

                                                                  MD5

                                                                  90fd833381c1cdff01989d4ba67b220e

                                                                  SHA1

                                                                  f2536db318b86ef59d32469aa950346a945cb933

                                                                  SHA256

                                                                  d8c2ce58d31a9559c4bd13e8383ce52d951ed385ef3fae104f035245aa4bed1f

                                                                  SHA512

                                                                  9a9e785ea79037b61519fdecd354da08c3d3e48a65ac10c772aa046f47be92200b810ee7e066cf6871b74b65ca846a85b8e3e490ee99d7aade1046e80b91fa68

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  46295cac801e5d4857d09837238a6394

                                                                  SHA1

                                                                  44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                                  SHA256

                                                                  0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                                  SHA512

                                                                  8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
                                                                  Filesize

                                                                  16B

                                                                  MD5

                                                                  206702161f94c5cd39fadd03f4014d98

                                                                  SHA1

                                                                  bd8bfc144fb5326d21bd1531523d9fb50e1b600a

                                                                  SHA256

                                                                  1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

                                                                  SHA512

                                                                  0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
                                                                  Filesize

                                                                  44KB

                                                                  MD5

                                                                  1d86cdfa22b33a99185e365c4ceec365

                                                                  SHA1

                                                                  f404a89094714acb2b5b5b9f654e49a313dbab97

                                                                  SHA256

                                                                  3ddb734b8fa52cc3f4bf736708be09820225e416ad07dd490cc412136cd27c18

                                                                  SHA512

                                                                  cbbbf08aeadf1a485f868484e6f218cc3f44c55ff229919981baeec7309876c40c553ab6a80bc0fd34b5872ddf8fee6185e485a06115158c739fb92727c4b83f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
                                                                  Filesize

                                                                  264KB

                                                                  MD5

                                                                  33cbee96e5eed0d13191f52cb91127ec

                                                                  SHA1

                                                                  c5ee5cdfcd1c7f81f04ba3e658bbf42c673aa741

                                                                  SHA256

                                                                  ffb6cd58fe032b9cd7b30058e007914b0e38b743463bc7d3a1b73d38a3ef5911

                                                                  SHA512

                                                                  f2bb57313377f7b7881634c2e594533a7fd3c114dfba1127fcf19f2c1d72f1fd43eea18496b8abe7d928c4dee664913c89113855d44469858cff36f34e37d331

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
                                                                  Filesize

                                                                  4.0MB

                                                                  MD5

                                                                  38cfef1c523c5d6c50b018923e58623c

                                                                  SHA1

                                                                  7755dfeb6fd92a2fbe0348f2312f9c217a4b3af0

                                                                  SHA256

                                                                  7899a13266ddf259e9f88969621b1962f7c030343af78bb0337e5e8468c4f621

                                                                  SHA512

                                                                  d0c7106cdc76e6e333a8285bc084ed188f17a4c3e13eafee013d419d1537706eda6c3d1a614b9e03a3838093e1649eab806fac6d8d63a91f5b6622bded88d459

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001
                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  ef9588ca82f853399e5968af99985e74

                                                                  SHA1

                                                                  80d9df4f75c3e789ddf10584d9ff9de2b6154cb0

                                                                  SHA256

                                                                  9d550015f47a4d5d502f8a2f5b33bd9cbd136f4fea7c64754c8cc5a9651f7fe5

                                                                  SHA512

                                                                  a77b6b0bcea459ab4fc1e5d0983e85b86a6b0835849345f6afbfb27a5e84d8d1a38ff16e21ecf862e95d0a74e3fe97fda28bea66752b8bd64fd44c8ba680a5c1

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000002
                                                                  Filesize

                                                                  17KB

                                                                  MD5

                                                                  c163efe909c3e529ef27177fd126f9d1

                                                                  SHA1

                                                                  248d4c24fb1fb7f8d6f37629cb04b8175ac2e8bc

                                                                  SHA256

                                                                  f816041d56546ab402df3210ba540f9c3e645a2ee7b4fd4608a6da48749b6489

                                                                  SHA512

                                                                  4613a2bfee55f12b8ef67a01a45f164ecd40ece1c3e41f419b490d8ab5e112a66257806585e1c024b421677e6453e07ebc6c68faba5ff7cd1efda99afc55a1c7

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004
                                                                  Filesize

                                                                  20KB

                                                                  MD5

                                                                  7e86d5c1bf2ff36b15bfbd8fcf748b16

                                                                  SHA1

                                                                  59a1515ddff8caec85c4f27ffb17b69a42ec6226

                                                                  SHA256

                                                                  82f03e141e82546b261c1a24cd9ae3cfd4b19a7b4f343a296428deeda88cf856

                                                                  SHA512

                                                                  943fdf966d2ca4bfb35e01431e7bae1611e86d4bbf9c27524ba4502a9a93b8c0bb39e7760a8ee76993c4099da1ff49febe0b48468f134d4121f22a0ffb41bf2f

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  8ea2a1d990fb237dc6457dd48fb95cd3

                                                                  SHA1

                                                                  c4a0b3b1bea510ef7a3861b557502bf18c64503b

                                                                  SHA256

                                                                  a7f77009c60be3af6f0bc61d736451986da769afcf8d15eab08827299a87f0ef

                                                                  SHA512

                                                                  508af0c4e980ec8b691cd47434c95b02f8b95691247cdc26197b5c7bace340d4c53b05868fed9dd2a05fb8624214c21faf27e3d5aba0226cb2b7005ef46c0016

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  941af3820297590a4226f8d7ca85fc60

                                                                  SHA1

                                                                  3720eb3fba112d74921ad3d9d272348a51e8b4de

                                                                  SHA256

                                                                  e924828392535643e24e3cb0c0966dce3bf68a943ea3e772d8229a4e225dc19d

                                                                  SHA512

                                                                  2ab9d5b9287b6b99eafacc583a25dd2cec4452526a88675d4519eac4393cd5fb75e6877d1ebc3106fc00ac5ce0fbe8decd02df8258d6a1252c5ef7540db4aca4

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  11KB

                                                                  MD5

                                                                  220f5b30d156ca094fffeb29fc262a33

                                                                  SHA1

                                                                  577405ce5dee066a4654a3b0b0a832abaac3a3f0

                                                                  SHA256

                                                                  14c8137d891214b050a3c47e35979963c87728fbe402bc740be7cf8339fccb1d

                                                                  SHA512

                                                                  74096f8328c8fa000bbf97e7a01e05ddd62b1b181547052a56f26886a7de687c717be90be6e5a19eee014b542b4b1eefa007e84558226b8242303b685696d0da

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                  Filesize

                                                                  10KB

                                                                  MD5

                                                                  e17fd4901b4ccc9cffd755b70e029846

                                                                  SHA1

                                                                  1a05d3e4ba9022c1db1201e40c0c8b1307f0fc17

                                                                  SHA256

                                                                  99ba84de1d5e6e71cbfa02ecdcc450c173afc674f50f618662130d1434f74b1f

                                                                  SHA512

                                                                  023781a520d963a2cf9ab56561794299a20b59233fa53ba36e79f02487f308b0ffdb080324a0c310f54239e37cc3d68415fcf5dabc3e713f9a944199c9c22d83

                                                                  Download Submit

                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
                                                                  Filesize

                                                                  264KB

                                                                  MD5

                                                                  7a89fdeba04e4356f9e3c8419ddcd292

                                                                  SHA1

                                                                  12934651b831e343ce1252b233f6925577b3eb42

                                                                  SHA256

                                                                  f5df83e91542227fb5dc70d0617ebc426504b7c39513b6b30b16771aa208c2eb

                                                                  SHA512

                                                                  84e913fc05bfd713ed8f066e48f54f2e4e89ac5a25cd77ec00ca6bee564f7fb026e87c29b8862f156ce24df81bd5a6e440f5a0cce3eaa1dfa163b1674a188299

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Blaster.A.exe
                                                                  Filesize

                                                                  6KB

                                                                  MD5

                                                                  5ae700c1dffb00cef492844a4db6cd69

                                                                  SHA1

                                                                  bed8e439f28a1a0d3876366cbd76a43cdccf60fa

                                                                  SHA256

                                                                  258f82166d20c68497a66d82349fc81899fde8fe8c1cc66e59f739a9ea2c95a9

                                                                  SHA512

                                                                  2cc1ec68df94edc561dd08c4e3e498f925907955b6e54a877b8bc1fb0dd48a6276f41e44756ed286404f6a54f55edb03f8765b21e88a32fd4ca1eb0c6b422980

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Blaster.A.exe:Zone.Identifier
                                                                  Filesize

                                                                  55B

                                                                  MD5

                                                                  0f98a5550abe0fb880568b1480c96a1c

                                                                  SHA1

                                                                  d2ce9f7057b201d31f79f3aee2225d89f36be07d

                                                                  SHA256

                                                                  2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

                                                                  SHA512

                                                                  dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Nicht bestätigt 512491.crdownload
                                                                  Filesize

                                                                  532KB

                                                                  MD5

                                                                  00add4a97311b2b8b6264674335caab6

                                                                  SHA1

                                                                  3688de985909cc9f9fa6e0a4f2e43d986fe6d0ec

                                                                  SHA256

                                                                  812af0ec9e1dfd8f48b47fd148bafe6eecb42d0a304bc0e4539750dd23820a7f

                                                                  SHA512

                                                                  aaf5dae929e6b5809b77b6a79ab833e548b66fb628afeb20b554d678947494a6804cb3d59bf6bbcb2b14cede1a0609aa41f8e7fe8a7999d578e8b7af7144cb70

                                                                  Download Submit

                                                                • C:\Users\Admin\Downloads\Nicht bestätigt 610858.crdownload
                                                                  Filesize

                                                                  373KB

                                                                  MD5

                                                                  30cdab5cf1d607ee7b34f44ab38e9190

                                                                  SHA1

                                                                  d4823f90d14eba0801653e8c970f47d54f655d36

                                                                  SHA256

                                                                  1517527c1d705a6ebc6ec9194aa95459e875ac3902a9f4aab3bf24b6a6f8407f

                                                                  SHA512

                                                                  b465f3b734beaea3951ff57759f13971649b549fafca71342b52d7e74949e152c0fbafe2df40354fc00b5dc8c767f3f5c6940e4ba308888e4395d8fd21e402b3

                                                                  Download Submit

                                                                • memory/1696-698-0x0000000000400000-0x0000000000463000-memory.dmp

                                                                  Filesize

                                                                  396KB

                                                                  Download

                                                                • memory/2104-701-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-561-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-634-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-512-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-732-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-477-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-476-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-452-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-411-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-412-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-730-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-536-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/2104-376-0x0000000000400000-0x0000000000409000-memory.dmp

                                                                  Filesize

                                                                  36KB

                                                                  Download

                                                                • memory/3928-523-0x0000000010000000-0x0000000010030000-memory.dmp

                                                                  Filesize

                                                                  192KB

                                                                  Download

                                                                • memory/3928-519-0x0000000010000000-0x0000000010030000-memory.dmp

                                                                  Filesize

                                                                  192KB

                                                                  Download

                                                                • memory/3928-521-0x0000000000520000-0x0000000000595000-memory.dmp

                                                                  Filesize

                                                                  468KB

                                                                  Download