xworm | 22adf85ad4591d2c4871440fe7ed023575be15e202ca0abe54c17c77cddca990

Analysis

max time kernel
149s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
03/03/2025, 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Nincs megerősítve 50667.exe
Size

75KB
MD5

9fb584a7f293aa900e682cabe3faefcc
SHA1

043d316155bf973a2bb8f1d4ed29c2db7568854b
SHA256

22adf85ad4591d2c4871440fe7ed023575be15e202ca0abe54c17c77cddca990
SHA512

5c77d9d656357416b0663b437104702fcc3060ec1612726d07ee557b74f0c845725435a69c8090c20f6410e6ef4899d1347f201365b493a7ed739b9057b20b5a
SSDEEP

1536:GuIFQo65XTfSBtcLuJ5Hp+b5oFN7aS4V2EOOo/Z3VI8Ev:GuxJYL+b5z1OO2Z3VInv

Score

10^/10

xworm discovery rat trojan

Malware Config

Extracted

Family

xworm

127.0.0.1:7000

Attributes

install_file
USB.exe

Signatures

Detect Xworm Payload 2 IoCs

resource	yara_rule
behavioral2/memory/5116-1-0x0000000000860000-0x000000000087A000-memory.dmp	family_xworm
behavioral2/files/0x00020000000232dd-1192.dat	family_xworm

Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm
Xworm family
xworm

Downloads MZ/PE file 1 IoCs

flow	pid	Process
198	3476	chrome.exe

Executes dropped EXE 2 IoCs

pid	Process
2548	grim client.exe
5024	grim client.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
196	raw.githubusercontent.com
197	raw.githubusercontent.com
198	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133854875344976837"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3181990009-820930284-137514597-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
1280	chrome.exe
1280	chrome.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe
5116	Nincs megerősítve 50667.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs

pid	Process
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5116	Nincs megerősítve 50667.exe
Token: SeDebugPrivilege	5116	Nincs megerősítve 50667.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe
Token: SeShutdownPrivilege	1280	chrome.exe
Token: SeCreatePagefilePrivilege	1280	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe

Suspicious use of SendNotifyMessage 56 IoCs

pid	Process
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe
1280	chrome.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5116	Nincs megerősítve 50667.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1280 wrote to memory of 3736	1280	chrome.exe	105
PID 1280 wrote to memory of 3736	1280	chrome.exe	105
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 2032	1280	chrome.exe	106
PID 1280 wrote to memory of 3476	1280	chrome.exe	107
PID 1280 wrote to memory of 3476	1280	chrome.exe	107
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108
PID 1280 wrote to memory of 3780	1280	chrome.exe	108

C:\Users\Admin\AppData\Local\Temp\Nincs megerősítve 50667.exe
"C:\Users\Admin\AppData\Local\Temp\Nincs megerősítve 50667.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffe0384cc40,0x7ffe0384cc4c,0x7ffe0384cc58
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1920,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2096 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2276,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2468 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3132,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:3156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3180,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:4532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:3740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3700,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4816 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4736 /prefetch:8
  2⤵
  PID:4752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4540,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:5084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5032,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5104 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5024,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5112 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:5172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5280,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5124 /prefetch:2
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4652,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=3480,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:5376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4352,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5432 /prefetch:8
  2⤵
  PID:5280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4036,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3488 /prefetch:8
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5608,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:5960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5752,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  PID:336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5912,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:5248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5936,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5744,i,15702277795469704952,10423954517750741087,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:5312
- C:\Users\Admin\Downloads\grim client.exe
  "C:\Users\Admin\Downloads\grim client.exe"
  2⤵
  - Executes dropped EXE
  PID:2548
- C:\Users\Admin\Downloads\grim client.exe
  "C:\Users\Admin\Downloads\grim client.exe"
  2⤵
  - Executes dropped EXE
  PID:5024

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1052

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9ca6cc52h4d5eh481ah816fh60162809ffe5
1⤵
PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0x40,0x12c,0x7ffe018f46f8,0x7ffe018f4708,0x7ffe018f4718
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,17508817531124455722,6935320035359229827,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,17508817531124455722,6935320035359229827,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,17508817531124455722,6935320035359229827,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
  2⤵
  PID:5384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaulte49188a7h93d6h4745hb069h822aaffa7ef3
1⤵
PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe018f46f8,0x7ffe018f4708,0x7ffe018f4718
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2076,7115420644619515798,9151534422418216183,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2076,7115420644619515798,9151534422418216183,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2076,7115420644619515798,9151534422418216183,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
  2⤵
  PID:4672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5972

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:3236

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9b3d67efhe432h4785ha21ahf725ad53c7a4
1⤵
PID:5336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe018f46f8,0x7ffe018f4708,0x7ffe018f4718
  2⤵
  PID:5104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,14407737550411051456,16739802372091368276,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,14407737550411051456,16739802372091368276,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,14407737550411051456,16739802372091368276,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:5916

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:3236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault6f37173dh7d99h4624h9988h1ff0752216fc
1⤵
PID:5488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe018f46f8,0x7ffe018f4708,0x7ffe018f4718
  2⤵
  PID:1848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,2144822256910910422,5307868694229315433,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
  2⤵
  PID:5980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,2144822256910910422,5307868694229315433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,2144822256910910422,5307868694229315433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:5860

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
d3adb10f950db0f70e27d1057beb7985

SHA1
5050b33d8a5a9b9a9e0c3e36b9a3fd85a0fc7b7c

SHA256
0c6de88d2695bbbf7eb3824c9451928f23758bb039184595b0230247f5de1f1e

SHA512
f6e8eeff4d0e488bc64a511a7c654afe93c795a7fe167d3049eca3a1bf09b4ed6a3095f3bae4d46764166761b93fd7018647dbddb010997917bf2e0ae318d344

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
31feb1c2d295b0c91cabb800762f1a11

SHA1
7ca5d7a5749093045a3b9a71872fde60f07143a1

SHA256
1a07c81985a51cd80b4ffc8b42e8ce75763754b8dfdbeb151eb1e77c485fea83

SHA512
7ba3164545b42205f59eea5b3649e1e9a2a3311ef40736df3b8ba5781cefa85975c0712704b6640637abffc4febceebbeeb8483d1b901c6c74d2b5c4e3abb5da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
26fc8601eef712fd68dafa7d56024dce

SHA1
23fe729d31b93248d2708894bcdf5fb61767cee0

SHA256
5e60f08a8cf865ca5a7a818e43c3901e5e39462ef4720637993ac965b643319a

SHA512
75af773cfb2036890e9b860991f0450679e5e9c528b282431ab999f51cdf717bec5f103a34d3e1ff934dcc587d8317d804d1f5211f583da434b8f79430cbc7e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
241c557fe407859a718e5b895d69232c

SHA1
97499d97421737305d60a538c7d4463c102e97a8

SHA256
8cbae6bbe2daade478104f8c500efba9426ddee50361b41c69f668cf0b18d543

SHA512
5c647fc6a0e6a8d2e7bb60e68baad9e1e616d826842073d231b37a7e00f73123414e0849e6b9f5c598666d1ef14ea24504d99e8d7c46e911a6f3b3c9de17cb52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
03a2ffe15deae45a768808c031a16728

SHA1
93a377aff897b3f83bb31c2e03b2a0b59a05be7e

SHA256
be952b89555bbe6898f8b83798c952ecadc6a50b5cdaaacce6b5af30cb62e6b6

SHA512
a5d24f305d4d8e8c43b10cfed751cd0d01b3feea7b44220eee7795dbdf68d278422509dddf26bbc27babcf6065580df991e8cb11d08ea710e0a57f16f2fb781d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dbefeb0ad864ed5495ff38572f65dc34

SHA1
e34b4f474c1ad5562130f2db6ca4f51b2d976f57

SHA256
8564c53dee747406746c19040f10e8a19816b8c3ef2b0d9f42e4893ed8e3a5ec

SHA512
7de2bef51b6aacb680a4a4239ce6356140d70a246974f2fc0a6bac64a014d82e681e82aa282063695716b9e32f4e059c685364db300fc9257612d183489bbc6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
037e0ce92a1e7bf43d79fbed67e7aa99

SHA1
be1be8654de91426af8f2577167e5558782d2beb

SHA256
0ce6b98ab3674023282329c314fdf49ade1739de10385f780439010a53f0f131

SHA512
11b3abb500bff1fa028befd9f7aa307850a6589cb9c58181667e572c7fedeb9c3b4681c632300cadbde711c8f0bf3b151646fcadc3df0aa2546886bdceed3edd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a7caef7c03536ef9d7a353628b210c83

SHA1
2cd80b3a08a4f3925abc0abe617676ea58c82e09

SHA256
1478baacbc63a4c4f226b31251a88ace8a92c83e56b201dc75cf36cc03f1585e

SHA512
e3bda7a144c9495cf5874ea60e4645fe374cd39141cea65dced4de9e41fa2b341b36f4168f93516808ba9082544a9bf5fd0c414721d70fd7659c23b31c87e733

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9c639695f7b17e6bab953c4764e45386

SHA1
9ce18125f9915a761546140cd22c4e403881cdab

SHA256
e666324d177d379aaf736996534db06931b57c6f4e5c6f3e3deef558e76964d5

SHA512
5224ac0da88bd3e62114ead9697e845eab62b5290ba9d71e5365c8c10f86d333efdc7d535f6412146464e28760e93cf39b36a688efbfacdbcc428e60ae78ddea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6b577b2193fb7bf7b301b9a6c47f2cc0

SHA1
06d641b4ccc00e5f9bb0d03fcf6a1d427d52473c

SHA256
b0eb3665eab65803d3aca3258ad19a60a521f761dc6c24d8260b26372beb4e09

SHA512
50ff7193b491fb7c3a9734bed8007c4c7c674034bf8bf41342fcd0d036e4adfcdc04394513d070595515f0551240d14b7588b901661aba77ec7eb27a221f826b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
68c5270b1a3be52634ce78e2548cd1e9

SHA1
ba63eaa5d0bfe23865139a8b3eb27c4c927ddff2

SHA256
8cfbbe7de910af63fe27f0758c156d30e29026d15fd198588e9b7bae2528b7c8

SHA512
bf869b784b59538aed7d6410baaa30d0e83e396087712d0f1aa1c9e67f9e24825989713378b9c8b0ff414be62463e326654b6d29c8f5a7114a6396eaf63b6925

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
14558fdb8befbbd53a1dc9f76d95d857

SHA1
522bc9649e2e939e4f720c14f7e6badaacb2c8ef

SHA256
18369cac3d9ce559b3b57d98bee15499c71e5f45fdcc9b5ea716c1b49e414be9

SHA512
c904a936c91d8b35c01d029bb925716420601ced8caec750a51997d44422b3d02deef60f6d845b9ae75e89f957f9fe3d7b5b95a4e8ff353f1d2efb1bff3be0ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ffda8fcd69e7e383bd4bbaa50ad5014d

SHA1
d78e25ed89d1fff532ff3b7f61f40f05bbf283eb

SHA256
94f6ff88953d163fde6cd9dc6272506a18640c3e777c69590dccc029129ad29d

SHA512
0375da0c389e798ecf30bdd8d5d7ae395c8d164821651adca9f431fc3a10183beea9e19bc8c8f3a212b1762a896fae43d5dc81b2a3b2e1c5c8686366ee223b7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8c35ee62cc30aaa57220702eecd6e46e

SHA1
3b5aeeb49a8ce16e270dd8706073e28a991e499a

SHA256
4f284bd166cb06af6c899981f414aabb795ddf3bdb2c9ed8e5931b42b55aac7e

SHA512
b038e45ce32bb438dd563eceb55992308944744610b018dc246a817e511de9ebb78017a50d85ddb14082a0daa97277e3f48da7e1d3c26b2aafc5c3cc805e5536

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e4e22b01fdaf82533164acf991de3ab9

SHA1
4823edc6948a385f665d4a517a27bdcfbb8a599d

SHA256
74a329b73408b6704d61cb22f6a426fa60c3c955ca2ae97d58f00db3a85bdb89

SHA512
8f6d96110c0edd81887a9e420f7fbcf562cc04f7ed643115e52a421a9aadd922d7549ff46ae0800d5eb7377630a36083cfbb31714d11af8223f98d00cfd2bffd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c56225ff0dcf0e33c6da49a315ca24bc

SHA1
305ad5bf0197378f651792297936d7f695172001

SHA256
4c0f6ce882e5e646e4747069a63b6a05469dbdb15de61694e088441258855141

SHA512
7987b626ddbced79022c3070f50ac2433dd9c629eddfcc0b3f3ed451aa0786877a4e56213d7c9bf35987a12e1ea97d83936478394719a76dedf0d0f7a4cdb15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
44bf554c0d7e68d8752ff347af5d844a

SHA1
53170add73e8b7cbb890ad9883147ad913701dfc

SHA256
e0d014e19f785b55dd7822a77f31b9b834a50d505d2588d3f85c890a60c22fde

SHA512
41ba0a5c36f0ab6c49d1dd627e9260640c0bc641e1b7c256fa654457cc58a3125dded72d3bec156c231baa307c9ce5e53c545f5fa3c9811aa2e115bdf95adf7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
687acfcf31eb7bfce4d19910e3050196

SHA1
a68bba23e82391f81f06429bcc2c36a5165b2f2a

SHA256
788a9a6672eb95ea07136f271b09c0803272840b20b5b50599dea6738cdc8198

SHA512
b92bf4d426b2c9e7a2daa03d7271a80b353f341736f793935fddc49b60bb88c24bbd01c3d9b01449f38b284cae06ae1f8ab071b86435313d11eb6c9ee25c460a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1bf390eb5bdc4bf4a10d260af8e65005

SHA1
ddc50d79684a023d5ca87383f6b7cf88f23200cf

SHA256
a6e4e5c9321799606ce651c4e6ae9f1dccc54de8681fcc54b58fe1c052273ba6

SHA512
d7055a0aaeaca70c31b8c7f684b99ab29832d4806d1f3f5fa97049a0d4f65f966c020106077532c87b0985230e3a5d2e81688aebd95d28438d923648d5b6d56a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
157cef23a04d46016e388c0f2cf41012

SHA1
8a1397cb8a5365b4ab32d33fe66ea0e252d7b9a4

SHA256
26518cfae5742e8fad1857e2456163dffe4aefba36012ac18eddf32469725f62

SHA512
73442f06ddb4502c8ffdc9cc891bcbaea5126bde016d11342ceaf1de2fdb6d2bba5513b12bac0895ead9ae0d9879f780792cc63abb5f86a14d10e80e4943bee7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
9d19e9c00ae3e2f7bec5d9ac6e5b13aa

SHA1
c9ad73b850c502caa8e4ef5dd0ddefcd69a474d2

SHA256
6e1df5e5b02e83d6eb02dc5e3d4cb4570b3cf50a8bddbc90ef8c86a1757c1e17

SHA512
26326a9ec3f242b56b85318148cde093bb2618217546dbe5542763a6436c5e8149991d9f6d58dfedd4527ef2f269ccf80f412d3ffe88e9e33870f0f49f66a78b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
df63d07aa807cd38a683f464f72105b6

SHA1
fac59bd84dc8c9e846187490af40e0315aacc3da

SHA256
addfc18138e8eaf4d1d0e16d38de310e1f28974b03da19009bf50f33761c863a

SHA512
55846bb70dbc7004902b7670741dbeb62adff68375e3f50b90f581115d79bd86fbe4e0e4df82337659e01a21c6d82378a4d64796c07ba83fa3fb2d8ad9394620

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
61cfa92994508dc420d74816729b99dd

SHA1
f97939404889d064593fb809817cf10c9769e028

SHA256
a1d5ac55485d53789e3d911c25ccfdaa3619aa519e88367668824febd090386e

SHA512
07debdb0a4d74a9126a63aef629c9969f7d46c0e6398a46d93dab453e1a6ea1fcc5101e3ae70703b70b53d689b08fa18ad06c95032ada08b147cc36cbd431ebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\grim client.exe.log

Filesize
654B

MD5
2ff39f6c7249774be85fd60a8f9a245e

SHA1
684ff36b31aedc1e587c8496c02722c6698c1c4e

SHA256
e1b91642d85d98124a6a31f710e137ab7fd90dec30e74a05ab7fcf3b7887dced

SHA512
1d7e8b92ef4afd463d62cfa7e8b9d1799db5bf2a263d3cd7840df2e0a1323d24eb595b5f8eb615c6cb15f9e3a7b4fc99f8dd6a3d34479222e966ec708998aed1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c4cba7183d4ca7fe5a3a2cfafff56c54

SHA1
c2c1158c0b25e64fb64d339887bbd1b17246576c

SHA256
1bc36cc948331a1c982a37c23ba3dc72220c387f561e8634014ce27527b0d227

SHA512
d7967585593601ac2ad713f50a0b639251afc6a4c0f34ad9c2f62dbaa154b068bcf8fe86c5a6b91fd67ebdba0512fd3e05ef50a16f29816dfcc0d32ca220893d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
70d0a67646d82137598989b2500cce88

SHA1
6b6827fafffccd25ba3f1d3e09521761e0ac7ffb

SHA256
ede3584776a5cfecd70fed03e541c303ad1b3fff153d037992b0bfff3d2b9f59

SHA512
0878c40ca78ebb54255c98ee11c4a1928bf70865d8100cd200fa8952ff8fb297635c68db78292efea8e3db4cfd7aec030410101b5a7bd53f5cb3754b442a2c34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1bed6483de34dd709e03fd3af839a76b

SHA1
3724a38c9e51fcce7955a59955d16bf68c083b92

SHA256
37a42554c291f46995b2487d08d80d94cefe6c7fb3cb4ae9c7c5e515d6b5e596

SHA512
264f6687ea8a8726b0000de1511b7b764b3d5a6f64946bb83a58effda42839e593de43865dafeeb89f5b78cc00d16f3979b417357fa2799ca0533bdf72f07fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fe6fb7ffeb0894d21284b11538e93bb4

SHA1
80c71bf18f3798129931b1781115bbef677f58f0

SHA256
e36c911b7dbea599da8ed437b46e86270ce5e0ac34af28ac343e22ecff991189

SHA512
3a8bd7b31352edd02202a7a8225973c10e3d10f924712bb3fffab3d8eea2d3d132f137518b5b5ad7ea1c03af20a7ab3ff96bd99ec460a16839330a5d2797753b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\5027a79d-1a2b-4518-a8b2-260c6d26aa82.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
45b0fc111dcf98225c1162c505c618ea

SHA1
f9f8ac91ce3b0f088d9a13c85f655414607920df

SHA256
5d5478c041654c81eec13692eb075d0d4dc49b0ea784d0bb2316c53101b66346

SHA512
1ea538fad8fd295d942f6819d29405c7502368513c527dc4d887a5aebc73fdc1a88b71f2b74cd8328a0c13f0a288e9bed1964528b523488dcfc12fbcd874c697

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c179064b94a0523f2f59cc5c2f95f9ba

SHA1
92db1e052c0476bcd4cb6db90c5b86bc0387c05e

SHA256
f5753ab82f5d968834b376ee7f056fda8fbfe653009d2340af09a43d803c9e26

SHA512
73a072dc6c864ce9d1314d44e249e6af393a31a0b307a2b4fa0625c2869b428ec6a650082e0e85b482e46fca03c916f1466588f37c5f4f696475e71123fc0400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9ccb152534373f3548902bd795f2f290

SHA1
ec62af777192d7c61ef2ea284071e31322c6001c

SHA256
5f9e742eb28bed7f6a8c6a3b22d9949a9973ad4e1539e9ffface8a5a9540ca35

SHA512
71c7f71a26ca7c5a4652c195ca780c4a5670b51621a3086466bbd856cee63e1f765898f8a729293ebb70f60a5a5ff89f777ba2cebdcb2d49c7b042009f008e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
cd5a3b4999b038c9050090c91c2d0b79

SHA1
734836a124a88ef55f015b63e5ca3c6b815af02e

SHA256
5ea430764dc8ed327905e25852a7f021333f57abcb6cfb03a9ec683a1e79bd07

SHA512
adebbea01996108ba02843689879447e0db5bdb0064611848a1da4665db250c6011e6f037ad49899714e49397a6fa655db2d4270e359bf8b48b186c92bf8c4ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
ef05a9442b047b5d751abd78bc0bd4c9

SHA1
341773a59596b8053e68f6ecd754bd5dd8fd3837

SHA256
0e09a112658cd72b4b76502744948edf4f5d62c4fa061e20720836cf6a90a749

SHA512
8b3a4330c5bb572c03fcdc085be83880f0494c1cc7e1f4a6123ef0b1b67e923f337046bcb8b1c1cf7221d228faa8cb4f9318bef716810c30b5c6db194ca84ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
2e317b19a0b4c2a38a3e499386c3c839

SHA1
a3f5e1e8594e4347ffa461c17d2ba112769eba65

SHA256
ee80a83af8801aae2a0839b6e4c9aa2011661251f6ea7832c6d485b52f13bb8c

SHA512
a5f0d7ef4f75f7863db4574b43d120812d368ce8b5d9c2cc8adf885f5237b608caddd338230c86e429967c96e5f85f0cbc96c715cb791d7ef3d97842bc4c1722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
418bcbf6b02e9a419d052708b6a7f7a0

SHA1
1a3b990527b61ab0c12664c7a03d634ffa3e7044

SHA256
cf540722716c71cdf26ac1b96ed3030e3fb2595a8e2a83fea575965a922a71b7

SHA512
47acea6cb076d248b207da80b11c387c033f745d41f8e28a5f0811b91e9c4f236dbbedb328e2004b74de2f55b9ea29f1cf061ff0934f41b4858386f313e641b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
1dc362902564057a983cb3abff790ed9

SHA1
44a6bdb49bdbc973dd73c33077a70b1bdaf76a5e

SHA256
10f3f2848ce8eb536efdf5621db08e04458d380ff6178d8bb7e7c344c3b93d1c

SHA512
80b911a5846313157471b87e520f423b665aa8ff47ba47340cdd1ece3277b1383774a683b56d0f2c2c3b8c6efb0ce629dc4a11bc158e5b9223603eecfcf73dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
7c3b77c36130ff94c3b2e589e113a976

SHA1
cfd94878fdee59920da5101f3216e8b4d0cf5d5c

SHA256
c078b4e8eb9600d7c4ea1f64dedb1689150107abe9b8a1c3dd4035ce3fda86d1

SHA512
5f082002e6fd3d9f8296c39ce518eae35249a8f971ecd024ecffd70e82548a80e1aa0579a35d0fa3f8a56bc2f8f912a6c282c03962eb1416bbb761737a250963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
191c17fc72f5ea91c0460d835e277c2d

SHA1
9a6168a0ead347d000af8e213bc7a017e06665f3

SHA256
4e34af485a965892deccc53422bb20047f2a8f5d0cfc363131af4e6590749acc

SHA512
a1b29ce0b0bf0107657b923199ac078de13defee9f4a41f84ec1f740bbe0f15d56ecdd74d92a8b72a6013cc65458def9e046a7a0b1b3f788f19239fbc2bc14f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
c9979874dcdf62d130cd9129b5558e54

SHA1
e3bfb285fada8a128725c3c203632aad6714ed73

SHA256
24462f9bab8b92eb92b606d3dbcc8a77b19f8579c9a268d72614cb795ef89558

SHA512
70e8d6b8dd6c1caa810bfd0f2a41b6c477aef89e20f57c36dae016d3cb68e404e655f87c49afa88df12dcd3483158ade0df4253b3e0bfe5598255370620d5773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
4f73cb6ddf49bd133c75f0b8526115cd

SHA1
c7d8e77b97d97f2d28d64689e78276c1d6ae5734

SHA256
254a9a37cc31c321fdd06fbc2aee70e9a69ebcb63557dd1dc8a7873061138f39

SHA512
307c8ba14fb2e89394abcccc5fa3b58bb62bdc30bed859255b6ae1288037f8d6f2eb4376501e9d7179e1634ddc756f13fa26c3fd598092fc28086847728d3c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1b78e2164fc713800bd2af7da5bd7567

SHA1
05b43b85e16df57822b4ca6e4c0533f1bbcae53d

SHA256
133c33bd3270e6b0bc03cca7024808f50fb8882b6cdb4523b337db0cb61352f7

SHA512
807365118b6c5fa5ba84be4afd6b97fae8e6d249e98a187860581cdcf2761a2b713c8db0da77b9924bb833444d85928f809035658443873b0b8a292867b9045a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1280_1724787043\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1280_1724787043\ddce20cc-a0c4-4966-8b52-6ea60c9baa33.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 951846.crdownload

Filesize
75KB

MD5
9fb584a7f293aa900e682cabe3faefcc

SHA1
043d316155bf973a2bb8f1d4ed29c2db7568854b

SHA256
22adf85ad4591d2c4871440fe7ed023575be15e202ca0abe54c17c77cddca990

SHA512
5c77d9d656357416b0663b437104702fcc3060ec1612726d07ee557b74f0c845725435a69c8090c20f6410e6ef4899d1347f201365b493a7ed739b9057b20b5a

Download Submit
memory/5116-702-0x00007FFE0A3C0000-0x00007FFE0AE81000-memory.dmp

Filesize
10.8MB

Download
memory/5116-0-0x00007FFE0A3C3000-0x00007FFE0A3C5000-memory.dmp

Filesize
8KB

Download
memory/5116-909-0x00007FFE0A3C0000-0x00007FFE0AE81000-memory.dmp

Filesize
10.8MB

Download
memory/5116-4-0x00007FFE0A3C0000-0x00007FFE0AE81000-memory.dmp

Filesize
10.8MB

Download
memory/5116-3-0x00007FFE0A3C3000-0x00007FFE0A3C5000-memory.dmp

Filesize
8KB

Download
memory/5116-2-0x00007FFE0A3C0000-0x00007FFE0AE81000-memory.dmp

Filesize
10.8MB

Download
memory/5116-1-0x0000000000860000-0x000000000087A000-memory.dmp

Filesize
104KB

Download