badrabbit | 816666326e1e0d9a58c505bad1bb94b882dab6edf9ec4ccbe0ae5674ebf95f96

Analysis

max time kernel
843s
max time network
851s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20250217-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20250217-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
05/03/2025, 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

test.bat
Size

532B
MD5

31c1a3b7ca1a53b2329747710c4f453a
SHA1

097e4cf654f0edc37ae66eca54aa349bec94bb54
SHA256

816666326e1e0d9a58c505bad1bb94b882dab6edf9ec4ccbe0ae5674ebf95f96
SHA512

1168f9e47eaf20e4dfad632344cc3d536f03eee556c42015dc4e82684dbb605cbe556002ff5ebe1ea3e53987cd09720fcec6ef9a578b1379035d92e219b3627c

Score

10^/10

badrabbit bootkit defense_evasion discovery persistence ransomware upx

Malware Config

Signatures

BadRabbit
Ransomware family discovered in late 2017, mainly targeting Russia and Ukraine.
ransomware badrabbit
Badrabbit family
badrabbit

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master (1)\\The-MALWARE-Repo-master\\Ransomware\\Birele.exe"	Birele.exe

Disables Task Manager via registry modification
defense_evasion

Executes dropped EXE 1 IoCs

pid	Process
8076	36DF.tmp

Impair Defenses: Safe Mode Boot 1 TTPs 7 IoCs

defense_evasion

Safe Mode Boot

T1562.009

description	ioc	Process
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\Power	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\iai2c.sys	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\CBDHSvc	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\WinDefend	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\UserManager	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\SerCx2.sys	Birele.exe
Key deleted	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ProfSvc	Birele.exe

Loads dropped DLL 5 IoCs

pid	Process
6604	Floxif.exe
3584	Process not Found
3584	Process not Found
3584	Process not Found
2132	rundll32.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\system = "C:\\Users\\Admin\\Downloads\\The-MALWARE-Repo-master (1)\\The-MALWARE-Repo-master\\Ransomware\\Birele.exe"	Birele.exe

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PHYSICALDRIVE0	xpaj.exe
File opened for modification	\??\PhysicalDrive0	ClassicShell.exe
File opened for modification	\??\PhysicalDrive0	ClassicShell.exe
File opened for modification	\??\PhysicalDrive0	ClassicShell.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/6604-3069-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/6604-3072-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/7364-3086-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/7364-3088-0x0000000000400000-0x0000000000454000-memory.dmp	upx
behavioral1/memory/5376-3154-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral1/memory/5376-3155-0x0000000000400000-0x0000000000438000-memory.dmp	upx
behavioral1/memory/5376-3158-0x0000000000400000-0x0000000000438000-memory.dmp	upx

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\demux\libmpgv_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\PresentationFramework.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\System.Web.Abstractions.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\EBWebView\x86\EmbeddedBrowserWebView.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\msedge_pwa_launcher.exe	xpaj.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\msadco.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\msproof7.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ONWordAddin.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft.NET\Primary Interop Assemblies\Microsoft.mshtml.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_smem_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\NAMECONTROLPROXY.DLL	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\PowerPivotExcelClientAddIn.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\msedgeupdateres_ta.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_delay_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Data.Recommendation.Common.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_output\libcaca_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\visualization\libprojectm_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\wxpr.dll	xpaj.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\resource.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_bn.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libvcd_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\OIMG.DLL	xpaj.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-crt-private-l1-1-0.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Windows Portable Devices\sqmapi.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Microsoft.Build.Engine.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power View Excel Add-in\Microsoft.ReportingServices.ProgressiveProcessing.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Windows Mail\wabmig.exe	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\libscreen_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\access\librtp_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\icucnv40.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_bk\1.3.147.37\msedgeupdateres_sq.dll	xpaj.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jfxmedia.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\DocumentFormat.OpenXml.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\WEBSANDBOX.DLL	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeCore\132.0.2957.140\msedge_pwa_launcher.exe	xpaj.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\fr\ReachFramework.resources.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\goopdateres_uk.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\EduWorks Data Streamer Add-In\MicrosoftDataStreamerforExcel.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\es\System.Speech.resources.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeWebView\Application\132.0.2957.140\dxcompiler.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\A3DUtils.dll	xpaj.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\api-ms-win-core-profile-l1-1-0.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\msedgeupdateres_en-GB.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\fr\System.Data.Linq.Resources.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libremap_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\PowerPivot Excel Add-in\Microsoft.Excel.AnalysisServices.AdomdClientUI.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Browser\nppdf32.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\d3dcompiler_47.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Microsoft Power Query for Excel Integrated\bin\PRIVATE_ODBC32.dll	xpaj.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe	xpaj.exe
File opened for modification	C:\Program Files (x86)\Common Files\System\msadc\msdfmap.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\keystore\libmemory_keystore_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\ADDINS\Power Map Excel Add-in\VISUALIZATIONCOMMON.DLL	xpaj.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.195.43\msedgeupdateres_tt.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\video_filter\libblendbench_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\plugins\codec\libadpcm_plugin.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\api-ms-win-crt-string-l1-1-0.dll	xpaj.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Client\msvcp120.dll	xpaj.exe
File opened for modification	C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\ja\UIAutomationClientsideProviders.resources.dll	xpaj.exe

Drops file in Windows directory 6 IoCs

description	ioc	Process
File created	C:\Windows\cscc.dat	rundll32.exe
File created	C:\Windows\dispci.exe	rundll32.exe
File opened for modification	C:\Windows\36DF.tmp	rundll32.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File created	C:\Windows\infpub.dat	BadRabbit.exe
File opened for modification	C:\Windows\infpub.dat	rundll32.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
7808	6604	WerFault.exe	241

System Location Discovery: System Language Discovery 1 TTPs 19 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	taskkill.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xpaj.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ClassicShell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ClassicShell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	$uckyLocker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	xpajB.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ArcticBomb.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	rundll32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Birele.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ClassicShell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	BadRabbit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	schtasks.exe

Checks processor information in registry 2 TTPs 12 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Kills process with taskkill 1 IoCs

defense_evasion

pid	Process
5312	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133856848629176252"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3524754987-2550789650-2995585052-1000_Classes\Local Settings	firefox.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
7108	schtasks.exe
7604	schtasks.exe

Suspicious behavior: EnumeratesProcesses 40 IoCs

pid	Process
5568	msedge.exe
5568	msedge.exe
1176	msedge.exe
1176	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
544	msedge.exe
544	msedge.exe
6032	msedge.exe
6032	msedge.exe
7124	msedge.exe
7124	msedge.exe
1628	msedge.exe
1628	msedge.exe
7568	msedge.exe
7568	msedge.exe
7924	msedge.exe
7924	msedge.exe
5232	identity_helper.exe
5232	identity_helper.exe
6824	chrome.exe
6824	chrome.exe
7844	chrome.exe
7844	chrome.exe
7844	chrome.exe
7844	chrome.exe
6604	Floxif.exe
6604	Floxif.exe
2132	rundll32.exe
2132	rundll32.exe
2132	rundll32.exe
2132	rundll32.exe
8076	36DF.tmp
8076	36DF.tmp
8076	36DF.tmp
8076	36DF.tmp
8076	36DF.tmp
8076	36DF.tmp
8076	36DF.tmp

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1736	xpajB.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 44 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe
Token: SeShutdownPrivilege	6824	chrome.exe
Token: SeCreatePagefilePrivilege	6824	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe
6824	chrome.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
5948	firefox.exe
976	xpaj.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4976 wrote to memory of 4412	4976	cmd.exe	85
PID 4976 wrote to memory of 4412	4976	cmd.exe	85
PID 4412 wrote to memory of 1700	4412	msedge.exe	87
PID 4412 wrote to memory of 1700	4412	msedge.exe	87
PID 4976 wrote to memory of 5372	4976	cmd.exe	88
PID 4976 wrote to memory of 5372	4976	cmd.exe	88
PID 5372 wrote to memory of 3576	5372	msedge.exe	89
PID 5372 wrote to memory of 3576	5372	msedge.exe	89
PID 4976 wrote to memory of 6112	4976	cmd.exe	90
PID 4976 wrote to memory of 6112	4976	cmd.exe	90
PID 6112 wrote to memory of 5892	6112	msedge.exe	91
PID 6112 wrote to memory of 5892	6112	msedge.exe	91
PID 4976 wrote to memory of 5492	4976	cmd.exe	92
PID 4976 wrote to memory of 5492	4976	cmd.exe	92
PID 5492 wrote to memory of 5896	5492	msedge.exe	93
PID 5492 wrote to memory of 5896	5492	msedge.exe	93
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5944	5372	msedge.exe	94
PID 5372 wrote to memory of 5568	5372	msedge.exe	95
PID 5372 wrote to memory of 5568	5372	msedge.exe	95
PID 4412 wrote to memory of 5864	4412	msedge.exe	96
PID 4412 wrote to memory of 5864	4412	msedge.exe	96
PID 4412 wrote to memory of 5864	4412	msedge.exe	96
PID 4412 wrote to memory of 5864	4412	msedge.exe	96
PID 4412 wrote to memory of 5864	4412	msedge.exe	96
PID 4412 wrote to memory of 5864	4412	msedge.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\test.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x144,0x148,0x14c,0x120,0x150,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:1700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
    3⤵
    PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:1440
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:2676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3888 /prefetch:1
    3⤵
    PID:1988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
    3⤵
    PID:5676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:1220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
    3⤵
    PID:5520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
    3⤵
    PID:2260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
    3⤵
    PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
    3⤵
    PID:4420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
    3⤵
    PID:568
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
    3⤵
    PID:5556
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
    3⤵
    PID:4244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
    3⤵
    PID:5724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
    3⤵
    PID:5212
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6740 /prefetch:1
    3⤵
    PID:5632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4280 /prefetch:1
    3⤵
    PID:6412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
    3⤵
    PID:6476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:6572
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
    3⤵
    PID:6788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8300 /prefetch:1
    3⤵
    PID:6964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7808 /prefetch:1
    3⤵
    PID:4948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8420 /prefetch:1
    3⤵
    PID:7156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8640 /prefetch:1
    3⤵
    PID:6288
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2136,2546336427161376899,9972849695113102443,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8584 /prefetch:8
    3⤵
    PID:6424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:3576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,6551530971074426399,1461071361927642080,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:5944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,6551530971074426399,1461071361927642080,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:6112
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:5892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1484,17375622691981017932,16691536341481448103,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:5092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:3824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.comstart/
  2⤵
  PID:2276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:4972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:1060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:2828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x134,0x138,0x13c,0x104,0x140,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:5552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:6324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:6376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:6712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:7092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:7128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:1216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,8642524355384934861,132824827810796085,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
    3⤵
    PID:4036
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,8642524355384934861,132824827810796085,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:7124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x134,0x138,0x13c,0x104,0x140,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:7148
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:1996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2208 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
    3⤵
    PID:464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
    3⤵
    PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
    3⤵
    PID:6364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4068 /prefetch:1
    3⤵
    PID:7492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4424 /prefetch:1
    3⤵
    PID:7860
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4668 /prefetch:1
    3⤵
    PID:8188
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
    3⤵
    PID:7324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
    3⤵
    PID:7588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
    3⤵
    PID:7512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
    3⤵
    PID:4652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
    3⤵
    PID:8076
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
    3⤵
    PID:696
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,1376146022392673206,7628554684144705507,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6456 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:4164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:2456
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13580352982776987140,11510571395920942388,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2072 /prefetch:2
    3⤵
    PID:7560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13580352982776987140,11510571395920942388,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:7568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.pornhub.com/
  2⤵
  PID:3976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd3e6e46f8,0x7ffd3e6e4708,0x7ffd3e6e4718
    3⤵
    PID:6732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,14404967402571199660,13112451544274950379,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:7924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5976

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x460 0x2c4
1⤵
PID:5660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:7916

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ffd3e39cc40,0x7ffd3e39cc4c,0x7ffd3e39cc58
  2⤵
  PID:7088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1900,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=1896 /prefetch:2
  2⤵
  PID:7256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2156,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  PID:8148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2272,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:1832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3128 /prefetch:1
  2⤵
  PID:1128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3136,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3676,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3656 /prefetch:1
  2⤵
  PID:7420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4672,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:5940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4816,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4652 /prefetch:8
  2⤵
  PID:4724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4368,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4460 /prefetch:8
  2⤵
  PID:8116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4700,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:8
  2⤵
  PID:6364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5040,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5052 /prefetch:8
  2⤵
  PID:7988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5028,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5036 /prefetch:8
  2⤵
  PID:6848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5076,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5180 /prefetch:8
  2⤵
  PID:6348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5068,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5204 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5180,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5176 /prefetch:2
  2⤵
  PID:7348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4800,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5292 /prefetch:1
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5428,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5364 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5436,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5200 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5576,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4500 /prefetch:8
  2⤵
  PID:7000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5116,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=504 /prefetch:1
  2⤵
  PID:776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=5476,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:7132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5732,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5728 /prefetch:8
  2⤵
  PID:1460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5756,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  PID:7320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=4932,i,8260866976349767205,1381486898521421874,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5276 /prefetch:1
  2⤵
  PID:3064

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4656

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:7808

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3312
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5948
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1972 -parentBuildID 20240401114208 -prefsHandle 1888 -prefMapHandle 1880 -prefsLen 27363 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b78164c-2fd2-431f-a27e-584d3fdd677e} 5948 "\\.\pipe\gecko-crash-server-pipe.5948" gpu
    3⤵
    PID:5020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2376 -parentBuildID 20240401114208 -prefsHandle 2352 -prefMapHandle 2348 -prefsLen 27241 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {10ef93c1-148e-4dfc-8b8f-9400ebab1674} 5948 "\\.\pipe\gecko-crash-server-pipe.5948" socket
    3⤵
    - Checks processor information in registry
    PID:5428
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3004 -childID 1 -isForBrowser -prefsHandle 3008 -prefMapHandle 3016 -prefsLen 22636 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0ebfde01-e26c-4dd1-aaf6-441d2ce5aebd} 5948 "\\.\pipe\gecko-crash-server-pipe.5948" tab
    3⤵
    PID:2208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4156 -childID 2 -isForBrowser -prefsHandle 4144 -prefMapHandle 4140 -prefsLen 32615 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {726ca7ce-d16d-4ba1-8aac-e3e5a80a1358} 5948 "\\.\pipe\gecko-crash-server-pipe.5948" tab
    3⤵
    PID:4260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4848 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 32701 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3a047b22-0710-4d8d-8bdd-394700f77ecc} 5948 "\\.\pipe\gecko-crash-server-pipe.5948" utility
    3⤵
    - Checks processor information in registry
    PID:5140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5100 -childID 3 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1cfd55f3-a9df-48eb-9c1e-5cd3e0ca9704} 5948 "\\.\pipe\gecko-crash-server-pipe.5948" tab
    3⤵
    PID:7456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5364 -childID 4 -isForBrowser -prefsHandle 5376 -prefMapHandle 5380 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2cd839f6-f660-4280-9a2a-868c64ffc3a7} 5948 "\\.\pipe\gecko-crash-server-pipe.5948" tab
    3⤵
    PID:6604
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5344 -childID 5 -isForBrowser -prefsHandle 5352 -prefMapHandle 5368 -prefsLen 27035 -prefMapSize 244628 -jsInitHandle 1200 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8b9240e0-84e4-47be-85da-4eb5410e1bed} 5948 "\\.\pipe\gecko-crash-server-pipe.5948" tab
    3⤵
    PID:6948

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7984

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\BonziKill.txt
1⤵
PID:5100

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:6604
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 6604 -s 476
  2⤵
  - Program crash
  PID:7808

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 436 -p 6604 -ip 6604
1⤵
PID:2592

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Virus\Xpaj\xpaj.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Drops file in Program Files directory
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:976

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Virus\Xpaj\xpajB.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious behavior: GetForegroundWindowSpam
PID:1736

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:6808

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\ArcticBomb.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\ArcticBomb.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:7364

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\ClassicShell.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\ClassicShell.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:2808

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\ClassicShell.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\ClassicShell.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:3372

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\ClassicShell.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\ClassicShell.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:3536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\DudleyTrojan.bat" "
1⤵
PID:7136

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Trojan\AUTOEXEC.BAT" "
1⤵
PID:6148

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Ransomware\$uckyLocker.exe"
1⤵
- Sets desktop wallpaper using registry
- System Location Discovery: System Language Discovery
PID:4220

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Ransomware\BadRabbit.exe"
1⤵
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
PID:6396
- C:\Windows\SysWOW64\rundll32.exe
  C:\Windows\system32\rundll32.exe C:\Windows\infpub.dat,#1 15
  2⤵
  - Loads dropped DLL
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2132
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Delete /F /TN rhaegal
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1524
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /Delete /F /TN rhaegal
      4⤵
      System Location Discovery: System Language Discovery
      PID:7640
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 4124472065 && exit"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:716
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /Create /RU SYSTEM /SC ONSTART /TN rhaegal /TR "C:\Windows\system32\cmd.exe /C Start \"\" \"C:\Windows\dispci.exe\" -id 4124472065 && exit"
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:7108
- - C:\Windows\SysWOW64\cmd.exe
    /c schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 22:18:00
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2060
  - - C:\Windows\SysWOW64\schtasks.exe
      schtasks /Create /SC once /TN drogon /RU SYSTEM /TR "C:\Windows\system32\shutdown.exe /r /t 0 /f" /ST 22:18:00
      4⤵
      System Location Discovery: System Language Discovery
      Scheduled Task/Job: Scheduled Task
      PID:7604
- - C:\Windows\36DF.tmp
    "C:\Windows\36DF.tmp" \\.\pipe\{698CAA7C-8E3B-42EF-83C8-9F43254F58F2}
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:8076

C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Ransomware\Birele.exe
"C:\Users\Admin\Downloads\The-MALWARE-Repo-master (1)\The-MALWARE-Repo-master\Ransomware\Birele.exe"
1⤵
- Modifies WinLogon for persistence
- Impair Defenses: Safe Mode Boot
- Adds Run key to start application
- System Location Discovery: System Language Discovery
PID:5376
- C:\Windows\SysWOW64\taskkill.exe
  taskkill /F /IM explorer.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Kills process with taskkill
  PID:5312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Pre-OS Boot

T1542

Bootkit

T1542.003

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Impair Defenses

T1562

Safe Mode Boot

T1562.009

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
471B

MD5
38227be992c3fe56ee6a22d8cb8c6390

SHA1
3ff1ebc89baa74b54b0ac6df786a316e972f2dea

SHA256
1c6c34e4a002f7f253a665c3c09f6071099edf5d1fa831f2d038b2923e008fad

SHA512
692ed839ba1a18c03c6ff13e47cb860b21fcdf3cceb009a2396d4d5c78985ad48d7479a15b019c39e77fe231b47f6abe388f102c10e78f80758aa68e90262b78

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
cf0e392508605f54f7f21db505e1c688

SHA1
8c7b47bcff21fb6328dfc24b06d832d944464e72

SHA256
a0bc796cbedad75a1f6005da390b1c50c6b53a64b212cb5a4a3fd960b95c7785

SHA512
4411e85f6e80b4fa6d6f35cf167e1bfcbf7c1eaa8230cded7c937f9061c585303de19c888ada8449ffd5ecdfe3114397535a754b015554f2ed65f74b664a8bdd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_CBDCCBFE4F7A916411C1E69BDD97BB04

Filesize
412B

MD5
14c872498eb27e5d47ee62b76dea60e9

SHA1
40e7659e441739e9e7354fd484d27c54a55c2435

SHA256
d81ccf697affe5e6379ae82d8a7c7fb8d79e82b9d2579b7cacb4d5282ff27348

SHA512
71cb428956c026d65b52e92561c64ac46a898cdea057cce20dd651f6e6bce5a365e5039ba52ae272709d1eb1737e869a9da3fc5bb698f5885a1fb9b21742b363

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\99f7b0f8-adee-4515-8088-6cf5e8f8d5e3.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
c1f12c6f4869d59286dcfd228f4d76a7

SHA1
ae34b2d20cfe5b4ef64810b11fcbf36e42cd27d8

SHA256
5f6236f64599a5495b450edbd775424c7bda21233b4ca878231adc9706003dee

SHA512
c519b4db9c88ee39acdd92a41f3dc6b85bd1067b21ab21ca57b40b4d7d7324c2a76fa3bf9e206e6a0c1d9d9eecc4de1464656d237217d0c931066b2d673e2b24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f3182619fed63f13cd119234423d8dce

SHA1
d769954dd834d2f5f77dacec50eab39cddab2dff

SHA256
1c1dcd0864ab6214babcac2f89db31a3fa37def4ba17faeaed07343a5f4df7db

SHA512
dee3a736ad34e5309b916b5837f1b84f1019146116d39a5c3eefca883f97b058950ecf9c6f2e9e2168afc5f981cc4ed59bae70bf6994545c8b1cc78734089e2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
28dc031bfe3bcb76a034f58127159bcb

SHA1
dd5afc556827d41c392e5a70c4f7a24395b9ba01

SHA256
885c029d26073d68e0b51d831f62bf81b785af03c3528e7964112c3b65d38c5f

SHA512
872886216c4f628c8c3914dbb8a32e29b3b0e20a9abec0525b50e3e579d9deb21a8d152c7ff4fee43dc94aa7a84c582b2feeed0db0b074ce1dda8e08d60c2068

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\44d7e8e9-1043-4987-99b6-b8d6ada62376.tmp

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
803984bf76b47d1c758649d17c95c1ac

SHA1
5d154942e27d257361d37147d7b94e34253bae6b

SHA256
8e096ae5bde869d0b0ae786bc63eef8562537e7cce2f8324c4df1c749c0650f4

SHA512
df0a0c1c5cb29cc036138539010ce2320607cdcf2eb8cea208efe2890d309e573cfef06769890d838dfad0b99df8f2196db9ba8b0c3aa2959c17a96fd2cf33a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
8f25f1c8828b9c05bdc4063dea7c597d

SHA1
f78847ba96361d3e67958762de710b1746986a74

SHA256
932f51fe6fd21536e3eab111c451c16cb73b9a26f3014a8c8f132c68d066bee1

SHA512
588845d9e31a160b974e36501fb2df3884276eceb0a2a1cc40a48df097dea10be7e76b4fe5d1351a78e3b26cea1dfc5502633e606eda344ef953955a28c57375

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
c2fda0f967a9eee95acf04d6603699f2

SHA1
068f627573c79087d2e0349cf5c67e201ca89b14

SHA256
b843f2bbfe1faaa1b77d9b044a549c7a4934868d27031d0786adbb5e2a82638c

SHA512
c4ebfa1643aa997875c8f05c7b1500509891849b0b27aa7a321b93162d53b98f9234a90d6a8c1eda4a8eb4156e13808c6d078bac00725af6d63a24d1dfee0916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
09d3f92bc36d7adbcb52324c4cea2a49

SHA1
d8e6fd098b8f6c355f0a215eebcdee9c3b991163

SHA256
8d258d1ffd5cacc5ca9b6d29eed8daa134ee0b381bea11422495353e9e609b7d

SHA512
2c54337d5a540a55595a1cb7ff55d16526d19d592f562945ea9a7a4beccf1eb1f3740beddc39835bd300e1cf9b97de0659d049deb2a171126a772b2b4d556de3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0921d637d3b36ac2a339fb885ae693a6

SHA1
5c8665a844af28920da6b33a9239c6e140e049ae

SHA256
952fb5e05113e14fb0dcde87b7d018e07180770f852caea70e8010491bd66785

SHA512
931cdefc4d78041b2bad3ffe37b967462ac53d1d8f948ad7ed1b9ce0a5fdea9743d002e8bc291dbfd8aad3ec157607cf336978e1d20de00ec186727a28bdc02a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c7769a305a17c1ea424b05c88a02035a

SHA1
e159b07c0bc916af3832d6f2cdc548782d277cd0

SHA256
fad298be810f6cec11bfebfdffcf01efe763e94cab826d80875c4bba4a7efe96

SHA512
ba2dce7f691dfc96a26ad1e5cc94a2ca55a08e3395d392e2e2e759cd6f65651a6dd2cd7818f9c74e5eb3525dc0287d8e1803ab8e6993247e7d79dd974e4c86ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
ecec1d5d1d51840726f7883e2ee1f817

SHA1
a8b19a1b8867b22889f21831aadb684a539e7a69

SHA256
fb521c6aeeeb86112d8a50c6fd5cb9caa17dc8046d974a229a1e8cfae3934f02

SHA512
116355c396f8a49a7766b6c3ee7fada37412bb8c219317c78f2b3e1b2e7cdc2ec3f92a7a528281c0030cfdb61c7d6c7446995bdb21f297c6b928142fd09b0a3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b85cb5cdfadf1c9bd5e92157422d0c0f

SHA1
f2b5526d6f9dca886faffb9db7d1107ef6935e9b

SHA256
b9c35ab7f6e3268de83d6dbb399d40f4c7d9e1028e40c0a6ee3804aedce6ea47

SHA512
0296039249372fd0986640ae04c6ff418ed55d5cdc229a3d008b88e7a54be843d5c86b28c9834ca84dc18619ee68f395a77ff759e4a5f073f00d758459cadec1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cabe1be8374bd370bcd47b972408ee4a

SHA1
d6d43859d8d32ae524ce65606baed279892f09a7

SHA256
8bed875ca5e22cfda81776c54001d3c5e15f809a997ea2e28dd42f368dea9ba5

SHA512
2545583181f23b4e055df0dd6987f4f621050395936d309efe0810057d5d43399a61e783a1c426c0ceb23ed9a8c926712f0b60dfe9e89367337f0332c92dfc07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e1121f4dd5071bd9ef4bc74b095c7d69

SHA1
dc5232820e1ee29f557860f5dea0e450a91b1d42

SHA256
205b06cb3466eb8691282e204f9e8b42132478460400422a5f108de3dbdf011d

SHA512
204def67d1657deaf750ff17ec1914fd94eec97c4bef4f9192d4db66dfa06f19b31e7c0e4ecdd7e177af8b6041d9e550cee5e19832b4358884dd037984349ef9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3f17c7f3298b210c7bdcf67227109108

SHA1
ab757f38f67f14a3b44ea3ae8ffb2d97760d0047

SHA256
a6578f08c277a0e717c7bc87f33ede5f2eedaae22292baac85741900c20335fc

SHA512
96ee015d811382209d85fb0b7971af3d8ae78a853f5823d8aef92c692bb5af2ac930f526714bb74f55544118d33e8a2a29fd2589a17660cb7a1af30b16d19940

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4382d036a8e0e522a3693f2c61f522a

SHA1
c66ceb9c9f05056e8175266c623bf454babd87e2

SHA256
1cb647ed95f7d8c29066c9db356afa14799bb67b65d62fd14a6a66e41ec5f78a

SHA512
0d7b48003bd73350ed12a91d107a1df8c661d04908d19dd587298edfcdbc8373072de830ff36c6df23153bf1f1b3c8961095f00a64021443a4ad9245442117b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2ba6450b643ec984051dfdddecd37f3c

SHA1
9732f7d88fcbe876e9a46f20af26e604b1829743

SHA256
397b7b4caad0339f258aba9b665df0eec2531e4581be903412c6ee5e12d93450

SHA512
315c97dbd34d796ffb9601ae19a64cad103668744a5cb8a0e1ac8a8edf3426ca534edcf7fd7fddfe70aa64b5342206ec77735b36eb3cb8fefdcf7e7423e3dad4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ad2fce936565f63186559981787a8327

SHA1
f0169f497fdd017080d298b7502699feab99867c

SHA256
e687904e4a3a8f24a0b190aec6da5c2e5a894370d60f50c86b5bebc2f9fbf5fc

SHA512
7ad039d97e367f454335ee5d96a2b63e30de17b4f82331e4b805fcb3fa4fa4071739433e935e45e1afe48570b800b3ed6848adf8450c9b53898fa2da53d6374d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cf03f54eec71e17f3fab5578fc8a8ba0

SHA1
da0fb9e5fd479309b8061a29b0762bb526d46f8f

SHA256
0f9b6a1ce05060bd077d76ab95cbb57691e10e5f26c8bf6574d9ab389792faec

SHA512
098fc45c5aa6961e03830a210991b082372c0dd260f027518b9d6fa7ded2d85658cc0014fc1a43c9d01020134b4d2606a2afbf7101f5256cec5c8b3e78aa3e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c8970120c0c761033dc43a9439f9703f

SHA1
4e96401d41d5023c9a4e14a9913cd3ce683a3dd8

SHA256
8b9a02e1050a6864e31019121cf504ced609562bd9cf45e4a27a9f61a433f4f5

SHA512
f1791b4e26774cb6d848e2b624d36e5b35b501f2d9ea9123695e0e4818dd22df42e91e243c101e33fc068b2098bdccf52efe5dedc88521da051db6389d248bf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
981d13c4bb48fe7147c41f6377353e52

SHA1
994b2eef9defd2bf34fae06e5980d3fb5800f3ea

SHA256
b39cc9ad0adaa6c1f6bf38a80d6e6952096a248eefac277ccede4b6570d0f635

SHA512
e04c6ce464f3badda6d5940b4925a4f22c02813d71a9065ed8f2e9307c74ddc365f6ea3554a3ecb2907e57cb3deab242e90455207ab432aa1915dd6f65f8d437

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
55e4e416a087e04b09743d8bc4c7abb3

SHA1
e58a4f90f1792b0b34b6601bdcfbbc82f4cc7764

SHA256
edddfacbaf0ba1189723a2833623f116d8771219ba8b06e7cc4c055b1b7d427a

SHA512
76f87e37fd9c867c7d97d590b3eeeb57024727eb6730d371d06adbd64847ebfd8ba608e25d704ea4852d933e05ae0ae407f1b65bb8eefc55ddbe117cc9338b9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
3666db63511fa01cf169f21510f3acc8

SHA1
e2b4e6b78edb073b47d83faafb3162ff6bb66551

SHA256
65b6e3e7722860b1c97ecee4e3524defd570483e44b84972cd1e06098b24272f

SHA512
1e6c0e6b711242fb073d974d530fbb82ea15a086d3ace1f1ac7c3041d7eb4c55e49d8086f6df63cc48fc08d6e9a04264c07c0c2918687440ec8882d1e95944f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f8d0a4c0072fcef2b4d63339584d9b62

SHA1
2212f2f3e3e02e124c9ee303dfdce61f2da76865

SHA256
053fa33548a1715ecaf5a7c5004003fc1bdc92392a173ee1c03fd53ad34fc030

SHA512
15a8c33f523f6a56d892a71ca5eae2ea152f244e059976ce26290208f087d6f80d705dc987239d728b32d04c80d53f080bdc2418cb0200744977d3d9d95099fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
02995dbaf02c289ec89d94aba8fb2218

SHA1
d93629358f88370fc280aafcc3d5173ea8bd0237

SHA256
ed1d3be60374460ecc505bc8f18a789118ca0510b5bce28b350ba3f42bb7bbfa

SHA512
58f524cd3665d80f6d167bc7d5b47f981da4b22b35792deb3e15dd08e4b4acfb681423d65031eeefd07ca880c786cb70887ee5eab76b4c0087761534d4574251

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8e40d24c2087f12751515eaef6ab4a4f

SHA1
cc6d36a0dcdd8a54ed8122cc64be5b26beacd8b3

SHA256
cd0772304affe9daedb85d6a68f144e68aef95c238028b29fd94678bd7f37f6f

SHA512
5638032ed1af3c5b88ab600b240c9bef6a01c73a30a6ce53e6de581876a038b1c364848ce01f68c179c0ca17b3d02b582c841b0530f1a0f756ecdf2dd634223c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7821d259ae2dc4e46879d4e5acebb8b0

SHA1
0fe4dc5b046e5df3cd94087e81fa5dc9c9f5268c

SHA256
53f8050854974efca56815169bd9486806623707e261ab1d6f418f82ae13b112

SHA512
0bc8258c2a4df493eace9d356eb020ae20805c6e560a5caab14a5641908a2ce4fb8e32d7aba13c37ee840bbbc8ce1e7f04a03cd2ca51990e9e2e9adafe6a0b45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9934dec65af37a410e70ee832a15b165

SHA1
2ed59c6b9aef0e2fb9090fb0ac8d226892348aba

SHA256
290ea830edaa8a3b9655d1419b69dce569aa967979084cdc51c879838e5f1726

SHA512
77d01f50005b9458f9bddd4a25003063dfec8b7393133b3cdde720dd3d51f00a86651640c33ff488cab8e8a94a08a06de971a381406e1a087cac3fc19a9c14ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4acace48216363819c7fb784a238a2ff

SHA1
97817493b71d3a726279149e3d6166e855d621a3

SHA256
39882a8fa637a9a39960301dd59cb8c9dd1460c8431a839c4aa6be224886a8c9

SHA512
c3670d72539be7852f74bcf28aa90fe7b32b744136f0e363586e0af502f87b944f5ca2d2024f7a42f31fb7fcfd3fb165faf60c32fe387419d6854c86af86eda5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2b93c5eaadfa6eba2241220ade0139bd

SHA1
e7d9a87ad60933a86034c1610ac686a0e559a0fb

SHA256
58c9f820f7953d60e7bdad0eb0475f4c901f976a8c58a47ea611493f5dc8aa8b

SHA512
8e4334b1b973bce8c261302c93debc5782ee8f4b882d17f86697754a6dfb050cb9a49c753d4add9f5128b734f7723a0b89e1eeffd81fbf3442f438faff5e29af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
16f847a9b0443c8e248f2a13886ea58f

SHA1
06991c020a754d53d8787ed4eba0b79c87602440

SHA256
83da4c2b04f30275f10328d2b4baee854b109ae315be50581022dba0bba7631a

SHA512
8bff93ecc8bef5dfb6c069114b64c6a8cefd2f847ed0b9809e89e2addeb5b8f4c4e3346139148e117c8530da1c07a2571ca741752676ad370234badc0d459d8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
dcd85636efaf1b5592e4785c39b28aa2

SHA1
2cd470cca033585db8c17ba3affc0a4662900288

SHA256
33ef6f2596afd4d81fd3933ccf612f8be0af73b67b4f1cf8575a6f76f441beb9

SHA512
77cd782e2634b49e88f5c71cddfde6066a7f08bc6b27aa9a4e5fad5b2536d4314f741a34719c017de23949cf6b11dcfb7fb975fe474a95781734f4fe4bc7bc8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8a8cf5e868639c0c2dac0b6361fd9fe9

SHA1
6eb2957c43fe46cd0a35e750187e6be1b13afd6e

SHA256
fb2655b6929dd0c6a6076ba9ac1ef710f67a101873119d418dec47c544c51038

SHA512
b67dc9a557c58875ed6aade945a4f07c32d356649352da5c2413b1ec4f6a74acbf7ff2cd77929b06db43697fa651ce505c946adf3791660c1cd4b8d188667c69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b86d7b8434c5db81c00aaf2d757bec77

SHA1
07a69449f7062dfc5af462ea6aa21e8b433f167c

SHA256
e8a0a726391006d429ff379b30faa39250684e7c403366a021549027fbeb2dcb

SHA512
a84b83b19101655cc0912598da3088b928b43a7c6610a41a5e7ee02c070a8dd4aa99e91c3195636fc3593f78f99924fef7e7df6f7d4c009ac22e736e36246840

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
ea81febc5cfdbddd2ab7134115363d52

SHA1
ce02cf9f4fd071ba805a4b8b54f6a45c835d557e

SHA256
6663508988fd924cb88cbb5dc253596b21ebcdfb51338cfd307124ef73929955

SHA512
7d195360ff449ab307d3df3372e9eb7d311f1fe2681089eff35595c90df4af63bfef12d8ac75ffa91ebaf19963101a16cb85fe96a905c12dc9b790dbf982bc14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9f6332254da06f061dbfabb80b30de41

SHA1
d20f932114b11db62d6deebcb242aa336e6f9bd9

SHA256
cad8513748c157f860aa0ed391497f655133f555c034f935a044a73909133682

SHA512
c3981090005b0af74a0adeec56b7fc93e43cc7c94c8bd2dae0c558812f24ef3b9aefd91367a067e4854ecbb0c7401cb3949b4222fdd3562897ca1457d820d14f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ece7825d5becfb1f5a1275d01e0ec089

SHA1
fc782738f64a05d4375e81228fcc8dec8f76ea8c

SHA256
3d5b31b6763af477a0abc7b4f809d7176121027f3d1405d0a1b7c074293c0f1d

SHA512
8c17f2037ce8e8baf32207dd328c2487732dcf723ae1151ca56a9c8ef8994f3b7d9a00e41b679ea7b691159f90a13e18ba86f8df204e525fa867d0a194a68c0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
ac60394f86bc7b1897da640cd61dd7c5

SHA1
3bcbf144de03ae1dc66c246ed91c1186ac9814fb

SHA256
61795269a1f0af857ca95bdabbd6a329fde4c2c881d1e962f519627547b741ec

SHA512
51cebf35ddf58cf23d92b8a3d7be2f8f175b7b9b4bd506fc1793af1dec2954ada18d3d12de98f715b36b07026f2121d63529ab7faa113775650ed37caaf9f562

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
f7fec0dde30de87e42bcfa07e45c498a

SHA1
61aeac5157d464dc968c7c24991c23b37c2e7fc0

SHA256
d372c28184dafe85564a6871e3f8dbc9845f33abcbae619ad905466d07f1cf53

SHA512
3e8d40bbe2bcf6445a705302d5b53f1c83c5af04c6d03c0869aa3adf7985e39dac3cb013583615495dab37c8ad47007e83b361895c73e6483e549d0450b69af5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53644611ef30391d1ab5cfba2da02ff2

SHA1
9c1d2358c7c9753867bd04f2b1d6770794a32411

SHA256
560017a4b8572f71127ef76e610389164a3b227f7a548199493f0d456545d271

SHA512
6a57d2681065b6b45ca793b5ad965db89dce0efc6d9e7e48264ed1569d02ff893c70a203578fb8c4e1c57fe98a7a6f43ca2799c7137494684538d41a4d857149

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a3b66855c55bf567f0694e2e9fd402a7

SHA1
6f69969858d1cd076590690d1924e3a5657d7d20

SHA256
febc02e733380c92230ac1eb6afac0814adf60c586d4fb752203d43cd99f276b

SHA512
2df62d7eda697d472b1df12ad4c6de484ee14952ce88f402e4edb7752e8075d16dfe41c223e0dbf3429bdc5aae8c451daebf03e797985bdea7080676f918f596

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8decd9d9cc30dae86c0d420a89f9456f

SHA1
dbacbc9442fbdf5d5bb18b8e95887bdbf8dfcf0e

SHA256
a89538af41af90afe5dca86fe9935b384557a8c7f476334b6af86f4b8de01863

SHA512
273e3d93a69595880ede433f54ea536483948d8d971d4657fd7db07636fd23d7e8d69df6498ccc4a0e3e59cd92d01692b0f985e5ee22a226fcc24578a1cd4ac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d2d67968a29fbfbf5ea6c0956c87f4b

SHA1
ffae191b5af8ed74d31919b76ee6508fbc6b94c0

SHA256
eb7baac8447238dad369a9a4cd4a0222ce09a99181acaafd47778609be31e132

SHA512
03a3f46a4b00342bd62284c9563407cb80d090452de0d2894a11794c5c4ab32f787870a84ee665ee858265c6074dc426055503cfdd023a5ef2d0adc5d1a4e2a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cb4d9dcd63ee90282859b71fd347432

SHA1
3c9f7e7e48cc6bfac25f3cf91c7875c6e22e34d0

SHA256
4ffd4e64d02cb08bd0c1dd08a31fe4aa57790f3a0b7b0f672af030242dd66008

SHA512
463d0eda8669632eb50cb1605eef18991cb61b22dd975816a6388db6befa2f1610dfde7ed95a8089178e0b313b3fcb6ad7465b03b8d8695d03749e2e560b633b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
352f486bf44e580d5431f8e393dc089b

SHA1
b04f2240b5dbc56cf98501a12c452844d100cde8

SHA256
1fc6556c4e719f4191701bb5b9262167a147d4c332f0c20d827b9866ebd0439c

SHA512
120fc1c8f968355a6213ef14a9ef6e75e470ee376a083b1fb684ce5cbdf0755a2576a82d54e9d3e960288cb294f300252d7be7b3f3ab270e7a27d56bdeeeca46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
be526abb62a1808896dd43ac1cc3ddee

SHA1
0087e032a3ca2960519035d86f019e041653cb40

SHA256
4d110598bd609c16b8c61aecfc1c221dc4a40c4f1cb911c2f055647886786b44

SHA512
d1e0cc6a7cd9541cd9ea86ce448233b167812d62b58514c5418eb36054de7aa5b824c8398fe837ef90eb90c940ef51f05defed1a54338dabe8f6b1bfd080fe99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7309b9000dd9671e27807f7a4db00711

SHA1
e9baac3017275af1e7ac82d75f088ed3e74c7cde

SHA256
2f18108fd3067559ed586117f42495eba9a5767925ad08b9d504b67302f0d6da

SHA512
12f0b82aff08056f20b974fee953a26f0cb320595519c542be9be582b3e0128bb01fa4729fe8f6b932649a7d1d2faa6196661bf7457d69a51695671794572ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
bf54b400a55b433e32b90affa77320c2

SHA1
5a389413f3ac36e532a2a6aad256ab0217c176f6

SHA256
8946b5f486ee1615622346e1f3550fa0661171e793c3e40c2a48b52d2d6ed1c4

SHA512
393aecf5c316b7cbf0184ff2d85bb217e0ca5b2ee0b41fe5adb2b2bdaf798ec755df06fd0c00edcfa46ddaddf1f6ce37a26446d5cd28a5fe1b3c6922ae011853

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
2db4517dc82572b7221e594121f94ac4

SHA1
1a732497485a034e93b04ef3764ea97b0992a8e2

SHA256
181b45a4a2c9ba9e6889ad570997c8f0120361a0215f3b41e8d2eefaafa9a42f

SHA512
f9fb200cc4459b2d2434ca42b54c4a20df01091196552f3d32bff01af7defd5e5e5777322eccd77d1445fc50825b3985984d8f586629c3c24ff0422d756de82c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
9484014b3935751dac7585230e0cbb47

SHA1
a4c17641568fc7d5385a988ff01ec571be6ff40d

SHA256
89b6b92b0dd2006ad34403b560ea6ac43ce4dec99f0c63187354e2fe39ecd6c6

SHA512
e718aedf912c59d05d9a83caa40d673e96d6e1703eed1ec58d36121f37fbc368bbdc33bc522de834564820c3932718e7c43246593a623bf7a1a7a2d0ff97e430

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
244KB

MD5
b2d3672f08bb91fdd1ccbb43432ebde5

SHA1
27786b77423edefb8a9003a03d9dbf90c90c714f

SHA256
e51edd419d9df9aa4f5138bff36d46f66ba99fa102d8d083ae41ed37c8886b42

SHA512
5a6e86acb30ac5b748c59ab3820e9c2091cf3c9dc46b4d5fa8ee59916009887c1585a7f9f564117992c68d0831d1a98603d019f8286d27336e6788419e3ffccc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
38e238db872b03f6606b3eca6ca21f27

SHA1
9dfd903acfc3362945f075606dc62dd784a48fed

SHA256
7dd6fd057b87a74ea159d29c59d6d2f55e35fd281cbad839bf6924be8f150cd5

SHA512
1674336fd651a86466269a16958efed6ca6c7f81ceeec885bc047a72550d1b1711c79c4f8dc6dcdf76e07dea7911910818e5700d74aeb685f7e8a8c335bf4756

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a64b41942a6ff6274b9e25d9f0cd5ab

SHA1
9e6be20094160e4a9647da540404b294bd1ed5b0

SHA256
64e8c07f5cacc848588e3c10b1800fc2998ab7471f0c467f19c54f352c598f5b

SHA512
8d222064ef4fcaf93566ac6e9167b63d2b088d00ea27e4ea0feeb502dfd0d83e332af336b52d5882db74dfca81cd63dd3bbf66730943cf3b6320b145a4c4479d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
adc2b613cea1e899c8399c874880d938

SHA1
7c85ec4838714e82f870fa3bb63f42f51211e052

SHA256
099ff682484e5f5e8a12a7c6c49449568ecc4c96d52333ba781255259d313dfa

SHA512
fb296d43493b192bd285fad78ba47c89a9cbf97886be3e45b50985f5561c25ce5b8aaa8975a0d4c8fb66c310188686cd115c252a29441b58e9ad8347126e1d68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7fb0955b2f0e94f2388484f98deb88f4

SHA1
ab2363d95af3445a00981e78e6b6f0b860aade14

SHA256
a7c4cb739d577bfc41583a2dbf6e94ae41741c4529fe2d0443cd1dabefef8d15

SHA512
c9b6b6de78fb78c11b88860cd6c922d11717f5cf7477f602f197531aea114270c2b7111f66d96f60c3a9317fbf203fd26222e81d2d0eb70ad6515f5af1277edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
28KB

MD5
a0accabe047e77519330a2ae010ae161

SHA1
7d4f2fd1bcbedd986b7b1fc42a00459d0ce457f7

SHA256
36f3da9486e1a088f88a4a61af7c87d1d7e561cc79882b5d359cac235f121c4a

SHA512
9131a74fbffa0a89254de0004edb141eda82ab488d3224e8cf5f0f36a919301b8c1a352ab56b04812a5e05d46c328ce7f16eab44d9e3297b681214eb96a62d9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
67KB

MD5
b91b936984023e0d3797795e8bd32233

SHA1
abf85888a4858985c185fcd94070732edda1883f

SHA256
2ba11141e52658133650e02dbc571532c64fdd22c88664bd6ac30b6b78fd58f0

SHA512
c2e2aa0184489cd88147290fbea5338216b5d245f4c4c9e1473868490762b9013f64d5c0834d7de0e5a710b4f85d3493a6d798a4939d3642101303969a530002

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
18KB

MD5
0cc2b4c0ffd1ca29b03fa602a5b5da22

SHA1
fe921f4769e9e10628dcbc8cf1609de89c3de687

SHA256
8c0235d01060bbf35dfe7daf330267dc09340b833592f10223147348e2673160

SHA512
3ed05e0aa061c4f1e80d4fb95ef60f6917808f625bd00a7556daa70dab70066c584e5c545e93ec143939ba9cc92436af6b538a6184edd5294325c590f33d8371

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
16KB

MD5
eae1b8974ff804540136c66f6bdb9767

SHA1
0d6960b51702c20d7ac8944f509074735421ad1e

SHA256
23bdef33fc1d8b2e7f69e2352f51774755042ac2206dcba0e373bd5f7bc3ef06

SHA512
9db275f37bf215e21e6937e8823282cde99c6ea1915d5fe967667ddb9cc0dcf3b1e0228d23e1544d49118af522c478d3123a71bf19fe04c94dc9cafbe153cd6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
29KB

MD5
cf776b128a74f76a26e70ddd68b46b61

SHA1
24c15fb603cd4028483a5efb1aecb5a78b004a97

SHA256
346cbe6774bf3bf9f3a5aacf287f859103045b0dcd4a32839b00be9f391259fc

SHA512
20751f34d1a3a63e580581d36902928c7780dde70fafa75b87e406965f2dde501b9821cd45c824584d1ece21566eb5fa501d1effdfafff0b2e27ec806bce8f32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
31KB

MD5
c846403819b57d4cf94cb1275a286db2

SHA1
116a902bfc9839f98ffb580db2bbe67328561075

SHA256
2adf9f48113d062efa5ba42c87b7f8ce6fee0d15e05ce609895a4037afdce722

SHA512
7efdff434bc625230106d626e372f4feee3c44fc45c7087d97b070e236b0a655ddf773f6d8b3725896b25c5cd07952694d8530056dd97fe20c79ce74ddf20f08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
36KB

MD5
28afe735c8cf73a6c88376fbd85508c1

SHA1
34fdee7096fb2cb28594ce2d5ff63e41f09c22cd

SHA256
22de5e30581bae29ba36f0a045e9901d996880838619b2af86d16a9a2c055111

SHA512
4b64d34859ebd25287e5d15ad2e622abe7222c38200f34f9e46b6e0673982a6f7384cba8353fcfe55f4ce7370f0ac4fd6126f4acfc5d42c7ddb0ca306dfad250

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
16KB

MD5
9b9927675fb8ccaa88ee50e3fccefa02

SHA1
5f93647b57d1d5238393dfe0b81eace25a1a2730

SHA256
fcadb52a7d006118c0c9d78ac8039ca5fd413af3d2698ba38a378d444d38faec

SHA512
5f17cbe694fda37474fe73a783017b68a94cd15b2dbc6c6c1971bee9f80250960e93be24b18457ad7a18d2fc57329d3e36c7505a2ee04452539eae02352265a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
18KB

MD5
3c648f44d0ff418a1707b84092cb2ebf

SHA1
75c752bae6c9a07709e8dc9c259ef621bd7582f7

SHA256
6aaf50c0734dd24a935fe8ef694683536433894bfd98c76dcbfc2a7aadf9f3ff

SHA512
e7d8cb9ab252238156628d4d83195d1058b54d430923e566e505670216543262471f0d74f4394af1f6226a31ff54fc8bb9a02a3024d9095783c1810ee2994af4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
17KB

MD5
9c8a9203615cffa0232533b2c5e7086f

SHA1
1f665d0207fc41ba71e12b52f11d576600d157aa

SHA256
9d91023bc598b5be8090b16297e7a2aa16634fe97d65e14c41f5ed68a81f059c

SHA512
8dcc0cff69e9c677f8a3be06b6cf8a1c018eacde129bd819fd8aa6eb25ab49199875ec1599e60ed5fb303257103543382abbda4ccc774b8e278802c5aa63b0a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
18KB

MD5
65d869d7b1b9241a5ecb736480ea0099

SHA1
9e666205e197c64d194f17ae24c64781a867b82f

SHA256
1b8e55abecce9c174212af5c27b2100450dc73831b081e45f227b73c57f4d23a

SHA512
a3fd7c95fc08afa8cbe8f961d3621243508c9a775219b0f71b9f8fd1ff6d937d849903168d3cf33afd015d1e12672eafdfd91b5dd83c2a9e37b086e253ca4d83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c

Filesize
16KB

MD5
3330228f9c5b6d1ef0865678f384c743

SHA1
00a112f76975da609694db4c7f76754a49e32d91

SHA256
76dbe8075081327d7a689b0b01ad83e706e0d1f1ad632600bc115d53dc818627

SHA512
202c1354ef3606056294d828f6a20dd68efe1190945ef58055ec8f95fd183a2ef52989489c43826089f5957be4a67483b662423de7e86bc4436acf3383db7dd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
22KB

MD5
a78f8eee71e740751ca43ace82a383dc

SHA1
9e82dafd9a75fa569f8bca07c8f860234842beff

SHA256
d2f8c1cd498896c5bcba95d2fa363be6b6f6d80e025ae17b588e9384f4455c25

SHA512
d03dfa506d17108749e3ed3fe43abcf58f166594f86570aa73e38b07fa5b46a959897d7cafdf0f06ea25526a6275ebab45d10ebc58dc5f640f2d9f5f893b93f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
17KB

MD5
36df074fb2c76cf0680ef4e29cab31cb

SHA1
2d66864d035a13413a94ca6410a4ee8d4e16e2fd

SHA256
9d9dbe681ef0d43cade60284316c4d9dad132cebbeb5f8ea86350039c771089a

SHA512
15a099247983cf1a4831a01a285c09f9efdabd4bec14df265ec0c97d2244617c07052b5af386dc936c5d3762b4a0fd1b2b338faf255915e5ce84dda80a1ab695

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
22KB

MD5
5eb757f7cbdb8e9e8a7d605758c4ad9a

SHA1
9138e88f8c908ad92c7c3d786a77b534660081ff

SHA256
281365dfd74652edd3379f4f7551ff037c2860a22c24b0dca2851974480eca4b

SHA512
3e1b299b96df01849c0e891839947d5ebccf67f6b5bbbcfe60ea168ce77301a61f44feae3b3eb7954fae78d5cce630834594306aa3a3512caaf250b83f03b045

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
16KB

MD5
b2f7173d1eff5f8e2f559555315553b8

SHA1
570d2aa8850178dd021354d44e3e1dabc8ec6188

SHA256
58041c0c60d537396b98fc079940c41160d53462c11ac3fdab4f45cd47c44d35

SHA512
eb52b9a16d1ae07bc55fe692c16a49bd8ad8d5325a09b3a92ed11d3d6fbb044067df548a95ed53f25f36912e08a8fb6bc2d93211bd3288a3f05eac2603fda523

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
16KB

MD5
d5704feac10ee2bd25398c5a32a09605

SHA1
26e1bb66fa687f5bd2fc96288478cd56adeed19a

SHA256
7a014bd6db43b64fbe0f7ff63171f275d71150a39eb36a5ec2a252af7a10205e

SHA512
18978c64dfaf5a48da390c8a5c4005fb7f43eba8b0fa0c0768137b8425ccb40ae5710b3f5d76624241d9e19c5f18ba25f4a37d222e7a3bb64e760eadc1cd8f24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
21KB

MD5
c2b143a6167139987e8fd43acda15390

SHA1
b3c98d79426daa3756f26743539201e92d0e7dc5

SHA256
316fc06b175ad98fb6ec05e77c7a998a4e3d37943fbcc256470d037fef7dab10

SHA512
c1ca50920f6b281a7562438d6f7586b49ad037944d8fae7298853d3f04b2d9d41b19db08708c5bd381700b026ef142ff1de473ecaf4dfd71b84306ef9161cd96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
19KB

MD5
fe1e8436627a12114e5071a1c53e97ea

SHA1
09ab15b8de441ad03b473bcb50666f152242e92f

SHA256
9d5003468eb758271751e37597076c87ef8d6b5c06cab527c9b024fcac64df81

SHA512
d8decfd527883d6f61d21f535a58758e7a46d18845a3766376801b601ec76c7bd251d84bc4e09700c7c9fab8c839ace6f8d9a0f66e1adb6de3ce317e965b1689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
19KB

MD5
f7af4145d06e2a96522016e55b90ae84

SHA1
d1db2c9343edaf2c3a00a05151bd9f03dd893b1a

SHA256
6dc2d40c676b9331835e07e76dc2b6a7097b35abd04c91b04b133a93a10d1bc5

SHA512
c325a560c8e4357b10a6a5da1f9b988acb7aca533c1a093d20716c9ff4c8c6894a4c85566eb29b93233a097f310eaf47b76eef1de49b21fa4ceb602eac094af5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
18KB

MD5
c4345ff38a5093fbc9155abbae675954

SHA1
5174d7a38e6bfcf4ca45807621569dc7ca328d10

SHA256
363e26a85f2f7fe3222432ff903a47de2a08c024961b3f80d1f1aea9b3c4934d

SHA512
292736ce2c9c910ea6961566720b21df7244f81ab7ef6269c7ee8142d1e74bc586762db9c68404305f7fb09abd086f8da3fee4b98340f706ed8e43b011fabaa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
19KB

MD5
4e59d23b51bddd045c5fe3cf807bde13

SHA1
25480c62140552301bfff1283c8de86329cd685d

SHA256
2b565187c03a2e62b76ddd2bcee5664167e64f5ba829e01970e1c74c7b68f2ae

SHA512
6fd7079c149d9fb104319fb4057e0c05b22b8a3816508250d585a169c94f71674fc448270d7e8479cb8df4e261550244556597b52534a4947c42187acacc1e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
19KB

MD5
21459672b05dff67545979c3c8257101

SHA1
8136b50d28063ddd2aee075efcd774f033dd3ac0

SHA256
b105499ac4fddc1e599787adf16f23b30f00d0e0fbe50c105cfb91f4be3fa5fe

SHA512
bb7bb47d7fb3c8d041b385e4958ee001025e4fec544729b0339b31237dbe388763222773ba37f9a68314383dc85f54fc5ce254d229ce067d60c4d72035862b9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
16KB

MD5
5235eea33972e2c2c7c9f0a8c7582343

SHA1
127858d50f71c65536e2f2f5b77a3855d1b65949

SHA256
1ac1f70afa83b80b75dee978be10042f76f6e3886bfaddb3f8849ea85db058a3

SHA512
61afa020598ad04c430835b73458ba2c608357faf61b2900f490238280964fa3af2a9cf5652aa131c1d7c41994af50770a7ea42a536138a3cf74b9bdbe29c39a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
20KB

MD5
fe3db333b0bbae5de87f11a429721887

SHA1
c2327db125dbf7fcaaad9cfaeb4476b2ae79e05c

SHA256
43468beb74be852bec95150b355b7bac5dcc3340d405f6e9e781547c56f2a1ef

SHA512
d7081367242d30c74e6b73d4217ede1955cd55592a77ccb18adc687d0cf9a48f89ace7c9b2a05b86241a8552e1a4f39a2f31f067023b79909a416e6d2d3f6544

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000026

Filesize
22KB

MD5
7ccd92de658a6af8d1869ef564e46e67

SHA1
5594d0a37a0c86d72df7acde47db39bbec3d0a5e

SHA256
c5cca56ee747258a4ca0a9f974eff2d12e13550c9ddb5ec0b57ef478174d3fe8

SHA512
cb77c7822139e6f6e44466e654ff805607665e85c29d23b7040f7728b79e8f8342ee4b87a4f1565b3688a4f5628c55eaedfdfe7d255e148cc8f524e3b4df6144

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
96KB

MD5
af645cf2d3398883b164398c483a16f1

SHA1
cd18af39ea4872087f591de5c4cbf33228ae4d13

SHA256
4e6077d346d930e172cae4a4d3d713be7dd9a649990182c2dd9247840eef4d44

SHA512
4fa4fd86ba1c18a29f9989774c97d87fda114421c2a0219e725309093d659307ff46c64c9f693b2f5b8a8e63814c5f43505c57772bda68d40e51354dbb4451f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
18KB

MD5
3bdeb609e7269000d36beab67f497cd3

SHA1
22e3a2fb14f61aa691b9d5668176dc827212a0e9

SHA256
4be54c56aa82944619763275ee8e3e98635568b3dce3ac95d48564dfdc979d9a

SHA512
ff57b5879baef4c894f7ec230fafaf359364f1b234bc32195246ea81bedcc8e234f17db3072ff56dd1a7283efaed3bc6efa5287bf4e830e19f0c3c585d1f2279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002b

Filesize
18KB

MD5
2e719e77a1bee0b6b68c08234d4cd055

SHA1
d094bbaee836df2e052cd66a52764cb2550fef77

SHA256
b94981cd08380f660fbf49ec1308819eb62b149381019ac64a06bc1c3adaba68

SHA512
26ced9ded89eff968baff6d7da7a334f1f5ad0c754478130e2ad5500a1d7284d323e1ebd7f213b5790bc48e2ecde49cded7a27e9574aa0ecb8f59bfd95418d7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
28KB

MD5
52b7a709dd04c135a69a9d4fd9919c38

SHA1
be8c239f45455e40441df5d8dc77925eeca7804a

SHA256
533c29f62c9ab4e75deb8845f75f8e3541fcbc0d16a6ac0d5b795180f49f56fe

SHA512
1f7cea2e0377d6781805bdfae6b8f4556fe824c2b49867c990dad7f94679d8e2812ee26d49d8f5b293b34e4525d66e0898a16f741422efd5c87a0fd473dbc967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e

Filesize
19KB

MD5
7be15870bb1c51ccf8dbde762ae9c231

SHA1
b5ed7352a3b1daa622c694545d1d8a0069c94ecf

SHA256
191440131d7a1d207dcb52dcb42dddd140d21ff7d0d35cd41e572ff7d28e42a6

SHA512
dc81a13bbd4b2ee6aefa58d22440a3288466be55031c4882b1ec3678dff5e370e604f497444bcbb8560f5b90c7751a0cc669e6bbeca1a0c5af8c965e8d77b0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
115KB

MD5
e585da26bec6294dd431f347fafd3443

SHA1
b9f1212d8e0d5afdee07f7d0d36994cd478369c2

SHA256
7c4dbc6f579e384c8bf07b59ae59a710fe1cc7a58a0823e7a6731749229310d2

SHA512
d2b6e748ca29661fc2fb28c2d4f5f07cdaa56d0732e8f5bbfc4ec7626246d90c449e508afd81c70448be4928c934859cb024ef2988855ee7df917011b49eb63d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003d

Filesize
18KB

MD5
582d9005b2b89bb91b9609269d91f8ee

SHA1
bc37e3ecf3602c091ddbd17354967b974c936586

SHA256
ef15b6f75cbf4774a5a9b51fe7e3c89070b7c39da5c08b29b1b58b7420390323

SHA512
02d2a68c0e57c7be88046ca5f7c76abf593526d1796cd53088a899e96688e41b3fc5fd66f8feeb27e820604facfd134c7958df7ad63b0d463edab646896ba0a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004b

Filesize
32KB

MD5
07ae235c818ccda5ac3a3f7be3da092b

SHA1
a1f59b3cbcaef11e259fea1fc45a5800a894848d

SHA256
150c6d088caca74e4096ec0de1ae3629fff3ce2956051f8f3dae36e7b9b8e63d

SHA512
c2035fcd3d98527f93e0b9dbf71c18f13a7286c1e3665a92855aa10d516b753ace6c009d771df0e7f110f344fc4fa0b52a44ee6f44facd78a32ebad55c709f75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0996dcd30d1a570c_0

Filesize
12KB

MD5
afdc2b61a749c26de5da75dec3625874

SHA1
6f462ba65725eca69492ea111dfb988fb7ea8ce8

SHA256
a1d7718c3a4cb7309ac577096ea48d7bc041c6c8726dfe1d059f3fbd32803b8a

SHA512
4526e06cd40a55b3848440e76de0cf719d6ca17cbdbc6f54ba17c7b3d53dc9ee2fca6ebd516c8ce2de1208d6e01d7827867fdad8bf730447fd040ee7aa8f8c3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\52029e64271474f1_0

Filesize
11KB

MD5
33b02a5e01592fb0e9fd0fa8855f6740

SHA1
e56638e8748881b7dcc4a744161189b741a0ff18

SHA256
ed79d8b40f00d779934ab9b7dd6af7553ec2982ec45dd0c3cdd4d7e678c60000

SHA512
f25fb143566cfbadf014c662750bbfa03029046465310b2af751ba09225837ce46b6442dd0f650b2a921c8640bc377de9159c25c694414a5cfa4592d7e81d9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794a28efef760392_0

Filesize
1KB

MD5
00873b5245019289cf80b41c6bff5bc0

SHA1
aeb06b084b41bb8337c462caf91c5d19ef8f6e4d

SHA256
78c0ddf406e7da74634c72fc236c2fccfa48266106bac763749f768a3c20c486

SHA512
e4be37e17401a3c4a954e08bf41cce20cdfd7dc95895e84ec62148466b3b6ef43c296b18b26886e581389b89c667f6c2bdcb4c94c821cbe1910a3cb9ffa3642d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f878c7420b45bb8_0

Filesize
30KB

MD5
b657de1b4fcce939cc3ed74b8eac19ec

SHA1
74f413c02fdf9092aa40f4ba000c3392b970afbe

SHA256
b4fbb50f1614daf326bdb200594b7dad06b9153477b2a6519678345fe66a8000

SHA512
33fc872d0e8634847055ff2ce1d307e98665f93f07ed07c49732eb188ab83e7d0a6df8e0a4c67f9851aba30aa57f9075fd88d4e1fb2e27e305939476c52dc08b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a10a720a1bb4ca6a_0

Filesize
61KB

MD5
6bee5215bceec604d6c00e4a16fc7fc2

SHA1
84d8cc363d37e9b072e4871277611f8475c87443

SHA256
1fd4d8d85207eeca5d067d1b7d1aa6a95a1dff24909bed985ff7cdee74898621

SHA512
416c415d52d63c5e05b7498cb1b39032434544affd7b75e5a159e026c2199f9ef3e655a9207b09617823a76cb08f4ed816749bbde561fed2d1d636a83ba93bdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c2bf824c7bbbe775_0

Filesize
1KB

MD5
c815094cea8b9d95d281f2001a4e1b8c

SHA1
881a173af28433dd6dee6fa45e4c8984764d3040

SHA256
5c41eabd843b74d3c296fca4acb7f0d3a13bbdda2c6760108f41c82e00858a38

SHA512
6809c31859b3431d4fa859113f351d602ae228a7b3653329ebade941192f531aed891309f621fca615652c9686c1adbdb7a0c1a06620fc13a91861d394dd24cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\dea592c408b77dde_0

Filesize
26KB

MD5
fe2c96945e95905ee3d8cdf144d99a46

SHA1
a37c3a09b775bfc0c641591195fba96bd3628856

SHA256
b3d9d647e69d945db091a32e289f43be8f5895f1cc0c0f4c4a6122a3800485f8

SHA512
8cfa581510c13a53ca73459485e15f210155ec20a05a409f6b5ca8d796bfafe66cc8319eae40601dfaea9017a6f0bd29bd36dfb29d0ea3b721e7ff2e63632cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
f01d5195d1cef42ab250a18243900448

SHA1
c77e9e328838cfdb31f667070234d79eab05a45a

SHA256
36a0b7bca2c1376a8a4d6e848f1275db2b45f56f655c56df6faf22511d0c5042

SHA512
5ca4b481ef8674d1a2f9a2945bab3cd83e7f41129c0253f470f28b876ee543c0ad77beec334d4261edf269037d9acb6d5c20310a87452404e45cbbfbcacd62eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
edd74813fb5147438226518e2cd52177

SHA1
5353c2b1687b55f78817cb783c13bd2298061e96

SHA256
db2d8cfa5078a83fadd05fea3f6bfa889f0b4e4bc7c956868ab5bc523a410a29

SHA512
51d66f136b86fc0a9c6e4ca010c3694a9f5f8e125a998fd7807fac7c97e6acd3eea2f5051946abb24e743c548e7e221866bd803fa6e97291212644c88dc65add

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\Origins\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
4cb20099369ebc08ce1eba55d0db83f0

SHA1
052a97dd664596f6d80cad4307b9040ba4602dd1

SHA256
4741ef54a16592f1c6a499063bae214fe2531671600be28ce25b81b019fdfa94

SHA512
025efca758fdbd281443504a95b189fe89aa2a4e927c98a788bf88cef7dafb9f7d74a3099b4299d35e02ba4553796e60078680d959c70bc00abb27abc30072d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e1e379fd4e4c4b031e9536e8eed8b35d

SHA1
61f522cfac9a07b0eeb55e851fbb86943805c54a

SHA256
dc75c2e59ecc99d2b6ae9f03960bb116fd09756f6c37a9efe92a2d87f20c8b6b

SHA512
7b1d6b2cb5252a747008e24fdbd59768866e228384a8d00d5f24e935b89bd03334dda5f3d4ae4dfd6a773c39eac6d7cbedf362c5a0d81372df9723dfa9cea21b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b55cc1c45d2813ed7c2c7cf783be4f1a

SHA1
84541f227bb3813338acc44f7d28cf848336d27f

SHA256
0642ee09f2280a32d6c742f8238b75a99c4021c2191f35b973fdb9c5efb0424d

SHA512
30003894cdd48d2aebd15ee6f33533e8bd09942ef7bb85bb82e7f0bf96cfe5c563dc635511ee6c03b360d210bbd76e8d118dd41f2a9fb92bcca115d5899cf69a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
48ac447b5eb1069b07e34734246a5eee

SHA1
3bace2806aefe815e652897c840b5b98c088e026

SHA256
d8631ef271ca300e807035a1b3671269de1533db7b2c4649bb97bf99894a7ff5

SHA512
a977a354c277a768d04035c7bdf880ae59574cf611de169e5538612a5b6624b681d9b9e3d2252e2dbb903edb1aebc4da03580cef0f4fbf3c28823c9b1e7e9df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
04edc022c2d498bae7f4d67a671f0b28

SHA1
fca7999b3aba763efe9834f0539dedef2902f646

SHA256
6c40cfba851466bbb416de1411d161af6f36acc1c11c7be9032df79cb9681c7b

SHA512
457cfbccc2308c78e04e1ab093f3e3f6fe6722a93ae148bf60c599415b443d34110af8ddc6dfc9bcafb6ea464fe50f3593e90216ad94de4850248fab1f8287f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d56732190e957441d563c0eb0cbc15db

SHA1
bd854101f79a90ea0aebd3b23821709c8d648018

SHA256
7ae7f48dc4a0f1c53cd7789e757d8815cedaaa49499cf12fb6db778d1a629e15

SHA512
c4287abac7bedce42d6a88eee1e4c09508c55641e4c5f2b7cedfca99916bbcbfc2e7550416965132c3fee107a45b753c0903eb1c2d2480c39f0670fc96557f84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8760f10880a6d1f74eb195d8cfefcd67

SHA1
1b49d9d3d5df43709a424366573abd2710b4467a

SHA256
80ba455569e63f4610f048c28e41711fdbd8f3938cd9f84a36c3b87435d73ac6

SHA512
c5506d0d8e524191d427a6a016675ef3aa26077eb00ba2c49bdc66149e1d20e7c61f2ff9267c5792906695b6957b3f7e9401c50ba8c63eb7943786724cc0bace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
2627e6345730a6a479da30c0883d24a5

SHA1
7442a41a25fcc5415e1609b647c6e414a32c7b99

SHA256
640a5e5b62d5e5ce53f120e2238d95d61f09b45d0d4035fcedc0f452c431b26d

SHA512
1cd1044e89ebd307c088b4ebe587d41dee3b6dfcb10fc4f70f95819fc9b1f98132b9715cf1bce76d5f15d97802e85776f2ae6bfb293c4d033e661e5d34354d28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
168B

MD5
46a74e90dcd973a3fb4502bd1241e1ae

SHA1
17ba57c958747e32e498a97e0782fdd44b3be5f1

SHA256
7d028c43417fbd2c231c7b0ddedec01d950e3ddb58a886764a44de84a017b819

SHA512
7a495ea1a04444726c7d7ba4abc699dd972fc92eb9e4ee8df1c393b1406b0f250b36a4ee86d78029e2ce57afc5d9a8f798d3140d64c93389a7bbfbe78495e91f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f8f6.TMP

Filesize
48B

MD5
2e0ed75810e169f0ffba247d61250b3c

SHA1
dd5a6afb219ae7f521864c8b0124b3a62e144de0

SHA256
26382296237aff111ab51ba162d49d62e0d7f072e1258dfd6a432fce2518065d

SHA512
c170ae3ef885207e3c95c3828b9250868038fcafb39632e9a37a22ed8f90c958ed95216646e159fdbeb77cb3ae70cab2f8b48378db81743550ce9fa4368521ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
9aa4407266a38ccb8329fdb55c63d3b9

SHA1
8b665c2c4b72b255d2e293034f29a80e54d63d56

SHA256
9d5230448e23a38cd731591f160155767b8696ce101531e9e4b9177445b19b32

SHA512
9dc76d0aef0eeb28de2ccf8028fb38178fbe5bcec215d8b46ac7e13cb923bf4818c0c325a18c03d04cca68de5b772c65bc2740e4684504fffb6afa6b1690b1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
537B

MD5
446e0c7b86bbb1393ec0293a786cc555

SHA1
035fa24890699d020b0377935c60acda10aa9a5c

SHA256
2125c3f1794b4f348f8c55142d6b3a63e805b30916d914459cd9b56effc82c55

SHA512
d1e70d6a85ad0b1840a3cb5504aef70ba715ff31ced62cfe76c0a45fd51bbf09cd51694e50f7abf805b716753fc1680911ae00b10499e117e86bb17cd8069eac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57faac.TMP

Filesize
370B

MD5
9f79f6a98f19c611da826c1a4f47ae20

SHA1
24184cf50fc2b238b1e69cd57a7b67443b3ee304

SHA256
daddac77b8a4dd574615330ba87625566930644b959e30756cd8c158a56b4a1a

SHA512
8988a4b16c3d8e00f9dc44e3fbb96aaaa016410b503d47ef940d5681ca97ece6b04f7788f99d66326536a9ea43840ca5b3b8ecbc2f29bf7faeb4e50aeed8d759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
ca9eeab93c00eb9006981e7f855fea48

SHA1
a8f8994f931ec0985e9c572c40a938fd5938b556

SHA256
eaae00ce54e3f2e5acd7563bdc9f24954ca9f3504955710ccd34bedd7fc72c3e

SHA512
5949abaec7a61e35fd7791ef5e2cce62b8e97290a1a22a73fe7891b501fe605539dd4fb46113aee4167e635710e8c533e8e59a12908873389b5b293222a18161

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
0e408de071dfc0c69eaed16632c2ae7e

SHA1
a853642d05edd5b5d2e25f983012632c05ea5276

SHA256
1c46b0333bedbc47cd3f6785ed2e23c831d5d462600f5cefb8942e4a64d114c8

SHA512
c286daf92120d6ab5e7d419194cc6ff447049eba5f7a2ceee8bc0afa9c6ea9550e97f82755c345556cf471c611f703f246a512d044f3de2ddae1b3553ddb27eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
e2de37dcfe3f10dfaa457688554bb0b7

SHA1
f88e64530cd8fa40284a37e797acbff01e2031fe

SHA256
0d0c1a55c36b7eb43c062e324eeb7e6018e9f21aea655712f6cdece52c533c1f

SHA512
57f1af42d7f55324074e227a5cc83a53bd523762b0aed9b0494468d4e5035b2ac4ab211781e7ef2afd312bb5dff57e546dc9b99b4606d9db8518ffc6939f7024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
2KB

MD5
402c6144281e439585f5795dbc6d0eb9

SHA1
8ae577d8f0d8bd8e228fc06d7914e41d86d78a47

SHA256
6c05fb3e7d8af092fbc0f2e9cb79edc409606f8b2e90e3d2fc35fbd0c5b79a59

SHA512
0403c2e2c12a81a9f74110591c7236d5aee66989607acc2ee287a9c5c6b1bd5d02622a0f9e8fb0091546fa172ba27d612a8fbdf4f6313a48ad44e4d33b22e9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings

Filesize
81B

MD5
f222079e71469c4d129b335b7c91355e

SHA1
0056c3003874efef229a5875742559c8c59887dc

SHA256
e713c1b13a849d759ebaa6256773f4f1d6dfc0c6a4247edaa726e0206ecacb00

SHA512
e5a49275e056b6628709cf6509a5f33f8d1d1e93125eaa6ec1c7f51be589fd3d8ea7a59b9639db586d76a994ad3dc452c7826e4ac0c8c689dd67ff90e33f0b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\edgeSettings_2.0-2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

Filesize
126KB

MD5
6698422bea0359f6d385a4d059c47301

SHA1
b1107d1f8cc1ef600531ed87cea1c41b7be474f6

SHA256
2f9188b68640dbf72295f9083a21d674a314721ef06f82db281cbcb052ff8ec1

SHA512
d0cdb3fa21e03f950dbe732832e0939a4c57edc3b82adb7a556ebd3a81d219431a440357654dfea94d415ba00fd7dcbd76f49287d85978d12c224cbfa8c1ad8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\remote\topTraffic

Filesize
29B

MD5
52e2839549e67ce774547c9f07740500

SHA1
b172e16d7756483df0ca0a8d4f7640dd5d557201

SHA256
f81b7b9ce24f5a2b94182e817037b5f1089dc764bc7e55a9b0a6227a7e121f32

SHA512
d80e7351e4d83463255c002d3fdce7e5274177c24c4c728d7b7932d0be3ebcfeb68e1e65697ed5e162e1b423bb8cdfa0864981c4b466d6ad8b5e724d84b4203b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\e60c7602-e5cb-4510-a020-b8461de5de71.tmp

Filesize
10KB

MD5
6c07d168e168c3d5539d1bc5c63cd1e3

SHA1
44be1739857db46854bc1197265ff91caf56f032

SHA256
d4f3d6e17c7fe5a8c23f563290f29d365d45e9a4276af42bfe41048992cb2976

SHA512
6f09acb53372b062942a04c31b9ee9e4b4030f38247047aedc3acb4d87e046eaa33661e4e925d799c0415f83928e7fa78c128df51c70c297b01c729a89dd58e9

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir6824_438832417\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7moxhto6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
21b398ffb2e0942c4a2c61d6107df957

SHA1
f81f4acb724c988f8ce2f8055c7a4d9fa627ecba

SHA256
a3068a2d521ed7663fad118bf81023b8045af86c0d029e29336d356e0833ba69

SHA512
140275247fb3b1781864ece2e5c73b732d20e878cc5914854d97607d8c7cc6ffd1d40d45d083d712b20a95159576c47c2da98a1ee34cad84df6cf7d800554111

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7moxhto6.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
56aabd4520b4ebf73375336384353314

SHA1
3c3b6ae0fd8c5b2ce2f590f3b64682c9d3cd1f97

SHA256
63e2d15d726c5b8631e7d11fbbe61ef61e678adb580663f7b9ee33ce75e91c42

SHA512
b6ea030e09eaacc3d94c22d3cb1fdd1f2ad0516e2730a8a97d87ed013b3be5d02feb99dcdf4faef9875705e81c90a013dd0ee7081dc947dd71b5d428cbca899c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7moxhto6.default-release\datareporting\glean\pending_pings\240215f1-67ab-4ca8-9363-afbbadfc204e

Filesize
716B

MD5
d040ba0cf196d88e58692e1f7e6635f6

SHA1
9eff40fba095ec8453c8255a9e59455838882a09

SHA256
ff060d708b053eee946fd0c6949954fd6b7bed83b83413275a356ca4dc57589d

SHA512
fa0bb9be90e913cfb188eaf3762e247fb29abacb89ef51c46d92db037fcd4cbf82a28dfebe08080d82d7f313b63c0df821e7e80c1799644039f33b813b450188

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7moxhto6.default-release\datareporting\glean\pending_pings\daa8fac6-9473-4126-8f37-6b5c11cf5b2c

Filesize
982B

MD5
535fad068786c9872a469a7dced7e2e4

SHA1
36933b9c2e93f80731bb04ee7b72cdf2b557f797

SHA256
c72d4e9b27d6146b76deeece0168b35bb717b9ccc46a96f4602faa385498b8b8

SHA512
374663e8f9d61fa51b3aa62c296dd2cb9d09067186f688ac025676813071c36e3a61a8582c334551cbcaec570afafdba67154ea7476c0d73941275fd5f553d32

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7moxhto6.default-release\datareporting\glean\pending_pings\dc9f59a5-0297-4cb3-8d58-17d9d2eb60ad

Filesize
5KB

MD5
892705931b1975ddac11cefbb91ddebd

SHA1
ba687d7bb196335a16ac6559d3c31caa8efba80e

SHA256
1a1fece705b7a0aaae54ec76c2790c2648ead8a2196b9499e880955f43ad2dc5

SHA512
5da5e8685eb98603d6649e5ff04ce50866e5ca8a7652263e8b66a0c58a3f4eb0acbdfecdac7966d2b9e0dfdebd95fd9ed6477c33d4a4155088571c26f84ab734

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7moxhto6.default-release\datareporting\glean\pending_pings\fc045d5a-120f-40fd-b2e4-042566e73b62

Filesize
26KB

MD5
247344ac211d34a3e71bd960c72de6e8

SHA1
65cb3ce759685c4e865e4b97058a85108e2d1f0d

SHA256
5e7866a724d6973c377997e5e57a7d5a7e2357f404ee7ed203db250d9371f5af

SHA512
5093193bc355a572e566ca5909c2bebd309ce767eb46e3668e60ed67e01e2e6adb16e0a6a1646f9d08d3bb6ba71762a64313c6f51a7a3b4f9b0be952b0684618

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7moxhto6.default-release\prefs-1.js

Filesize
9KB

MD5
430921e138c1328bf3a10c8ee7309e31

SHA1
7d2897b653c121021e7911d1606f010c50b22086

SHA256
641e6aa05b76e959ef4348c6efa858f297172b83d0ccba06a7e0fcacb62ee3cd

SHA512
cf2f66fcecd701abfdf7c11d1e4f7fdf348d150d5117acbe4cdd706c1c99b76539d98efd47b65dab1f9745dd8b5caf3d5194c6984af3ae1f44042cb030bb9bcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\7moxhto6.default-release\prefs.js

Filesize
9KB

MD5
434bc6dc5b96ec12460c3c711242b9ad

SHA1
ec28944721cd2d1a6796b8baa2beed53b4d9a838

SHA256
ea6427ccc295d12ae305edb1cfdf45475527bd0a63a055392107da9f8e09ee22

SHA512
f2b5e44eea06765508d141b78a9c1fa2ce50b732e726b8eef8e7e72e4ba0b6fbbed8e1189b65143c347db7f8d99b778b6b140d2e6538231bf38ff98e64996595

Download Submit
C:\Users\Admin\Downloads\The-MALWARE-Repo-master.zip.crdownload

Filesize
14.4MB

MD5
c1701b52ed2cd31566baac278699ed37

SHA1
9a1f5ba72f9631f44365e62bc76fe059ee0cbb3f

SHA256
915905a4dd31bee209c14b7cc28a3cde4ddfa54b2c720b36d9e0b41b5164dedb

SHA512
a672a0ee6da877ecbbc3a6d0f40a45d359882e20d1cbab6ebee00ab20c7349e0d7dc4065533d869800ac00f1a28e394160c32458ea1c5508d4b679fa17297d03

Download Submit
memory/976-3073-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/976-3074-0x0000000000400000-0x0000000000455000-memory.dmp

Filesize
340KB

Download
memory/1736-3075-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/1736-3076-0x00000000006E0000-0x00000000006E4000-memory.dmp

Filesize
16KB

Download
memory/1736-3077-0x0000000000650000-0x0000000000674000-memory.dmp

Filesize
144KB

Download
memory/1736-3079-0x0000000000650000-0x0000000000674000-memory.dmp

Filesize
144KB

Download
memory/1736-3080-0x0000000000400000-0x0000000000483000-memory.dmp

Filesize
524KB

Download
memory/2132-3125-0x0000000002960000-0x00000000029C8000-memory.dmp

Filesize
416KB

Download
memory/2132-3136-0x0000000002960000-0x00000000029C8000-memory.dmp

Filesize
416KB

Download
memory/2132-3133-0x0000000002960000-0x00000000029C8000-memory.dmp

Filesize
416KB

Download
memory/2808-3089-0x0000000000400000-0x0000000000AD8000-memory.dmp

Filesize
6.8MB

Download
memory/3372-3091-0x0000000000400000-0x0000000000AD8000-memory.dmp

Filesize
6.8MB

Download
memory/3536-3092-0x0000000000400000-0x0000000000AD8000-memory.dmp

Filesize
6.8MB

Download
memory/4220-3106-0x0000000005460000-0x00000000054F2000-memory.dmp

Filesize
584KB

Download
memory/4220-3104-0x00000000009A0000-0x0000000000A0E000-memory.dmp

Filesize
440KB

Download
memory/4220-3105-0x0000000005A10000-0x0000000005FB6000-memory.dmp

Filesize
5.6MB

Download
memory/4220-3107-0x00000000053F0000-0x00000000053FA000-memory.dmp

Filesize
40KB

Download
memory/5376-3154-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/5376-3155-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/5376-3158-0x0000000000400000-0x0000000000438000-memory.dmp

Filesize
224KB

Download
memory/6604-3069-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6604-3072-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/6604-3071-0x0000000000B90000-0x0000000000C05000-memory.dmp

Filesize
468KB

Download
memory/7364-3088-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download
memory/7364-3086-0x0000000000400000-0x0000000000454000-memory.dmp

Filesize
336KB

Download