rhadamanthys | hxxps://gofile[.]io/d/xLgUCA

Analysis

max time kernel
944s
max time network
945s
platform
windows10-2004_x64
resource
win10v2004-20250314-en
resource tags

arch:x64arch:x86image:win10v2004-20250314-enlocale:en-usos:windows10-2004-x64system
submitted
28/03/2025, 22:17

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://gofile.io/d/xLgUCA

Score

10^/10

rhadamanthys discovery execution stealer

Malware Config

Extracted

Family

rhadamanthys

https://185.125.50.38:3034/739bd3e91cd40ca83/pancake.api

Signatures

Rhadamanthys
Rhadamanthys is an info stealer written in C++ first seen in August 2022.
stealer rhadamanthys
Rhadamanthys family
rhadamanthys

Suspicious use of NtCreateUserProcessOtherParentProcess 13 IoCs

description	pid	Process	procid_target
PID 532 created 3016	532	RubixLauncher.exe	50
PID 5644 created 3016	5644	RubixLauncher.exe	50
PID 7128 created 3016	7128	RubixLauncher.exe	50
PID 5972 created 3016	5972	RubixLauncher.exe	50
PID 1828 created 3016	1828	RubixLauncher.exe	50
PID 5792 created 3016	5792	RubixLauncher.exe	50
PID 1336 created 3016	1336	RubixLauncher.exe	50
PID 2848 created 3016	2848	RubixLauncher.exe	50
PID 5320 created 3016	5320	RubixLauncher.exe	50
PID 6480 created 3016	6480	RubixLauncher.exe	50
PID 6444 created 3016	6444	RubixLauncher.exe	50
PID 6588 created 3016	6588	RubixLauncher.exe	50
PID 6468 created 3016	6468	RubixLauncher.exe	50

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
4856	powershell.exe

Downloads MZ/PE file 1 IoCs

flow	pid	Process
97	2980	msedge.exe

Executes dropped EXE 16 IoCs

pid	Process
2508	AJ Premium Proxy V17.502.exe
3188	AJ Premium Proxy.exe
532	RubixLauncher.exe
5644	RubixLauncher.exe
7128	RubixLauncher.exe
5972	RubixLauncher.exe
1828	RubixLauncher.exe
5792	RubixLauncher.exe
1336	RubixLauncher.exe
2848	RubixLauncher.exe
5320	RubixLauncher.exe
6480	RubixLauncher.exe
6444	RubixLauncher.exe
6588	RubixLauncher.exe
6468	RubixLauncher.exe
6532	dismhost.exe

Loads dropped DLL 8 IoCs

pid	Process
2520	msedge.exe
2972	msedge.exe
3180	msedge.exe
6532	dismhost.exe
6532	dismhost.exe
6532	dismhost.exe
6532	dismhost.exe
6532	dismhost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 6 IoCs

Web Service

T1102

flow	ioc
28	api.gofile.io
29	api.gofile.io
38	api.gofile.io
46	api.gofile.io
262	camo.githubusercontent.com
264	camo.githubusercontent.com

Drops file in System32 directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setuperr.log	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagerr.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\diagwrn.xml	cleanmgr.exe
File opened for modification	C:\Windows\system32\LogFiles\setupcln\setupact.log	cleanmgr.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe
4496	chrome.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-en-gb.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-fr.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1413559763\Part-ES	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1229431237\shopping_iframe_driver.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-bg.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\en\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-cs.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1302512937\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-be.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-hu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1229431237\shopping.html	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\ne\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1217638963\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1229431237\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_971761283\sets.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-pa.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-sl.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1413559763\Filtering Rules-CA	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1413559763\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-cu.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\service_worker_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\sr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\km\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_312133938\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-el.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-tk.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\offscreendocument_main.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\en_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_919258550\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_489390363\deny_etld1_domains.list	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1329468533\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_875737799\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_875737799\manifest.fingerprint	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-it.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-ka.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-nn.hyb	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1413559763\Part-FR	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1229431237\edge_confirmation_page_validator.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1229431237\shoppingfre.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4008_1666659115\_locales\ru\messages.json	msedge.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	cleanmgr.exe
File opened for modification	C:\Windows\Logs\DISM\dism.log	dismhost.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RubixLauncher.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	dialer.exe

Checks SCSI registry key(s) 3 TTPs 55 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005\	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0004	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0015	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0067\	cleanmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0005	cleanmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}\0014	cleanmgr.exe

Checks processor information in registry 2 TTPs 40 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Delays execution with timeout.exe 2 IoCs

defense_evasion

pid	Process
5552	timeout.exe
2792	timeout.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 22 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "233"	LogonUI.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876738619016523"	msedge.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000000000001000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0 = ff000000f90000eeebbeeb000400080000004d00000031535053537def0c64fad111a2030000f81fedee3100000005000000001f0000000f0000007000610067006500410064006d0069006e005400610073006b00730000000000000000004d0000003153505330f125b7ef471a10a5f102608c9eebac310000000a000000001f000000100000004d0061006e0061006700650020004100630063006f0075006e00740073000000000000004d000000315350538727bf5ccf480842b90eee5e5d4202943100000019000000001f0000000f0000007500730065007200630070006c002e0064006c006c002c002d00310000000000000000000000000000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\NodeSlot = "8"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{46484FC4-9F03-4D96-8900-95FE26A05186}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0 = 0c0001008421de39090000000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\discord-1210909836288729099\ = "URL:Run game 1210909836288729099 protocol"	AJ Premium Proxy V17.502.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a000000a0000000	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874385"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\0\0	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\discord-1210909836288729099\shell\open\command\ = "C:\\Users\\Admin\\Downloads\\AJ Premium Proxy V17.502.exe"	AJ Premium Proxy V17.502.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\discord-1210909836288729099\URL Protocol	AJ Premium Proxy.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Rev = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\MuiCache	StartMenuExperienceHost.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3342763580-2723508992-2885672917-1000\{F2D03672-D9E0-4179-B7E9-77D208E3297A}	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\NodeSlot = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\discord-1210909836288729099\ = "URL:Run game 1210909836288729099 protocol"	AJ Premium Proxy.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	firefox.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\discord-1210909836288729099\URL Protocol	AJ Premium Proxy V17.502.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	taskmgr.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\0\0\0\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\9\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\7\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3342763580-2723508992-2885672917-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\8\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
2616	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4856	powershell.exe
4856	powershell.exe
4856	powershell.exe
3424	chrome.exe
3424	chrome.exe
2520	msedge.exe
2520	msedge.exe
3424	chrome.exe
3424	chrome.exe
4524	msedge.exe
4524	msedge.exe
1004	chrome.exe
1004	chrome.exe
532	RubixLauncher.exe
532	RubixLauncher.exe
3584	dialer.exe
3584	dialer.exe
3584	dialer.exe
3584	dialer.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5644	RubixLauncher.exe
5644	RubixLauncher.exe
5996	taskmgr.exe
3372	dialer.exe
3372	dialer.exe
3372	dialer.exe
3372	dialer.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
7128	RubixLauncher.exe
7128	RubixLauncher.exe
1600	dialer.exe
1600	dialer.exe
1600	dialer.exe
1600	dialer.exe
5972	RubixLauncher.exe
5972	RubixLauncher.exe
4012	dialer.exe
4012	dialer.exe
4012	dialer.exe
4012	dialer.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
5764	7zFM.exe
4140	taskmgr.exe
1956	cleanmgr.exe
6476	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 60 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2520	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
2972	msedge.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe
1584	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4856	powershell.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe
Token: SeCreatePagefilePrivilege	3424	chrome.exe
Token: SeShutdownPrivilege	3424	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
3424	chrome.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe
5996	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
2508	AJ Premium Proxy V17.502.exe
3188	AJ Premium Proxy.exe
3796	OpenWith.exe
6080	firefox.exe
5004	helppane.exe
5004	helppane.exe
1360	StartMenuExperienceHost.exe
5628	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 2208	4008	msedge.exe	86
PID 4008 wrote to memory of 2208	4008	msedge.exe	86
PID 4008 wrote to memory of 2980	4008	msedge.exe	87
PID 4008 wrote to memory of 2980	4008	msedge.exe	87
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 3668	4008	msedge.exe	88
PID 4008 wrote to memory of 4540	4008	msedge.exe	89
PID 4008 wrote to memory of 4540	4008	msedge.exe	89
PID 4008 wrote to memory of 4540	4008	msedge.exe	89
PID 4008 wrote to memory of 4540	4008	msedge.exe	89
PID 4008 wrote to memory of 4540	4008	msedge.exe	89
PID 4008 wrote to memory of 4540	4008	msedge.exe	89
PID 4008 wrote to memory of 4540	4008	msedge.exe	89
PID 4008 wrote to memory of 4540	4008	msedge.exe	89
PID 4008 wrote to memory of 4540	4008	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\sihost.exe
sihost.exe
1⤵
PID:3016
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:3372
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:1600
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:624
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4132
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6504
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6168
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4404
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6372
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6536
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:6192
- C:\Windows\SysWOW64\dialer.exe
  "C:\Windows\system32\dialer.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://gofile.io/d/xLgUCA
1⤵
- Drops file in Program Files directory
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x250,0x7ff96a6df208,0x7ff96a6df214,0x7ff96a6df220
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1928,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  PID:2980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2284,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=2280 /prefetch:2
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2632,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=2756 /prefetch:8
  2⤵
  PID:4540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3492,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=3520 /prefetch:1
  2⤵
  PID:4872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3572,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4372,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:4652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4836,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=3788 /prefetch:8
  2⤵
  PID:5300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4824,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=3444 /prefetch:8
  2⤵
  PID:6008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5692,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5736,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=5792 /prefetch:8
  2⤵
  PID:3536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5172,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:8
  2⤵
  PID:2268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=6208,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=6068 /prefetch:8
  2⤵
  PID:1080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --always-read-main-dll --field-trial-handle=6112,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=6188 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5036,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=6348 /prefetch:8
  2⤵
  PID:1544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --always-read-main-dll --field-trial-handle=5068,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=6388 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5040,i,4261649609554209078,10884554444286703655,262144 --variations-seed-version --mojo-platform-channel-handle=5128 /prefetch:8
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:2520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x264,0x7ff96a6df208,0x7ff96a6df214,0x7ff96a6df220
    3⤵
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1884,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    PID:2896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2236,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=2232 /prefetch:2
    3⤵
    PID:4292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2600,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=2660 /prefetch:8
    3⤵
    PID:6048
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=3136,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
    3⤵
    PID:5760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4352,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=4360 /prefetch:8
    3⤵
    PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=3136,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=4176 /prefetch:8
    3⤵
    PID:3780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4720,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:8
    3⤵
    PID:4868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4728,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=2716 /prefetch:8
    3⤵
    PID:448
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4736,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=4792 /prefetch:8
    3⤵
    PID:3124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3140,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3152 /prefetch:8
    3⤵
    PID:4136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5028,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=4832 /prefetch:8
    3⤵
    PID:5748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4568,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3316 /prefetch:8
    3⤵
    PID:2396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4988,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3316 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4136,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3144 /prefetch:8
    3⤵
    PID:5224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3920,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3756 /prefetch:8
    3⤵
    PID:1988
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4516,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=4348 /prefetch:8
    3⤵
    PID:3664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3900,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3784 /prefetch:8
    3⤵
    PID:1732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4172,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:8
    3⤵
    PID:3668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2572,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3888 /prefetch:8
    3⤵
    PID:1272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3420,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3864 /prefetch:8
    3⤵
    PID:2516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3764,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=5084 /prefetch:8
    3⤵
    PID:5716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3812,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3976 /prefetch:8
    3⤵
    PID:6632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3908,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3836 /prefetch:8
    3⤵
    PID:6684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3856,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3684 /prefetch:8
    3⤵
    PID:1824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --always-read-main-dll --field-trial-handle=5044,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=3144 /prefetch:1
    3⤵
    PID:4404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --always-read-main-dll --field-trial-handle=5088,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=4332 /prefetch:1
    3⤵
    PID:6592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5384,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
    3⤵
    PID:6424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5444,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=5480 /prefetch:8
    3⤵
    PID:6436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --always-read-main-dll --field-trial-handle=5896,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=5868 /prefetch:1
    3⤵
    PID:6116
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --always-read-main-dll --field-trial-handle=5792,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1
    3⤵
    PID:2548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --always-read-main-dll --field-trial-handle=5112,i,7060465899458534595,6747458026991491836,262144 --variations-seed-version --mojo-platform-channel-handle=6216 /prefetch:1
    3⤵
    PID:4936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    PID:2888

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5816

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:4644

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4740

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:624

C:\Users\Admin\Downloads\AJ Premium Proxy V17.502.exe
"C:\Users\Admin\Downloads\AJ Premium Proxy V17.502.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2508
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color b
  2⤵
  PID:3092
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c powershell "Add-MpPreference -ExclusionPath 'C:\Users\Public\AJ_Stuff\AJ Premium Proxy.exe'"
  2⤵
  PID:1496
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell "Add-MpPreference -ExclusionPath 'C:\Users\Public\AJ_Stuff\AJ Premium Proxy.exe'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:4856
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\Downloads\AJ Premium Proxy V17.502.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:4072
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\Downloads\AJ Premium Proxy V17.502.exe" MD5
    3⤵
    PID:2848
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:5064
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:636

C:\Users\Public\AJ_Stuff\AJ Premium Proxy.exe
"C:\Users\Public\AJ_Stuff\AJ Premium Proxy.exe"
1⤵
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3188
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color b
  2⤵
  PID:648
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Public\AJ_Stuff\AJ Premium Proxy.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  PID:4812
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Public\AJ_Stuff\AJ Premium Proxy.exe" MD5
    3⤵
    PID:4832
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:4952
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9674edcf8,0x7ff9674edd04,0x7ff9674edd10
  2⤵
  PID:5608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1876,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=1868 /prefetch:2
  2⤵
  PID:2592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1576,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2172 /prefetch:3
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2388,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=2540 /prefetch:8
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3232,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4456,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=4484 /prefetch:2
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4740,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3244 /prefetch:1
  2⤵
  PID:944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5276,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5504,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5728,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5508 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5740,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:3916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5748,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5516 /prefetch:8
  2⤵
  PID:2396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5508,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5536 /prefetch:8
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=240,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5544,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5812 /prefetch:8
  2⤵
  PID:5404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5844,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1180,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5836,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5324 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=5536,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3260 /prefetch:1
  2⤵
  PID:5660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5960,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3484 /prefetch:8
  2⤵
  PID:2076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5420,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:4160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=5928,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:4184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --field-trial-handle=5648,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5640 /prefetch:1
  2⤵
  PID:4472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=5780,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=6744,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6592,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6500 /prefetch:1
  2⤵
  PID:5088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6336,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6796 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --field-trial-handle=6940,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6328 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=7072,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7080 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=7236,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6884 /prefetch:1
  2⤵
  PID:3844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --field-trial-handle=7264,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7248 /prefetch:1
  2⤵
  PID:244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --field-trial-handle=7328,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7572 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=7692,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7708 /prefetch:1
  2⤵
  PID:804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=7864,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7888 /prefetch:1
  2⤵
  PID:6076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --field-trial-handle=8180,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7100 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --field-trial-handle=3676,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8140 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=7672,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6896,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7016 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3404,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8076 /prefetch:8
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --field-trial-handle=8120,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8176 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --field-trial-handle=6936,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:1996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --field-trial-handle=6828,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6352 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --field-trial-handle=7896,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:1144
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --field-trial-handle=7860,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:4148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --field-trial-handle=7284,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6708 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --field-trial-handle=3976,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=8100 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --field-trial-handle=8076,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=5976 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --field-trial-handle=6900,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --field-trial-handle=5824,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7352 /prefetch:1
  2⤵
  PID:348
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --field-trial-handle=7508,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7700 /prefetch:1
  2⤵
  PID:3568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --field-trial-handle=5788,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6660 /prefetch:1
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --field-trial-handle=8104,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=7476 /prefetch:1
  2⤵
  PID:4772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=868,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6100 /prefetch:8
  2⤵
  - Suspicious use of NtSetInformationThreadHideFromDebugger
  PID:4496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --field-trial-handle=7800,i,966119697527883263,2434326769793987871,262144 --variations-seed-version=20250313-182214.581000 --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:736

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:2620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4992

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\SKRIPTGG-FIVEM-main\SKRIPTGG-FIVEM-main\Skript.gg.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
PID:5764

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:532

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3796

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SendNotifyMessage
PID:5996

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5644

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5792
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:6080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2016 -prefsLen 27099 -prefMapHandle 2020 -prefMapSize 270279 -ipcHandle 2096 -initialChannelId {01b9d0de-77d8-4a81-843b-3cdcfebf1c55} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -appDir "C:\Program Files\Mozilla Firefox\browser" - 1 gpu
    3⤵
    PID:3412
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 2480 -prefsLen 27135 -prefMapHandle 2484 -prefMapSize 270279 -ipcHandle 2488 -initialChannelId {ca471f38-cfd8-408c-9c0c-c25c163b3185} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 2 socket
    3⤵
    - Checks processor information in registry
    PID:3520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3752 -prefsLen 27276 -prefMapHandle 3756 -prefMapSize 270279 -jsInitHandle 3760 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 3768 -initialChannelId {e6be8b6f-2995-483f-8b8a-a5c741712a4a} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 3 tab
    3⤵
    - Checks processor information in registry
    PID:3608
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -prefsHandle 3916 -prefsLen 27276 -prefMapHandle 3920 -prefMapSize 270279 -ipcHandle 4012 -initialChannelId {454738e7-9b82-4b3f-8962-cde66c90e502} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -appDir "C:\Program Files\Mozilla Firefox\browser" - 4 rdd
    3⤵
    PID:432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 3376 -prefsLen 34775 -prefMapHandle 4344 -prefMapSize 270279 -jsInitHandle 4484 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 1664 -initialChannelId {98bd59bf-f260-4b31-b3e5-bb4b6e358959} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 5 tab
    3⤵
    - Checks processor information in registry
    PID:2620
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -parentBuildID 20250130195129 -sandboxingKind 0 -prefsHandle 4928 -prefsLen 35012 -prefMapHandle 4932 -prefMapSize 270279 -ipcHandle 4744 -initialChannelId {1b26c435-c76f-4611-b7bb-de37d97a3ca0} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 6 utility
    3⤵
    - Checks processor information in registry
    PID:6268
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5168 -prefsLen 32952 -prefMapHandle 5172 -prefMapSize 270279 -jsInitHandle 5176 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5184 -initialChannelId {f2fbec6d-8d11-4500-807f-97b84f8d9534} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 7 tab
    3⤵
    - Checks processor information in registry
    PID:6320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5208 -prefsLen 32952 -prefMapHandle 5212 -prefMapSize 270279 -jsInitHandle 5216 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5224 -initialChannelId {8f292277-6a87-45c6-a28a-a9f6f7b36281} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 8 tab
    3⤵
    - Checks processor information in registry
    PID:6328
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc -isForBrowser -prefsHandle 5568 -prefsLen 32952 -prefMapHandle 5572 -prefMapSize 270279 -jsInitHandle 5576 -jsInitLen 253512 -parentBuildID 20250130195129 -ipcHandle 5584 -initialChannelId {2026569b-64d4-4c21-b433-5f2e340b0528} -parentPid 6080 -crashReporter "\\.\pipe\gecko-crash-server-pipe.6080" -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - 9 tab
    3⤵
    - Checks processor information in registry
    PID:6348

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:7128

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
PID:5972

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1828

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5792

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1336

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2848

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:5320

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6480

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6444

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6588

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:4140

C:\Users\Admin\Desktop\RubixLauncher.exe
"C:\Users\Admin\Desktop\RubixLauncher.exe"
1⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:6468

C:\Windows\System32\tybfgy.exe
"C:\Windows\System32\tybfgy.exe"
1⤵
PID:4076

C:\Windows\System32\tttracer.exe
"C:\Windows\System32\tttracer.exe"
1⤵
PID:6680

C:\Windows\explorer.exe
"C:\Windows\explorer.exe" shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
1⤵
PID:432

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
- Modifies registry class
PID:6080

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
PID:1224

C:\Windows\System32\ttdinject.exe
"C:\Windows\System32\ttdinject.exe"
1⤵
PID:7008

C:\Windows\System32\ttdinject.exe
"C:\Windows\System32\ttdinject.exe"
1⤵
PID:7016

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
PID:3556

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:320

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:2616

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=517009
  2⤵
  PID:3468

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  - Loads dropped DLL
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f8,0x7ff96a6df208,0x7ff96a6df214,0x7ff96a6df220
    3⤵
    PID:6244
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1920,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=2316 /prefetch:3
    3⤵
    PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2224,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=2220 /prefetch:2
    3⤵
    PID:4804
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2572,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=2596 /prefetch:8
    3⤵
    PID:4640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4392,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=4400 /prefetch:8
    3⤵
    PID:6400
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3016,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=4468 /prefetch:8
    3⤵
    PID:6664
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3016,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=4468 /prefetch:8
    3⤵
    PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --always-read-main-dll --field-trial-handle=4932,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=4976 /prefetch:1
    3⤵
    PID:5168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4940,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=4996 /prefetch:1
    3⤵
    PID:1080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5536,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=5592 /prefetch:8
    3⤵
    PID:1932
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5528,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=5468 /prefetch:8
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --always-read-main-dll --field-trial-handle=6036,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=6052 /prefetch:1
    3⤵
    PID:3008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --always-read-main-dll --field-trial-handle=6068,i,16483536881125261242,14655695624416565941,262144 --variations-seed-version --mojo-platform-channel-handle=6060 /prefetch:1
    3⤵
    PID:2100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    PID:1944

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:760

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=tybfgy.exe Tybfgy"
1⤵
PID:4944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch "https://www.bing.com/search?q=tybfgy.exe Tybfgy"
  2⤵
  PID:2204

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  - Loads dropped DLL
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x220,0x7ff96a6df208,0x7ff96a6df214,0x7ff96a6df220
    3⤵
    PID:5192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1948,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=2324 /prefetch:3
    3⤵
    PID:5600
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2296,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:2
    3⤵
    PID:5268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2620,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=2832 /prefetch:8
    3⤵
    PID:5140
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4452,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
    3⤵
    PID:5972
- - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4452,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
    3⤵
    PID:1420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4580,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:8
    3⤵
    PID:6668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=4572 /prefetch:8
    3⤵
    PID:4464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4480,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=4776 /prefetch:8
    3⤵
    PID:6268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4540,i,6736464347741867489,14303260770434861906,262144 --variations-seed-version --mojo-platform-channel-handle=4820 /prefetch:8
    3⤵
    PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2392

C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe
"C:\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe" -ServerName:App.AppXywbrabmsek0gm3tkwpr5kwzbs55tkqay.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1360

C:\Windows\System32\cleanmgr.exe
"C:\Windows\System32\cleanmgr.exe" /D C
1⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:1956
- C:\Users\Admin\AppData\Local\Temp\4F44F32C-1679-4ADD-9678-221F2F58DC28\dismhost.exe
  C:\Users\Admin\AppData\Local\Temp\4F44F32C-1679-4ADD-9678-221F2F58DC28\dismhost.exe {BA639AC9-2D85-44CD-AEFE-6A57754141B5}
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Windows directory
  PID:6532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks processor information in registry
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff9674edcf8,0x7ff9674edd04,0x7ff9674edd10
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1952,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2204,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2336,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2516 /prefetch:8
  2⤵
  PID:2852
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3236,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3272,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4048,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4076 /prefetch:2
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3216,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:1240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5560,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5576 /prefetch:8
  2⤵
  PID:912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5164,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5148 /prefetch:8
  2⤵
  PID:6976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5588,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:2580
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3508,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5348,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3208,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3708 /prefetch:8
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3244,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3516 /prefetch:8
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3232,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4192,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4168 /prefetch:8
  2⤵
  PID:7128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5412,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=6044 /prefetch:1
  2⤵
  PID:6312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6604,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=6412 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5904,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5400 /prefetch:8
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5436,i,3604542674921773381,10171424075714941255,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3264 /prefetch:8
  2⤵
  PID:5384

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:7112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6772

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:6688

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\I_LOVE_YOU-Virus-master\I_LOVE_YOU-Virus-master\Love.bat"
1⤵
PID:6952
- C:\Windows\system32\timeout.exe
  timeout 10
  2⤵
  - Delays execution with timeout.exe
  PID:5552
- C:\Windows\system32\shutdown.exe
  shutdown -s -t 100
  2⤵
  PID:2980

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\I_LOVE_YOU-Virus-master\I_LOVE_YOU-Virus-master\Love.bat"
1⤵
PID:5856
- C:\Windows\system32\timeout.exe
  timeout 10
  2⤵
  - Delays execution with timeout.exe
  PID:2792
- C:\Windows\system32\shutdown.exe
  shutdown -s -t 100
  2⤵
  PID:4348

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /0
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
PID:6476

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3f84055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:5628

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1217638963\manifest.json

Filesize
76B

MD5
ba25fcf816a017558d3434583e9746b8

SHA1
be05c87f7adf6b21273a4e94b3592618b6a4a624

SHA256
0d664bc422a696452111b9a48e7da9043c03786c8d5401282cff9d77bcc34b11

SHA512
3763bd77675221e323faa5502023dc677c08911a673db038e4108a2d4d71b1a6c0727a65128898bb5dfab275e399f4b7ed19ca2194a8a286e8f9171b3536546f

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1229431237\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1302512937\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1329468533\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1329468533\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1413559763\manifest.json

Filesize
116B

MD5
2188c7ec4e86e29013803d6b85b0d5bb

SHA1
5a9b4a91c63e0013f661dfc472edb01385d0e3ce

SHA256
ac47cc331bb96271da2140941926a8accc6cb7599a6f3c17bd31c78f46709a62

SHA512
37c21eaff24a54c2c7571e480ff4f349267e4404111508f241f54a41542ce06bcde4c830c6e195fc48d1bf831ed1fe78da361d1e43416cfd6c02afa8188af656

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-as.hyb

Filesize
703B

MD5
8961fdd3db036dd43002659a4e4a7365

SHA1
7b2fa321d50d5417e6c8d48145e86d15b7ff8321

SHA256
c2784e33158a807135850f7125a7eaabe472b3cfc7afb82c74f02da69ea250fe

SHA512
531ecec11d296a1ab3faeb2c7ac619da9d80c1054a2ccee8a5a0cd996346fea2a2fee159ac5a8d79b46a764a2aa8e542d6a79d86b3d7dda461e41b19c9bebe92

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-hi.hyb

Filesize
687B

MD5
0807cf29fc4c5d7d87c1689eb2e0baaa

SHA1
d0914fb069469d47a36d339ca70164253fccf022

SHA256
f4df224d459fd111698dd5a13613c5bbf0ed11f04278d60230d028010eac0c42

SHA512
5324fd47c94f5804bfa1aa6df952949915896a3fc77dccaed0eeffeafe995ce087faef035aecea6b4c864a16ad32de00055f55260af974f2c41afff14dce00f3

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\hyph-nb.hyb

Filesize
141KB

MD5
677edd1a17d50f0bd11783f58725d0e7

SHA1
98fedc5862c78f3b03daed1ff9efbe5e31c205ee

SHA256
c2771fbb1bfff7db5e267dc7a4505a9675c6b98cfe7a8f7ae5686d7a5a2b3dd0

SHA512
c368f6687fa8a2ef110fcb2b65df13f6a67feac7106014bd9ea9315f16e4d7f5cbc8b4a67ba2169c6909d49642d88ae2a0a9cd3f1eb889af326f29b379cfd3ff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_1721428005\manifest.json

Filesize
82B

MD5
2617c38bed67a4190fc499142b6f2867

SHA1
a37f0251cd6be0a6983d9a04193b773f86d31da1

SHA256
d571ef33b0e707571f10bb37b99a607d6f43afe33f53d15b4395b16ef3fda665

SHA512
b08053050692765f172142bad7afbcd038235275c923f3cd089d556251482b1081e53c4ad7367a1fb11ca927f2ad183dc63d31ccfbf85b0160cf76a31343a6d0

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_312133938\manifest.json

Filesize
102B

MD5
a64e2a4236e705215a3fd5cb2697a71f

SHA1
1c73e6aad8f44ade36df31a23eaaf8cd0cae826d

SHA256
014e9fc1219beefc428ec749633125c9bff7febc3be73a14a8f18a6691cd2846

SHA512
75b30c0c8cef490aaf923afbdb5385d4770de82e698f71f8f126a6af5ef16f3a90d0c27687f405274177b1a5250436efddd228a6d2949651f43bd926e8a1cc99

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_440764857\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_489390363\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_919258550\manifest.fingerprint

Filesize
66B

MD5
496b05677135db1c74d82f948538c21c

SHA1
e736e675ca5195b5fc16e59fb7de582437fb9f9a

SHA256
df55a9464ee22a0f860c0f3b4a75ec62471d37b4d8cb7a0e460eef98cb83ebe7

SHA512
8bd1b683e24a8c8c03b0bc041288296448f799a6f431bacbd62cb33e621672991141c7151d9424ad60ab65a7a6a30298243b8b71d281f9e99b8abb79fe16bd3c

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_919258550\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Program Files\chrome_Unpacker_BeginUnzipping2520_971761283\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Users\Admin\AppData\Local\D3DSCache\cb00da9ba77862e\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\176065f0-e558-4811-8940-41ba8ff67073.tmp

Filesize
80KB

MD5
9a0330541047cd4e6b8cb7585617aa84

SHA1
099fdf5199745d0b2055cdb275f44172a39fa2f4

SHA256
b692bd3eb4022baf547779d95859abbcc0dbfe43422f034e0146a0823d9398ef

SHA512
c39c797c00afd798d021c2c723e66319492d73beb16329bb6be16b26d6c87e76fd648175203cc8fd463f5cc77d45a2ab1935e3e4b5886253e705e8b8fe7e1208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
d56cf9f768092279fa5b9e3247256148

SHA1
05b943e4043cbd5ec65762ffc0359e578c440ee3

SHA256
8cbbc9983b60f07744442f8863f6148ded79f7cd8c654a84df6243ea27037722

SHA512
1cd9641cbcc4dd04326afa94f9373f576a31f26c752747b8554b06ef0ebf16ba78462cbdba859d95e57e0217cd8e2e01904a280327b61f7f3daca292b4d3a663

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
b9874a5ae2eb7a00314fd02fe7f41326

SHA1
effc42458fe840abf31e7a8723f3c6ae2689d253

SHA256
624fe72399491bcb49384624eafc30becbd71d71852fd10fa5cb54ce82ba22fd

SHA512
b63fd820c6dd7a53277b9347f3be759be8ba3ed404fdf8f5d77d3898027699a65c8fb46b343eca72989bccd035ec771fa0915c03f5aea848ea0943e118b9bc53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
38KB

MD5
b8103746b4757c6332fe545f11de8f70

SHA1
588965d6333eb015af39c7f44ce71dfac67fb0f7

SHA256
4177d563a186175d3a67091c399db6c57fc271e202406e244d4bc8ad95b1aebd

SHA512
c83bd52d674d90752dfffeb76971a4f9684054d6f02cfdbe8f336758ac46d8b430f306cc64be00112b8c38d191afd1b8395d58600b12cefcb6a052ab70214ebf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
36KB

MD5
2661bff6dabf18be9bcd62fc612912d2

SHA1
6e90a28a20d59b0383f87355b39f05254bfaff20

SHA256
d8be88da29a93137d4e69bdb3b486f9b48ffd789a4e54bc0200acd8decb1a6ae

SHA512
f210e2c8e29ec830fd6d46e60bf714abc224c5d1465a75395060fa6cecdf4d9b627c1208c40ef4c39e52cc1697c38f22c8f1882b30b3daf7eb4602dfe06efc69

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
21KB

MD5
ec0963f084571ccba8609e51d71bf6ec

SHA1
b4a93e1b2e235488747b17c212ae14e5551c2db9

SHA256
39041d7cca3821b6b33037d88740780d6c1b380cf4973f7a869b101d35b015c3

SHA512
88689aab98763297eb045308d3a1c415bcb0dcb58dc5d3f4338e5c92018666a0b0c5bc2cc444ffe333c4b6ea54f0286a4c6310a9e18d418fba83ff2698be5525

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
21KB

MD5
0cd0f0de1a6df601aad6bdf901d67b4c

SHA1
87cb1c79742a81d5bfc847627a89fc62528916c5

SHA256
12219b03cc5b77189fa21c11dedcf0647a75756b07e95e26b4be1c6e914427de

SHA512
d74e7bbc2f5a1edba14b0a1de11647eb116b954343b6c1d25319d46644c85f99ed9e15e4d59d447a24970053a74d4cac27dd618b800839abb4de362c24daa721

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
27KB

MD5
fa2d7364a6cdbe8144bfc6add239bfe7

SHA1
2b37b884e7235429a2b4d675cf1d4975f9081d4c

SHA256
3624f864be1b01a4fbcaa4623e5408ae4adf66702cf2339ebf5eb5b4cf993ac5

SHA512
5a30f88a98af6ab94a0847989d9bb98d7e459232ec7a0ebfd0aa7f4405d0394fdbc439f33fbe2f72319f7cd8789e80443a122fde0b4f743833ebdc28bda37f92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
18KB

MD5
89ee4d8818e8a732f16be7086b4bf894

SHA1
2cc00669ddc0f4e33c95a926089cea5c1f7b9371

SHA256
f6a0dfa58a63ca96a9c7e2e1244fcff6aea5d14348596d6b42cd750030481b82

SHA512
89cc7dfae78985f32e9c82521b46e6a66c22258ebe70063d05f5eb25f941b2fd52df6e1938b20fe6c2e166faa2306526fdf74b398b35483f87b556a052b34c5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
16KB

MD5
db2656b672846f689c00438d029d58b6

SHA1
43b8d5085f31085a3a1e0c9d703861831dd507ce

SHA256
aa3f28db9caadce78e49e2aeb52fda016b254ed89b924cdb2d87c6d86c1be763

SHA512
4c57c347b10ea6b2ca1beb908afc122f304e50bd44a404f13c3082ba855796baef1a5eb69276d8744c1728578fa8b651815d7981fcec14a3c41c3ca58d2b24ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
60KB

MD5
1cb7d14be3da62319ab96bddcd3a5829

SHA1
be01894473fbce5634545b7baaf9c92c11565fac

SHA256
1cefa30b4b02cfecfa428950cbe2cd343b7240d291c90c47180f6219b6e1a7c3

SHA512
99bc0d81845bd6219f5bdc290b653e3d8b232bb41146da80d7e6af13f9de50d72b94e0426737cd324513bd08cbe457201b041f0f96f92d9d76a4f2bcbeb8fd9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
109KB

MD5
c1ee23d7fed88171020d29143a2b229f

SHA1
04fdd36f5e374b0392321a99d9fc2d692d168fa3

SHA256
3a5020be3f22468a80da6beeb67478a7c51ebdb60a088640434117a33fc84004

SHA512
6ffd3d66cd3115a21c7fdbcdb8225c4acf65b00d20fb6869a56b3f04408127c28f1abd8218c3d5fbf9605222e5aaaf0a916489d71f91865b24453a4a2f7f6cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
45KB

MD5
be446adf51e1e2ec8565855652e2aa12

SHA1
6107bee1993c6bd9fe14de6f011659d0cc2f7429

SHA256
f6b290ca330613ecb353e80b63c8aa8e2c3394c56e1fe14649339597d1d08a06

SHA512
b433ffc883c97526611f2be567ea56058b5476d9b940bb359f5533f1d046e25465a75ab3c24e5d85bfe2076d5f69d6aa6e7a6e1a2dece45e390c2c70f129bfe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
55KB

MD5
92e42e747b8ca4fc0482f2d337598e72

SHA1
671d883f0ea3ead2f8951dc915dacea6ec7b7feb

SHA256
18f8f1914e86317d047fd704432fa4d293c2e93aec821d54efdd9a0d8b639733

SHA512
d544fbc039213b3aa6ed40072ce7ccd6e84701dca7a5d0b74dc5a6bfb847063996dfea1915a089f2188f3f68b35b75d83d77856fa3a3b56b7fc661fc49126627

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
88KB

MD5
2dfda5e914fd68531522fb7f4a9332a6

SHA1
48a850d0e9a3822a980155595e5aa548246d0776

SHA256
6abad504ab74e0a9a7a6f5b17cadc7dea2188570466793833310807fd052b09c

SHA512
d41b94218215cec61120cc474d3bc99f9473ab716aadf9cdcbcabf16e742a3e2683dc64023ba4fd8d0ff06a221147b6014f35e0be421231dffb1cc64ac1755e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
16KB

MD5
dde035d148d344c412bd7ba8016cf9c6

SHA1
fb923138d1cde1f7876d03ca9d30d1accbcf6f34

SHA256
bcff459088f46809fba3c1d46ee97b79675c44f589293d1d661192cf41c05da9

SHA512
87843b8eb37be13e746eb05583441cb4a6e16c3d199788c457672e29fdadc501fc25245095b73cf7712e611f5ff40b37e27fca5ec3fa9eb26d94c546af8b2bc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
16KB

MD5
dc491f2e34e1eb5974c0781d49b8cbaf

SHA1
b73ca9b5f9c627d49da4ecbc3455192e4b305a3f

SHA256
f956049f0d96d455a71003eba400cb94f7067bc52620cd05b81006ecfdd438d8

SHA512
5c9bd0d5c93a05ca76eb727328a0fde40f2be7fe53b6b6c9eb260e8f20f92cfc831fd4b46f954d85baf151ae8aba1cdd6f76b0faf96217922cad844c905f3645

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000020

Filesize
884KB

MD5
e5eb6a37e9cd8d4cd3d3a1879cc71bc0

SHA1
44936b7f945d8d8813e64f9b5708059d9714fcdf

SHA256
90c7d3b939db02faf27a670beedb61ffaf33a940119484a1b62dbfe21656afdd

SHA512
02eb80e5dff1551268abd6d366e36f88f8a940ceb2a4242b677a8823b51217e8fa8548d4abbd3c80ef9a112a2741cf75b09000ceb0da2cfe24df5303865c7cfd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
30KB

MD5
820729e5d8705be1885629862d8f3a2e

SHA1
46b2ba2424a1ff64a97f20dbb9b5ae2bbe7cbe2c

SHA256
f2bd6a83940eddfa6e9d5e84a4dfde727021d42fd64c4a2897e22a10dda88de5

SHA512
79943c62b3d2b288abc10bfcc283e291a53cf66422a2a0cf09baf50486bda5760ec9d0452bbb024f2c21b5baea44c986df680556fc520efa374fbbe41bc723fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002b

Filesize
90KB

MD5
c99ea4234fb6c0c56eebb44f20e9e8ca

SHA1
30be94de58886ceeaa122c737434ffd81edbb0bb

SHA256
72512d02ad4c0d728cfc62db52ea103c452ebb4c4c8c3c03d4fd5a1e534b23aa

SHA512
550d24529fc57c1124ae263adda6a30d3e91dd644405b87ce3b68401bc2bd16ea7ed13f035ec7e7996a50de960d19a9d0fd957b19e974b95a52b2d9bff9cc4b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
117KB

MD5
182481737208e56fa7c9b76856ea75e5

SHA1
7421d57d314c27dfaaadfc87bc624ff1fd85cf47

SHA256
5367ad75c0a5ece0a2f00cfbebbdd71801d67c1ecabda2345ec355243ce659fb

SHA512
943665150b4899f64bbe2d5e0c53cd7929c17d919131512de421a9e61e2957ff399ab8b3bfd9c0a643db728df25600de33e6f7c011b0aefc18c11ce78b596b0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002f

Filesize
32KB

MD5
bf899cc5ba60c522341e4d712a5246bf

SHA1
2c92c54c9919c8b81b4e77a97bfd4d8f202e1a6a

SHA256
4f8b9bf1630c24cf17444ec093052451c370c9371212db74b4bf8b4fd71a2817

SHA512
05a5de1ea4be9424070376fcc53916ab8bae10c239a5d1ed2c533b889b067daae83e9d8386ce0390adcd9ced1c14a436eaa7f19287f23bba8273afce87ce9968

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000030

Filesize
132KB

MD5
ec34d4cb42f1bb1b50d793b2d48c0741

SHA1
0d7aa3b595b298fbbc48e0a4365be12af0091221

SHA256
044684b1c07e5f5e7e338e159213674f743985c2514133cb99c0f329bdb69b5e

SHA512
5e1f0c4bac9aca466d232eab5824df3223bf577d0124dd338b07c61f53ffde80db8bb281a24746af3e609938ad04922e8d1462454a29eb1680b2915d1f2948d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
92KB

MD5
2eec6264a60d506c8e8142665e97048f

SHA1
cff5f39ed3d1c3e2b607eae235c21e057b2a2f0a

SHA256
17aa8c37fa86ce83d48cdbc3495bd17807695dd2c8b443e8c6dabcb07d0feb58

SHA512
9c5bf4cc3d823ec250cb7cd8dcfc9440312a68403bb6be5245792a221787ade8d1953f7803dddb76b30144c5186c56e3eac90c7449cb780986823783f2627da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000032

Filesize
32KB

MD5
d929c9444fab0ac0bcc424048a606b8e

SHA1
b510828de7dcfb195865f9ad4cb103fd4e4f659e

SHA256
fb90c9942d172d73de251aabb7451f90e6c747ac62819256e61c6968d855796f

SHA512
43d9d1a5078aefce95217c232ecaf672fb24f61cfb9d078e2524d12fc3d77abc09ab3cc4968bb82229c3f930e6465a89cfe435976b86180360ea82e81d063fa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000033

Filesize
29KB

MD5
e6ec1df39aa8d07cf330a72f47196abf

SHA1
801af4548a1108d80264f289a2c4198cb273c2c6

SHA256
18117406ad59b6a0d16b1fa1ddeb2d53210aa3fde7a2d3ea00704d3187257ca2

SHA512
ec806a7550dd0f9f6b0e8a14d9f00277690b771230829ba07f29807412a04b337ed893caed31363ead5cbb2e933cc2561643e1568c22094fd216d4d950bd12e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000034

Filesize
165KB

MD5
ba0702c4ced5e394d82b952997b4c0d5

SHA1
3c4088e0fdca5da192307d529dd8f326987dd61c

SHA256
f44d8c4f808bd6835edd975f9be5c810130e74c38d7a11e02550f350ca331b46

SHA512
f92a78f90b4b58f05c732899318b6d79b2f58df610c0915f38b79c89e2d9ea12427c553e7499cb4d553f94f511f1a95d19b135956db45a735495492046c89127

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000035

Filesize
22KB

MD5
280d0dffcf08dedc8ce52f25270bf1e8

SHA1
e9566fd9372120a6fb9760a131f8919934954f35

SHA256
ed51e026d37d510820ca0b811d1f774fa8eb13ce09775c5a891853ca072fb58f

SHA512
1dd8a347348a3d211bd8f03c30d7dfcf160d62ade9c354dd9649ef4591c874bd466d864ac0aad454a0b0e01f1149c1c5a95aa365affbd7d81f79558c7ddc39b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000036

Filesize
43KB

MD5
f74a01dd9982786d9cbb967aed9b8371

SHA1
2d22b8b6d660e8736e381013eb652fff94d38b65

SHA256
206a8fb3a2f9d8d79b90b13219821301bf0a9aedf9e0796c8b0acc4d8127509a

SHA512
ff3a21fd8cfc13559d4b95bfa3f0443cd2c3d6abc8cbaff694b3009d2ace4727de781832674ee3c7791d565c3acb7b309df69e6034c6af9b1eb81593079a6ce5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000037

Filesize
46KB

MD5
d7c3607bc4f8c908bcfe22e2ee3d6270

SHA1
312d10c8693f708cf6861bd123fa82396b398865

SHA256
48bee90b303b1660a4d807b1aa18b5f840af1d0801ac3b0a9bacc9bbf1734aa8

SHA512
a960b4f2c854076978aae84db2ccf332e961a9987c53597727462a3b2e5e52bf78c6ab148f2f31530993e1d3418fe8992b5130f7a73186672e2dc61eb33a1679

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000041

Filesize
52KB

MD5
054d805c4d4f4f6b1f00c2820f71c183

SHA1
5affb65c5e9d6e82b7f9cf31a28bd9bb38130cda

SHA256
1f73aae8c3fc26bc7b5c389ef71466cd9ffbdd5d24f0cc37cd98ef2ffa49aff4

SHA512
d76eab8cea6d4530931bd1d1fddac3193b0c6fc8765ec52174a2a2ad8517a27d6f37a3261f93e0aec644b5724a0b37762e9de515b0aad871005f7785acdaa8de

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042

Filesize
35KB

MD5
816b9eb1bf2a36b691ffef2b73d3b25c

SHA1
5902d275020da8840412fa8e02d6fa04fd11000d

SHA256
a5d848a293efaca3443171deb43202a24e88e560011fe865d0ea56276c2a3dac

SHA512
f77d8069a3b4bdb5f6b211344b6ac201bc2d469141ad3aab4e3152a9da5c0f6eab50c0ff4e90fc3400d5960329eb2ef67ab1c3c08f82729e59c59684fe700b12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000043

Filesize
16KB

MD5
e12d874ac0989d68be4e2f54b7c1c701

SHA1
cd07aed2fecc0adff1cebaa11d7922680fa9c9cd

SHA256
b466493506c843928d35af841ae8661537b74fc088cdb36fc4c248dd27979bf9

SHA512
6056ff4c4805cef5cba3380eddd886e52f0247701b4ecb1c3de74ce606aa913c949df7c1900bf6e00e61b920a9fd15622c6c7787f3665110eaf6dae8b04e884b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000044

Filesize
28KB

MD5
564a80f06c5058cd19537375a47d2da5

SHA1
db5220e6e520a2011362bfe82a1be6fdb413cb48

SHA256
230a4ea452bc7ba039775d964e2de8a643a9fce5d9f74c25649a55031151d8ca

SHA512
fd617efe1dd3b9425648ea8ca5c7769c8e81e3f78caee6805b0671ed7681824dd135e90191a1195d5ccb8610b9056a07018483098ba473a507ecd100739d1c32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000047

Filesize
67KB

MD5
60a30ef624fad5be472ee5d1acd1b2ab

SHA1
5dbb87bbc2e8a6143308e7928536ae778610794a

SHA256
d0ec8a13c2eb6a38d628cd7adaed308116164ceee003f816889b4db1735bfccf

SHA512
315e3ea4d4c6ccf6c14fc509933b01cb77c964b608cb95ce2ee8c331011adaf618e41cf4b8c499c4f6c9e137b88a34caaa7aaa44a69fdabed84df550e178d60a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000048

Filesize
70KB

MD5
72555c2adfd253c473b83dd42144c98e

SHA1
a33a792b9b56a2bdafb333683d5ec2b8ee7a6b8b

SHA256
816531ff8bfbcb60e7547e84869db6a128948f7f072befde4b9a2c13b23324c9

SHA512
09ea73cfd0006e47de7e242ab3eb24d80d4a8c87c2c7f732ca8a846d38fe8610a9fa27f2c36b3419c8d4912a738eb03722fac457fb6f60decfb6eb3e113b2fb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00004a

Filesize
158KB

MD5
83266658f29f5cb762001d5d9f6985a7

SHA1
9ff52157193e1e798944e6a3172d938183f5e550

SHA256
60072b4eb6fc5f1f1214a34fcd55b3cbd1d05eddf778f85611f9b352c4c6452d

SHA512
60b2a8749bb597b71c6cb7113c4ea6c430ab90c6f6a5f78a36ab5fbd2676fbc173ade236be939e862569c786fbdc8e0aa984f1ae4263e91de2ba681cc8ce5d66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
20KB

MD5
4b24739c5ce349f1148058c3fddc0237

SHA1
2adabee4da418cfe0263b2f6177eae8377f353d5

SHA256
1690d4123a016bde38123230c6dea716d9f6f8d9bd6d78d4bc02204a5765f4f2

SHA512
4fdabe9a33d0b1f2a1d1cdea42ddca9198158b7f2c2b333908ee30e2787ffcde58fee5bdea456702e3fb5209daf3e19028a14c6eadb0ca94668a7ed1e866d255

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
0452dce83fd8012bcd6938b5801c1e2b

SHA1
96ab39bda16c3891d15deef30182d8a0f9855a74

SHA256
d456a15fcc26eabb4fda878d869cbfa7aa0a20c902c8f50d03021132626a1c4b

SHA512
94756872dc223bcad7223b0e511dfd68f708ebbc84c25fa2e08e2b7249f108981ed21f51690cafc084a2b34666e6ae9c31ddbfb211a496eb1f2640d618e55e0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
382f267c268c4450c3795f0c74be30dd

SHA1
df787f481c318ced894da7928b4ffb8d89b9a29f

SHA256
85ae91a5e5de6fbbc85c9506238cd6979fd1675e673e6b9bc03d4695ec58146c

SHA512
90557ca9a71fd3d7593195f866d1cf44601d7a1d619b7549c01dfecb9e76977f68344f33e948e3dbcdf7ca01efb727c087b323fe15021c5f441df916ed054714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
8KB

MD5
39a2c60deb41b0eabaed2677007998d7

SHA1
8716f650d61e762e82c36781fd7b3aa9b9c5c541

SHA256
f758c5d91c43af4368ac7d8262d880e374023fa779e3e2e494a2e709012a75b8

SHA512
f0efe0d176b60b1c16b40984532af4a739562afbac8ca6c397ad6b791c520b8d934dd5fd0da3d2d0b38805f5e689a50ca66e6f726c5bafaab6044b56ecfdcbd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
59e16a2eaf91a8985dfc54f12345c6ae

SHA1
7db21871838f79088d1641c4c0500f3ad816a7a8

SHA256
c755e6f0f1f501a9223d1c078f1fe1ac7f3206d425ace3c1897c12814a7dd0c9

SHA512
7bd26dbd4b31b4026e23f875c5f2b9bab3abae92488346f3e572ca268c85b200ecb703b6851fd665e885fe21735464890b98840ba696582de8992a448df38670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
9818537dfe770e107f99bd8be82debc2

SHA1
78512d1d31048fc297709366cdb51e7f514c9fef

SHA256
8a895e76f15834516aed12f9c1d7b64ef279082253eb54d08ede3b8cd8932915

SHA512
2d975d2c1796fa5335270d9fb08e7763d0c2e0cdd1ebd4f046efadb0aa4e7b8503385612305fd69367b45e65fa5a1547a2036ebad8ff42baf7f985f77a194f79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DIPS

Filesize
36KB

MD5
5c3a683f74e86d8f74321d0ed16429a3

SHA1
28a13e2def1e080fac8331abcbdbb81d2cc563ab

SHA256
71689b4656a1483c1f1f37aefbb07e85f675bb07d9520c1dcc7e9a3a3e5690c2

SHA512
5f4a6c3c7eccd2d1f810e105913acc48add574701809647d005160074863b6070a71dbb56c1812965a8bcdd45b307fcc709607f5862709d3600733c98807b8c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
068011c02c01edf10f321bfacb322558

SHA1
57b57ebb9a220a1cb6a3879685056345c75618c3

SHA256
43d999623edbac8426702d1628583ec1d56117bab71162f8c7bcf58f10ed2689

SHA512
c1ed0a23b0cfeeb119400265e7866fec4ce74803082e09f203e414ad332d96bf80a5f855debf702daa99c3e4ec479ebd3ee0b672ba5b0dd23907daa020d2d010

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
699a124dd04d040a2b4c885fcc1325af

SHA1
b4dbfd2b9a84435151d93deebe6f6a049e97ad21

SHA256
9126d090a3f00a56e4b62dee35d8e93d526b5df81037cbdcdb667d38dd42d4f8

SHA512
671673cbcfc72085e93883b52b9cbc1f692634c8910119589c3b6ece1e1cf3fdd6a95fe52eee83d5f52089250bda7eb1dd6dd56a6c6f9fae1c05401a7eacd0da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
35KB

MD5
c78f9c21a922b84822a5ee7624b84280

SHA1
7942946eaaa3f3c9b41d679c8094bc58bf0b51c6

SHA256
2d526f3e66d6b12ec2626f5d3a873b5cd1a821bd9a55fc89be03274030b1a9ef

SHA512
356afc5e09e158fbffa3e7be5318fba4dc82c7b2248fd2b0c287f3be8435586175714e7f21869adbb0f036be1289d617c41a953375d3ef75d7110aaed8374a00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
6eafac17fbeefdcec0677ddaf9835bdc

SHA1
90251d6a5ebd5af1c0694d05166b883602b482a6

SHA256
b463fa96c391c2998568a64154e31676f7815b81f8df20f2cd1bc71ba84a5ba1

SHA512
5d1908e8584c10e3e55b00b2a603b327f2a3663eab278a05d4e991a18fa89234d2c200e4163614493809869e74130c672b712da257c14d9b51cbcbc4955f24f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
29KB

MD5
196cb29ab7e0b2696d0c27ea28ed8561

SHA1
99b465d987b71ad9716d88ae39846402df7d2dfd

SHA256
cd9ee6d524eb8eadea1410093df28c309aba147d89600178fa5048db9177cb5a

SHA512
c53b295afe1b6694344cb6d9dc0fe7d4811347daa3a74e7eac798135fb0384af2d675566da1ab2503a07155635752cd8f76968971026eb85df4e713d4cad36df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
33KB

MD5
67e4a394902888b3a4f68d1e97636a0b

SHA1
e30e9a8e47c253854b0b84246c06fc65cdc1de4e

SHA256
dd5dc68d719bd58b3af0ec269ed6bc8b683ad67f059cdade29c8c22f437602f6

SHA512
647cd1e87b5540f6b31331dd35477afd6c8ce942da36265869b4c998bf78ceea8ea3c6997b37f8adb1e49a197c1bccd0a2e27c1c054f4fe64a548d8c3071f6fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
33KB

MD5
939d5755ac9dc65328652b96a73ab0df

SHA1
db48233aa3a4fdcded22aa7075d6f7779abc9a44

SHA256
1c8482db3c7039fe98400cc2b8f2a094faef9a99c3c868fef8f67bb728f6c21e

SHA512
9dde99c1c63cdc47537571e442be006ba7bfe7bf6844748b61bcd8d6d3673c4a95392d986159c361e1ab0d6ddc757877067be0c2681826f04556bcb115c3bac5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
fed168bd2944a7e6f2ae6015f5019bec

SHA1
75dbf098a4c32e38ba2dbc3b9bcc841348b2a6a8

SHA256
1dd679acd50c507b4fe6d38d592bf50c1adaef93b8eebf237c6bd5b14e49f381

SHA512
3af315df272a0bc22e2f6fb4af06664d6490ad52e30558cb30c4503f7e700ea19ceb60bca588c7049460be959cbc3c0815da03484fa60765a905ac978827e6c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
8aa78f0afb0fb31900ade8a4b1ee4e9d

SHA1
6540090f96a430919e7d67356b649b32a591665b

SHA256
79f39751dcbf837a3bae17e13cbf9a74386ff97b63f2feb0c85cb3ff9d60192d

SHA512
4f1237ee27825c772d1245bf647389a8617cdf8ae8b7f2a96c34683888deb594f8a2994136a80f81162f3bab6e3d12c394362e5a8ec56a3283eff16659bf7287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
e0f34518a79bd792f715c820af0658ac

SHA1
c660219937e3fb74e7a787cfb43e9eecd423abcb

SHA256
ed192766a8209c89579d93b384c5633f8d74cfa406561df1f158b07f13e097f5

SHA512
c067aed6a25277e8195b249d77b6127a907dceacda6e1d94711716693696a16b5efc998c7aff07633f34e8598dcb10cc1dfe8002e6af575be85238a7de72f0b1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
402b7f5fa8f5ba84356ecd51a8e6e844

SHA1
904f5a7d8e5a3f9a3f4956979687387d0b3f34e8

SHA256
4ad525ecbae696a8d871aa12d4f1af8437d04d03a7c97ab4d992c4ba27da3c67

SHA512
5318d48aabc3b5acac2507288527c68402108e548199012e52fa955f44bf4177fea7a7d9a472b48903e5e6389e05ba5765f4f8e875a46332fd9c8bb8d3b2d9f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
013fce2f104d6c7e491aff13ef9b7c3a

SHA1
525e1d49508878e72a16a60bb425b9c60b974072

SHA256
1f28af12e03d2f4665ffc877837dedf04365b0d7da65bac3bb6f4b19bbf28b3d

SHA512
6592f54bfe1a1f5555ae74ed6370abf4d262fa2e0332feb0f7f3dfea5750f89f825e2d5399d83865746f71e83879555a2bbd5ed2f2eb513af5564248693a781f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
25abdb691ad8936c9f0012ffb6875d67

SHA1
de687afc6eb31dc6e4ecd1b854d4306aa2321695

SHA256
490a39add8d96c8ce4cc3f5bd21ef8fc6b1a7d199c5ecbd33dbed28118b1f571

SHA512
232eacd6a44634e2dbaa4b414d9b98805a3d6874a8f49f3d22f85032b9f1c4604552e861120071060e3fbe386e9f7d4fdb3bb0bd8ce092dde4dc39432f9d186a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
6333ec6874c7880d0e0d929ae8aca80e

SHA1
603fcba8a78338c0131064eeaf5ee6f588c5d230

SHA256
b4373057d118e219ae1bc64e4f879bf0c888c8929488f6caf75d7648837cae64

SHA512
4897127b16c94185a79bd0c6ff5211be4d3e7b9fdc86479853fe6f5afc42971057ccb0a9e611fe8c3496226e81d2cf6ec54de9e4f591baec988ed9d56eab2a52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
d2c2e2f0d9b2aa848d896a980905f52f

SHA1
d02b361d33a3c26c762a103881aeed0216db31e1

SHA256
9b7dcdf5e07f7be0ef67e81b7072a60c4e25f94aa4a6a206221ec26ed5afd7b6

SHA512
716480e5b7643a1d9c8a6ceb48a90b7f9de72c4820429b42fc14998df562a77b91840894d1ddbd8139f27e58e63313eb5c6ede3615546465c213402fd00ace13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b707bc0393f82bdba2da5e3a9ffdc34

SHA1
8ca1c65fc5e8554b2b563d24e491bb5bd1f3679d

SHA256
1a7fb0219ed6dfd9807b7c2466236da1cabe4633fdb19476456b9d1c78665332

SHA512
2f47b997b0f3c67d5ddcedfb42f1ba2b811a53f5b5df016948f9f1e5a11f9fa4fceb41b993ba11403f2098441ba5cef7e14944d4a08694f3c2236bda3cb23906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
20773e9d69f7edea82551f8699c96555

SHA1
bf5d5d4c302a5aa9423f026ac4299ce71be2f884

SHA256
830a105bb0f70e0c52f12ee9a29f2cbe0a756db238c6d5c1bbc56c42da53fe4d

SHA512
7f7cf3cb671021cdec48103c59bc813838a407d25c6fd6b9eb17fb2a6fca060bdaae7056f09d635d86b5e4ae2f4834091990d2ae900634adbeffd7bcfdb8e4a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4c51edf40e4458c0f72139265e233f34

SHA1
1241dfa3b7b4edb7b80e0db00b9e2c28bb0d585e

SHA256
809118508e7a186ce69888b45e5a875c0a78c693f85b3c484b7dfdfb85e092a5

SHA512
a155c097aff112dd647d68c55684c30bf3642290758e1b29331d7dfe9641720c4d0c9dffef15f60898c3b987b174685ab567721174d6bc787f676048dc88a9a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2a2d387424f5bdfc38cec98d8d2d4b2e

SHA1
74ecfa43c62f354451ade08651dc5020abd668a9

SHA256
a1e2dbd6f7fedc0ba5770060a70799d79ff3da1e570449aacfd90aa01c7f0350

SHA512
b4c4058f7677aebc7d07978939e7c92a4868a4be2e11ce35e29dc6ac0932be263f3ffd8d9c5b7d4a26d0c675142ebcd2e41818805fb6a467c1f25416dbd37d16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e9ae90f4ef32578aee2ea10688075511

SHA1
b831025183d9d2aec207acbd6765fe932e5060f6

SHA256
d14c58d65099ffeb878368ce06df09b8f4e48a2aa8257746a1f8576d53473dd0

SHA512
be8b2937230636c2574abd8de68f34450c54f54991a93f52a4a77a5e604953c8553507a10e2e8e7425a4129a80e133b6862a449671cf56df8649b11de72cb7c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3407283920d89df85760919d3bc7ab67

SHA1
8b580461c392a824592455445641d55e9f5c098a

SHA256
ad4e1b9289ba01b42044fba796184e966f1d431512a9cb905ac11d5e3f4fea1e

SHA512
b42b933206dd763eb6ff6082527905f83450eeda7b74025cd35c7f50511a888719f579135a489dbd4b9938b8daedf18598ef8de1b1fb5ad7d0b6c21a25362670

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9a859e9131b93b9c9460e7531f3d0e6f

SHA1
0dba856171da9c0f2f24ae381204a76cd0c5f69b

SHA256
18350ac1efa9d7f9e1d46af3a44e353c0827182fc5eaea8fd64e8dd8231f5c15

SHA512
2d8145ac804d1c03da648d16836ff173b7c4d5f282313080976682ead8e8faf849b3556d03b1319b4dff435f6e3447669d93011a1ed57fd8bbbee0836721fe5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
3575c2e026fe387f32dc83019352b86e

SHA1
b503cdff981f0178ccfcec42c35791b6151382b2

SHA256
c3cd89aeccf58136e5197620f9e4369823650d1850411ccf9298c546ae05295b

SHA512
827c7daa1c2b71e7bf18a95c6bb09ab27d4d96bbcf0f956af792b1eb3b2210939d9c042a49bbc71555be2f97d1450179a41e0db90f1737775108786535ce063f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
03257544930a21381277be98928575b9

SHA1
cdbb857fbd8a366d15489b5910d327f958dd0777

SHA256
ac8ad05f9847a7f1516194ec4471af9fc16a5bf29ec6b85794f9d36567546ad2

SHA512
9ed07e7f4fe922d68dbd53a568581b1ced005fa4a40d6c9be31dd86def34c8c95fdb035db52559c61a3bb17f655ad418882ecd5075f9f1e899c1d1f7d89674d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
4016093b697f05fa02ad28745c456e27

SHA1
c487e1712c889fd30bf69bcfd644d3bcd8e9b1dd

SHA256
8340ca4ddd262d4f4d0081bd793fe240ea67759bd98cc7905d9311f6155da740

SHA512
9e4743ff6bab8981a215c24f7332e44c5cbedb7e839ed621df597b1ee8118f11360f657df65a1521dcd3c311fbecf2fc01be981fa15df3f0d8a825d49f21b26c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
ac92596b9724180abed2faadce8b08b3

SHA1
2f909d94f8085533f3d4de5e72eec3d1f25ecf56

SHA256
0cc0cc6c320aed1605a488eebdd384cf22e8a8499416e806537748b6e290a60b

SHA512
06205798a19128792d99d9e1fef06a6b097a17e9b13d7df5db3a4229181e1d5935232327645a2839403142d1499007196131661fa3ee7e14f695b1e950459117

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8b34ac4efb98718e553e2e8b8680eca2

SHA1
031d32106d56f7049ce62de34450daf55cf455d1

SHA256
b8d012cc67c7b4aadbb32d8f27e7084db40feb79485b2b52d6441b1b32b74290

SHA512
ab6fd81a43ac534ec67d1d37b6ac3bbdc1f644159da5a7184d7a0654ace5519fb0b6ea62195b53d1c46c9c327b01055e1bcbf01bab5a43f7a8e96166a0e1cd64

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
26c3229f5fd9da2294146e9313b45480

SHA1
ec304894009ccd0b282363f2e54ef9db988c5583

SHA256
0df7d062b48f688eab158b50f55b7a6064b5fc5fbbadb7fa40afeef5f7bd0ebc

SHA512
7e3b063b80aecd67ce8ed0e79983081ba2734c98e56b24d0767fce595c91db36ff8f6eda30b657d71790bf025191dc75bd4c6a0b4cb555cdfef50a0f5f7c6aec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e47454ff86532aeec5fb8f756bc65adb

SHA1
9e15fe6c3d744a03fa0b311d0a21d9b4ba11b36f

SHA256
6fb5dc2ca993a883c9e6050f0a1c50858b43e82e0fb8f77c8f853dfe2f6607e5

SHA512
e7ba6b647228d6565f8b7e996aa361b103b9ec551a7598b10f775c2b284c805b846abc471a2dd855162b0294a4a4d49f274aec53881e09b8fd4ef4db16a165cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
17d566e8dc1d893f612409df76b8dd80

SHA1
14cd85d1998abcb5ca83cc1bf47f05008247df9e

SHA256
2fd74d8588777f4354af882ba08a4c3f18040dfde9b509f51c7f20f58df5b996

SHA512
7e0b9c4cbe5e7ea31ccf1891c3c1657c60587b6adb7c439475845d4070f30f09faf45eab8d2436cdc822b0304f65ac4de3333c159378d462905cc6983e8112a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
b364075bfc7fd5b1a52ec404f48358d8

SHA1
458dcb32222ac2d193494ed60645eb468d813f0e

SHA256
48e2238eba6d89164b3057d33ff95564cd74f7c1766d7d65b087bcfae1a49cb9

SHA512
6be678287bfdebafa1478f6a45749b51afd3882dce6ae6b3515d6d777fc4d1d28806c7356a1772ea0c9dfae9276ed16282126820b054d6385d5afa98cc6dd4e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
ca0d8f7cd2463b145cd2aed3bf36bde5

SHA1
c90fd4d697725e51c5b5bcc82231325c18881a98

SHA256
cd27c6113b34115e0f969f806c757cc9b84734d46c846562f790ee082bc9fbe1

SHA512
c1f66312b066c0ec9ed9ab0763d6ff03d27dfc7c3d06243089587a60d879b5e7f97723c5418960e22dfe0abb9e0ad18b4b79b1094b31dc48f7abdf2d4b4a8926

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0d6f39cce130f239f8ddf9df45b75251

SHA1
ff3bb9362e8924ac1613849f7c78c0c934378569

SHA256
0e3391844b072c483ddf9d4b41a2f7afe1ac424b1887d3202ceb696c77c78e71

SHA512
7f72429c017ea074fc24a23d6311abf4ade1d0cf4ca0c457a294705c33455b258c68b15dd56276617384d56463db5be5fd81c7a86195fa565c4d56cd81838f0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
6fc945e144fcf1d4cfbc9312dac07f0f

SHA1
5722f8bc6ca7ea85b731790425f8369a21992316

SHA256
86024f2693baf6ae99c6e1bbb80196222659b2a80c121bb5efc904b8828cf577

SHA512
c9068daa05af360562c8714517338333f945dece6b0333a581a1e3d3a6f80a9185b69927cae6ec8423e5a59604680f7a15e7167c5b02678b9b70af7155214239

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58c0ab.TMP

Filesize
48B

MD5
353a9233cf1a75503a161ee56c477bcc

SHA1
2085a0c8ba32efbe98899633bf069f19564026b1

SHA256
4c3ee433320758ac45a0ae01257b8269c8a04038285c6b2525fef322dada024f

SHA512
44a5d1b00dbf25d81e984ea78ad3344fc4443b588f00b32034cb2aaf895dd95e40dfc5f35e6241a9f097027044266d8aee3ada7eb2285ae0414c18719abb21b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\4a551912c224c7b1_0

Filesize
64KB

MD5
a48f9e16067a5a54afcdc3ba6db75e4b

SHA1
9822c5ac73d80480a5e3e67a557a9b83dce9c340

SHA256
ea5fd29f727cb5302e95faf624774494670667608bc1ed5a3bfb1e5959cb71e5

SHA512
071a9ee600051152783ef49b14ce4ef6e3f2e582361449cf3fd709eb144da6c33f9d057379636b4cf7651b662487c7ba82ccb0455c474462bbe1104c35a1a0eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Shared Dictionary\cache\index-dir\the-real-index

Filesize
72B

MD5
e5219d8ce1f5155a25c0c09e89f79cf5

SHA1
8d9806a73bd91f9f994217bc594235ae270b1cca

SHA256
dba0e5477f36cd3f93b061db374870ad8151afe37ae94e9ced02c49f30e9b51e

SHA512
70c43c7b46a27f50e763a98a56b6371d08fd1456be1186e57d03fa7014717776191ed62e6288308fc8fccfaf965d2077d7ef5053a8a626ed283b25ffff19185b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe63fcd4.TMP

Filesize
140B

MD5
97e8da2afe056ca8cf700d9f687829d2

SHA1
bca6af7f06a16cd913de8e3784e645c0120f9792

SHA256
dd4b7db8e02b076ae52ea1f89c0630f13a640f3a32ba8a5b33249282328bf30e

SHA512
7bf8fdc7d752fb87d2d711c303549d61597083b01d9e1fcf725bbf39e4545cd27b820aac52793285224d8aef7bca77546de2e763fc4b6f294a780fac9bfbce65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
147KB

MD5
454c1f2222a42ee531ba609f486c4471

SHA1
f7541cef41a49cad2aa59f91e4602bab6028eaae

SHA256
72077894fa3966c34eec7a550d3f9c0d76222bba4a9f8f6ed97b6f5598fd5fea

SHA512
4723c111e7efdbf968e4539563cce79b9721f8ff9b2c2cf32eeef8ac7ece27d18d4898cf0b9e1fd89f9ada9125a1859071122a798ee525db691a25b0b8ec0d82

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
866e6081b858ae4bfe660509e79e21ea

SHA1
9db978ba69e8df99ff4b05adf44451c236aee1e1

SHA256
2ada95abd16f42384bde61a93fd945c84f01323a0fc4c81967b3730aed7cf157

SHA512
112638f5400d1e926ba2e247fbbe6b9e2e236f49f8a698c003c185137bbc3a572538277762d38904a1d583a4b41942de5d8a52006e3a846170c2b8ac9ead8f8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
2a73e12aaaded2ee3bed9d5796e1e31a

SHA1
cba1719413f9b64f0acc0933500118cd85a28997

SHA256
06de00d5624317123fb83de9043c01e74910a222756a0a3a0f8b402b85e83490

SHA512
591b972062af5a1ceb15be1a02f046366732449bd812220da48252115d418f00f48f5add174c9b7a6df01494c2a23ddf7cc30ffa428a74cb8f392a933a51fbb2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
7dfa3580516a517e5f914b006ab54e24

SHA1
40d86621f6b2e3fd9e4330969d135e6c4708dbc0

SHA256
978d49ce8656b1eb578735037527304900ce33647b4497164d94fe611df06584

SHA512
2c6ed346daa15e61b28fe6c80d4728b2e6989059495fd46079deb4388cca4909bd8f77443e87a374b86cd0dbb63c7993397b5d46f35f8979a4c16df88e8bc8a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
86b87649fa46f4dea52d6f664776f36c

SHA1
6988485e9f5b36238f9b357fc33f15268148f4cb

SHA256
047dff09e62ac1b663e53afbd3fdf08dacdc3b33c94d3c75b7b0c9ff049b8088

SHA512
c633b35c2e9a6e7cb09bfb2b654bc39048fdcda1932948186014e50850cc443bf79fe99b9b1964e7fc4aca1a9e9b4d6ca252bf9bd6d61862a5531c6d5f47800d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
49708104d5e596c8a958a905907d8759

SHA1
c0039aa68bb6c1eedde35136b557c5f9fe8a8890

SHA256
6e0b2bd0ffb6c8d9123ae5d287845b459f2349ec90d21476df03dd4b5935d874

SHA512
41ec3627c30083dddae98a2ce59d3e86caff25b42c8116fbd6e34cd9bc40bf08d06a40f30ae56f06a8f31196005dc8309c179198f0120e3bad4228cd7de4fa6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\CrashpadMetrics-active.pma

Filesize
16KB

MD5
cfab81b800edabacbf6cb61aa78d5258

SHA1
2730d4da1be7238d701dc84eb708a064b8d1cf27

SHA256
452a5479b9a2e03612576c30d30e6f51f51274cd30ef576ea1e71d20c657376f

SHA512
ec188b0ee4d3daabc26799b34ee471bee988bdd7ceb011ed7df3d4cf26f98932bbbb4b70dc2b7fd4df9a3981b3ce22f4b5be4a0db97514d526e521575efb2ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
df2d1721cd4e4eff7049314710dc7c11

SHA1
f5aed0158b2c0a00302f743841188881d811637a

SHA256
ba336ffd1b01965d7ab0e5fac5415e43cb594139c76b19e4c0d9b5b3b67c1e93

SHA512
11fd520176193f284563c7d050e6a7ab4e9895bac49fdc05759bab2c8a69f224858ccc784b351fc1d3ee5d39345430f9234623c9390978d7daf6a08ff5576ef4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
08c38c05e4d9c855af2128d7e77eda3b

SHA1
5d29430379db763139ae0b55069d63ec62190779

SHA256
3a03270bc2786473381844bc54899db9ff32bafb970bc94a5c22f0c98c165db0

SHA512
1ff0a97ca61f9d6c6b7352a9b015787875196fe1285eafad2cec6cedd386379e9af5f3a18640440d6b450ebb69552b3ad8ab0c7e4df4bce7d88d8c86982d53f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
2b1c3e4cb33445b3e4c85f9d647ea4f5

SHA1
0e6218e90a2dae62ae9cd772df301bedd6fa060f

SHA256
588f29012c9c89a3f9fcc2d3fe5497e272be539fc4c5d8dfbeae73fc3d685c36

SHA512
40e1ae29bffe781b07d9ab4bd185faa613d17e0829662aced007773fb2a5a602d9e82a77f65beb9f4c2f7b9558c745828ba334164ff13d07a0d33f6dea81162a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
f1da48222ac27743a4332f3ac887941c

SHA1
ba825ca912f7a513ca5c6efb06ab6c9fe21c8ee6

SHA256
0f9e1d2569d8546b222cf1ae2b9cc8551f6ac94c6edc9c6efaab9bce7f94e152

SHA512
b877eb6db8c3190bfff1c37eb1fed94b3f3bbb57ff2260529b219590c51389799043eb65104d8b3e9a95374356500ecd1dcbf7a6787c8160d408bdb1a3714ee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0a971131-df3a-4ef2-8e31-991f34ffe4b6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
957696d8189b1505f2743b486a895275

SHA1
5e012a16884778faf7e2ba7e8688dd1d4821a088

SHA256
b1703a1d0f1322d9ce9b99167aa80cedc7b99d931e63ea839ece335adf4d6536

SHA512
ec908e12ef172dd60fb8dfa76a653c4eacd82debfe4d926757876e886a1075c7ab996251558386dad8211d5346ee8caf0b8a3e7606c1b188dd001f653465d1f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
46a1dc41a2eee3f4f1e8dd1f2201d7cf

SHA1
9cde1383cde093de09a4bfafe2024bac16036cbb

SHA256
3cdc23e90d25b191c74772468b62a020dffefffb460a22813222bf38c8e0567e

SHA512
52951e319e40e53b368572e185765421a328fdde850050892a75ce31edecd355078615ad99a8ea4cbcff1c26a27eb387c5f9276ea210bd921c8ff3c0b6c313b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
fd2032e7b0508e061aade7d12e62beb2

SHA1
5d7d9876dfe966adfb7cc68004a1c13275f2ae18

SHA256
9ae58b9942b5b619d224cad0f7edf317ea900c52a25909559a75d78abb8dc994

SHA512
57b3c124ff03548a4d01edb0a147e09c65dcad65dc8dbaacf7ea8d8c0399af26ff03183e327e1a98b2c5aedfd38869b7be481c5958df14be60f599cc7734238f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
6ccf6b2cff19104b5f65bb75bde6f017

SHA1
57bcde1da158c753d5637c9830eb573bffcd2dab

SHA256
ac8fc36a483b4ea2db1507d1b63debc78d58c8d72002229cb50a699b9ab7ceaa

SHA512
777bdae9b650ff09bc6eaf97a37df69d3156c84a8629f852d523bc390e508847d28fd6d2b1e503e9eb792964caf75c11e856365c54626a48b5cad6a1353e3031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
8.0MB

MD5
b855fc61d8c11fb1fb1d91c472561f7d

SHA1
d54d1fb3932d01964108ae6fa2a2555416111d0f

SHA256
79ef52004de674143bfc62d5397a9b14259e2f5d76db6be7ff0e8b1fd62fedea

SHA512
54e5225235e64d3386545b457b96cf3b6c86ba5fd357c99d6b380b4c338e3f37dcd19ccd106ff429f6fb1446fd08b9ff244907dbd3d03151ab20b0a182bff6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000077

Filesize
26KB

MD5
3db01f3289b7517e321aac642a91c7f3

SHA1
4d54518f6f94dbe3e4e0cd7cc0d13698272d197f

SHA256
45c8217bf1571647763788b5472b9621330f6b065ea3107e2c6340a60ccb73a1

SHA512
69e7726636a206b910a971c00bb9a2a79835e5f98bc588158f62484ae77cfed138f8741e68b6d69ce77830420bb87df46762c51862a80f01d04112a3561673cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000078

Filesize
74KB

MD5
6eb12835d362dbc711c5d68b7f8b824c

SHA1
9d419feab94ca0d8e3c60ec1172eb56ebe5684b6

SHA256
4d62c2581f8d869f0e7c62a48d7790fcd01f1ee6d5b811759703609c18d1605d

SHA512
b9115b5aa227feb408c9397dfa0c9480f7d637fbb161b5e8d53bfcf44ba00a7af50e92f0c40a157e14864571da1a13afb3c68dbbb464753051c7b7c34fe995a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000079

Filesize
153KB

MD5
237f4a0afbdb652fb2330ee7e1567dd3

SHA1
69335cd6a6ac82253ea5545899cccde35af39131

SHA256
1f0189e087fcefbf654fad74a3a06668b782c01353a61d5c0b7f0bf23e33c020

SHA512
27e8e1f91507179c207f93a19485738ed5d372a977eb27d44a4ed163013097d38b117c7a5bf4336ecc9862ca514d78ffcd2b8a07e304bbfe1b2cce9c087baa38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007a

Filesize
115KB

MD5
715d593456fa02fe72a008a72398f5be

SHA1
e948290773216dc1b50c2121314a8cf918c22b54

SHA256
c411f11975d26eb04cd2aa3c071181d4b18e489f1fb97060d4176a3531dfb36e

SHA512
1f63209c93a462c2690442c9cf1c3e5a67f2df7a67dfcda2cb81292a2dbb90641aa0ab81c25323a1f2d9f0fa09b3421d136ae5228c47e581c51912ba284de46e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
19KB

MD5
5e5ae2374ea57ea153558afd1c2c1372

SHA1
c1bef73c5b67c8866a607e3b8912ffa532d85ccc

SHA256
1ef458d087e95119808d5e5fecbc9604d7805ea4da98170e2c995e967da308f3

SHA512
46059e4a334e0a5295ebcef8401eb94b8fa0971b200f0f9e788ed61edae5018c917efd30b01631cbd6bdadc5240c9fcad2966ea0aa9c94b538bcc369e10bbbaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
82675d19b1eb07d320c925968a740ff4

SHA1
509cf3bb5325988a388beb2c736a4bb9ded8b3db

SHA256
bf399594400d5eabc736767d201cad2ec40811983f6f5f2bb4430f0beb3e3293

SHA512
f6bf2ab1a996cb573d5b3bc65314a3bcef7f4fab93560b0ecac0c841df2f974b90693ba09c4e65f2a6abee0ee96b703719b23d99f54c8f7121b9f10f57fa806c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
148a230b762f6b358c3764042ae170fb

SHA1
43ab68bee4952e45ceb10638fde88b6c9f2799e4

SHA256
b76b6d7f6c5120056abe261d95ef3d156f390f3882747bf354d4169f457ac72f

SHA512
a7ec5dd73d8b4eebfab4889ab107f7b9d16e2c88b5c2bb5f9b5ab5b9a87acbd19e7fba92074de87dc56069585257fa7ffea6f0d140c6b5c895605c81d96d288f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ffb434ba5ccd5e79e0a66516c88cdc8e

SHA1
e687ce7d83a3754528ffcf2d8fbeeca5abbd33c2

SHA256
53fe697893b2e064e45ef01cb2e8bf0e31d6812beb9ba67bfc9574d0929bb77a

SHA512
c337371b6f5b2b26a1288a1b8e15af180047a4e2379ad65174362e7941afc38b6ada44ff18df50b6081b63e33075d54874c107d80a8c4e8333b8f2788767cb33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57c1e8.TMP

Filesize
3KB

MD5
a02cd70d1ed0c12586742ef672d3c90e

SHA1
9a3725144f6e8950a3c302851e60636bd940207a

SHA256
4d9c80f94ff79e5c7e7c02d0f4a545a1f72569a80e8f524a855e62617e91e347

SHA512
fcc6079969fbaac9bbf327f3fba626a9ec61635278e0d8de237d84bc9af3b2a4ef765bd6bc604dd0a01717bc01798737a65c2c28d30428696494b39973c54dfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeCoupons\coupons_data.db\LOG

Filesize
343B

MD5
c1846c27a14e082ac5345d401eadaa40

SHA1
672c768aed3a0dce9b9d394d6fdee38e474b190a

SHA256
44709517da0481c0247cccb43b17b6d24785db78959bf123251fc1d3b7505957

SHA512
537266f36f1d4cc35425129176bd76e6cd4f0fe110f450dd2ecd558254aabe378543b33df8474eab981b5b572f873e98191f57df4144d2e595d8476a78fa214f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\EdgeHubAppUsage\EdgeHubAppUsageSQLite.db

Filesize
32KB

MD5
8e112ad62c1a714666da837ce723474d

SHA1
509cf2cbdfa39128484462027d8040855a0519b9

SHA256
799fe0626757f4b3783a9b1e7adef8d45b62bfe83276a0a4817803b5d244f166

SHA512
8192f60a57670cd17fdbc2b057be7d45706c9b18107ace2d617091057d4d4d3df94c2ef11c7e22f3f18604e9bd180a3d33af95bed226e286ec746e59607e9586

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000003.log

Filesize
399B

MD5
a15ac2782bb6b4407d11979316f678fd

SHA1
b64eaf0810e180d99b83bba8e366b2e3416c5881

SHA256
55f8fa21c3f0d42c973aedf538f1ade32563ae4a1e7107c939ab82b4a4d7859a

SHA512
370b43c7e434c6cc9328d266c1c9db327621e2c95ad13d953c4d63457a141fbf2be0b35072de96becc29048224d3646535a149229fc2ba367c7903d3e3e79bdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
969fc3cb121c237a9ac80edb72f22637

SHA1
dc67e1a1e451f736cc82aa9a594e4313662b008f

SHA256
62813c88b445c1b0006cc649cdd8b664a7fa5bfd023c91a6caa9f541f6dea7d3

SHA512
385bebbd6bf381835b0caacac836bbf4b13d471c28da9abffa4111fca0f6ddd5f5f4e21c66ad67aef5bc2eecb6d74825124e89a30aa9e8a90ab143fedfa1e171

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
befe4d35835cfb587e330b54822a4c35

SHA1
cf28a2f293328215317daf19677e6bdd97200d60

SHA256
8c42577ab3bc29366cc6cecbf2e7ba6b877435a270cff3aa3e5715c2a73fe95b

SHA512
2ece7d72eb2ec72f6ec410afa3105a5f8df65828bff9d93cd93121ef58041870932bc9ccad4e739b6697dc0d0f0d15dac0ac1dbcd6aa68afdce9b094055c9693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
2c87a98cd8d406a6b05248e25e9ca051

SHA1
da751c394f91936df28e6e870a446939a54a603e

SHA256
d46b51e81598dd32c2a736be11cebd18c848ee807bb282a96268d0c580c479ec

SHA512
75f8bd69ab7a4ebf026ce61adf6d073fd005d0c383f592e3ede294a601fbace7e3b504f62fc8dc19e69e45fdca2a84d4f88007031f99cbd4671df17e5f33eafb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
01fdf15c05e072fbc75d73eb9b59afa4

SHA1
c3be9c51ce147f2bfd6a71a28f1988eebea64bd0

SHA256
ec1792a8e5b68ad01b35ad34b4254290999ae2d079807c3f0ca4f4c8ba502c44

SHA512
cdfd83d7b266ce9ac49805acef8523716be1f6683005eb69b906628be14037a3504c11963b798fa7afc4eebc7331cd656cb004e96a7f5891a7dcb653f4d0fc50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
192KB

MD5
fea068f0e601fee5f34640d4caaa6f90

SHA1
242b7041379052fe60581a8c72b98b138a59919e

SHA256
1a778b3f52d4ac558306b75aec26b80bb00fb8019151eacf9d6a7f40e6fc55e9

SHA512
da38533c73437a819e79187e54d0a5fd5fc4932ab8e9f4f577c3af4e63b9cb8ee3b707c8932eeedf5f23a712aa585f40b410c7dfb1065d1b7ed795865fd2b846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HubApps

Filesize
107KB

MD5
40e2018187b61af5be8caf035fb72882

SHA1
72a0b7bcb454b6b727bf90da35879b3e9a70621e

SHA256
b3efd9d75856016510dd0bdb5e22359925cee7f2056b3cde6411c55ae8ae8ee5

SHA512
a21b8f3f7d646909d6aed605ad5823269f52fda1255aa9bb4d4643e165a7b11935572bf9e0a6a324874f99c20a6f3b6d1e457c7ccd30adcac83c15febc063d12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
d3a66f464bfd4632f31b9eb5813b319e

SHA1
4d062145b628283e26b0d8469113c74e7dcd1379

SHA256
7a2abf74346f6b713367b1605835a8d468cd1e3f08cbc3579c3c148f1df8a597

SHA512
b599e32602edf5f311ae9f483f74c4c7f4750c407a7eaadb0a4897493221e380166454a03c09e2e66a3edf50d2d2b9c1d0dbebbea1ae1fdc69dcbe1d4e64b614

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cb21f1039de480a9a7ace61c9b8d2f0e

SHA1
8b5dc7458c1e46a9cab7edd65115e56e6a545019

SHA256
b32639f36032809d27836c078304be6609ae6eca5d0756dab31b10880fd6eb37

SHA512
6e6dcacd527d8b12c91a57f5cc3241df4cfa8f96acde604dabeb64a8e1ca4250dc6ad7a94378b2a971b6ca302984791f508ff44ba9cd8a222905d6c0a727281d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
91b6023d927f7d1c0388f7de8f08a607

SHA1
1bf742f2abb3350011f45d561d0715f498abe439

SHA256
b988ec9a8a525cbdf9a27c63c61bbf076fe02fa3d032e4f085364916c0555673

SHA512
cfa0575252659a76a8477f6edec466f2448806acb11d5837e099e2440f56a6de8e95c8d26954a325ca2f92a6697520b828271304cd461d194cf402d27d48ef1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
6f7ba92aa8a1f34bfdf5460265e3c5d1

SHA1
d78b0f723706c41f6f72af6c47d876ef4b81c3ca

SHA256
a37c0e3e9e94801db8253a2b1ca973c6d2d95404bcaeab9eb95a873e0ee018cd

SHA512
e747f1613d7fdc9b0b1295670b6f722343ed1bbf6ef10bdfa4a4b91c0b1d923bc8ac688f7df21382966bb62723eb1805c51c402ad9e42a13566d369f0269407f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
06a70a7d7261c6d6ff0515478d76ab81

SHA1
0e61c95fa8cc97c17d1152dde91efaed7282cd2b

SHA256
e4fe9692679f6b9330fa40af8c54892a342f4c14d5768b3090239dd1309a22e0

SHA512
1624a264d047840f50aa34d4b58d924887c1a654bb4799348f60f2115b9151fd0b12e9fb0c61fbf588d2e3f8ca6ecc3f7350572374eab7b3e0edf0e5fb005c64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
af3c600e21add39dfbb6425963f7ec51

SHA1
08d07ad49cdd8d999e7e82ebbf5cb226488dad6e

SHA256
57a7d52e5af286499645aa383b8a016ea07286020b376517b5541ff551abf94e

SHA512
b5428488cf6398387ed196a3b8ed90d0ccb3d4be3f300f29a0a5bce48ffe7b1cef5f3f73352c351606f616aa28b4221584b6715395538b67f4aea2879df0ef96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e65d8a6d9531218516ecb51f6d1b78c6

SHA1
8072b9274328e8ace6251e4da0ff7b9ab54b4531

SHA256
6f5978184cd06b6ebd723748edcba788a3684ab4e8f8987df64cc19bcb053db3

SHA512
76662283fe0f1888321e607dda7d4e45cc6403486c13f8a363b9b9f086c20a2b20b9b5713aab4f78915a0d4afee19681d7a5c8e07075987445ee6622ebd227ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
522B

MD5
f251eab3c0fe908be5a214b8d264a078

SHA1
868839227b5856447c70241de28ecb69910e705e

SHA256
883b84e7c0af29e5c2f7bb7256e100d00c6ac3845389f1906b9e2515d69f3f58

SHA512
4a8933c79c7f5789430794d130bec1e4af23caa01cf018ff82ca458279050e8e35760240f159e2deb7d8b84d5b1049b90fa98777b6e7c24f0b0a49c31857bfd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
18KB

MD5
d1ba7b6ba71a7d80a9b212cbfc1e920d

SHA1
b3d235bb1e454efc69fcc7033e277aacf77d1bd1

SHA256
b5219f281d4e16b4b19ead5b794cd8f65f50641a9b122cf9b6ba4b7bc6a366e1

SHA512
1fa65ebb628ae38bb13fe86b883055212d3a25c580b322cc6042a7cf4b0ee30bc2f43cbba710dec93c660acf440c0503860ddffcb9b1c6dda320dbbd79e719fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
19KB

MD5
45c28f1a9a0e3996a6780dbd16e2cc12

SHA1
ef8e36c87606b761e9e96b014e0055737da96226

SHA256
363fbb65b4d77e34de2a0de2d36a627f3ac528afc9b4864aaf49afaaeeb13bba

SHA512
3c760adc196d8267b2cc1923cd7aa1d840114a2cc1891dfbd366f52a1ed41f0a133269cf82bcb29124d78f67bc15bdfa2a92b074d184a12eebd134a2c7601639

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
16KB

MD5
3b2893f65440809af09bf86a7e8bf62c

SHA1
aadb50a0ff96883e89da61ca3e77a10af1700b91

SHA256
f7587cb77bd190d7fc175346e989d5bce7c3fecd1eb5ce5be45499ad5dbb661b

SHA512
54fe2e70f592d70782ce2c1135fa99fb3f376d7112bb8484693f81b9e0cce70f477fe2cf4bf5a25ec100843e5eb046885476901e636f3ec24b8ca4640fae9277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
17KB

MD5
7ce50cd0cf1ea554b7579bd53ffefac3

SHA1
8948617be816f9284b383ac1898771eca083cea3

SHA256
db4862e3ae2aaee859a1c8581f53c13ebe935c795969c86747b83d01717de4a2

SHA512
97a255021bea03e13f8d50796f50411e4f7743e2fa3fdbce76b86094c980ffb9959ac3b4fc19951050abd7f88548173db0d6d6265d601207b52b2a4081970f80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
36KB

MD5
823e765ba2d9dba4175e902254cfc961

SHA1
4eafe32d916b0e8105daedaf8ae8a8f25ddc7a1e

SHA256
32f28d75dfc76509fd0a5dacdd8c1c9ea8eee044bb203a10f1479849dd997544

SHA512
1510356248ca5f9637c86489f6aa5aefcd822215dc9c63c4e117353e9c8b65d89041c9d85ec976ac3e6dd9ddb812b62741d93f35729083f5845f6328ed1a7587

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\LOG

Filesize
335B

MD5
fa314796703b31f20735889e074dae96

SHA1
ab03dca53d4f6ee92c213d0f3608ba3967178ee5

SHA256
45301db1d12fd5290991a0bc1f7899a541c9812da3e434d9a736143f37ac6b35

SHA512
35b2cf2b896a7f490b202c127ce6b6398a8804aa14f63c522850c6fa16ef06d6005ba756721095710b24588089c0d5f63a92453d4960faa0037c933fab920436

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
f0be74dc5b2fd7cab229d8d7da415601

SHA1
273bd76478fe8886b3a12fc8400c52dfdb35f97e

SHA256
ea3c6b4ed2c6cbf22088d0de6575747926060d5dfc647c88fd26fc3201d605c5

SHA512
8b6706b18907b65a09e9c638031dcf0755e138133bcbedb341ddb8778c9c6800c87b405ca46ed2ae91cfdba651f6d1b890460a6ce7c7884a37dc194443ba4401

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
e878be3ea44d4a586fd26d7a035c0bb9

SHA1
d53ca577d8eb330fb1eaf42d7306495904cd7d99

SHA256
6015b5384d42daee2f8d3ddaa05cf0a144d1b79cc78b15eccf2f53b1d1a96ed1

SHA512
89e50e854ccc38d943ee860990e53da14037eb260a49ab6056433ce4dadb1d7a1e9aacf95d70d19f854c9eb633db57e776f300734b0e2fad86727ef455434ba8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
5e03d3c4c1b289d926edf0ac2a52cdd9

SHA1
5ee21135726fcaf6232d2801f3daa65e042c9a24

SHA256
ca6d146715507519d5de83761a3924f51b6ef1a0e01cd06d6ff79c1588caf3f3

SHA512
3a8531dc218f0203e8c28e691883a9c382b645c8a1f84dc3f42d8eedbb2074c2d8bfce0ed172bb204409ee629ed487b59d1a9515574c910484302127b13367d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
25KB

MD5
fedf5f164c90df38dc6c6f9e089d01a7

SHA1
bbbb341d0064ce3cd3eef650b0aac2a052cfa22d

SHA256
2405daa847c2352a67a8a9628b9f10a464f4231a5bafb6c646066900891ff083

SHA512
b1f31e2e0b09e800db61e6c049647cbbca536024e247cce2eacd39b51f74d7b3a52cd50f543063ed75d6e378d1536debbb5be9320fb2aafa91a819b5fdab4fcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
31c086ad7d70cddcce582ddbe1c2e118

SHA1
a4b246c5e1a14fff0bc70175102b9213066a191f

SHA256
3a55d3d8f243ebef204774cd347b03524701de70ee675044f2f6d882d13d67b4

SHA512
a2812629dd18d8a04fa5bf1d6373af1d3452ff3369d8ae0e3b676a5ab90296ff32acd5d20ceb072332f3f5d7b87d337980e0afb1b1b9c7537d0794da009b01cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
0f1840eb322bcd3eb58b7cc6e5ac57a8

SHA1
012d0400c5b66a4ccdc3c695825d91840fc15f1c

SHA256
7463643dde85428d07b79aa079015916e5f7d0bcde1ece2e5945ad152b654c46

SHA512
e98b2ef5f30d7b9e8fc7173d4843c66e81e956db8e728b78cfff307f50d2bb280df59b70e94157f010106a94842f6db949c3dddcbfdd4fdec9bf7d2524cf16fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\WebAssistDatabase

Filesize
14KB

MD5
bab2861b3c14f993f8e3ce879f2cccca

SHA1
f4c91eba12a48f71f4e8ab6a02ca6408c6be8251

SHA256
d741d9f197bf067507c178e7b2d02963193c04456edf92ee5a553e959a6dc4d6

SHA512
8d3873629df0725beb4303cf466e7bde217d192d0c2fb7ce413bacc02846e28e639a00e73a60dbe3d20b5f0467ad8c037099682674e0b4bd3360421862c4314a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\default_cloud_config.json

Filesize
12KB

MD5
18261eb12378081f939fb9415ca0c9e1

SHA1
20d4ff782e17fe45e71c3f9fc60a94655f72ec7c

SHA256
12bbeec9a0af9e3ed945b28b9b8ef89b2f897768d1ba3ffd6f3fbb42fa5bc556

SHA512
fef634b4ce77c2f36ce1bdd63e8ac28e76cd089f0bff33f4425c757ddf37fe9fab30dea7b5bb51c91eb27012cf78800e03643e13d51a25bf624ce58ab3488a80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
12KB

MD5
181574fd8a8dbbbc81e8226e4fe0b51f

SHA1
7b825c749c3f4571b5443f9827b80955d9bdb07c

SHA256
c557e50ae3e7fa937d334c3dfa6aff333c087c95961955bc77c5d576ed0d3a2c

SHA512
649396ea75080102948d15b689a2fd372e6e4dc074942baf2ce0dceb6fcb311f0284308c85af2d6ef3c4fe5e1d88bfd0436dbf26727f6bceb4a1f803fc0db4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
4e46ec4b825329bc44b264236225fb76

SHA1
66bbf80a9b3609feda8c171900f2770268007d2e

SHA256
9a1c0d4cf7424b301737ecae339325971c4e206eb0271033992027e09d11a2c5

SHA512
8e13de515adbac20b3ef6abd7a574f234b461f7348c2e366466212ac4d6c638a6ad20701999d9be875721de6c5fb7e5a8109df61bcd7cdaad7a2020b1c233625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
1KB

MD5
fdcdda07d04ba045f5daf659c6cd2886

SHA1
8a149b0a572696f95e670018a58bf4e84ad763c5

SHA256
6c5c3ab17b475f060eada1690230897a08049f831b674e1131fe8f8b8092288b

SHA512
115adc25e2256d88a57bbd2b2f943e8fff0f135bfdbb1e105fa6c09f1ca671c4cf5d20cc13c6e72c04084f1b09db211ae5b7c062a58646dd437f32eda4f397fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
f5c0dcbab39378c788b9cff42732ca30

SHA1
1aa163ccec50af623dc231011b57b457095c8a22

SHA256
f035c8bd2f09649f3da873541a5ca96dc41695c0547dd40e41e64c067b9f70d3

SHA512
bc0cf426d9d9bd0fdb8d4e3f7c692b37c80797d659e29f34a66bf3b20b7f06bdfb30bd14a332b6092f475d1ff4ddb2446fec7f03de55eabbab17640c206f2244

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
a6e921df8fe3115f08b829adbafeebb2

SHA1
11413f8a6c5f788ab319eaaf57b7d274c9eb64c1

SHA256
db058b039537021125f2eafcd400eb6726a9a652b9336f7f6d357d824c0a34bc

SHA512
2a10e77f80425d96d203e87021c5f81af44e81a144cc12e7c3be7f7bd187009eed47724d0619f3f0bd80c24b056382f1d7416831d73b9e4f873911ed3650dcd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
cdedef6ad4d6f10b8afac4a9842d7a70

SHA1
3b931feb05220e9a6e2b2b0533f2388b81f7f2aa

SHA256
2daa3228cec06773e81dc8ac28cb224f28a5a7636668d52ddd4844353e36d54c

SHA512
b9ada17e8db3f7606b66d434b1416cab73286c483aa6f405257e5c400c6d2d51ac48b2c39c8e2b2ab32bfc6451f316d2f51b550adb733d51de69d1b754a33fb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
21c90e268f197eb2e655e8a84313cd1f

SHA1
e81e7f618d9ea7baad03095c963f706a9a5900c3

SHA256
afedc23457c544d934b593ef5ea570452c30d1422fe5a1230451e4718f1e0ceb

SHA512
101f6ece9bc04b27f279ac364571597f5985537a544fabb74bad42aaa16f59ae99928bd13c6df4937b98c4309ba36f121c6d84128bae28b896858643f0fc61a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
02ea1d657058996313ca7ee1bddcc3e0

SHA1
9605a12b0ac36f3b212d7c0c402c5b9316f6441b

SHA256
1a84437296e04bad970598a48dc43aae1b1cc464cdd7843ccccb8e56f6a61493

SHA512
43e8512ae1588d619b59bd361fd39e6850b8d2fe45ad1d0f80669f94bfc01617614565a75c53058068d987bcbf2a05e6df0f7246448c77411972569429e88b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
3e45022839c8def44fd96e24f29a9f4b

SHA1
c798352b5a0860f8edfd5c1589cf6e5842c5c226

SHA256
01a3e5d854762d8fdd01b235ce536fde31bf9a6be0596c295e3cea9aaf40f3dd

SHA512
2888982860091421f89f3d7444cacccb1938ef70fc084d3028d8a29021e6e1d83eaef62108eace2f0d590ed41ece0e443d8b564e9c9a860fc48d766edb1dc3d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
fd4b720c2ba2cbe4af4ce79a31ee52e6

SHA1
25cd8818cc0a854fe214488c6a818c5533f2001c

SHA256
ddd25839f64545410af2b688db62a2007cb111e49eb41cc6ca0e6ceb173789f5

SHA512
f168886a19ac54bc073f47bf8b5b3843ff57a97169760f57c783a75a24177bb1bd2900da3f569037ec827b71a40eaad0c6b3bfe0b272015482dab29ab1a7702f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
67KB

MD5
2d94141999543a2114a62520f341b054

SHA1
afaf80f1b7304c0b39a912f526f9255788250316

SHA256
ca39872e7452d97495ea39bd1831d9c03633659be8086e6e9f5f24a89490be47

SHA512
a6c59b3e8ae7e8d896abe5a1fb10f3dc8c003a41fdf7cf2cf62c17ccf44a1d36908fe4c16290b74620ddd9905074977bbaccad060f783a7127534603eeeaf47b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
83KB

MD5
828534528607528a369234bac5902350

SHA1
736b894a8d0b99e934067ab0710d8b1b36bea406

SHA256
11d3ce7e065a760e4fed7c86a40e6943a42c131c78e98b83cbbb2e8534d41f83

SHA512
fbfe17db66f8581d413fa380cb4072f61041c550e3f2a4b9351b8df46233577c5cc98735fd01c3af754a45b48635605b98253c5680e125ff846128f3b45b39c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
49KB

MD5
c4eee7154de023bb8639782f884d813a

SHA1
404c1d5c563287c7d57cac109ea6f342a86b5e25

SHA256
608f4f750ee8a911fe194362218975621eb08a7a802661df7ae4e65a8c881efd

SHA512
72b0bdccbec13099ed98f634c8ec39cbe2520063548cae1108308d745c935cd0d651e4796d5079a566e8dfed776e0e4714da4290ee6ef80be191b865c9e37c33

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
54KB

MD5
ed9dbdf0f5bab2707a8d526894d3fcc0

SHA1
c5e5807a376766ece3f77f6ad6cc7966da9da788

SHA256
90e62f1a2d6c5c863c6fe2a9df9530e2a79b3c67bfebcf2b70b229392e1535c3

SHA512
446dfcdb2adfff4e78f308defb3fd4a98a2ebfd0267fc29041a0eff9c84d4a5c3c6eb2731898371fbd15f9bdb1143a51062da1f1a0af79ed1919b5570cd50ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
af7f8cb574fd9a6c30ebb788489279df

SHA1
85412ca732ae331e707b58e8ed6a86203b5b8c45

SHA256
1f022595d8b643675ac8ce3c3cc21d7395626315e156edd0d45bff4d9302a847

SHA512
ad7df3acff5c6ce4b5e33c2e18145b5472b7ef83c8d60023f972c651f516b8b8fa7c4d04a6940da0230a7e79266c765a9a3d66e0d09380089d729c13263d0a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
66f7393de6ea17044ffc6ff8e1373a3f

SHA1
13d22363e2ebc22cf6cb96b5fbd9a4b12af406b8

SHA256
af9e5c3f0b212ab9fb359180444639c10b1b57b90b17f24fdb0b9586a08ee042

SHA512
2c55292105f0f19beebdc1271beb57175e8c99c35c78b228a9a2e96c1af6743578683b5efa06546bf455f5bdb4ce00ee8327b4a959611c38df4863425ca27106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
40KB

MD5
66a56dd8433455a06f25bd7aaf381087

SHA1
607aa991c4925f1e2df10e7ff73e32e89c723263

SHA256
04c545751a4390f2b754e01bbdb2ab60cf9b230a310f03a2b6778594f931c959

SHA512
5db253eee7b7ea56a69ff3bb3df8b59ae6cb2036ec870e598cd5c2a71bcc8597de4fb5191c3708d434bc72bd7f1987f2ab83cc633e700ef22e878050f5eb5821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\crs.pb

Filesize
289KB

MD5
2b59269e7efdd95ba14eeb780dfb98c2

SHA1
b3f84cbc37a79eeecb8f1f39b615577d78600096

SHA256
ff2ced650772249abb57f6f19c5d0322d6df22c85c7cf2be193b6134e1b95172

SHA512
e4b454db2248021e0d198805ea54f1c0cfd84b9716a9348b1d0e0acb7c6fb5dd0839e532a5eb6d4410ab759d6688dd6cce8375ad55a150d738d280993142e9d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\ct_config.pb

Filesize
8KB

MD5
811b65320a82ebd6686fabf4bb1cb81a

SHA1
c660d448114043babec5d1c9c2584df6fab7f69b

SHA256
52687dd0c06f86a2298a4442ab8afa9b608271ec01a67217d7b58dab7e507bdf

SHA512
33350cce447508269b7714d9e551560553e020d6acf37a6a6021dc497d4008ce9e532dd615ad68872d75da22ac2039ef0b4fa70c23ec4b58043c468d5d75fd81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\PKIMetadata\22.0.0.0\kp_pinslist.pb

Filesize
11KB

MD5
0779206f78d8b0d540445a10cb51670c

SHA1
67f0f916be73bf5cffd3f4c4aa8d122c7d73ad54

SHA256
bf0945921058b9e67db61e6a559531af2f9b78d5fbedb0b411384225bdd366ec

SHA512
4140b2debe9c0b04e1e59be1387dca0e8e2f3cbc1f67830cbc723864acc2276cde9529295dcb4138fa0e2e116416658753fe46901dfa572bdfe6c7fb67bd8478

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\data_1

Filesize
264KB

MD5
9fb466302ead22ec8f2ef00341931ad9

SHA1
0ad0398678253bd6aa82e1d055a6559e02d1b9cb

SHA256
65b8a2a33bdbe9faca23d3fc92119f7cadb8125f7efebefa47e6a248d3e7f964

SHA512
c65250767cbf9a6e99b96d838ad71288aae3aa8568e7155a1cd8524d0ae30da97f4946765ca076feaed6dd233a573941b8379946d58d9343fff26ddcdfedd67e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Indexed Rules\36\10.34.0.57\Ruleset Data

Filesize
2.8MB

MD5
6a62b26b738ffda1414b1e45b3b97c12

SHA1
ff44417a79841f948bdbeec9049f9fb59d16dc9f

SHA256
da3927c997d3bb2326e97a8dd7835c28f50ad8c4a9dd407669f20730c0159207

SHA512
820caca570523600a057dbedd38b7e3b375d6427d716cb74d0aee0825e621268a9f418f135443e5bc6bd7b9a1fbb8eb6676324d46f9111e56404b8953f23de53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\Filtering Rules

Filesize
1.8MB

MD5
d7c9c6d2e1d9ae242d68a8316f41198c

SHA1
8d2ddccc88a10468e5bffad1bd377be82d053357

SHA256
f215127185b2ee6b01e12b6ca75d3e5c4e454598dd4aed36124ae13d59afd547

SHA512
7fd14824e9200dd99e1fd2cee402656dc0cfc3d0a60058c5eb05c68e9e65b7f0b47e550fb4d6c2b59eba204dbf3ef9e69dc9723b43a9b3ccd5412d6b77715fc3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Subresource Filter\Unindexed Rules\10.34.0.57\LICENSE

Filesize
24KB

MD5
aad9405766b20014ab3beb08b99536de

SHA1
486a379bdfeecdc99ed3f4617f35ae65babe9d47

SHA256
ed0f972d56566a96fb2f128a7b58091dfbf32dc365b975bc9318c9701677f44d

SHA512
bd9bf257306fdaff3f1e3e1fccb1f0d6a3181d436035124bd4953679d1af2cd5b4cc053b0e2ef17745ae44ae919cd8fd9663fbc0cd9ed36607e9b2472c206852

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\extensions_crx_cache\ghbmnnjooekpmoecnnnilnnbdlolhkhi_1.fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
143cd8153f1434da39c03a33ed29d67f

SHA1
53f39b69623a22f499163a8e7f6464073f5a92ca

SHA256
9539050390c3299c7c300b3c9c7ab360a8bb56f5c67568ed9f8716644d460355

SHA512
a3f6380ec1dc67aaeb86e1b97d3e9980376a14fec2894f1b4bee1a93db72931ae4508dd3d29eb5388b0c57678302086637f9ca14bbf9c404a3b05bf62f8aa7af

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\ahkgvp67.default-release\activity-stream.discovery_stream.json.tmp

Filesize
21KB

MD5
51715d94e1d36ba432198ed857b3c7f2

SHA1
f767b38c15ef22ffd5bbd8061d0e0eb55274502f

SHA256
4afaa48f572f0b55a269cbaf7174d85c217e480fb6f038f7d13508807c9c0480

SHA512
22fe70eb12ea0da067e92af8bbf1931974ad3779312c0092a3b89a6788d887fea3ebb909514a21b2e43c1b52b3f8f48559f83015ae058ac4e5612af6e902c416

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_agnoltsj.edp.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\cv_debug.log

Filesize
2KB

MD5
3028ae3877b02b74fc292afcf76e3663

SHA1
cc81c33c611f91cac1a5045c2b68b43e65bb0ae1

SHA256
2b2e3ffc94ea6c08f6ec3742b327b724a467a9e77db35ac8a7b944ef6e1244c8

SHA512
d88408ecd81b584a384576586bb577ed486b75ce79597edbafbd49c7d3c022cde9c7f0d175d7b32fcc5b3d58e52ed7de28577ce407c7496bba87d9bab1ffeb58

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3424_88817283\CRX_INSTALL\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3424_88817283\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir3424_88817283\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
44f66fdb824aea91e3cb81ff0aa7e4c1

SHA1
de77cc6ad71bfd4cfe0c37a6a5e845986af47047

SHA256
8ee293db05f1452fa7f2df5ef53bff921951588a5be0199c4689ef41878c60bd

SHA512
8004c44fd20510d960f026c179db263cce07b1a3ec5f0574af920252be0f4888086b1a6cf55bd5c226ad532f4240fbcce94634639042cd36caa83fcd7714c853

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
a6c6fd67b4cc07f4c4cb20bffc187ddc

SHA1
20b22759ab8e21abbae6979bc1b0a8754498655a

SHA256
aea41a5349bb37a6001a31c841a94df00945b50b451411beba2ff268df0e530d

SHA512
40061656154ebbccd8fb7c9bc36e599a6447ffd72998fef63d4a3eaee09ccb8d0d62b70eb4b586f248d95c610c903c45aed2fbcf4d296dcaaeee5ab993f64fd9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
e7c43c9f5b8c36f36202ca6ebc65b1df

SHA1
01855cea0146ef00541acedc5328fd7278405723

SHA256
57c5353f4e0903290ecde9e4f290cb37d4af799fdb16d54648ab3b565bd27dc5

SHA512
0ab4e54b11a1c20cdd38f45db08f072c451ea2c83e39fdf229ca658da1109957c499b3175a3e9bfd0725102fdac35eaab66e5df0bd04f87d053abaf53b20b1fd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
366c5cc2fe76f8ebc936a8598eb36e4d

SHA1
e2cb2a51af835f8b7f4ec8287f18c632d7393277

SHA256
9ff355e18968f0eda1f0639b0345754dffc275a3522b9918cb905a04aec33347

SHA512
10ac1350b738de1c354c40f21d0df46f8f5ead542f795e30c4b38e57ae9877276839decc5fec075835cce4fb4b96569117b7aae88fa6083d8978d9aa5f1b2d08

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
87e76a6883e3be30a4e9d7334027748f

SHA1
0cf994e19ec65258bf40f6084685b71e9675da10

SHA256
cc2f553a6f7e2832f4785287ece680de259360183411661d5a994919d13758a7

SHA512
06a04cb462e089a1ca850962af5267653b7cda71d0e2a7c36396385d51bd0e5c65e3006e561ab8e859bbe7877ec138c6cb9a1d99c00120cbf39057e58552fe30

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
3c5049baf47c32623b3e49d054b1a384

SHA1
f959799946909458ce78a8ddda5c1283f40c14ad

SHA256
b17fff99708c716e14f3fa438a435e9ae1050a291e762902e60800370641258e

SHA512
d44900b585c815d31af2da2e5bb04f067b9d6914d57015d3fbb6ebb956a8caf40bbe69abd4469902d3f5e547ffb0751f5d17e0b5499ca1a641014f9ec50aa188

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
061abf65ff59b1feef88362027998a0a

SHA1
f5d23ee2149390fbcbf09705bd61667fe8e00d57

SHA256
66a5a9ea0c7da40e1a0540c11758b21d90ee1be1d511f63f31f8f8bd2e0905e3

SHA512
53816771d23cf601d584db40a3249fc58bb03440170861d6fb69e734fc764cc780b2600e4ffceafbe2ef1f9f92f8d6983c5749e4008768887ec55b88b4978686

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
4b21a683f17f57a7c4b08fe3fb36b956

SHA1
414e644ea880159e00730dc8c75ded7755354767

SHA256
bfd7e8a69deee655ee900966f3bcea778cd2cafbd9ed742735fe666ce392435e

SHA512
96e7fb97d4a266490e2cf90bf9e8256a5c4fb25ac8939f432ab60e41e8e307b32c7a47dd6b9d2167bdb8a00e31b118de8d944f9249439943c26936ec551c901c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\events\events

Filesize
1KB

MD5
561c11e0df2e3311ffdbc4ef25b14007

SHA1
a35fa5ad3599b8540bff7ebabf0aa46e07af1d33

SHA256
8d4e0036c79b50b432c57199047853065faa2597c75100d1c10e96a59fb0dbc7

SHA512
25015a9b60a4cf726e916f1f2ec8afea1676c73869624c0de1783e1f805f7c517dff713291c70e2b343d1dbc1d5e74d172343d2f8125c0286cefa5c1df679c0a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\05eecee6-e5ca-473b-99fe-2fd608b35c0d

Filesize
883B

MD5
27f4d05e2f516aebd0c03d36484dc553

SHA1
ee4b735062ce5f557fd7b4c12bf4371f457a8e57

SHA256
662707678d418895898da15aaa9046838a26d9263204348c2e33d36f1e8f8ac6

SHA512
8f78967245cba329b326a4ca7a6b669641e6ad82451148812ef12df962958cf79c9290ba9759814134326e239d6cdd37ff3416ff4af6876c0905fae414f60328

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\0e08c9b7-3519-40a3-9462-330d4ff9cc80

Filesize
235B

MD5
0178203880bbf2e0e945fcbf526c4450

SHA1
390e9ebc91ae94a5d3c108bd9e56c24c51fba7bd

SHA256
255473ce3a5eaba685508cc934d56f8a30f59b89924978fe4e543419cc77244c

SHA512
48faf7119d2d7bb9301752950b091c6869197bb289c102e36917875cba1e6b3f1836c933d20aeeef48c6e910e44d4e77f8854236b05ca7504ec98a63d04eca2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\20757f67-889a-4430-b45b-101cd8d68758

Filesize
886B

MD5
cbafad280a282ded015226f7e9603ad1

SHA1
fdadd4378568b433e9bb410237d0f6629ff5db57

SHA256
56f15c7f2a1dac33207d8c9787b3b3d673c2d051e33721b5be912a19d035f9dc

SHA512
83d3cc31071d0bb8f8b8926beef22c27f84f9910ef9b48da6adc2778c106a230da581629074e0e5f3eabd4a0caced0e43d5d8c033bd5caff21746a0c2e5213d7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\67f3cbf9-8a95-41b6-8b99-b9d73306a876

Filesize
2KB

MD5
36b93c16af9fa19593c56da0677218ca

SHA1
1345d4feb33b82580f27453e0a7a678c262f1c6f

SHA256
40b58231b01cbb9af19415ff080228caa066b8fd04a1ecd380579b6b5530cff9

SHA512
95bbaae5c1c0e80c0bc670d54eddad12f7cd566a9b2d72aa29669255584577ec9cf1b298b6d5ebdc78cf545d6beadd2dd523b8b47a389d93c8f589be9817bf0d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\c214fb2b-91aa-4bab-b4d6-0d1baed0d386

Filesize
16KB

MD5
dc154b67cf657cbc7960b3f3e248e45f

SHA1
7a78c23b3647d8bd4345c2e22fa364676a75c061

SHA256
4739e291ac22ddcd2197150a8a49f1c88de8b51dfe90a541d034b348e5a770e1

SHA512
acf96dd09cf1feedc616151661bcd11fe9d168297893eec68740b2fb6698411edd0de565df84592388bc01802eccc345ab0bb92d261f3f28a49a8b93dbb66a28

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\datareporting\glean\pending_pings\ebc97551-1899-4e14-aad7-c6f0730b3ee2

Filesize
235B

MD5
54d986a03a2a0ca2eb5a6f6601208639

SHA1
2ba222de33a20a582577b31be5d27fdfa276a26f

SHA256
351effb6711bc463eece0c1d6ffdeeba6bc708d36feddb53221fda6fc96318b4

SHA512
d17982c88677123d2a3d1a3268c2f0c6ee488f0e13c3770e5b05ebb0fd898287d47be3d120d6452061b75562123a7e424e7fd04b371796ce052654faabdf5141

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs.js

Filesize
6KB

MD5
2c543daee54b86d52732ebe322925049

SHA1
23e64ef50a465c0f7145f907427d409cf0be3f29

SHA256
32b1cd48fefc2908b14b0020255cd4f0fe41bfb1726cf9e2347f6589516866a6

SHA512
c41e0d29f886b486b3460782815b7bae83eee74613484aea2f4cb5db980c7461cc1298eb532652d4f4779753567ae5ca06b730c2d106434f90a7a9286dac9283

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\ahkgvp67.default-release\prefs.js

Filesize
6KB

MD5
1b9736051469a01cd731ce831a7e931d

SHA1
86b5bbdbe18fd56bc576ef1a441c42bbe57fb295

SHA256
852017bfe23886d73789a6f0be1762f49485a247cb3fb153111cd29aa9ca672c

SHA512
5563302260f69866932a73d978b54d77b930e2067e8c252f77607f42cc036d7cc39c3cce15ac4fb28097e2189c30a5acbf64a151d63685e55c33987d376eda2a

Download Submit
C:\Users\Admin\Downloads\AJ Premium Proxy V17.502.exe.crdownload

Filesize
2.4MB

MD5
29cb0a95964334e083d55c2d0735ce63

SHA1
bd3f922fe0e9d8ee2826851ba230ee4c19b21ccb

SHA256
79fdcd722bbbdebbf5142bc0316456aa83b9894545215a19a8242982999489ff

SHA512
c55287020bec06e4fd892d7f3740873bd9e34675df25073ff4f5041a96ae947e92a1b2b1178a310658699ed3794e90fed031035178ffaf53800e796f953a0451

Download Submit
C:\Windows\Logs\DISM\dism.log

Filesize
2.1MB

MD5
a7d688cdef3788b75bdc34f96eaa0042

SHA1
32556db31dc008ad8c4af44e73d1914c7dd89b56

SHA256
d9fce14dec38e030d1330fc1a80a07ab62dcbf8257ade01031c1cd2dfab31bba

SHA512
f55c07bf9f7e538b68bb2f206906897068de81c1a1168d96c3320a5c14252f79bbc542a0bd0c66b8f04c805000570053b38a071d8760417909b35e674cc55a60

Download Submit
memory/532-1829-0x0000000000B10000-0x0000000000B7D000-memory.dmp

Filesize
436KB

Download
memory/532-1830-0x0000000003130000-0x0000000003530000-memory.dmp

Filesize
4.0MB

Download
memory/532-1836-0x0000000000B10000-0x0000000000B7D000-memory.dmp

Filesize
436KB

Download
memory/532-1831-0x0000000003130000-0x0000000003530000-memory.dmp

Filesize
4.0MB

Download
memory/532-1832-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/532-1834-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/624-4348-0x0000000002D60000-0x0000000003160000-memory.dmp

Filesize
4.0MB

Download
memory/624-4349-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/624-4351-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/1600-4329-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/1600-4327-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/1600-4326-0x0000000001FE0000-0x00000000023E0000-memory.dmp

Filesize
4.0MB

Download
memory/1828-4343-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/1828-4345-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/1828-4342-0x0000000003D00000-0x0000000004100000-memory.dmp

Filesize
4.0MB

Download
memory/2508-817-0x00007FF628C50000-0x00007FF6293BC000-memory.dmp

Filesize
7.4MB

Download
memory/2508-807-0x00007FF628C50000-0x00007FF6293BC000-memory.dmp

Filesize
7.4MB

Download
memory/2508-765-0x00007FF628C50000-0x00007FF6293BC000-memory.dmp

Filesize
7.4MB

Download
memory/3188-818-0x00007FF625380000-0x00007FF625AEC000-memory.dmp

Filesize
7.4MB

Download
memory/3188-841-0x00007FF625380000-0x00007FF625AEC000-memory.dmp

Filesize
7.4MB

Download
memory/3188-822-0x00007FF625380000-0x00007FF625AEC000-memory.dmp

Filesize
7.4MB

Download
memory/3372-1920-0x0000000002D70000-0x0000000003170000-memory.dmp

Filesize
4.0MB

Download
memory/3372-1923-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/3372-1921-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/3584-1838-0x0000000002AD0000-0x0000000002ED0000-memory.dmp

Filesize
4.0MB

Download
memory/3584-1841-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/3584-1839-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/3584-1835-0x0000000000E90000-0x0000000000E99000-memory.dmp

Filesize
36KB

Download
memory/4012-4340-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/4012-4337-0x00000000027B0000-0x0000000002BB0000-memory.dmp

Filesize
4.0MB

Download
memory/4012-4338-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/4856-770-0x00000252E21F0000-0x00000252E2212000-memory.dmp

Filesize
136KB

Download
memory/5644-1917-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/5644-1915-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/5644-1914-0x0000000003A20000-0x0000000003E20000-memory.dmp

Filesize
4.0MB

Download
memory/5792-4353-0x0000000003130000-0x0000000003530000-memory.dmp

Filesize
4.0MB

Download
memory/5792-4356-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/5792-4354-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/5972-4331-0x00000000034C0000-0x00000000038C0000-memory.dmp

Filesize
4.0MB

Download
memory/5972-4334-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download
memory/5972-4332-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/5996-1851-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1861-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1862-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1863-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1858-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1853-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1857-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1852-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1860-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/5996-1859-0x0000016373030000-0x0000016373031000-memory.dmp

Filesize
4KB

Download
memory/7128-4320-0x00000000037F0000-0x0000000003BF0000-memory.dmp

Filesize
4.0MB

Download
memory/7128-4321-0x00007FF987C30000-0x00007FF987E25000-memory.dmp

Filesize
2.0MB

Download
memory/7128-4323-0x0000000076270000-0x0000000076485000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads