470d90ec620da317d6365412ec34a411d4ed0b12b90cc02399c5a57ca209a78e

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 02:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

AccGenerator.exe
Size

13.2MB
MD5

6945d0630139e2d1f6195f8455d36553
SHA1

fe83987ef7ce5b17a06387d5bb3729803812b8c1
SHA256

6198793cde7e2f3dc53c62036e300ee46bbefe5956f30ea78c6088c40db1abd9
SHA512

058de495189967e5129fa395b7be99ba6c5a5bc09d71f1d0f833703317ac17e31786a58d96681e8a6d0272bdb0f07533c493ad91a0ff9af92b8d04915eae32fa
SSDEEP

393216:BY3aADfDtlpfaMPY9sw3n48A4oLKMiFeER3E3rQ:BY3NbxHf9PcsYApKMkeER

Score

8^/10

credential_access discovery stealer

Malware Config

Signatures

Uses browser remote debugging 2 TTPs 4 IoCs

Can be used control the browser and steal sensitive information such as credentials and session cookies.

credential_access stealer

Steal Web Session Cookie

T1539

Modify Authentication Process

T1556

pid	Process
4412	msedge.exe
1184	msedge.exe
5372	msedge.exe
2920	msedge.exe

Executes dropped EXE 2 IoCs

pid	Process
3444	selenium-manager.exe
5312	msedgedriver.exe

Loads dropped DLL 15 IoCs

pid	Process
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe
2780	AccGenerator.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
1	raw.githubusercontent.com
2	raw.githubusercontent.com
3	raw.githubusercontent.com

Checks system information in the registry 2 TTPs 2 IoCs

System information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemManufacturer	msedgedriver.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SystemInformation\SystemProductName	msedgedriver.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Extension Rules\000003.log	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\GraphiteDawnCache\data_0	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\GraphiteDawnCache\data_3	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\0714d1b43303ae1f_0	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\58cb8c6454f81e97_s	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\0af47b59b5c727fc_1	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\7fc1ac1d8c889620_s	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\95299c3d5d472d4c_0	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\DawnGraphiteCache\data_2	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Visited Links	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Extension State\MANIFEST-000001	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_00000d	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_000022	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\3c0f30cd3216f9b3_1	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\EntityExtraction\EntityExtractionAssetStore.db\MANIFEST-000001	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_000029	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Web Data-journal	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Site Characteristics Database\MANIFEST-000001	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\GPUCache\index	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Local State~RFe57e8aa.TMP	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\6c12928fe29dd134_s	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\ae07498098fe48b8_s	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\8ae0ae80e6f77dbe_s	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\EdgeEDrop\EdgeEDropSQLite.db	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\0b979bb3-e80f-4954-8003-e808e9fd78fe.tmp	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_000015	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\46e30c23928fbb5d_1	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\4923862deef97b41_0	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\db900955711666b9_0	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\7bd932f2760555fa_1	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Cloud Config\601c6be6-7117-47ed-9b18-15d1f0c6bd90.tmp	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\9cfc85cb-b14d-44ad-b9d0-9f8f0fca037e.tmp	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_00000e	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_000019	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\ae07498098fe48b8_0	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Crashpad\settings.dat	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\FirstLaunchAfterInstallation	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\DawnWebGPUCache\data_0	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\46e30c23928fbb5d_0	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\0f887dcd11f131ad_0	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Network\8f6807c7-280f-4edc-a264-d7c30b161762.tmp	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Data Protection Lists\2.0.0.0\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\c76dc0ecc0af0d30_0	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_00000b	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_00000d	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\cfeed3ed9fc2c7ec_0	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\ced6f6cd73b4d732_s	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Network\ee932cda-da48-47bd-b3b4-d3a016030db6.tmp	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\EdgePushStorageWithConnectTokens\LOCK	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\GPUCache\data_0	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\DawnGraphiteCache\index	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\SharedStorage-wal	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\GraphiteDawnCache\data_1	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\GraphiteDawnCache\data_2	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_00000a	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\175ae075ed318783_s	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Extension Scripts\LOCK	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\DawnWebGPUCache\data_3	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\DawnGraphiteCache\data_2	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Cache\Cache_Data\f_000023	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\EntityExtraction\EntityExtractionAssetStore.db\CURRENT	msedge.exe
File opened for modification	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Shortcuts	msedge.exe
File created	C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\d3e861bc-9971-4c8a-929a-3fdda0da3c04.tmp	msedge.exe

System Location Discovery: System Language Discovery 1 TTPs 6 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WMIC.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	selenium-manager.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876039857389806"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2873637269-1458872900-2373203793-1000\{195C0526-73EA-4627-8C03-F8841DC4B529}	msedge.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
5248	msedge.exe
5248	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe
4412	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeIncreaseQuotaPrivilege	4912	WMIC.exe
Token: SeSecurityPrivilege	4912	WMIC.exe
Token: SeTakeOwnershipPrivilege	4912	WMIC.exe
Token: SeLoadDriverPrivilege	4912	WMIC.exe
Token: SeSystemProfilePrivilege	4912	WMIC.exe
Token: SeSystemtimePrivilege	4912	WMIC.exe
Token: SeProfSingleProcessPrivilege	4912	WMIC.exe
Token: SeIncBasePriorityPrivilege	4912	WMIC.exe
Token: SeCreatePagefilePrivilege	4912	WMIC.exe
Token: SeBackupPrivilege	4912	WMIC.exe
Token: SeRestorePrivilege	4912	WMIC.exe
Token: SeShutdownPrivilege	4912	WMIC.exe
Token: SeDebugPrivilege	4912	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4912	WMIC.exe
Token: SeRemoteShutdownPrivilege	4912	WMIC.exe
Token: SeUndockPrivilege	4912	WMIC.exe
Token: SeManageVolumePrivilege	4912	WMIC.exe
Token: 33	4912	WMIC.exe
Token: 34	4912	WMIC.exe
Token: 35	4912	WMIC.exe
Token: 36	4912	WMIC.exe
Token: SeIncreaseQuotaPrivilege	4912	WMIC.exe
Token: SeSecurityPrivilege	4912	WMIC.exe
Token: SeTakeOwnershipPrivilege	4912	WMIC.exe
Token: SeLoadDriverPrivilege	4912	WMIC.exe
Token: SeSystemProfilePrivilege	4912	WMIC.exe
Token: SeSystemtimePrivilege	4912	WMIC.exe
Token: SeProfSingleProcessPrivilege	4912	WMIC.exe
Token: SeIncBasePriorityPrivilege	4912	WMIC.exe
Token: SeCreatePagefilePrivilege	4912	WMIC.exe
Token: SeBackupPrivilege	4912	WMIC.exe
Token: SeRestorePrivilege	4912	WMIC.exe
Token: SeShutdownPrivilege	4912	WMIC.exe
Token: SeDebugPrivilege	4912	WMIC.exe
Token: SeSystemEnvironmentPrivilege	4912	WMIC.exe
Token: SeRemoteShutdownPrivilege	4912	WMIC.exe
Token: SeUndockPrivilege	4912	WMIC.exe
Token: SeManageVolumePrivilege	4912	WMIC.exe
Token: 33	4912	WMIC.exe
Token: 34	4912	WMIC.exe
Token: 35	4912	WMIC.exe
Token: 36	4912	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5012	WMIC.exe
Token: SeSecurityPrivilege	5012	WMIC.exe
Token: SeTakeOwnershipPrivilege	5012	WMIC.exe
Token: SeLoadDriverPrivilege	5012	WMIC.exe
Token: SeSystemProfilePrivilege	5012	WMIC.exe
Token: SeSystemtimePrivilege	5012	WMIC.exe
Token: SeProfSingleProcessPrivilege	5012	WMIC.exe
Token: SeIncBasePriorityPrivilege	5012	WMIC.exe
Token: SeCreatePagefilePrivilege	5012	WMIC.exe
Token: SeBackupPrivilege	5012	WMIC.exe
Token: SeRestorePrivilege	5012	WMIC.exe
Token: SeShutdownPrivilege	5012	WMIC.exe
Token: SeDebugPrivilege	5012	WMIC.exe
Token: SeSystemEnvironmentPrivilege	5012	WMIC.exe
Token: SeRemoteShutdownPrivilege	5012	WMIC.exe
Token: SeUndockPrivilege	5012	WMIC.exe
Token: SeManageVolumePrivilege	5012	WMIC.exe
Token: 33	5012	WMIC.exe
Token: 34	5012	WMIC.exe
Token: 35	5012	WMIC.exe
Token: 36	5012	WMIC.exe
Token: SeIncreaseQuotaPrivilege	5012	WMIC.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
4412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5788 wrote to memory of 2780	5788	AccGenerator.exe	79
PID 5788 wrote to memory of 2780	5788	AccGenerator.exe	79
PID 2780 wrote to memory of 3480	2780	AccGenerator.exe	80
PID 2780 wrote to memory of 3480	2780	AccGenerator.exe	80
PID 2780 wrote to memory of 2468	2780	AccGenerator.exe	81
PID 2780 wrote to memory of 2468	2780	AccGenerator.exe	81
PID 2780 wrote to memory of 5176	2780	AccGenerator.exe	82
PID 2780 wrote to memory of 5176	2780	AccGenerator.exe	82
PID 2780 wrote to memory of 5368	2780	AccGenerator.exe	83
PID 2780 wrote to memory of 5368	2780	AccGenerator.exe	83
PID 2780 wrote to memory of 3444	2780	AccGenerator.exe	84
PID 2780 wrote to memory of 3444	2780	AccGenerator.exe	84
PID 2780 wrote to memory of 3444	2780	AccGenerator.exe	84
PID 3444 wrote to memory of 5656	3444	selenium-manager.exe	85
PID 3444 wrote to memory of 5656	3444	selenium-manager.exe	85
PID 3444 wrote to memory of 5656	3444	selenium-manager.exe	85
PID 5656 wrote to memory of 4912	5656	cmd.exe	86
PID 5656 wrote to memory of 4912	5656	cmd.exe	86
PID 5656 wrote to memory of 4912	5656	cmd.exe	86
PID 3444 wrote to memory of 4392	3444	selenium-manager.exe	88
PID 3444 wrote to memory of 4392	3444	selenium-manager.exe	88
PID 3444 wrote to memory of 4392	3444	selenium-manager.exe	88
PID 4392 wrote to memory of 5012	4392	cmd.exe	89
PID 4392 wrote to memory of 5012	4392	cmd.exe	89
PID 4392 wrote to memory of 5012	4392	cmd.exe	89
PID 3444 wrote to memory of 2392	3444	selenium-manager.exe	90
PID 3444 wrote to memory of 2392	3444	selenium-manager.exe	90
PID 3444 wrote to memory of 2392	3444	selenium-manager.exe	90
PID 2780 wrote to memory of 492	2780	AccGenerator.exe	91
PID 2780 wrote to memory of 492	2780	AccGenerator.exe	91
PID 2780 wrote to memory of 5312	2780	AccGenerator.exe	92
PID 2780 wrote to memory of 5312	2780	AccGenerator.exe	92
PID 5312 wrote to memory of 4412	5312	msedgedriver.exe	93
PID 5312 wrote to memory of 4412	5312	msedgedriver.exe	93
PID 4412 wrote to memory of 4488	4412	msedge.exe	94
PID 4412 wrote to memory of 4488	4412	msedge.exe	94
PID 4412 wrote to memory of 3304	4412	msedge.exe	95
PID 4412 wrote to memory of 3304	4412	msedge.exe	95
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96
PID 4412 wrote to memory of 4212	4412	msedge.exe	96

C:\Users\Admin\AppData\Local\Temp\AccGenerator.exe
"C:\Users\Admin\AppData\Local\Temp\AccGenerator.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:5788
- C:\Users\Admin\AppData\Local\Temp\AccGenerator.exe
  "C:\Users\Admin\AppData\Local\Temp\AccGenerator.exe"
  2⤵
  - Loads dropped DLL
  - Suspicious use of WriteProcessMemory
  PID:2780
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2468
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5176
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5368
- - C:\Users\Admin\AppData\Local\Temp\_MEI57882\selenium\webdriver\common\windows\selenium-manager.exe
    C:\Users\Admin\AppData\Local\Temp\_MEI57882\selenium\webdriver\common\windows\selenium-manager.exe --browser MicrosoftEdge --output json
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3444
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /v/c "wmic os get osarchitecture"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:5656
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic os get osarchitecture
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:4912
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /v/c "set PFILES=%PROGRAMFILES(X86)%&& wmic datafile where name='!PFILES:\=\\!\\Microsoft\\Edge\\Application\\msedge.exe' get Version /value"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of WriteProcessMemory
      PID:4392
    - - C:\Windows\SysWOW64\Wbem\WMIC.exe
        
        wmic datafile where name='C:\\Program Files (x86)\\Microsoft\\Edge\\Application\\msedge.exe' get Version /value
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of AdjustPrivilegeToken
        
        PID:5012
  - - C:\Windows\SysWOW64\cmd.exe
      "cmd" /v/c "msedgedriver --version"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2392
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "ver"
    3⤵
    PID:492
- - C:\Users\Admin\.cache\selenium\msedgedriver\win64\133.0.3065.92\msedgedriver.exe
    C:\Users\Admin\.cache\selenium\msedgedriver\win64\133.0.3065.92\msedgedriver.exe --port=49855
    3⤵
    - Executes dropped EXE
    - Checks system information in the registry
    - Suspicious use of WriteProcessMemory
    PID:5312
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --allow-pre-commit-input --disable-background-networking --disable-backgrounding-occluded-windows --disable-client-side-phishing-detection --disable-default-apps --disable-hang-monitor --disable-popup-blocking --disable-prompt-on-repost --disable-sync --enable-automation --enable-logging --log-level=0 --no-first-run --no-service-autorun --password-store=basic --remote-debugging-port=0 --test-type=webdriver --use-mock-keychain --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" data:,
      4⤵
      Uses browser remote debugging
      Drops file in Windows directory
      Enumerates system info in registry
      Modifies data under HKEY_USERS
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of WriteProcessMemory
      PID:4412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler --user-data-dir=C:\Windows\SystemTemp\scoped_dir5312_987051160 /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\SystemTemp\scoped_dir5312_987051160\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x268,0x26c,0x270,0x264,0x278,0x7ffd7114f208,0x7ffd7114f214,0x7ffd7114f220
        5⤵
        
        PID:4488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=1908,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=2108 --log-level=0 --mojo-platform-channel-handle=2104 /prefetch:11
        5⤵
        Drops file in Windows directory
        
        PID:3304
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2016,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=2020 --log-level=0 --mojo-platform-channel-handle=2012 /prefetch:2
        5⤵
        
        PID:4212
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=1468,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=2252 --log-level=0 --mojo-platform-channel-handle=3008 /prefetch:13
        5⤵
        
        PID:2532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --enable-automation --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3376,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=3456 --log-level=0 --mojo-platform-channel-handle=3452 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:1184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=3720,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=3856 --log-level=0 --mojo-platform-channel-handle=3852 /prefetch:14
        5⤵
        
        PID:5752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=3732,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=3868 --log-level=0 --mojo-platform-channel-handle=3860 /prefetch:14
        5⤵
        
        PID:828
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=3740,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=3912 --log-level=0 --mojo-platform-channel-handle=3876 /prefetch:14
        5⤵
        
        PID:2348
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --enable-automation --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4868,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=4452 --log-level=0 --mojo-platform-channel-handle=4816 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:5372
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --enable-automation --remote-debugging-port=0 --test-type=webdriver --allow-pre-commit-input --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --always-read-main-dll --field-trial-handle=3744,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=4420 --log-level=0 --mojo-platform-channel-handle=4416 /prefetch:1
        5⤵
        Uses browser remote debugging
        
        PID:2920
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=4664,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=3496 --log-level=0 --mojo-platform-channel-handle=3460 /prefetch:14
        5⤵
        
        PID:5992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=3412,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=3536 --log-level=0 --mojo-platform-channel-handle=3552 /prefetch:14
        5⤵
        
        PID:492
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=5764,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=5792 --log-level=0 --mojo-platform-channel-handle=5788 /prefetch:14
        5⤵
        
        PID:3908
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=1180
        6⤵
        
        PID:5584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=6056,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=6096 --log-level=0 --mojo-platform-channel-handle=6064 /prefetch:12
        5⤵
        
        PID:3612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=5780,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=6120 --log-level=0 --mojo-platform-channel-handle=6116 /prefetch:14
        5⤵
        Modifies registry class
        
        PID:1156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=6532,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=6068 --log-level=0 --mojo-platform-channel-handle=5744 /prefetch:14
        5⤵
        
        PID:3712
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=6016,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=6040 --log-level=0 --mojo-platform-channel-handle=5812 /prefetch:14
        5⤵
        
        PID:3148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=2076,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=5420 --log-level=0 --mojo-platform-channel-handle=5704 /prefetch:14
        5⤵
        
        PID:1436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=3552,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=4704 --log-level=0 --mojo-platform-channel-handle=3332 /prefetch:14
        5⤵
        
        PID:4008
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=5884,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=3536 --log-level=0 --mojo-platform-channel-handle=3484 /prefetch:14
        5⤵
        
        PID:412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=3564,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=3484 --log-level=0 --mojo-platform-channel-handle=6040 /prefetch:10
        5⤵
        Suspicious behavior: EnumeratesProcesses
        
        PID:5248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --user-data-dir="C:\Windows\SystemTemp\scoped_dir5312_987051160" --always-read-main-dll --field-trial-handle=5644,i,12885027840255222637,17377271152280446096,262144 --enable-features=msMetricsLogFastStartup,msSendMetricsLogOnClose --variations-seed-version --enable-logging=handle --log-file=4988 --log-level=0 --mojo-platform-channel-handle=5392 /prefetch:14
        5⤵
        
        PID:5184
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:916
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3584
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5768
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3000
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1480
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5588
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3148
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2412
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2236
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2296
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2816
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5368
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3196
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4608
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3132
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:772
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5316
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3116
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5504
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5400
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2908
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3268
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:128
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4992
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3404
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4012
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4732
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2084
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4676
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4684
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4152
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2420
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3340
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5320
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3520
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2976
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:860
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3640
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4900
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:960
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:580
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:5076
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2796
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:4724
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:3452
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:1372
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:484
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2264
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c cls
    3⤵
    PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Modify Authentication Process

T1556

Privilege Escalation

Defense Evasion

Modify Authentication Process

T1556

Credential Access

Modify Authentication Process

T1556

Steal Web Session Cookie

T1539

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\.cache\selenium\msedgedriver\win64\133.0.3065.92\msedgedriver.exe

Filesize
17.6MB

MD5
3fb518625fa8c1d344b4c9e349c288fb

SHA1
429f8c971282793d0498403028f915b2422f2f97

SHA256
7175b9c953d57e55953e8de19b2a0ce26c052dcd03958ddaf04b444c2cbf10de

SHA512
c8aefe6534d91f7ac67b50b341f114181c88333bcd16447fe84f96665fe727e337a79aa1eec5771e835f48854f579b4b3aa7673fe65405ae0485de2d02710435

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\VCRUNTIME140.dll

Filesize
106KB

MD5
4585a96cc4eef6aafd5e27ea09147dc6

SHA1
489cfff1b19abbec98fda26ac8958005e88dd0cb

SHA256
a8f950b4357ec12cfccddc9094cca56a3d5244b95e09ea6e9a746489f2d58736

SHA512
d78260c66331fe3029d2cc1b41a5d002ec651f2e3bbf55076d65839b5e3c6297955afd4d9ab8951fbdc9f929dbc65eb18b14b59bce1f2994318564eb4920f286

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\_bz2.pyd

Filesize
82KB

MD5
a62207fc33140de460444e191ae19b74

SHA1
9327d3d4f9d56f1846781bcb0a05719dea462d74

SHA256
ebcac51449f323ae3ae961a33843029c34b6a82138ccd9214cf99f98dd2148c2

SHA512
90f9db9ee225958cb3e872b79f2c70cb1fd2248ebaa8f3282afff9250285852156bf668f5cfec49a4591b416ce7ebaaac62d2d887152f5356512f2347e3762b7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\_hashlib.pyd

Filesize
63KB

MD5
787b82d4466f393366657b8f1bc5f1a9

SHA1
658639cddda55ac3bfc452db4ec9cf88851e606b

SHA256
241322647ba9f94bdc3ae387413ffb57ae14c8cf88bd564a31fe193c6ca43e37

SHA512
afcf66962958f38eec8b591aa30d380eb0e1b41028836058ff91b4d1472658de9fba3262f5c27ba688bd73da018e938f398e45911cd37584f623073067f575b6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\_lzma.pyd

Filesize
155KB

MD5
0c7ea68ca88c07ae6b0a725497067891

SHA1
c2b61a3e230b30416bc283d1f3ea25678670eb74

SHA256
f74aaf0aa08cf90eb1eb23a474ccb7cb706b1ede7f911daf7ae68480765bdf11

SHA512
fd52f20496a12e6b20279646663d880b1354cffea10793506fe4560ed7da53e4efba900ae65c9996fbb3179c83844a9674051385e6e3c26fb2622917351846b9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\_queue.pyd

Filesize
31KB

MD5
06248702a6cd9d2dd20c0b1c6b02174d

SHA1
3f14d8af944fe0d35d17701033ff1501049e856f

SHA256
ac177cd84c12e03e3a68bca30290bc0b8f173eee518ef1fa6a9dce3a3e755a93

SHA512
5b22bbff56a8b48655332ebd77387d307f5c0a526626f3654267a34bc4863d8afaf08ff3946606f3cf00b660530389c37bdfac91843808dbebc7373040fec4c1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\_socket.pyd

Filesize
77KB

MD5
26dd19a1f5285712068b9e41808e8fa0

SHA1
90c9a112dd34d45256b4f2ed38c1cbbc9f24dba5

SHA256
eaabf6b78840daeaf96b5bdbf06adf0e4e2994dfeee5c5e27fefd824dbda5220

SHA512
173e1eda05d297d7da2193e8566201f05428437adcac80aecefe80f82d46295b15ce10990b5c080325dc59a432a587eef84a15ec688a62b82493ad501a1e4520

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\_ssl.pyd

Filesize
157KB

MD5
ab0e4fbffb6977d0196c7d50bc76cf2d

SHA1
680e581c27d67cd1545c810dbb175c2a2a4ef714

SHA256
680ad2de8a6cff927822c1d7dd22112a3e8a824e82a7958ee409a7b9ce45ec70

SHA512
2bff84a8ec7a26dde8d1bb09792ead8636009c8ef3fa68300a75420197cd7b6c8eaaf8db6a5f97442723e5228afa62961f002948e0eeee8c957c6517547dffba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\_uuid.pyd

Filesize
24KB

MD5
aea6a82bfa35b61d86e8b6a5806f31d6

SHA1
7c21b7147b391b7195583ab695717e38fe971e3e

SHA256
27b9545f5a510e71195951485d3c6a8b112917546fe5e8e46579b8ff6ce2acb0

SHA512
133d11535dea4b40afeca37f1a0905854fc4d2031efe802f00dd72e97b1705ca7ffe461acf90a36e2077534fe4df94d9469e99c64dbd3f301e5bca5c327fdc65

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\base_library.zip

Filesize
1.7MB

MD5
ebb4f1a115f0692698b5640869f30853

SHA1
9ba77340a6a32af08899e7f3c97841724dd78c3f

SHA256
4ab0deb6a298d14a0f50d55dc6ce5673b6c5320817ec255acf282191642a4576

SHA512
3f6ba7d86c9f292344f4ad196f4ae863bf936578dd7cfac7dc4aaf05c2c78e68d5f813c4ed36048b6678451f1717deeb77493d8557ee6778c6a70beb5294d21a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\certifi\cacert.pem

Filesize
272KB

MD5
8d0619bfe30deadf6f21196f0f8d53d3

SHA1
e7abd65a8ccafeff6caf6a2ff98d27d24d87c9ad

SHA256
b301535dca491d9814ea28faa320ac7a19d0f5d94237996fa0a3b5a936432514

SHA512
5a88e4a06b98832aaa9bbb89e382f6c7e9b65c5ecba48de8f4ff1fa58bb06a74b9c2f6b2ec185c2a306cb0b5d68d0b28d74b323432a0b2953d8dfc29fed920d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\charset_normalizer\md.cp311-win_amd64.pyd

Filesize
10KB

MD5
fa50d9f8bce6bd13652f5090e7b82c4d

SHA1
ee137da302a43c2f46d4323e98ffd46d92cf4bef

SHA256
fff69928dea1432e0c7cb1225ab96f94fd38d5d852de9a6bb8bf30b7d2bedceb

SHA512
341cec015e74348eab30d86ebb35c028519703006814a2ecd19b9fe5e6fcb05eda6dde0aaf4fe624d254b0d0180ec32adf3b93ee96295f8f0f4c9d4ed27a7c0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\charset_normalizer\md__mypyc.cp311-win_amd64.pyd

Filesize
113KB

MD5
2d1f2ffd0fecf96a053043daad99a5df

SHA1
b03d5f889e55e802d3802d0f0caa4d29c538406b

SHA256
207bbae9ddf8bdd64e65a8d600fe1dd0465f2afcd6dc6e28d4d55887cd6cbd13

SHA512
4f7d68f241a7f581e143a010c78113154072c63adff5f200ef67eb34d766d14ce872d53183eb2b96b1895aa9c8d4ca82ee5e61e1c5e655ff5be56970be9ebe3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\libcrypto-1_1.dll

Filesize
3.3MB

MD5
9d7a0c99256c50afd5b0560ba2548930

SHA1
76bd9f13597a46f5283aa35c30b53c21976d0824

SHA256
9b7b4a0ad212095a8c2e35c71694d8a1764cd72a829e8e17c8afe3a55f147939

SHA512
cb39aa99b9d98c735fdacf1c5ed68a4d09d11f30262b91f6aa48c3f8520eff95e499400d0ce7e280ca7a90ff6d7141d2d893ef0b33a8803a1cadb28ba9a9e3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\libssl-1_1.dll

Filesize
688KB

MD5
bec0f86f9da765e2a02c9237259a7898

SHA1
3caa604c3fff88e71f489977e4293a488fb5671c

SHA256
d74ce01319ae6f54483a19375524aa39d9f5fd91f06cf7df238ca25e043130fd

SHA512
ffbc4e5ffdb49704e7aa6d74533e5af76bbe5db297713d8e59bd296143fe5f145fbb616b343eed3c48eceaccccc2431630470d8975a4a17c37eafcc12edd19f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\python311.dll

Filesize
5.5MB

MD5
e2bd5ae53427f193b42d64b8e9bf1943

SHA1
7c317aad8e2b24c08d3b8b3fba16dd537411727f

SHA256
c4844b05e3a936b130adedb854d3c04d49ee54edb43e9d36f8c4ae94ccb78400

SHA512
ae23a6707e539c619fd5c5b4fc6e4734edc91f89ebe024d25ff2a70168da6105ac0bd47cf6bf3715af6411963caf0acbb4632464e1619ca6361abf53adfe7036

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\select.pyd

Filesize
29KB

MD5
756c95d4d9b7820b00a3099faf3f4f51

SHA1
893954a45c75fb45fe8048a804990ca33f7c072d

SHA256
13e4d9a734a453a3613e11b6a518430099ad7e3d874ea407d1f9625b7f60268a

SHA512
0f54f0262cf8d71f00bf5666eb15541c6ecc5246cd298efd3b7dd39cdd29553a8242d204c42cfb28c537c3d61580153200373c34a94769f102b3baa288f6c398

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\selenium\webdriver\common\windows\selenium-manager.exe

Filesize
3.0MB

MD5
b97e5ecdfd825a3a31183927e23e0199

SHA1
ab3d793868cc689699ce35d27e53cd0b8db76fcf

SHA256
c99709759258ae4a7174e23d395801f1e709f743d12ffe3e00bc638ae59fadfb

SHA512
61a8e401013d3fb04be465bab2eeb943585e11ae7249b5cfd16fcd1fdc12a433151c1e701a202c6b9a5ccbb4254d6b60b91da787e9666028c7190a2d6ced64f2

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI57882\unicodedata.pyd

Filesize
1.1MB

MD5
58f7988b50cba7b793884f580c7083e1

SHA1
d52c06b19861f074e41d8b521938dee8b56c1f2e

SHA256
e36d14cf49ca2af44fae8f278e883341167bc380099dac803276a11e57c9cfa1

SHA512
397fa46b90582f8a8cd7df23b722204c38544717bf546837c45e138b39112f33a1850be790e248fca5b5ecd9ed7c91cd1af1864f72717d9805c486db0505fb9c

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4412_1038931346\manifest.fingerprint

Filesize
66B

MD5
3fb5233616491df0ec229ba9f42efdb8

SHA1
18a8116e2df9805accd7901d2321c3fa92da1af4

SHA256
946f3a9e019b0d80f5671de782f295132341f663f74aebad7628f22e528d6d52

SHA512
e9b17ac626bf6508db9a686825411e90d316a0f1dacbf63dbec5baaaf6b96af4dbc9a7332975b6d5c16c43757d79fddca6b888ea97bc07a8dffb1b3a06366b4d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4412_1687490534\manifest.json

Filesize
134B

MD5
049c307f30407da557545d34db8ced16

SHA1
f10b86ebfe8d30d0dc36210939ca7fa7a819d494

SHA256
c36944790c4a1fa2f2acec5f7809a4d6689ecb7fb3b2f19c831c9adb4e17fc54

SHA512
14f04e768956bdd9634f6a172104f2b630e2eeada2f73b9a249be2ec707f4a47ff60f2f700005ca95addd838db9438ad560e5136a10ed32df1d304d65f445780

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4412_825361695\manifest.json

Filesize
160B

MD5
a24a1941bbb8d90784f5ef76712002f5

SHA1
5c2b6323c7ed8913b5d0d65a4d21062c96df24eb

SHA256
2a7fe18a087d8e8be847d9569420b6e8907917ff6ca0fa42be15d4e3653c8747

SHA512
fd7dfec3d46b2af0bddb5aaeae79467507e0c29bab814007a39ea61231e76123659f18a453ed3feb25f16652a0c63c33545e2a0d419fafea89f563fca6a07ce2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping4412_846356862\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\AutoLaunchProtocolsComponent\1.0.0.9\protocols.json

Filesize
3KB

MD5
f9fd82b572ef4ce41a3d1075acc52d22

SHA1
fdded5eef95391be440cc15f84ded0480c0141e3

SHA256
5f21978e992a53ebd9c138cb5391c481def7769e3525c586a8a94f276b3cd8d6

SHA512
17084cc74462310a608355fbeafa8b51f295fb5fd067dfc641e752e69b1ee4ffba0e9eafa263aab67daab780b9b6be370dd3b54dd4ba8426ab499e50ff5c7339

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Crashpad\settings.dat

Filesize
280B

MD5
6469e9cdf6d53a5cbcaf02134203b3dd

SHA1
3ae49f14ad86daf4a6b348a3ef6aaeff8c307d64

SHA256
f2a620034e57c93a074ad98cb4d957ea1723deeb705d2adccdeff68fb47b961b

SHA512
229f4e87fe554c332374c267352cb534108ed0dc117c74fb571712c95a8a67c22e94f26c0814added452f240fc93b7f921e35e21af3b55570601eba25bbbc43b

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Crashpad\settings.dat

Filesize
280B

MD5
6165b7fb5325fb78bfd4ecfb8bea9857

SHA1
12b0f4fdf1a63c7b88767551fc22f91bf56e7716

SHA256
12d0dd3878cfc6bf2dac5757d2b4992f39d8b3529567029b7770ac7120295398

SHA512
736aa758ff246c91d88506c98da4958447e32c4881654e71b2e6705def8d822a3668c1816794217524e5238a59007d37a70fc67ccc45c06e93c70835a5b5d110

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Crashpad\throttle_store.dat

Filesize
20B

MD5
9e4e94633b73f4a7680240a0ffd6cd2c

SHA1
e68e02453ce22736169a56fdb59043d33668368f

SHA256
41c91a9c93d76295746a149dce7ebb3b9ee2cb551d84365fff108e59a61cc304

SHA512
193011a756b2368956c71a9a3ae8bc9537d99f52218f124b2e64545eeb5227861d372639052b74d0dd956cb33ca72a9107e069f1ef332b9645044849d14af337

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
9d54ee598bfd45c351dcb5431f0406e6

SHA1
e70cb6d9b4debad8047ead9011a3205093dda980

SHA256
f7f67acc477ed4a4a88d8a2ff979c982d032ba30f805484dfb3cf60d0759131e

SHA512
98ad7c44fdee8aa2cdaf3a50c0b8a9306aa9e5e93e002d78cd1a68300b3cc61eecffa12c25eb15a9b6222a574d1c2c8a1103b0edc23ee1c3e4b9819901a506e2

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
b627d63bf9d25af99f7c9783d61e3529

SHA1
50538cc0fa4489a235fc9f23c9da2e0c8df903df

SHA256
09e2ab439067ebd9c3472a547855ef9ec03b87dafd5102a242ec4842ff66dd60

SHA512
5481dd527aa4f7b0b955284b0c88805650a02204ce8a1b6f33c9fb83691a794a88531c234aae322513efd52a11b9e6af90f7ce19041dd08c6fb9ba345e28e258

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Extension Rules\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Extension Scripts\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\IndexedDB\https_www.roblox.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Network\Network Persistent State

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Network\Network Persistent State

Filesize
2KB

MD5
158b1d629042cb63f688c34d5e57e7a2

SHA1
2115a24a400d563a8be2d186c88a523192ad9548

SHA256
94478dbc4f05114949161a4007989c6c061d594a57ff35225e1c4f60a2b60a20

SHA512
798d0960c39761c49c3b33828ed50c04bc058f98f6cf3fbe531e3a4ffe22506c047971bfe5a80623a321f1ff6bfcef3c01b91d54759566588dd4ca784dfe1619

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Network\Network Persistent State~RFe583999.TMP

Filesize
59B

MD5
78bfcecb05ed1904edce3b60cb5c7e62

SHA1
bf77a7461de9d41d12aa88fba056ba758793d9ce

SHA256
c257f929cff0e4380bf08d9f36f310753f7b1ccb5cb2ab811b52760dd8cb9572

SHA512
2420dff6eb853f5e1856cdab99561a896ea0743fcff3e04b37cb87eddf063770608a30c6ffb0319e5d353b0132c5f8135b7082488e425666b2c22b753a6a4d73

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Preferences

Filesize
713B

MD5
e048a8596409adadfe3ff10db8e5efbb

SHA1
332d79dfb5c30c125c8b030caaf0b007b1b1af31

SHA256
e19cd56e347efca1cadfc1fd6875ef82b35631e5cb7f9b54aa4bb9ea71ff66b0

SHA512
1758879d426dcd224c06dfc32ba2930f453e52bf8b9a85c3149cab82ba4c19a6637d6a27ce605e8925c17352ba7eb93223fb7d1441cbfec8252569a08cb11f5e

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Preferences

Filesize
11KB

MD5
bb3159c7feb0a4683bc01e2edb932ae5

SHA1
2c2e65e4805463d56afd56bc04fa08f740f30e93

SHA256
bfa606cd814a63057a18444ad7c3038a35e61a1f62ec1b5a02aa1683f2006d60

SHA512
c81ed495195691b54ce4ebee61838848c5412f03ffdb1f5ebfc462c8b8055dbe5fde5b2cbc1f4d80112f5fae833be3f20e6830faf2fa0c6a850eeabed658ca7e

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Default\Preferences

Filesize
12KB

MD5
c28b19bca11236d18f934189acc7dda4

SHA1
573afac33ce789a773299b197bbc56c0f7082889

SHA256
550ccafc5b52449c03ff31996011c43797c07887e3b17dc90c7635669022a2a2

SHA512
11056c028ee8314add86f9ebebaecb35283b01f2bbb1448508f37c2667e7c02bbe70a141b8f56b3c8b3cd8ede3c39302ed5bd2acc60d74e9686828e1f9c174c5

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\DevToolsActivePort

Filesize
60B

MD5
096f9608c83480f906611baabca51618

SHA1
4ebc521fcd12e90ec693ed4faf4a707fa1f0d304

SHA256
56333ba4d15222b9b6cacfc6b26dfc10fbb3e7708d28bde04f37328adccabbd1

SHA512
a5cfcdc5796dcba63ed034872b698e6e6cf3171e608a9239e22cc0d6dd5d0c1f5ad4b0a0cd9863b743753f300e2e1373c19cced72e6e85ea30152f9f6d284cce

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
a63f736fc81c2115b198747d7d85a1ed

SHA1
ef46b1822fa9aaf37ae201cf778668ce35a6d742

SHA256
bdf0f33791dc5ac7bd0561d33690857c80bab1b2fd8858688b0e21e5d21004e4

SHA512
010f97aaec4133ed697d3aea17bce8e9b2a010303dd16fc2e050eecdac257be979b58affce227d0b9f1b736390b04730e71d9cac3fd504fc106508b7275654af

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Cloud Config\CloudConfigLog

Filesize
876B

MD5
bfde0ab896dab4c39186e6e200419226

SHA1
3f396a561d3c86273b3160435e6403f9db82fe19

SHA256
fdbc9a4e8406457f0cc87eeef91023d40819a7083328d357e0da534708b078b7

SHA512
19c06a36aa4518819b54e8241dfcdb12140e689b2751b8b744537670d010a29785ac15a20f7e975ab67b99c3c6ad2441c5c372435aa7eabfbbd826e57b1bfd2c

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Cloud Config\CloudConfigLog~RFe58d387.TMP

Filesize
467B

MD5
9ec4c8f2c6747b7a71b353c83fc316ab

SHA1
d6861811e9e256dda83cceed87b729b75545d408

SHA256
a1f8f5be64f97a889e06b2016d5112b9c634d23237763acdfb31d3006d2a979a

SHA512
1bb2ebc46a714e5e51ee83a2499709d8696dcab02dc34c5741be0d6b9c359dbc9914b9dd89a6040227eba7e3e66d25394209313ed87b87f9c91233f61fbc1d0d

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Cloud Config\OperationConfig

Filesize
22KB

MD5
56a63f182b2938fbe3e59fbf9681dc08

SHA1
b76578ca24fb20b8bd5dafad4296e5a46735a5e1

SHA256
36edc2510fb072092e4c6b95efe4521857d9dcb7f0b45afdf5e8ef02e5d19593

SHA512
b17246b7c61e26fce1f211311b578d6b3d22c03a042137bb2bb5b23018ce5290a8fbf7a34b2f66fa30b2027296b8a570478f66a144385c320d63c1cef64434f8

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Cloud Config\OperationConfig~RFe58d472.TMP

Filesize
3KB

MD5
c7569efb2fa9fe93c0ea2f0896f54036

SHA1
e231c700b778b624f6065b035e5803fdd8b4db4b

SHA256
2422f055fd21adce7a027c3eaab1bbc474345a26cb1b9762b3d7572ebde67d3f

SHA512
c394da9a75cca87f6e20cb2abbc2e087d3e374b613bbc960f255ebfc8f01d4349fc8a487ec56ff8141f47566cf021dc33196e42b6295ce5399ff78e5ce4b066f

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Edge Data Protection Lists\2.0.0.0\office_endpoints_list.json

Filesize
3KB

MD5
94406cdd51b55c0f006cfea05745effb

SHA1
a15dc50ca0fd54d6f54fbc6e0788f6dcfc876cc9

SHA256
8480f3d58faa017896ba8239f3395e3551325d7a6466497a9a69bf182647b25e

SHA512
d4e621f57454fea7049cffc9cc3adfb0d8016360912e6a580f6fe16677e7dd7aa2ee0671cb3c5092a9435708a817f497c3b2cc7aba237d32dbdaae82f10591c3

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\GrShaderCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\GraphiteDawnCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\GraphiteDawnCache\data_1

Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\GraphiteDawnCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Local State

Filesize
1KB

MD5
96eb838bea3267f911323ac7c34154a8

SHA1
087bec78afc65f8fd309cd24411181a0a9f596cf

SHA256
4ac6774274e52f8b56bc1985b6869bce4c6f02599eff5aebce7e62c1b61f4e91

SHA512
f8a927a1a7d974ddb9c5de0689efeb30cb3cf93ffab62bfeb57115796d73cfbd5506685a58eef18d6c9175d9f4b75d8d3537dfdedb35cf0fbe9db39d70b7fb02

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Local State

Filesize
4KB

MD5
68c49ade0a2be3f803a742dcfbb83f72

SHA1
99989a26a3fadc03d48829fa2fd87557ab790b95

SHA256
8739c980974dbcb6c8e77f438010a583b1e9a6e98d989be4ee95066070090f56

SHA512
27c2d32a8719f9172ad030190a6762bdb21d5931fa4b23ba5616ac9728ffe5ccead2a12c538e4d8bc3f4c25545d978f7d9cb705704d7406892d818f9b3143594

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Local State

Filesize
6KB

MD5
58c598c1bbe9a2c55bc2df6797a293d5

SHA1
e9bb88342771233ee2572892fb9f3d3e3f03e3a3

SHA256
ac16ec734e4b3812a8c426d4952cb60d5ba12a6b8135ef1daa0316082cc84101

SHA512
f794397ffb3187b8139b7eedc8053c6a7accf485d9ad2c0d1bf18711a199b07f6585c49d930d7b9216a92b1805abdd67e73cc84fe0a290c01587b2fe58479e37

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Local State

Filesize
78B

MD5
8b61e917846ffa930e0cb308c1f1a026

SHA1
3d9e507a7a41e36a1c25659ad72a448368134fad

SHA256
bfe95ecd1ff945712f2697925858b4a50834f6b96d90ab230b448317fc602aeb

SHA512
244ceef0649f72c7371c96667cc829bfbf6c853d173d89a3f206b3384ca95f48f5d5a4defec7897d84a876336942308a9d3357db3ff56cb80c6d9aa1ce5b5fe9

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Local State

Filesize
5KB

MD5
190bf96c9424b7ce0dbd148bc1dc4759

SHA1
c5cf730f6afa75b0929e11a729156ea97c79ba00

SHA256
7223f005c5e92f716045170b5ba41dc03bf74d90d92fe33e5612d7ff14ac7b1a

SHA512
8108272bf456f3016cc053b3201ff46cda401e13f22900ef37387f9c8258ac37ad10d1a98b4bcac5a9ba19e230404c85a2805e77d885bd5c8254b355920a0786

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Local State

Filesize
15KB

MD5
4d078be67301666c52fd728343bfc27e

SHA1
0d0a90dce16f991b295f752de22aa32e32db0583

SHA256
858c1d5a96e1bd2d7e44d83e67dfd176190265a79ace80e137114201a042ae8a

SHA512
320879925365d0d5b29fc1bd44b068bc00ca5d86f83a70f29ebfd4aefc64988681e052635758e1e63865d37175c1c7a5d39adee77906d831cf957d9edc8b9875

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\Local State

Filesize
15KB

MD5
1bff0469c96637d005efe955356194a8

SHA1
a2b67f97819e0ac812034014bf406110cc3cc256

SHA256
7e4d162f6a775b4760be8f7c0ae1bb2517c8fb17e07311a6f4a091ce569c1caa

SHA512
b5219d11ccf1d12ce8a10e697c55742dc90f6e3d3457194c8dc87d88eb5386e16e1431ed18a5961a0258e926f67a7d0f00a7d523288142842068158f667595b8

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\OriginTrials\0.0.1.7\manifest.json

Filesize
43B

MD5
af3a9104ca46f35bb5f6123d89c25966

SHA1
1ffb1b0aa9f44bdbc57bdf4b98d26d3be0207ee8

SHA256
81bd82ac27612a58be30a72dd8956b13f883e32ffb54a58076bd6a42b8afaeea

SHA512
6a7a543fa2d1ead3574b4897d2fc714bb218c60a04a70a7e92ecfd2ea59d67028f91b6a2094313f606560087336c619093f1d38d66a3c63a1d1d235ca03d36d1

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\chrome_debug.log

Filesize
1KB

MD5
cee593746cab163c3c451f6cc092a4ed

SHA1
1ce0f9c04610feea42c315a8f4569d474439b7e1

SHA256
9e044c9803273494030e56324bcd7482464e761c77bc1d965f4e043b5543fc2c

SHA512
6e76608300bf34075066df233f3091db7f092ea7f0a8fb458aa1dc2f47ca933beb1873846b5fb3c98688f18c429d1f94dd2c8dda7885285bf5180142dddfa2f6

Download Submit
C:\Windows\SystemTemp\scoped_dir5312_987051160\chrome_debug.log

Filesize
5KB

MD5
c5907e15ad67257b79e247179e476253

SHA1
81ba813d6edf150193ab664631976e9c098ab780

SHA256
2afe82b40daa8676d9a6fe53f73c054bdaa7f97f1be3ae37de2808a82715cbfe

SHA512
e2af49f30e796832343123b7edec26bf838c18a55c0e6f7d2a13cda430ed232b9b57ed48300610d263a0378a6f818c03d040257758321b2002eaff7b62167791

Download Submit