d924926446eff5ea2f185c29a92b2e1e62bdacd630dd33137e6e35df6fd4735e

Analysis

max time kernel
1799s
max time network
1484s
platform
windows11-21h2_x64
resource
win11-20250313-en
resource tags

arch:x64arch:x86image:win11-20250313-enlocale:en-usos:windows11-21h2-x64system
submitted
28/03/2025, 17:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

scarey.exe
Size

15.3MB
MD5

29805ee1be108e4c41b300c90f0c645c
SHA1

8d369ce4e631d79a92a0774ccc8ca1083fce84e5
SHA256

d924926446eff5ea2f185c29a92b2e1e62bdacd630dd33137e6e35df6fd4735e
SHA512

5dc878ea99be940cfe1bc057def3a61e0486b26905fb9660d50d76144a48a5adb239e8b21fc937670be0e49f2353257ba08f485bb6c969d74a2b50b84a055d99
SSDEEP

393216:HHW8Uwq3Obs2CltXMCHWUjZVg74w/ADF5ILf5kvsWP:nW8Uwq3ObRqtXMb8rDw/KLILf5kvLP

Score

9^/10

bootkit credential_access defense_evasion discovery execution impact lateral_movement persistence ransomware spyware stealer trojan

Malware Config

Signatures

Deletes shadow copies 3 TTPs
Ransomware often targets backup files to inhibit system recovery.
ransomware defense_evasion impact execution

File Deletion
T1070.004

Inhibit System Recovery
T1490

Windows Management Instrumentation
T1047
Renames multiple (250) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware
Disables Task Manager via registry modification
defense_evasion

Downloads MZ/PE file 1 IoCs

flow	pid	Process
300	1744	chrome.exe

Credentials from Password Stores: Windows Credential Manager 1 TTPs
Suspicious access to Credentials History.
credential_access stealer

Windows Credential Manager
T1555.004

Executes dropped EXE 2 IoCs

pid	Process
4824	spsetup133.exe
5408	Speccy64.exe

Loads dropped DLL 64 IoCs

pid	Process
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
2452	scarey.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Speccy64.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\W:	Speccy64.exe
File opened (read-only)	\??\B:	Speccy64.exe
File opened (read-only)	\??\G:	Speccy64.exe
File opened (read-only)	\??\L:	Speccy64.exe
File opened (read-only)	\??\N:	Speccy64.exe
File opened (read-only)	\??\P:	Speccy64.exe
File opened (read-only)	\??\E:	Speccy64.exe
File opened (read-only)	\??\H:	Speccy64.exe
File opened (read-only)	\??\I:	Speccy64.exe
File opened (read-only)	\??\K:	Speccy64.exe
File opened (read-only)	\??\T:	Speccy64.exe
File opened (read-only)	\??\Z:	Speccy64.exe
File opened (read-only)	\??\Q:	Speccy64.exe
File opened (read-only)	\??\S:	Speccy64.exe
File opened (read-only)	\??\X:	Speccy64.exe
File opened (read-only)	\??\Y:	Speccy64.exe
File opened (read-only)	\??\A:	Speccy64.exe
File opened (read-only)	\??\J:	Speccy64.exe
File opened (read-only)	\??\M:	Speccy64.exe
File opened (read-only)	\??\O:	Speccy64.exe
File opened (read-only)	\??\R:	Speccy64.exe
File opened (read-only)	\??\U:	Speccy64.exe
File opened (read-only)	\??\V:	Speccy64.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 1 IoCs

Web Service

T1102

flow	ioc
138	cloudflare-ipfs.com

Remote Services: SMB/Windows Admin Shares 1 TTPs 1 IoCs

Adversaries may use Valid Accounts to interact with a remote network share using Server Message Block (SMB).

lateral_movement

SMB/Windows Admin Shares

T1021.002

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\LanmanServer\Parameters\NullSessionPipes	Speccy64.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Speccy64.exe
File opened for modification	\??\PHYSICALDRIVE0	Speccy64.exe

Drops file in System32 directory 4 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_cc6edbde0940344f\keyboard.PNF	Speccy64.exe
File created	\??\c:\windows\system32\driverstore\filerepository\keyboard.inf_amd64_cc6edbde0940344f\keyboard.PNF	Speccy64.exe
File created	C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_5ab7d1c25144fcab\msmouse.PNF	Speccy64.exe
File created	\??\c:\windows\system32\driverstore\filerepository\msmouse.inf_amd64_5ab7d1c25144fcab\msmouse.PNF	Speccy64.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000\Control Panel\Desktop\Wallpaper	scarey.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\License.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt.lock	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\AugLoop\third-party-notices.txt.lock	scarey.exe
File created	C:\Program Files\Speccy\Lang\lang-1051.dll	spsetup133.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fr.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hy.txt	scarey.exe
File created	C:\Program Files\WindowsApps\Microsoft.VP9VideoExtensions_1.0.41182.0_x64__8wekyb3d8bbwe\Third Party Notices.txt	scarey.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\ROMAN.TXT	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense_eula.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\da.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ca.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt.lock	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\lpklegal.txt	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\LyncVDI_Eula.txt	scarey.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt	scarey.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Resource\TypeSupport\Unicode\Mappings\Mac\CENTEURO.TXT	scarey.exe
File created	C:\Program Files\Speccy\uninst.exe	spsetup133.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt	scarey.exe
File opened for modification	C:\Program Files (x86)\Microsoft\EdgeUpdate_disable\1.3.195.43\NOTICE.TXT.lock	scarey.exe
File created	C:\Program Files (x86)\Windows NT\TableTextService\TableTextServiceArray.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tt.txt	scarey.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\Dictionaries\en_US\README_en_US.txt	scarey.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_CA\added.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\vi.txt	scarey.exe
File created	C:\Program Files\Common Files\microsoft shared\ink\ThirdPartyNotices.MSHWLatin.txt	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientOSub2019_eula.txt.lock	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\client_eula.txt.lock	scarey.exe
File opened for modification	C:\Program Files\dotnet\ThirdPartyNotices.txt.lock	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_security_terms_dict.txt.lock	scarey.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\COPYING.txt.lock	scarey.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\lua\http\requests\README.txt	scarey.exe
File created	C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_4.6.3102.0_x64__8wekyb3d8bbwe\ThirdPartyNotices.txt	scarey.exe
File created	C:\Program Files\Speccy\Lang\lang-1037.dll	spsetup133.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\SkypeForBusinessBasic2019_eula.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt.lock	scarey.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Mocking.help.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt.lock	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng.txt	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\1033\ClientVolumeLicense2019_eula.txt	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\PersonaSpy\notice.txt.lock	scarey.exe
File created	C:\Program Files\Speccy\Lang\lang-1055.dll	spsetup133.exe
File created	C:\Program Files\Speccy\Lang\lang-3098.dll	spsetup133.exe
File created	C:\Program Files (x86)\WindowsPowerShell\Modules\Pester\3.4.0\en-US\about_Pester.help.txt	scarey.exe
File created	C:\Program Files\Speccy\Lang\lang-1034.dll	spsetup133.exe
File opened for modification	C:\Program Files\7-Zip\Lang\an.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nn.txt.lock	scarey.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\Providers\Plugins2\AdobeHunspellPlugin\SupplementalDictionaries\en_GB\excluded.txt.lock	scarey.exe
File opened for modification	C:\Program Files\Microsoft Office\root\Office16\Configuration\card_terms_dict.txt	scarey.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	scarey.exe
File created	C:\Program Files\Windows NT\TableTextService\TableTextServiceYi.txt	scarey.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\LICENSE.txt.lock	scarey.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\Reader\DC\Linguistics\LanguageNames2\DisplayLanguageNames.en_US.txt	scarey.exe
File created	C:\Program Files\Speccy\Lang\lang-1059.dll	spsetup133.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	scarey.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\AUTHORS.txt.lock	scarey.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\bnpl\bnpl.html	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-hub\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-mobile-hub\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification-shared\sv\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\Notification\notification_fast.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_936343147\_platform_specific\win_x64\widevinecdm.dll	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\sw\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-mobile-hub\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\wallet-webui-101.079f5d74a18127cd9d6a.chunk.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\ka\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\en_US\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_479407042\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\Notification\notification.bundle.js.LICENSE.txt	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\ko\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\nl\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\bg\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\de\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\lt\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-ec\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-hub\hu\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\fa\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1384587911\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-mobile-hub\zh-Hant\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-shared-components\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1511327956\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_559985179\edge_checkout_page_validator.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\bnpl\bnpl.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification-shared\es\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-shared-components\th\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_559985179\shoppingfre.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-ec\th\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-mobile-hub\nl\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification\ar\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification\id\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\wallet\wallet-stable.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\hr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_2071636557\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\buynow_driver.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-ec\ar\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\Wallet-Checkout\load-ec-deps.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1512283387\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_559985179\manifest.fingerprint	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-hub\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification-shared\ja\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification-shared\pt-PT\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification-shared\ru\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\wallet\wallet-checkout\checkoutdata.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\Wallet-BuyNow\wallet-buynow.html	msedge.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\tr\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\sv\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\ms\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1511327956\_metadata\verified_contents.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-ec\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-mobile-hub\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-shared-components\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification\en-GB\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification\it\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification-shared\de\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-notification-shared\zh-Hans\strings.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\mn\messages.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\crypto.bundle.js	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-ec\ja\strings.json	msedge.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\spsetup133.exe:Zone.Identifier	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	spsetup133.exe

Checks SCSI registry key(s) 3 TTPs 11 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	chrome.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	Speccy64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	Speccy64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	Speccy64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\DeviceDesc	Speccy64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Speccy64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	Speccy64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\DeviceDesc	Speccy64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	chrome.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	chrome.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Speccy64.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Speccy64.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Interacts with shadow copies 3 TTPs 1 IoCs

Shadow copies are often targeted by ransomware to inhibit system recovery.

ransomware

File Deletion

T1070.004

Inhibit System Recovery

T1490

Direct Volume Access

T1006

pid	Process
5220	vssadmin.exe

Kills process with taskkill 2 IoCs

defense_evasion

pid	Process
3236	taskkill.exe
4796	taskkill.exe

Modifies data under HKEY_USERS 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133876571091500190"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe

Modifies registry class 22 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\History\CachePrefix = "Visited:"	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	BackgroundTransferHost.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\MuiCache	BackgroundTransferHost.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.speccy	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell	spsetup133.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoftwindows.client.cbs_cw5n1h2txyewy\Internet Settings\Cache\Content\CachePrefix	BackgroundTransferHost.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.speccy\ = "Speccy.SPECCY"	spsetup133.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell\ = "open"	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell\open	spsetup133.exe
Key created	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-167299615-4170584903-1843289874-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\ = "Speccy Snapshot"	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\DefaultIcon	spsetup133.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\DefaultIcon\ = "C:\\Program Files\\Speccy\\Speccy64.exe,0"	spsetup133.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell\open\command	spsetup133.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\Speccy.SPECCY\shell\open\command\ = "\"C:\\Program Files\\Speccy\\Speccy64.exe\" \"%1\""	spsetup133.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-167299615-4170584903-1843289874-1000\{9E945304-813A-48E3-9E7A-87B073C06B53}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\spsetup133.exe:Zone.Identifier	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1052	powershell.exe
1052	powershell.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
944	chrome.exe
944	chrome.exe
4924	chrome.exe
4924	chrome.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
672	Process not Found
672	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
5856	msedge.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
6732	chrome.exe
6732	chrome.exe
6732	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2452	scarey.exe
Token: SeBackupPrivilege	5596	vssvc.exe
Token: SeRestorePrivilege	5596	vssvc.exe
Token: SeAuditPrivilege	5596	vssvc.exe
Token: SeDebugPrivilege	1052	powershell.exe
Token: SeDebugPrivilege	4796	taskkill.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
5132	WindowsTerminal.exe
5132	WindowsTerminal.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
5132	WindowsTerminal.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
4924	chrome.exe
5408	Speccy64.exe
5408	Speccy64.exe
5408	Speccy64.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe
576	chrome.exe

Suspicious use of SetWindowsHookEx 11 IoCs

pid	Process
5132	WindowsTerminal.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
4824	spsetup133.exe
5408	Speccy64.exe
5408	Speccy64.exe
3120	java.exe
6184	java.exe
5188	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4552 wrote to memory of 2452	4552	scarey.exe	78
PID 4552 wrote to memory of 2452	4552	scarey.exe	78
PID 2452 wrote to memory of 5220	2452	scarey.exe	80
PID 2452 wrote to memory of 5220	2452	scarey.exe	80
PID 5132 wrote to memory of 2728	5132	WindowsTerminal.exe	96
PID 5132 wrote to memory of 2728	5132	WindowsTerminal.exe	96
PID 5132 wrote to memory of 556	5132	WindowsTerminal.exe	100
PID 5132 wrote to memory of 556	5132	WindowsTerminal.exe	100
PID 5132 wrote to memory of 556	5132	WindowsTerminal.exe	100
PID 5132 wrote to memory of 1052	5132	WindowsTerminal.exe	101
PID 5132 wrote to memory of 1052	5132	WindowsTerminal.exe	101
PID 1052 wrote to memory of 6132	1052	powershell.exe	102
PID 1052 wrote to memory of 6132	1052	powershell.exe	102
PID 6132 wrote to memory of 224	6132	cmd.exe	103
PID 6132 wrote to memory of 224	6132	cmd.exe	103
PID 6132 wrote to memory of 3236	6132	cmd.exe	104
PID 6132 wrote to memory of 3236	6132	cmd.exe	104
PID 6132 wrote to memory of 4796	6132	cmd.exe	105
PID 6132 wrote to memory of 4796	6132	cmd.exe	105
PID 1456 wrote to memory of 5160	1456	chrome.exe	124
PID 1456 wrote to memory of 5160	1456	chrome.exe	124
PID 1456 wrote to memory of 656	1456	chrome.exe	125
PID 1456 wrote to memory of 656	1456	chrome.exe	125
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 556	1456	chrome.exe	128
PID 1456 wrote to memory of 3120	1456	chrome.exe	126
PID 1456 wrote to memory of 3120	1456	chrome.exe	126
PID 1456 wrote to memory of 3120	1456	chrome.exe	126
PID 1456 wrote to memory of 3120	1456	chrome.exe	126
PID 1456 wrote to memory of 3120	1456	chrome.exe	126
PID 1456 wrote to memory of 3120	1456	chrome.exe	126
PID 1456 wrote to memory of 3120	1456	chrome.exe	126
PID 1456 wrote to memory of 3120	1456	chrome.exe	126

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\scarey.exe
"C:\Users\Admin\AppData\Local\Temp\scarey.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4552
- C:\Users\Admin\AppData\Local\Temp\scarey.exe
  "C:\Users\Admin\AppData\Local\Temp\scarey.exe"
  2⤵
  - Loads dropped DLL
  - Sets desktop wallpaper using registry
  - Drops file in Program Files directory
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2452
- - C:\Windows\SYSTEM32\vssadmin.exe
    vssadmin.exe delete shadows /all /quiet
    3⤵
    - Interacts with shadow copies
    PID:5220

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5596

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2224

C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe
"C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\WindowsTerminal.exe"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5132
- C:\Windows\system32\wsl.exe
  C:\Windows\system32\wsl.exe --list
  2⤵
  PID:2728
- C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe
  "C:\Program Files\WindowsApps\Microsoft.WindowsTerminal_1.6.10571.0_x64__8wekyb3d8bbwe\OpenConsole.exe" --headless --win32input --resizeQuirk --width 120 --height 27 --signal 0xa38 --server 0xa2c
  2⤵
  PID:556
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:1052
- - C:\Windows\system32\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:6132
  - - C:\Windows\system32\Taskmgr.exe
      taskmgr
      4⤵
      PID:224
  - - C:\Windows\system32\taskkill.exe
      taskkill scarey.exe
      4⤵
      Kills process with taskkill
      PID:3236
  - - C:\Windows\system32\taskkill.exe
      taskkill /f /im scarey.exe
      4⤵
      Kills process with taskkill
      Suspicious use of AdjustPrivilegeToken
      PID:4796

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5032

C:\Windows\system32\BackgroundTransferHost.exe
"BackgroundTransferHost.exe" -ServerName:BackgroundTransferHost.13
1⤵
- Modifies registry class
PID:248

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:6064

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:5500

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:2640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff991b8dcf8,0x7ff991b8dd04,0x7ff991b8dd10
  2⤵
  PID:5160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1440,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2064 /prefetch:11
  2⤵
  PID:656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2024,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2032 /prefetch:2
  2⤵
  PID:3120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2236,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=2244 /prefetch:13
  2⤵
  PID:556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3220,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3248,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3280 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4184,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3792 /prefetch:9
  2⤵
  PID:5680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4536,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4620 /prefetch:1
  2⤵
  PID:3128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5252,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5244 /prefetch:14
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5456,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5472 /prefetch:14
  2⤵
  PID:1732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5288,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5468 /prefetch:14
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5496,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5560 /prefetch:14
  2⤵
  PID:5408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5652,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5312 /prefetch:14
  2⤵
  PID:920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5292,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5756 /prefetch:14
  2⤵
  PID:2320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5836,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=3492,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3484 /prefetch:1
  2⤵
  PID:2340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3376,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3364 /prefetch:12
  2⤵
  PID:5400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5816,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3800 /prefetch:1
  2⤵
  PID:1504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=5248,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5484 /prefetch:1
  2⤵
  PID:5904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=3472,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5512,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3812 /prefetch:1
  2⤵
  PID:2736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=6216,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --field-trial-handle=6212,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5284,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=5676 /prefetch:14
  2⤵
  PID:3412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=3636,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3544 /prefetch:14
  2⤵
  PID:5504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6516,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=3232 /prefetch:14
  2⤵
  PID:5260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=5328,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=6308 /prefetch:9
  2⤵
  PID:4920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5268,i,17145796011811713347,657076541252293645,262144 --variations-seed-version=20250312-184628.452000 --mojo-platform-channel-handle=4644 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:944

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6020

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:5220

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E0 0x00000000000004E8
1⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x100,0x104,0x108,0xfc,0x10c,0x7ff991b8dcf8,0x7ff991b8dd04,0x7ff991b8dd10
  2⤵
  PID:1336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1796,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=1972 /prefetch:11
  2⤵
  - Downloads MZ/PE file
  PID:1744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1944,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=1940 /prefetch:2
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2340,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2356 /prefetch:13
  2⤵
  PID:1264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3200,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3232 /prefetch:1
  2⤵
  PID:704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3236,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5056,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5060 /prefetch:14
  2⤵
  PID:3788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5276,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5100 /prefetch:14
  2⤵
  PID:3516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5216,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=3232,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3584 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3572,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=3528,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3220 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5708,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:5676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6232,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=6224 /prefetch:14
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  PID:4268
- C:\Users\Admin\Downloads\spsetup133.exe
  "C:\Users\Admin\Downloads\spsetup133.exe"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.ccleaner.com/go/app_releasenotes?p=4&v=1.33.75&l=1033&b=1&a=0
    3⤵
    PID:308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-skip-compat-layer-relaunch --single-argument http://www.ccleaner.com/go/app_releasenotes?p=4&v=1.33.75&l=1033&b=1&a=0
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x280,0x7ff96c6df208,0x7ff96c6df214,0x7ff96c6df220
        5⤵
        
        PID:4788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1860,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=2288 /prefetch:11
        5⤵
        
        PID:1084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2020,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=1992 /prefetch:2
        5⤵
        
        PID:4548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=1896,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=2680 /prefetch:13
        5⤵
        
        PID:5860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3372,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=3412 /prefetch:1
        5⤵
        
        PID:3448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3380,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=3416 /prefetch:1
        5⤵
        
        PID:5364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --always-read-main-dll --field-trial-handle=4824,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:1
        5⤵
        
        PID:4504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --always-read-main-dll --field-trial-handle=4080,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=3700 /prefetch:1
        5⤵
        
        PID:1824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_xpay_wallet.mojom.EdgeXPayWalletService --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4680,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=4740 /prefetch:14
        5⤵
        
        PID:4196
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --pdf-upsell-enabled --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --always-read-main-dll --field-trial-handle=4688,i,8018807182106920015,10799992717646976445,262144 --variations-seed-version --mojo-platform-channel-handle=5312 /prefetch:1
        5⤵
        
        PID:1220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        
        PID:6252
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x240,0x244,0x248,0x23c,0x2b0,0x7ff96c6df208,0x7ff96c6df214,0x7ff96c6df220
        6⤵
        
        PID:5392
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --always-read-main-dll --field-trial-handle=1820,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=2120 /prefetch:11
        6⤵
        
        PID:6336
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=2092,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=2088 /prefetch:2
        6⤵
        
        PID:6088
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --always-read-main-dll --field-trial-handle=2464,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=2676 /prefetch:13
        6⤵
        
        PID:6584
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4188,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4196 /prefetch:14
        6⤵
        
        PID:6712
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4200,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:14
        6⤵
        
        PID:4444
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4200,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:14
        6⤵
        
        PID:4288
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4516,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4600 /prefetch:14
        6⤵
        
        PID:7112
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4740,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4752 /prefetch:14
        6⤵
        
        PID:6620
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=568,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4824 /prefetch:14
        6⤵
        
        PID:5328
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4332,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4848 /prefetch:14
        6⤵
        
        PID:5872
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4768,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4892 /prefetch:14
        6⤵
        
        PID:4884
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4132,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:14
        6⤵
        
        PID:4024
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5020,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:14
        6⤵
        
        PID:4252
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4932,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=764 /prefetch:14
        6⤵
        
        PID:1716
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4208,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=5112 /prefetch:14
        6⤵
        
        PID:3700
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --always-read-main-dll --field-trial-handle=4724,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4988 /prefetch:10
        6⤵
        
        PID:2972
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=1028,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=3936 /prefetch:14
        6⤵
        
        PID:7084
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=2448,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4980 /prefetch:14
        6⤵
        
        PID:5112
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3884,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=5136 /prefetch:14
        6⤵
        
        PID:860
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4912,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=3928 /prefetch:14
        6⤵
        
        PID:4136
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5124,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:14
        6⤵
        
        PID:3500
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=4476,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=3956 /prefetch:14
        6⤵
        
        PID:6848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5048,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4136 /prefetch:14
        6⤵
        
        PID:3808
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=5060,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=5252 /prefetch:14
        6⤵
        
        PID:4540
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --video-capture-use-gpu-memory-buffer --string-annotations --always-read-main-dll --field-trial-handle=3688,i,7076600690444502105,5391416999922011755,262144 --variations-seed-version --mojo-platform-channel-handle=4868 /prefetch:14
        6⤵
        
        PID:6164
- - C:\Program Files\Speccy\Speccy64.exe
    "C:\Program Files\Speccy\Speccy64.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Checks whether UAC is enabled
    - Enumerates connected drives
    - Remote Services: SMB/Windows Admin Shares
    - Writes to the Master Boot Record (MBR)
    - Drops file in System32 directory
    - Checks SCSI registry key(s)
    - Checks processor information in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5408
  - - C:\Program Files\Java\jre-1.8\bin\java.exe
      "C:\Program Files\Java\jre-1.8\bin\java" -version
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3120
  - - C:\Program Files\Java\jdk-1.8\bin\java.exe
      "C:\Program Files\Java\jdk-1.8\bin\java" -version
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:6184
  - - C:\Windows\system32\secedit.exe
      /export /cfg "C:\Users\Admin\AppData\Local\Temp\spc_se.txt" /quiet /areas SECURITYPOLICY
      4⤵
      PID:6340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6228,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5836 /prefetch:14
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=6984,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=6876 /prefetch:14
  2⤵
  PID:3148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=7004,i,2634432943770068337,8909993920502472902,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=7084 /prefetch:14
  2⤵
  PID:304

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4392

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:3604

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
1⤵
PID:6248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window --win-session-start
  2⤵
  PID:6200

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:2268

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:5920

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5188

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff991b8dcf8,0x7ff991b8dd04,0x7ff991b8dd10
  2⤵
  PID:6504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=1792,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2052 /prefetch:11
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=2020,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2016 /prefetch:2
  2⤵
  PID:6748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2336,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2344 /prefetch:13
  2⤵
  PID:6764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3400 /prefetch:1
  2⤵
  PID:2032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=2340,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5044,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5104 /prefetch:14
  2⤵
  PID:3520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5292,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5304 /prefetch:14
  2⤵
  PID:6084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5160,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5328 /prefetch:14
  2⤵
  PID:2316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5600,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:7140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5576,i,7831832463145969135,5367971789154884986,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:6232

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:5676

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:4540

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
PID:3416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:6732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff991b8dcf8,0x7ff991b8dd04,0x7ff991b8dd10
  2⤵
  PID:6876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1840,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=1836 /prefetch:2
  2⤵
  PID:4832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2140,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2184 /prefetch:11
  2⤵
  PID:4052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2280,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=2352 /prefetch:13
  2⤵
  PID:6304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3212,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=3444 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4460,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4504 /prefetch:1
  2⤵
  PID:7052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4632,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5124 /prefetch:14
  2⤵
  PID:3008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5180,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5348 /prefetch:14
  2⤵
  PID:1712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5432,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=4616 /prefetch:14
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5452,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5408 /prefetch:14
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5212,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5352 /prefetch:14
  2⤵
  PID:5696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=4732,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5304 /prefetch:10
  2⤵
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5252,i,8095748306394259682,12263247077658978117,262144 --variations-seed-version=20250328-050115.638000 --mojo-platform-channel-handle=5288 /prefetch:14
  2⤵
  PID:5060

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:1620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:6912

C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe
"C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_18.2104.12721.0_x64__8wekyb3d8bbwe\LocalBridge.exe" /InvokerPRAID: Microsoft.MicrosoftOfficeHub notifications
1⤵
PID:7004

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Windows Management Instrumentation

T1047

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Direct Volume Access

T1006

Indicator Removal

T1070

File Deletion

T1070.004

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Windows Credential Manager

T1555.004

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Remote Services

T1021

SMB/Windows Admin Shares

T1021.002

Collection

Data from Local System

T1005

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Inhibit System Recovery

T1490

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Speccy\Speccy64.exe

Filesize
19.9MB

MD5
2ca180dc33ac40d68290c310bc07b2c2

SHA1
dc566cc0f653a27436ef32b1410e0d1109371d09

SHA256
af7352096175a8e5bd4f78d0f22b1c6391d2f8d4f888cb1df120b1bd27b643c3

SHA512
9248f4544698d7da2004595dcaafde4356f70366492e85b873012123b3c23784e5d0c4911d97564e8c04ea5cea72df1beb8f56674c0645a1a6c863bccff10bdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
c3673a4c9da7657f9648a6b1c1393afc

SHA1
657dba6bf73ac27fb71a147ef450c8adfe247e5f

SHA256
71e032027fe13620e1d4298778855983aabb9e23d23223650bccb1df4b5b33e0

SHA512
2c7a04f2d498b971e1936423df9eaab44cec4ff64335577ce4acd7207a5aa45985aa88d6e9e6702c254aa541c6f667326cb762486f385c1ced80b68271dd42b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ab854773ded6952991ea1a4d32b1e55b

SHA1
bf716624f0f1f1401da87af9be46297364f4a8e3

SHA256
7a599e8c0b8d273aaa2480be3498e2eb749f066ca6b52b9f9845e6acd61c8e3a

SHA512
7cb99360ec586277df86a5b848a1a59f21206e4da819feaec2e59b11aaa57a5f2b9bcb96e5a53e4deb88b6ec16215d53da8dcdb471e9c7035ceae46ea9f9d581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
120KB

MD5
cf70d2b97078c480e01629cb099073ed

SHA1
c9304b4c1c8eb3bff00237a9d9af1cbc9672ec81

SHA256
5a55456ab91dd1994f0bfb42571eaa5a2b6031ddc5829bf3bb96c2e94e8867eb

SHA512
b278fbebb14d87ddd8d2d40db072002843325f1e09b56fa8ae05faaaff28b8969c1e842c9bd7246b34a12f7419d055b22122a38e2c40af8b6d8139d07966dd38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
7c8d8c4155393543af79e0fa499efeab

SHA1
5614d0767211d4856b59f718902b5e44de002f16

SHA256
4cabdc97c66ae4f96a173fdd669162dad585a61a1724650dedde12ab63f20ad7

SHA512
d552cddfc6dadd0934faf8437b8756a1dc664e63ca7b4c6013ce5b5fb777ada69dc08bbe6235c3cf7fda0c22f4a51d098a8b56c4ac8ba04e446a1d3d75d84a91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8a1f10cc971bce6cd5127f0df5e66f08

SHA1
884e13ced862f2ea99399644ce2acaeb25fcdd91

SHA256
89a61eb5669eb60cd37832e1084b9e7f7ffc393da6624f5448474baceaf9b463

SHA512
6c6ccc7c5874c422d0720943c42ff7b60135ed564d7a771b7324d20abaefb9e73501ad56c50aff3ffe7fad89760090dbbeec609fc0b8e262b125544bf7336178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d7682b0969f97318bc9edac8ec451ad0

SHA1
a1576d209211d9b6ab315c35d1ea4820cf0af79d

SHA256
47c2ba808908acf0adbfddcf3d1292b4139de82b55120a682b4ede248472d25d

SHA512
affbdf7d3908297b020909c20638fb9538040f9cb2661359eabecb15b1de15909221ba0256dd9b0864e6472979628b68d0ad0588ac63ac5f6acd1661f40b878d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0

Filesize
44KB

MD5
a0e79870795f5a9d17c28e3a75c62fbd

SHA1
b4bac7dcbe43fd794d6b11b85e394b7dd7a600c9

SHA256
1c2ec0a8c868698d9d2a024cc1c03d80337e850e9d27d6bd6372786727605a63

SHA512
20804ad7df0748b9275ce007b34f601ebaf6aea5258f242d78c0239ec473796ef32550970f689ea85795cccf5c336c02bc27717101011653af4b3347c1096f30

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b14038f4c9930e1b268443e5449201a6

SHA1
4aa892f33bc091d7928772f7935ab2b4eb2aad67

SHA256
2c349895054bf2084356c25bcfa290dcdfd1d5484d7d903f8c4661abd4734638

SHA512
f8c25be402d3962a172d3e59e1d11a63fc752595577334eb14516b18f0859ad9d34c656950c1fc9920fb81de24cd319dc6b816cb74e7b204c8ea9bcb25558567

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Google Profile.ico

Filesize
192KB

MD5
505a174e740b3c0e7065c45a78b5cf42

SHA1
38911944f14a8b5717245c8e6bd1d48e58c7df12

SHA256
024ae694ba44ccd2e0914c5e8ee140e6cc7d25b3428d6380102ba09254b0857d

SHA512
7891e12c5ec14b16979f94da0c27ac4629bae45e31d9d1f58be300c4b2bbaee6c77585e534be531367f16826ecbaf8ec70fc13a02beaf36473c448248e4eb911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_eaglercraft.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_m.eaglercraft.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
f15874b8af96bc0c7657dbd513c00258

SHA1
418edc73a94d39989fa43fc6a68f060599203174

SHA256
fe34668aabcd8b1e7fdbe483fdf62e7ada295ecd013be7756c5a2699be4911c6

SHA512
22bb018fae208c45c187d501a152bfc1c9e0326a8eb856690f41223ac512527746f8e87603571dd8c0ec2caf983c6410acd9801ed284ed22ac8aaf2ce4500adf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
14KB

MD5
db1c48c776579d3f4f0f18f93da2fd5c

SHA1
4da7bf24aca28d816b2850de82496e42c47da2c3

SHA256
ebb86738ed810996494d733ddbbe74109d529a654218ba360ecbbfb664c224f7

SHA512
024ffd5400b3de1aa47211f75243ba0b1515d297a79f98299d26d1db0dbd9780dd9d83621ad5045cecc13b3c65b44767ccef85b92daec5f2ec50a658385a87a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
4017cca78e3db5da2ff0b21d595ca887

SHA1
51ccf852e2de4c4005a625a54b4b23f10c7ca28c

SHA256
fe8a4bd11777e913776c35a5046045207e4265b471e3f94876960ae757982c0e

SHA512
01dad658b3dbb732c4a7eea1996940d90ad6a2277e119a0e3d7ef4cf9abf30a3e206265e1a73efdd5806fb0e99de8164376257f390f44d3165518dc88b050ff4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
9ccc8aab5007d33428b652262254b139

SHA1
e322d950fe6027ef9ca2933b2376aaf9dad8fb34

SHA256
1874bf765aacd5d7d26c8ef0eb86b7dcbee81d87cdbd32be1e0035155eb085b9

SHA512
19c4b3989170c6e21e1ac92a32ff4644162f63daf5a3c0d533c471a8e42035b1d66ff6635df9dd34758ee8292ad3d952b4fc241a4fb2f242efa88732b574ed8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
fe2f4a3ca9492195cc07fd6715ac5ff6

SHA1
a15672d12a7e03ebe090ec35c7b3b7ebe3fab3ee

SHA256
d692ad95561d2f02df27b982fe653cd19e31547c66c54077317c68f015f7f3ce

SHA512
5c41bb263c0ffdb52ba2650c2f9402710aeb8a97b71ea734982f4ea81f4679b4449f257fe48ec883766c80b3fe7bdbc62bc2852584fba73c5f62abff0e240b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5adac376a96d922b36f687c2a26640cf

SHA1
06207ba545d03d15fe49788f927261c848c97ce3

SHA256
46595384cbefef65baaf6d226662093c0bc2e43918686d916bb2480ffb0bd4cb

SHA512
755a4fd6724bc7444bb0b8af44fa2129abe0832f8cfd919ed2a3850e920c6b6d5a199311b59592ba92d6a90f8f3b61e719feebba7652db8bed63c903588db912

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
e09d91fe73d9694eb2b0bf8774bc3962

SHA1
7fc53aaea9c7f4d39621179884f8d2853f871ea8

SHA256
2a4086f31a0ef8748285b22cc5f95186752f72fb6b380f1abb5ba980892dfa48

SHA512
5cc192d95ad45163ae86ae81705a44f7c630683a7db1a1329ec62db0c089e60fb5effa191243643e4fb96931d8550b17253d9a10f7774b846878bf41ea346b8e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3fe9c775d5a4a476666cc6a61fb63d52

SHA1
99aca3e1b3ed85738551d1f3f604b291e4e56aed

SHA256
b44f10d7807f3cb5185eef8309672cf7c35a30b30683feccf23abe99abe5ee2e

SHA512
3ececc624ee78b6a15e0253f78f4f7a3b6ab1415fe70b03908469385eaf03943dce46e9e44381267c9ba2e04f4a2f3e330370d5c03fbab179a962293a9b6db3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
36b78fb9fdb15870f073ff62404dc0ce

SHA1
67c84ff308b45a1630bee85650ff5800a643010c

SHA256
7c90993d63599d1c9b024f3b434ca723efd3231f434d8280a4e5ceae778cd7aa

SHA512
17a62d830de84c0894637faffa17d3dda89d2aafb6cf3ada4481b4d82907e2823dfb04f87d1e6e5e69241087679ca924bf917a7592bb081d636aa9b84c9c2809

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
4050e6f35bc94b7bfdb29230a6ccb27e

SHA1
2c570c519b53fb173dbd4821f688344773513506

SHA256
f27293a21be4984e7985c76196cb8b98208387711aeff150cfc709055763e417

SHA512
e1892019477fd2d9b168e1b5bf7dd8f72268cced219849ef63631502b064562b7b04a795935722b478055c74940b54969870a7affa3be9357937145631cf1671

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
0b917a52cb2f8e5bddd7d39f354b1360

SHA1
8be2fad70f8432b0ba0bc94dbb5ec614f52a58bc

SHA256
5d1d7aee0e63affe106a8386a6786486d28c79252e86940fed44e27c0155ffa1

SHA512
6834a4c3d24fca1ea112694bf54aa0f3977a2e649783fc37c6292b372fbf4e0e90a889bd688374407a648977f88308c6b188e1d8649be9488ce72ee4ae7da621

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
c712b750007fc9d3928cc218fa04a451

SHA1
aac4d94adb67a5aef369b008ec3c2ed1c0784ee5

SHA256
b99fcfcf81f6e9f53b25cdef5f868f17df91887f1a013e7b48fe40b1eda2c26b

SHA512
fbfc7368242d77beba40a71eb0f99ba80baccfc2f0b7cc92b9eb3de738cde07e5c716772ee7254d301fb1848fc5fbff4e1885d16a5a4d4f238395531802d66d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
1ad87bc196e516efd2a851648d2693ef

SHA1
f88e81011b823ff9183755dd5efb81d73ef5dba3

SHA256
b914e33eb582531cac07eac0d1dde05b83fbd073b56571f528e0e6034f9f5ce5

SHA512
1ab5308b9203e4e90fad2946c3fbebbcae0602b9602a0aaa52d5f49188c932e126b7372f5ece3c238909907285585271c76e510e0b3069b01b29e520d972258d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
e973c58f540f974919c95a165f7bd5fc

SHA1
0e8ef8000e1cce075bf3ea0c83a965425dc98457

SHA256
807a714ea0c38388903db1fc8698d5527514963f050be9841ba8aa22e692a180

SHA512
66a7f4032cbe5efe0def75873dcac46416047c36d2e170884a7230e1ccb921c0775d88bd8f70b4d143379c89313c6805101269b6d0423fa4e5c615ee2be94dc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
0b3e3f631d73cc9542c3fe58112d2798

SHA1
46b81b74f2eef809a0477829aca34f4e628c59d5

SHA256
3a760371c9ba2a3460e224f1c8054e80ad02daf8146d42c8cf26a4ae9159556a

SHA512
bd004c743b462570344f1cc42583a94c04583f6bf188afaa35a526586c953e7dc22de5f84af9a32c2ba53449bce6809ad34ec33ea101078ec33d5313a2d81c19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
14KB

MD5
f97e095de215e13371a2299e1384ff16

SHA1
274b5a23bf4fd6b329ec46f066a8580cac417e91

SHA256
670a55af042db8359f59f6258257c7bacffa1c9395271ebf9c8140c2e3c31d80

SHA512
0c0a3a51320909cba0d6e6d21379ca0c7b34f188d516c7f8b5fd600a7f73058dd388b561c2405d7ab7f06ccc2ecb902bf2cb4cc7424f11595de602de5348fa2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
90673d080e04344df6070987374004d8

SHA1
bedef6c09ae3acbdf8dc0c5aa8899178a258b37d

SHA256
4d580095a1399a6d22528005e6833d96d622fdea756972578209949389f15a55

SHA512
7402cda7738d86f209bee23eb226c704e8a08e1a8ed3ee978c5130e8e10dc47934de19c3d9ebd31a94db56aea73b09fe5de5e192783d1df6329da27cd2a7bf4a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
05f6930701b9d5d98a6808f77f108a8f

SHA1
a8bc5dd444781f1dfbe0227f7f36e585697ef7f6

SHA256
2816a578b9dd9448f9d53fc1fda2e1264af88889652d5e4d5aff17ad09e3afdb

SHA512
cd58d2d43969597a735cf08c49dd56b38c610c8f53c3ef8d1cab2912ffce48b18f4e7ddfca6992235839c3f4218e05068757b15cfcf41c7c65348187f69709ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
533fcc160e94fe5554738290e2f141c0

SHA1
3096f7ddd289840289d9e43309e6e54835829b04

SHA256
364425dc71fcb99acfd844c2826a9b559d2ea94b954fbe78ac834464410dac79

SHA512
1eedf1831ab5414dfb6320b24587c6d96d1a918cfec5d1c6e07a0690b0cb230caea897f581039a92b3b8bf4e112a5704f5d361c38be9d009c1478ad51b879398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
18KB

MD5
ad97ca7b7483012f0e73564f58ea0173

SHA1
087ca3e696e5571e0878d4a18dfe93ad7f46f576

SHA256
c6c303b87c580c1689f60e50680165fcd4e3f841f2334788f50a258c3de982e0

SHA512
a92e3797b978346104d4265b3243d69191acfda43093947f33dece44792f9f2d3f9486c63a6e3e2700994b2065def9d7affdcaf5ed0581b37ac65fd2734e1fb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
8d23fa29d460b3e504f18d0ea209c33f

SHA1
296e50c536ef46c7c29e75e6789a21f63e86c304

SHA256
a6ffc54b6af03839293bdf575bfdfccd5e6587a7f368cb4797b038590f0874cb

SHA512
1a8c3e1b823c18216422f4732a61cb0a033e6c146a03f13c9caa28383b463b16d2dbdb4c9e6a0d163433c9c57e625f56fd5f23ccf52e1e8c6a1200e0e94cf172

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
97c9cfaf2fa98e34d3a43d83bd321fc3

SHA1
1506f36d4549d973abee68e037d3631a9b539109

SHA256
e446b29545439a51e838cd7ac9053be22313a9256429a92587ab826111bde0af

SHA512
145130f23c3479694594cbbc3122cc13e2f2a74cd2a391ad5b78792468ddfa21d48870d02e309895b98af2f7f29964326a931bc3324cc54789353f8064396696

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3393e636f50191c32057b336f3946fdc

SHA1
f282db6c382df780a735678f15ba802a9433da42

SHA256
4720c7fc0ab21bb7e949021bbb91106f1c1ed446c04c1852412bc0ddc8b946cb

SHA512
5b7883d3385e96bd57b652c6d4f671f17ce6d3f6c2f954d15799f7ee27fa8fed5c177c9443ad0166632755ee85ef744c4d2f6efb4773202c862e616d8eaaec67

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
e1f7ba83ca09be676bfe9dea79e719d8

SHA1
beffb8d13525e17cf40c32a21970fbfa3d7b8a6c

SHA256
c5872636d90ff51b691605bff57822b6bde5e078cb6a2f1b05a454f370ff0dbc

SHA512
a66a67ddce197e993a43cbaf751822b27abad137c7d38d514171cf7329ace713c9ae139c2cab246430ff165e0e038fe9e4bb55036d464a5dd21314499bfd01fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ae12a.TMP

Filesize
48B

MD5
46d568215e46e33da702aaa7822d5e6c

SHA1
614584282ea5a2c863012fb49b43ca0430fc8554

SHA256
95822dffd28590e6e2d6c1e593880565ba49f8c15ac93b3a6c414f531cf8969f

SHA512
5d711e1e4636ccfcd31644530b7f4ea469e6b9e41a25ec9ad721e94f21a8d8400a63d0f155f51e8d93c88439c6cdd706c0f3d7a4abb6262f65ced96f90abf1a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\a4819111-a463-4e03-8b62-9d67bc1bc1c6.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GraphiteDawnCache\data_1

Filesize
264KB

MD5
9012e97cd3df3f7a003444ee9a79bb0e

SHA1
a10b69f5069998165e407dab2bf191457fc00c5d

SHA256
bae7cd76b86414a2a957e69ed2483438d471cd5cea35db286c89499a93ad9fcc

SHA512
8fd03e130ce61f667732009904aee202209bfde1808ed47482d19e43599ac94d1f15c044561d874bfc35f0d96f76af1822e17818b2cb4f8e2e06a890f0d1f06a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
c5818babdf95b7bc8d4d0c4ae17f362d

SHA1
632757d9d411df227ec7cf3fbad6ba20f231bb5b

SHA256
6fbe94a17ae6354cacc0985a028f11389adc3542fe143c6ceb0ce697184ebee4

SHA512
917ecec739a961f956f8d4cef1926e6258af8986b53c9e7c8ed48e08c9535b598f3329a81422761b8c6fbf3ba18b15f4fd70ba732947eab8438a844b6da10e5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
a5b3917646eb161f50eb99efb7908f66

SHA1
5ad7020a6ec2501b9601feb7069e1113a42669b2

SHA256
0ac09efdc3cf52f84418e20f4716ad638b376e830e60481f8d14cc7240790473

SHA512
4e2aa52d992a34bbf1790c1f240afb51a9b64b1565809af2751ffacb6cf8a02a8fabe8885baaa48aaa4bb7d407826d30ffd6d03420ad0cecb2cabb0f88bd7fa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
0af442cc4d4a2ff270bf3287200156f7

SHA1
b0460d7ef39f5191fe73ff1ded1b169e3d879bab

SHA256
68f8285e19ff65bb788221f1b6f1535dd7b379c027b1a12d2478023472198034

SHA512
28f46cd65f84e145d0db462150fc8014a85761dcbf66bbd61b1870dd83e718fcb3c4e65c67b6c9588e5c5b6d0de793bab9885a4799e5657f599d694ada9b77a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
fff1b526ef16bf0f1998f12578e6913c

SHA1
08e8f48da4c7147238158a5363d4023ee4af7109

SHA256
8591eef5b39e9c24bf403514752e5f5bfd291f31573ae260a65481328616cfde

SHA512
584df60b87958a3d825ab2d6fc5b98114899ff03c8c6c836c219037abbfb0b10ed54b50aa215797e8a76b6f9d97b6753fe8a4a3adf4ba663fce47bc7ec3b6aae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
00f542eec2852d5352c0ed5829da28cd

SHA1
17d417cb0121fbc648de9606c06c3e2276a975d9

SHA256
cb2d8ace7f35ab60dedb70f8ac1f28cd4190a538ec5ebf27b88904eb75476183

SHA512
664d39a6d764eb0032805936dc16496bf57559dfe983bd5a11e3a16038726dbbabe654e66f89cab420537486a30d028a70e81c2322bc0e0dbc424218a685065b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
c0fabbe2bb4d4b340c1306222e36534a

SHA1
36b539a90433d1727cf04379aa6aa3b55481e5b9

SHA256
24d4e111981acc5c9bd5f7702215b4a62042ab5e9e98a8c44165d8c3faddce71

SHA512
fb3fa375dbfcdf5517362182e47072cb9781ae3d4faa6948e53d2807346eada5c7011a3e53762113f1ff3b592df7a510c780d22078ec1987454bcde0381ff5fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
82KB

MD5
85143db206001ae24f3eecdde9a4c990

SHA1
8fe776375acd10fce806e24aec40c1a073ec7e4d

SHA256
7b37293d241878c0c59b76997f45cb7bda3cf00bb2952210d8de3bbdfaed6ff7

SHA512
13a5de15b8d67cb354a66e56babb60dcc83bb4e030d3c77e2124850786ed3ac84a4939a4f53ccbc344ec4be93ba359cb0727a68cf1bee31e02d229de41828b57

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
154KB

MD5
3590566ec74e6535f5f34d56e3667918

SHA1
06aa325a80e1068d2e1c3431a0c1cce4c611e128

SHA256
cace1d461697c059c0be767606b2314aa5594bf4287d6795060c7e092c3330a3

SHA512
92a944984583cc1b02069d780f02993c761b45dca6970e376c0e1fc242af3f6bf90b26eb1d5980917dd444605cfce0b5a85daa84116d43dfd38cd2db737c7c51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
155KB

MD5
3ff6a79bb3fce532f2e3e40177ffc337

SHA1
a70e08833d50ad7c9bdfc68c3cf40d33444103cc

SHA256
4b03c84a4e88ffcff971b7f8da7cc27812f02e1c23403ecbb13975ef87f760f0

SHA512
c207afc8e3c9ae7024ed736a327be2021c777f3d1ddb128c2714773131e4f1cb98b44c9ba557ab66259b3ab2d12bddb262b63455a41dad24ed19649c7c449c55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
79KB

MD5
49c6071103b87b305d30529fb18f2dd2

SHA1
89c3d550f4ec48d6d2901df556bf8840df527fec

SHA256
dba71e7009360f0ebc26ce31edaac13b8749fd1bdce0fea0b63395b42862aadb

SHA512
634d347dbb234b078a76631d615fa5427a816ea671a4ae347240a53c26ba0a8115513ecd23be7803b7a093e426a311d6d301473d974642003f933f0ce06612ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
156KB

MD5
85ce222d2f0dd7ea7cc9f033fac0f4e6

SHA1
b2aaa41d4c2aa824abaff12ac2936852f79fb2c6

SHA256
05eb190e745ab184acfafa26f942144d39671eb4fbb9913df3155bc08af7cca4

SHA512
6449ceec059fdc17a88c2db209f81469cf76948f88d31e86a2c6775f75738d5ec78794a86f5a2e3f921b535921f77c2a762d62c395d5e3f568eb87dba1518d32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0

Filesize
44KB

MD5
654c94e64af24aa24c807a533bae2b9c

SHA1
2d9bd2d8073d8678e0ec5b076a7f0517d0bedb4a

SHA256
4eaddb776ea6cb8ebdb272bf6e9849f4357c011a00f762eb781f1c6f1f527125

SHA512
d3ccc51dbf2560f1765d1e07e927b380baf1a6c25f7c6e384b6f3d2998fdc5ff5070ec34803cfb54d5f21be6c8971609ec789450a35b19935694dcb10e45379d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
5f99283c0935fd3a56a6f2660e9ef4d1

SHA1
1ceeb95a6931dbdfee909d4b5a44365c7bdfd97d

SHA256
8cbe4e222eb806bd7daf94a7e41533483427cde263f6e9100676848a41e617b2

SHA512
ae7de30b4564782ed8dfa6510aff9ac9a44b197c3d0f4561c7b4a657e0eab2968b2c3cabe1711364f015c35607ec90dec4525856d768a2e54d053f891ae819f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
e5f3655796637b7d0f4a8ed402e119ea

SHA1
3baaf516676664d46727759914745776a166016a

SHA256
22d91a4321390a9445110f04d5600f49f03604a2d7ecadd10c663248295c88dd

SHA512
2125899d678c926c9f85ad81892f8ee91aa0a74e4c533bcb6e48675ebf0eccbe0db17998f3e3ab961cf3beb8fef7f950588398c5868327aa2d33f81bde797ebe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
ade795bbc5f49f44cc6b7b4bb91c6c2c

SHA1
fa99d7fc3425ce34c77c74a37e580fc4c90fbfef

SHA256
937ef0952bcae8f4edc4dd9200b9aa8f122f2bb4e926e19d12d41310af88a26b

SHA512
2a1e3b1ddfe8215fa818396e65b2426d3b2a6c269216780bb9de6c932cc5253f9968a02d10f60638c86a6e0835316f240b57d2b951aca9dc4d433e76d79527e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
a325c034ec7dc9c9ebd8fbf2992b62c2

SHA1
2af5b1bbc3270442f62c17116b148dae127d991b

SHA256
7cf888aad0fd23905831378677114c771b4c15c856ea4f1d20252150847f8982

SHA512
eb2a154dbf40a9d971c580c6c88ab76e895e3fa23fa3cc40a7d90c67c3ff1116949439622ba317d47896cbac1a813b936009db42e83fff794c902d4f434102d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
334B

MD5
c3ccea224d6024f4ca6af5eb7175867e

SHA1
8efca33e455ec5b3d4ea0f9670da7f543bd2fc13

SHA256
039edba892866909568fce370c75096bf915ca085beeeb74424d054403e9e9e6

SHA512
f32a9da89a980c990841ccfce2b5568a332871825ae6e4fef0dd24d920a05cda9cb45e38e89c2a4abee316b1b28faf3f214d619fa611fc95568299c7f1c84775

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00006f

Filesize
39KB

MD5
d6ba39e99913378e9af06d03586dd445

SHA1
564c30c3300ffc098ca859f041bfee192ee11fcb

SHA256
bfe474a95562f45a1eb720f6bd390c692f35a9290fec6a658aa957c6bcacfe2f

SHA512
bd9931fbd88b834a4238d848474667d4a698945c74bebe53ab99eefedd44e7b5bd1f6fd0f2dd297415466c47ea34652f7e8e4bf3ce39bc908e20792968e705c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
57354b6a4df2481ea511d5a5e3feb988

SHA1
1fc31a58eb52a581592b8ed2a0c41d9c8243e565

SHA256
2a6ef6a1b6f3a03e5fd63b880b3e5147420b6e32c213b118ed941e590a5f27da

SHA512
d5f596bc1bcca7773cdaf3c6336761240129522038bb4de8761b6d0485a8c74be427ccff1fbe74005a7414385a2b597257f7f11efd1d2f42ea59f2d956618a75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5d74a6.TMP

Filesize
3KB

MD5
b00f950e78d9e44a26896fcb81f27f02

SHA1
97a28b21414421827860cccbe1c04c5ce0d5ce61

SHA256
3561872d9bb22626757a08e91a21f86b5c4aaf2da0d1cf7201f8fec3b911aebd

SHA512
d06f581661a8b807f2607f309f0810faedfb7f06f29e127b228c90ac8adcf02291fd239436b50cab6f31c5d7affb4882a74d3a7b1318bf42569a4b7194396046

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.90.1_0\_locales\en_US\messages.json

Filesize
1KB

MD5
578215fbb8c12cb7e6cd73fbd16ec994

SHA1
9471d71fa6d82ce1863b74e24237ad4fd9477187

SHA256
102b586b197ea7d6edfeb874b97f95b05d229ea6a92780ea8544c4ff1e6bc5b1

SHA512
e698b1a6a6ed6963182f7d25ac12c6de06c45d14499ddc91e81bdb35474e7ec9071cfebd869b7d129cb2cd127bc1442c75e408e21eb8e5e6906a607a3982b212

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
722120fb779fc7233edf2a62102fc435

SHA1
82a4231899d81cd110df0c693a9092fe0211ec27

SHA256
c2c720ae85f3c1b26a5fc8dec603f0b37faffbd404100757e195d48f1f6d4264

SHA512
896bf9b29678051b7c94ff7740274e7e6cde3fac6244d4c95ce99dc15f7823a87297cfd5e97e53ecb616672f826f6f74b3dd309ec81924e92f50728404cc2959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b01c159bcd58720dc4c6b00909ae6814

SHA1
ade16140175d4b74eb4eb70861af444947a8f683

SHA256
5cd788fe923cf4121c9aaa62b556b6e37d3ad12cbcd5bbb23efb678b0479239d

SHA512
549d4a328b1f4ea94bb4fe073e79cc64103f5ac3431d39ad2abb32eaa2d71bd26659fea7a7f5cbe6856d4b23b9461d85be76961a1c52ea785620bbc15723018f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
413KB

MD5
cc8604fc791118516d563af21dd8cfe9

SHA1
43fad14edca8a26dcbabc97de524bb41017b669a

SHA256
ae1a14b036cf53c790a1d2a423890b8e996eb937bd9ce507f8ebe4c3a20e0e07

SHA512
06fa9c92f3c378bd4a6f4b5ad5a25a328ec5f693edb21f0378c0300d01e4556a0f7f754f14106764c764d7cc2979ee282c620259677db6df2482a27e5374f9fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
37KB

MD5
53940c3333a1b45272768df83b96b5e5

SHA1
dcea735eb25e22b0c1d6fd207f0dccba2f506e1e

SHA256
4c7bedf2c0bb636820f6c521e926193dd628baa2a56ea16327e3be96bf1d8864

SHA512
d896769804664d830ec378b2dd67979885f4f169321daeb2eaab5e6351b7b830946a3530e9eb23994a6f790c47d51f51c35eebfe954fe60a197e58f9f68a3583

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
1461978bde3e5bb2cfe19995c6d6fa9f

SHA1
fab5b047272612cbc74dad23bc4e78720920387f

SHA256
04d63f7b81fe923f78858b0a504051df5c54602f16a8a93b0a36b8d26519bb7f

SHA512
7ae9c8dc1dad4888543612e280a26cf272e9930f23c1c70a95e974ca32fbfd8ababcea3ceca4fb35b9fcc1bee87e6a86b43b0ec9a6608e9f71f739f9dfe1cbbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5d7487.TMP

Filesize
48B

MD5
fc71c36daf2453c4af55307d812e7f3c

SHA1
042f00c0bdb132e32a4712f5ca948ace8f9f8b66

SHA256
ca18852be5f3ce9de7bd7cce5fe86972d2c89d6f729428abd3c790e2d7fdda5c

SHA512
e0909b224fd07554572bb04eeee401106b1561d069cc08807a4cada6cdd4f6bb9243a609576327e333a7785b7a39d9211799ba26626193b0e721bd8c2cbcfdea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
8afe86ebdc372d9c823624a9d5349622

SHA1
8dbb46304d8c44312891d24520acc8cb21fcbe0c

SHA256
e01fac45f7da2c182811b5285ebf0ccb4b21b26a5fef21ba0803d6a3fc1d8b31

SHA512
8375ca045a54b2cc96a9e00ed5a2868bc1ca482ca7005769c9944f72f93003db16ac80d7a29aee26a3c12dc9a5e946312fb35850bcccff282f544d944279c6f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\EADPData Component\4.0.3.10\data.txt

Filesize
113KB

MD5
60beb7140ed66301648ef420cbaad02d

SHA1
7fac669b6758bb7b8e96e92a53569cf4360ab1aa

SHA256
95276c09f44b28100c0a21c161766eda784a983f019fc471290b1381e7ed9985

SHA512
6dfa4eca42aea86fba18bc4a3ab0eed87948ea1831e33d43426b3aca1816070ecb7fd024856ad571ca2734214a98cc55e413502b3deef2c4a101228a7377e9d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
469B

MD5
62948a1ceacd6b967243ae97e1351f49

SHA1
489f98a3b65d25bb18f0ff3c5276d23263ec680a

SHA256
e0f9915cc2288887aba7b72914c1b04dff44e3865c5a8d7d442c9528f6c1571f

SHA512
79d9ab178b4a1094f7512307618162ec1e465ed3937e3b64150a582259f9cd23cd073455d7966cc690d9952e50f9d7d69445302ae93f1ce7bd305814d0b56977

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
23KB

MD5
364de77e6814851b3e485342368bffaa

SHA1
01abf8867096671dd38d033c74529a4664dada05

SHA256
8e1e29439b9a43d705c71e68dd5f5c00c7fd162cf9f9b3f917388ac0a417f430

SHA512
deebd7036e861b6102f16e7f015fe0ad1933a9a4a9086e0591a5000e7a9db4834bfb0e1a5f9d390deac6df04abe662f3cc6e1616053bf70d976e99d1327a30c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\CloudConfigLog

Filesize
904B

MD5
8c705db9efddf277dbeddcb8aee74b25

SHA1
467fb5eb350fe024ccedfff7d6ee7ef7d428ff41

SHA256
5fa6404c098c199340982f5d869901c6bc6d0369cd2fe039cafe0b32a747fca0

SHA512
b246912b9f721d6ca3ada4d519db39449f0ceb54f0b0229e608a29cdaf83323ae69442d08fae3debe9bf76c3d09979f64c54bf192c09c6f3fa5c35fecb9e985d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Cloud Config\OperationConfig

Filesize
19KB

MD5
41c1930548d8b99ff1dbb64ba7fecb3d

SHA1
d8acfeaf7c74e2b289be37687f886f50c01d4f2f

SHA256
16cee17a989167242dd7ee2755721e357dd23bcfcb61f5789cc19deafe7ca502

SHA512
a684d61324c71ac15f3a907788ab2150f61e7e2b2bf13ca08c14e9822b22336d0d45d9ff2a2a145aa7321d28d6b71408f9515131f8a1bd9f4927b105e6471b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Shopping\2.1.31.0\edge_checkout_page_validator.js

Filesize
1.1MB

MD5
0e3ea2aa2bc4484c8aebb7e348d8e680

SHA1
55f802e1a00a6988236882ae02f455648ab54114

SHA256
25ffb085e470aa7214bf40777794de05bf2bb53254244a4c3a3025f40ce4cef7

SHA512
45b31d42be032766f5c275568723a170bb6bbf522f123a5fdc47e0c6f76933d2d3e14487668e772488847096c5e6a1f33920f1ee97bc586319a9005bacd65428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-checkout-eligible-sites.json

Filesize
23KB

MD5
16d41ebc643fd34addf3704a3be1acdd

SHA1
b7fadc8afa56fbf4026b8c176112632c63be58a0

SHA256
b962497993e2cd24039474bc84be430f8f6e6ab0f52010e90351dc3ff259336c

SHA512
8d58aa30613a2376ccc729278d166a9b3ec87eca95544b9dec1ee9300e7dd987326ea42d05dca3f1cc08186685f2fdaf53c24fd2b756c1ed9f2b46436689dc74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-notification-config.json

Filesize
804B

MD5
4cdefd9eb040c2755db20aa8ea5ee8f7

SHA1
f649fcd1c12c26fb90906c4c2ec0a9127af275f4

SHA256
bb26ce6fe9416918e9f92fcc4a6fe8a641eceea54985356637991cf6d768f9fd

SHA512
7e23b91eab88c472eec664f7254c5513fc5de78e2e0151b0bcc86c3cd0bf2cb5d8bb0345d27afdd9f8fcb10be96feaa753f09e301fa92b8d76f4300600577209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-stable.json

Filesize
81KB

MD5
2e7d07dadfdac9adcabe5600fe21e3be

SHA1
d4601f65c6aa995132f4fce7b3854add5e7996a7

SHA256
56090563e8867339f38c025eafb152ffe40b9cfa53f2560c6f8d455511a2346a

SHA512
5cd1c818253e75cc02fccec46aeb34aeff95ea202aa48d4de527f4558c00e69e4cfd74d5cacfcf1bcd705fe6ff5287a74612ee69b5cc75f9428acfbdb4010593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Edge Wallet\128.18346.18345.1\json\wallet\wallet-tokenization-config.json

Filesize
34KB

MD5
ae3bd0f89f8a8cdeb1ea6eea1636cbdd

SHA1
1801bc211e260ba8f8099727ea820ecf636c684a

SHA256
0088d5ebd8360ad66bd7bcc80b9754939775d4118cb7605fc1f514c707f0e20d

SHA512
69aff97091813d9d400bb332426c36e6b133a4b571b521e8fb6ad1a2b8124a3c5da8f3a9c52b8840152cf7adbd2ac653102aa2210632aa64b129cf7704d5b4fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
41KB

MD5
9240234c1f0339d526293aa11c9624bd

SHA1
e2f2d866cc5e0176fd6ac5226e36fb5c696ce5fb

SHA256
716f2e073fafd162de5e475b54290101a1378a3b50ff5f1558008d275ba3d945

SHA512
bbc9405e18e902c8530b8f4257ef406f7ad02431fcf7c5e970d7bf054176aa1f1ddbf95393e911869f0b517c2494fcfa4bc8b26cc648499d461ae1b19f0b4167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
47KB

MD5
4b6266a54a005b999d1b28cc94588e2a

SHA1
689b86eae41ec7250bb393532a3efb051fa4b0b0

SHA256
01fba6173c8af5fcbb9784caf2529df540f47959702984c400dc1fea1112a813

SHA512
b1cfcb4548191f2fc3dbc2b8dfedf009e6168de8d1c5ad290b7d1f2630ca78dd02c8435dfde8f1301ee87bd2db64a618db7245d8913b47216d313fa56e467f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
55KB

MD5
b0004aec51c268c889537956ffb4cecb

SHA1
e307919db2d756d2c892d86788ce270be3bf2c1e

SHA256
241288c4cd15c38c61de3f82d0f531ba8787c2512e1231c8ac887a8b8ab52fe0

SHA512
4a73f5d33ec400ce21d01393e94dedba94566844ff03ce183ba4490d3258682a281f5a3e7ce046560bc3a702206e53f454bb65746f36c44ee867a6b2d87afffd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
50KB

MD5
964e9dad73d426a3f698bf39b5927e5d

SHA1
4da81d4a58a75a3fe5c01cd8fc3a2e6f0dbc5aa1

SHA256
d807ad8d1be5c64c5c4f8b827985083afded4ac0d7efd682b75f5ac6a3203ff5

SHA512
d2ccc55c7553d93718abf641b0403f3bc6621c49749d09c690c27d28f0f265882dfa39769d41245010bbc64700a3524f43af6469907047b2607f31358938ce09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\TrustTokenKeyCommitments\2025.1.17.1\keys.json

Filesize
6KB

MD5
bef4f9f856321c6dccb47a61f605e823

SHA1
8e60af5b17ed70db0505d7e1647a8bc9f7612939

SHA256
fd1847df25032c4eef34e045ba0333f9bd3cb38c14344f1c01b48f61f0cfd5c5

SHA512
bdec3e243a6f39bfea4130c85b162ea00a4974c6057cd06a05348ac54517201bbf595fcc7c22a4ab2c16212c6009f58df7445c40c82722ab4fa1c8d49d39755c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Typosquatting\2025.3.28.1\typosquatting_list.pb

Filesize
628KB

MD5
bd5eeb9c4b00955e5a0f6a332d78cdef

SHA1
cf9e85ae41cf1ef2385a73ef36ebeb3c3378ea3a

SHA256
dbbea874b4b73aeb3ad17355c90f692767a947516481f158b7319f7c43f0e657

SHA512
2cfa521120dd1ab9c2cc90b74cd8d3f6f8991a086bd2dc1b9d225b08aeca8420f565e047f551ddf6d2149cfb02e4ce69b641e328a774dde7017ad374fd58eb96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\V01.log

Filesize
512KB

MD5
7ff525fc023a40cc45f613ed81c4ac2e

SHA1
9e19b54bdfebdf474802bd15c0167f99082c45c6

SHA256
fca6917eb2223edf885075da85e0e7c2546ca04517a1e04fc4648a18cfc29093

SHA512
9fddad605763013ac4ed73174f53b6e481d8b9a230c4601842776586dd1424825c6099e847e5f7a9275d4fd8065244ba65b934137c409d0ea7e27d560dc22f02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\WebCache\WebCacheV01.dat

Filesize
14.0MB

MD5
b9b867eff62032917781a3991f147e4a

SHA1
13a1dd25e8b1880144f4c99d08fdc4b4c3ba5007

SHA256
1ae78e4670bbf693a8b8135f82f8fc00ef72e17512a596b6069e197dfa5f528a

SHA512
16113a1e4a8b123f5866afdb26cd2838d1c2c9dd60c83f2df03e1f56f725846441cf4fa728c2d0f49ef56f7e4a0e7fef6a758c5b8cb9839a79d1a7cee252993f

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\AC\BackgroundTransferApi\876f2593-0a4c-4050-993d-b542586cfc9a.down_data

Filesize
555KB

MD5
5683c0028832cae4ef93ca39c8ac5029

SHA1
248755e4e1db552e0b6f8651b04ca6d1b31a86fb

SHA256
855abd360d8a8d6974eba92b70cbd09ce519bc8773439993f9ab37cb6847309e

SHA512
aba434bd29be191c823b02ea9b639beb10647bbe7759bbffdaa790dfb1ec2c58d74c525ef11aacda209e4effe322d1d3a07b115446c8914b07a3bce4d8a0e2c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\VCRUNTIME140.dll

Filesize
117KB

MD5
862f820c3251e4ca6fc0ac00e4092239

SHA1
ef96d84b253041b090c243594f90938e9a487a9a

SHA256
36585912e5eaf83ba9fea0631534f690ccdc2d7ba91537166fe53e56c221e153

SHA512
2f8a0f11bccc3a8cb99637deeda0158240df0885a230f38bb7f21257c659f05646c6b61e993f87e0877f6ba06b347ddd1fc45d5c44bc4e309ef75ed882b82e4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\VCRUNTIME140_1.dll

Filesize
48KB

MD5
68156f41ae9a04d89bb6625a5cd222d4

SHA1
3be29d5c53808186eba3a024be377ee6f267c983

SHA256
82a2f9ae1e6146ae3cb0f4bc5a62b7227e0384209d9b1aef86bbcc105912f7cd

SHA512
f7bf8ad7cd8b450050310952c56f6a20b378a972c822ccc253ef3d7381b56ffb3ca6ce3323bea9872674ed1c02017f78ab31e9eb9927fc6b3cba957c247e5d57

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\_bz2.pyd

Filesize
84KB

MD5
057325e89b4db46e6b18a52d1a691caa

SHA1
8eab0897d679e223aa0d753f6d3d2119f4d72230

SHA256
5ba872caa7fcee0f4fb81c6e0201ceed9bd92a3624f16828dd316144d292a869

SHA512
6bc7606869ca871b7ee5f2d43ec52ed295fa5c3a7df31dbd7e955ddb98c0748aff58d67f09d82edcde9d727e662d1550c6a9cf82f9cb7be021159d4b410e7cbc

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\_ctypes.pyd

Filesize
131KB

MD5
2185849bc0423f6641ee30804f475478

SHA1
d37ca3e68f4b2111fc0c0cead9695d598795c780

SHA256
199cd8d7db743c316771ef7bbf414ba9a9cdae1f974e90da6103563b2023538d

SHA512
ba89db9f265a546b331482d779ab30131814e42ad3711a837a3450f375d2910bd41b3b3258db90b29cd5afccdc695318fc8ad8cd921a57ce25f69aea539b26ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\_lzma.pyd

Filesize
155KB

MD5
3e73bc69efb418e76d38be5857a77027

SHA1
7bee01096669caa7bec81cdc77d6bb2f2346608c

SHA256
6f48e7eba363cb67f3465a6c91b5872454b44fc30b82710dfa4a4489270ce95c

SHA512
b6850e764c8849058488f7051dcabff096709b002d2f427a49e83455838d62a9d3fc7b65285702de2b995858ed433e35a0c4da93c2d5ae34684bf624eb59fa6a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-console-l1-1-0.dll

Filesize
21KB

MD5
e8b9d74bfd1f6d1cc1d99b24f44da796

SHA1
a312cfc6a7ed7bf1b786e5b3fd842a7eeb683452

SHA256
b1b3fd40ab437a43c8db4994ccffc7f88000cc8bb6e34a2bcbff8e2464930c59

SHA512
b74d9b12b69db81a96fc5a001fd88c1e62ee8299ba435e242c5cb2ce446740ed3d8a623e1924c2bc07bfd9aef7b2577c9ec8264e53e5be625f4379119bafcc27

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-datetime-l1-1-0.dll

Filesize
21KB

MD5
cfe0c1dfde224ea5fed9bd5ff778a6e0

SHA1
5150e7edd1293e29d2e4d6bb68067374b8a07ce6

SHA256
0d0f80cbf476af5b1c9fd3775e086ed0dfdb510cd0cc208ec1ccb04572396e3e

SHA512
b0e02e1f19cfa7de3693d4d63e404bdb9d15527ac85a6d492db1128bb695bffd11bec33d32f317a7615cb9a820cd14f9f8b182469d65af2430ffcdbad4bd7000

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-debug-l1-1-0.dll

Filesize
21KB

MD5
33bbece432f8da57f17bf2e396ebaa58

SHA1
890df2dddfdf3eeccc698312d32407f3e2ec7eb1

SHA256
7cf0944901f7f7e0d0b9ad62753fc2fe380461b1cce8cdc7e9c9867c980e3b0e

SHA512
619b684e83546d97fc1d1bc7181ad09c083e880629726ee3af138a9e4791a6dcf675a8df65dc20edbe6465b5f4eac92a64265df37e53a5f34f6be93a5c2a7ae5

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
21KB

MD5
eb0978a9213e7f6fdd63b2967f02d999

SHA1
9833f4134f7ac4766991c918aece900acfbf969f

SHA256
ab25a1fe836fc68bcb199f1fe565c27d26af0c390a38da158e0d8815efe1103e

SHA512
6f268148f959693ee213db7d3db136b8e3ad1f80267d8cbd7d5429c021adaccc9c14424c09d527e181b9c9b5ea41765aff568b9630e4eb83bfc532e56dfe5b63

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-file-l1-1-0.dll

Filesize
25KB

MD5
efad0ee0136532e8e8402770a64c71f9

SHA1
cda3774fe9781400792d8605869f4e6b08153e55

SHA256
3d2c55902385381869db850b526261ddeb4628b83e690a32b67d2e0936b2c6ed

SHA512
69d25edf0f4c8ac5d77cb5815dfb53eac7f403dc8d11bfe336a545c19a19ffde1031fa59019507d119e4570da0d79b95351eac697f46024b4e558a0ff6349852

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-file-l1-2-0.dll

Filesize
21KB

MD5
1c58526d681efe507deb8f1935c75487

SHA1
0e6d328faf3563f2aae029bc5f2272fb7a742672

SHA256
ef13dce8f71173315dfc64ab839b033ab19a968ee15230e9d4d2c9d558efeee2

SHA512
8edb9a0022f417648e2ece9e22c96e2727976332025c3e7d8f15bcf6d7d97e680d1bf008eb28e2e0bd57787dcbb71d38b2deb995b8edc35fa6852ab1d593f3d1

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-file-l2-1-0.dll

Filesize
18KB

MD5
bfffa7117fd9b1622c66d949bac3f1d7

SHA1
402b7b8f8dcfd321b1d12fc85a1ee5137a5569b2

SHA256
1ea267a2e6284f17dd548c6f2285e19f7edb15d6e737a55391140ce5cb95225e

SHA512
b319cc7b436b1be165cdf6ffcab8a87fe29de78f7e0b14c8f562be160481fb5483289bd5956fdc1d8660da7a3f86d8eede35c6cc2b7c3d4c852decf4b2dcdb7f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-handle-l1-1-0.dll

Filesize
21KB

MD5
e89cdcd4d95cda04e4abba8193a5b492

SHA1
5c0aee81f32d7f9ec9f0650239ee58880c9b0337

SHA256
1a489e0606484bd71a0d9cb37a1dc6ca8437777b3d67bfc8c0075d0cc59e6238

SHA512
55d01e68c8c899e99a3c62c2c36d6bcb1a66ff6ecd2636d2d0157409a1f53a84ce5d6f0c703d5ed47f8e9e2d1c9d2d87cc52585ee624a23d92183062c999b97e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-heap-l1-1-0.dll

Filesize
21KB

MD5
accc640d1b06fb8552fe02f823126ff5

SHA1
82ccc763d62660bfa8b8a09e566120d469f6ab67

SHA256
332ba469ae84aa72ec8cce2b33781db1ab81a42ece5863f7a3cb5a990059594f

SHA512
6382302fb7158fc9f2be790811e5c459c5c441f8caee63df1e09b203b8077a27e023c4c01957b252ac8ac288f8310bcee5b4dcc1f7fc691458b90cdfaa36dcbe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
21KB

MD5
c6024cc04201312f7688a021d25b056d

SHA1
48a1d01ae8bc90f889fb5f09c0d2a0602ee4b0fd

SHA256
8751d30df554af08ef42d2faa0a71abcf8c7d17ce9e9ff2ea68a4662603ec500

SHA512
d86c773416b332945acbb95cbe90e16730ef8e16b7f3ccd459d7131485760c2f07e95951aeb47c1cf29de76affeb1c21bdf6d8260845e32205fe8411ed5efa47

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
21KB

MD5
1f2a00e72bc8fa2bd887bdb651ed6de5

SHA1
04d92e41ce002251cc09c297cf2b38c4263709ea

SHA256
9c8a08a7d40b6f697a21054770f1afa9ffb197f90ef1eee77c67751df28b7142

SHA512
8cf72df019f9fc9cd22ff77c37a563652becee0708ff5c6f1da87317f41037909e64dcbdcc43e890c5777e6bcfa4035a27afc1aeeb0f5deba878e3e9aef7b02a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-localization-l1-2-0.dll

Filesize
21KB

MD5
724223109e49cb01d61d63a8be926b8f

SHA1
072a4d01e01dbbab7281d9bd3add76f9a3c8b23b

SHA256
4e975f618df01a492ae433dff0dd713774d47568e44c377ceef9e5b34aad1210

SHA512
19b0065b894dc66c30a602c9464f118e7f84d83010e74457d48e93aaca4422812b093b15247b24d5c398b42ef0319108700543d13f156067b169ccfb4d7b6b7c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-memory-l1-1-0.dll

Filesize
21KB

MD5
3c38aac78b7ce7f94f4916372800e242

SHA1
c793186bcf8fdb55a1b74568102b4e073f6971d6

SHA256
3f81a149ba3862776af307d5c7feef978f258196f0a1bf909da2d3f440ff954d

SHA512
c2746aa4342c6afffbd174819440e1bbf4371a7fed29738801c75b49e2f4f94fd6d013e002bad2aadafbc477171b8332c8c5579d624684ef1afbfde9384b8588

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
21KB

MD5
321a3ca50e80795018d55a19bf799197

SHA1
df2d3c95fb4cbb298d255d342f204121d9d7ef7f

SHA256
5476db3a4fecf532f96d48f9802c966fdef98ec8d89978a79540cb4db352c15f

SHA512
3ec20e1ac39a98cb5f726d8390c2ee3cd4cd0bf118fdda7271f7604a4946d78778713b675d19dd3e1ec1d6d4d097abe9cd6d0f76b3a7dff53ce8d6dbc146870a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
21KB

MD5
0462e22f779295446cd0b63e61142ca5

SHA1
616a325cd5b0971821571b880907ce1b181126ae

SHA256
0b6b598ec28a9e3d646f2bb37e1a57a3dda069a55fba86333727719585b1886e

SHA512
07b34dca6b3078f7d1e8ede5c639f697c71210dcf9f05212fd16eb181ab4ac62286bc4a7ce0d84832c17f5916d0224d1e8aab210ceeff811fc6724c8845a74fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
21KB

MD5
c3632083b312c184cbdd96551fed5519

SHA1
a93e8e0af42a144009727d2decb337f963a9312e

SHA256
be8d78978d81555554786e08ce474f6af1de96fcb7fa2f1ce4052bc80c6b2125

SHA512
8807c2444a044a3c02ef98cf56013285f07c4a1f7014200a21e20fcb995178ba835c30ac3889311e66bc61641d6226b1ff96331b019c83b6fcc7c87870cce8c4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
21KB

MD5
517eb9e2cb671ae49f99173d7f7ce43f

SHA1
4ccf38fed56166ddbf0b7efb4f5314c1f7d3b7ab

SHA256
57cc66bf0909c430364d35d92b64eb8b6a15dc201765403725fe323f39e8ac54

SHA512
492be2445b10f6bfe6c561c1fc6f5d1af6d1365b7449bc57a8f073b44ae49c88e66841f5c258b041547fcd33cbdcb4eb9dd3e24f0924db32720e51651e9286be

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-profile-l1-1-0.dll

Filesize
21KB

MD5
f3ff2d544f5cd9e66bfb8d170b661673

SHA1
9e18107cfcd89f1bbb7fdaf65234c1dc8e614add

SHA256
e1c5d8984a674925fa4afbfe58228be5323fe5123abcd17ec4160295875a625f

SHA512
184b09c77d079127580ef80eb34bded0f5e874cefbe1c5f851d86861e38967b995d859e8491fcc87508930dc06c6bbf02b649b3b489a1b138c51a7d4b4e7aaad

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
21KB

MD5
a0c2dbe0f5e18d1add0d1ba22580893b

SHA1
29624df37151905467a223486500ed75617a1dfd

SHA256
3c29730df2b28985a30d9c82092a1faa0ceb7ffc1bd857d1ef6324cf5524802f

SHA512
3e627f111196009380d1687e024e6ffb1c0dcf4dcb27f8940f17fec7efdd8152ff365b43cb7fdb31de300955d6c15e40a2c8fb6650a91706d7ea1c5d89319b12

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-string-l1-1-0.dll

Filesize
21KB

MD5
2666581584ba60d48716420a6080abda

SHA1
c103f0ea32ebbc50f4c494bce7595f2b721cb5ad

SHA256
27e9d3e7c8756e4512932d674a738bf4c2969f834d65b2b79c342a22f662f328

SHA512
befed15f11a0550d2859094cc15526b791dadea12c2e7ceb35916983fb7a100d89d638fb1704975464302fae1e1a37f36e01e4bef5bc4924ab8f3fd41e60bd0c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-synch-l1-1-0.dll

Filesize
21KB

MD5
225d9f80f669ce452ca35e47af94893f

SHA1
37bd0ffc8e820247bd4db1c36c3b9f9f686bbd50

SHA256
61c0ebe60ce6ebabcb927ddff837a9bf17e14cd4b4c762ab709e630576ec7232

SHA512
2f71a3471a9868f4d026c01e4258aff7192872590f5e5c66aabd3c088644d28629ba8835f3a4a23825631004b1afd440efe7161bb9fc7d7c69e0ee204813ca7b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-synch-l1-2-0.dll

Filesize
21KB

MD5
1281e9d1750431d2fe3b480a8175d45c

SHA1
bc982d1c750b88dcb4410739e057a86ff02d07ef

SHA256
433bd8ddc4f79aee65ca94a54286d75e7d92b019853a883e51c2b938d2469baa

SHA512
a954e6ce76f1375a8beac51d751b575bbc0b0b8ba6aa793402b26404e45718165199c2c00ccbcba3783c16bdd96f0b2c17addcc619c39c8031becebef428ce77

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
21KB

MD5
fd46c3f6361e79b8616f56b22d935a53

SHA1
107f488ad966633579d8ec5eb1919541f07532ce

SHA256
0dc92e8830bc84337dcae19ef03a84ef5279cf7d4fdc2442c1bc25320369f9df

SHA512
3360b2e2a25d545ccd969f305c4668c6cda443bbdbd8a8356ffe9fbc2f70d90cf4540f2f28c9ed3eea6c9074f94e69746e7705e6254827e6a4f158a75d81065b

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-timezone-l1-1-0.dll

Filesize
21KB

MD5
d12403ee11359259ba2b0706e5e5111c

SHA1
03cc7827a30fd1dee38665c0cc993b4b533ac138

SHA256
f60e1751a6ac41f08e46480bf8e6521b41e2e427803996b32bdc5e78e9560781

SHA512
9004f4e59835af57f02e8d9625814db56f0e4a98467041da6f1367ef32366ad96e0338d48fff7cc65839a24148e2d9989883bcddc329d9f4d27cae3f843117d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-core-util-l1-1-0.dll

Filesize
21KB

MD5
0f129611a4f1e7752f3671c9aa6ea736

SHA1
40c07a94045b17dae8a02c1d2b49301fad231152

SHA256
2e1f090aba941b9d2d503e4cd735c958df7bb68f1e9bdc3f47692e1571aaac2f

SHA512
6abc0f4878bb302713755a188f662c6fe162ea6267e5e1c497c9ba9fddbdaea4db050e322cb1c77d6638ecf1dad940b9ebc92c43acaa594040ee58d313cbcfae

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-conio-l1-1-0.dll

Filesize
21KB

MD5
d4fba5a92d68916ec17104e09d1d9d12

SHA1
247dbc625b72ffb0bf546b17fb4de10cad38d495

SHA256
93619259328a264287aee7c5b88f7f0ee32425d7323ce5dc5a2ef4fe3bed90d5

SHA512
d5a535f881c09f37e0adf3b58d41e123f527d081a1ebecd9a927664582ae268341771728dc967c30908e502b49f6f853eeaebb56580b947a629edc6bce2340d8

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-convert-l1-1-0.dll

Filesize
25KB

MD5
edf71c5c232f5f6ef3849450f2100b54

SHA1
ed46da7d59811b566dd438fa1d09c20f5dc493ce

SHA256
b987ab40cdd950ebe7a9a9176b80b8fffc005ccd370bb1cbbcad078c1a506bdc

SHA512
481a3c8dc5bef793ee78ce85ec0f193e3e9f6cd57868b813965b312bd0fadeb5f4419707cd3004fbdb407652101d52e061ef84317e8bd458979443e9f8e4079a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-environment-l1-1-0.dll

Filesize
21KB

MD5
f9235935dd3ba2aa66d3aa3412accfbf

SHA1
281e548b526411bcb3813eb98462f48ffaf4b3eb

SHA256
2f6bd6c235e044755d5707bd560a6afc0ba712437530f76d11079d67c0cf3200

SHA512
ad0c0a7891fb8328f6f0cf1ddc97523a317d727c15d15498afa53c07610210d2610db4bc9bd25958d47adc1af829ad4d7cf8aabcab3625c783177ccdb7714246

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
21KB

MD5
5107487b726bdcc7b9f7e4c2ff7f907c

SHA1
ebc46221d3c81a409fab9815c4215ad5da62449c

SHA256
94a86e28e829276974e01f8a15787fde6ed699c8b9dc26f16a51765c86c3eade

SHA512
a0009b80ad6a928580f2b476c1bdf4352b0611bb3a180418f2a42cfa7a03b9f0575ed75ec855d30b26e0cca96a6da8affb54862b6b9aff33710d2f3129283faa

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-heap-l1-1-0.dll

Filesize
21KB

MD5
d5d77669bd8d382ec474be0608afd03f

SHA1
1558f5a0f5facc79d3957ff1e72a608766e11a64

SHA256
8dd9218998b4c4c9e8d8b0f8b9611d49419b3c80daa2f437cbf15bcfd4c0b3b8

SHA512
8defa71772105fd9128a669f6ff19b6fe47745a0305beb9a8cadb672ed087077f7538cd56e39329f7daa37797a96469eae7cd5e4cca57c9a183b35bdc44182f3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-locale-l1-1-0.dll

Filesize
21KB

MD5
650435e39d38160abc3973514d6c6640

SHA1
9a5591c29e4d91eaa0f12ad603af05bb49708a2d

SHA256
551a34c400522957063a2d71fa5aba1cd78cc4f61f0ace1cd42cc72118c500c0

SHA512
7b4a8f86d583562956593d27b7ecb695cb24ab7192a94361f994fadba7a488375217755e7ed5071de1d0960f60f255aa305e9dd477c38b7bb70ac545082c9d5e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-math-l1-1-0.dll

Filesize
29KB

MD5
b8f0210c47847fc6ec9fbe2a1ad4debb

SHA1
e99d833ae730be1fedc826bf1569c26f30da0d17

SHA256
1c4a70a73096b64b536be8132ed402bcfb182c01b8a451bff452efe36ddf76e7

SHA512
992d790e18ac7ae33958f53d458d15bff522a3c11a6bd7ee2f784ac16399de8b9f0a7ee896d9f2c96d1e2c8829b2f35ff11fc5d8d1b14c77e22d859a1387797c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-process-l1-1-0.dll

Filesize
21KB

MD5
272c0f80fd132e434cdcdd4e184bb1d8

SHA1
5bc8b7260e690b4d4039fe27b48b2cecec39652f

SHA256
bd943767f3e0568e19fb52522217c22b6627b66a3b71cd38dd6653b50662f39d

SHA512
94892a934a92ef1630fbfea956d1fe3a3bfe687dec31092828960968cb321c4ab3af3caf191d4e28c8ca6b8927fbc1ec5d17d5c8a962c848f4373602ec982cd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
25KB

MD5
20c0afa78836b3f0b692c22f12bda70a

SHA1
60bb74615a71bd6b489c500e6e69722f357d283e

SHA256
962d725d089f140482ee9a8ff57f440a513387dd03fdc06b3a28562c8090c0bc

SHA512
65f0e60136ab358661e5156b8ecd135182c8aaefd3ec320abdf9cfc8aeab7b68581890e0bbc56bad858b83d47b7a0143fa791195101dc3e2d78956f591641d16

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
25KB

MD5
96498dc4c2c879055a7aff2a1cc2451e

SHA1
fecbc0f854b1adf49ef07beacad3cec9358b4fb2

SHA256
273817a137ee049cbd8e51dc0bb1c7987df7e3bf4968940ee35376f87ef2ef8d

SHA512
4e0b2ef0efe81a8289a447eb48898992692feee4739ceb9d87f5598e449e0059b4e6f4eb19794b9dcdce78c05c8871264797c14e4754fd73280f37ec3ea3c304

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-string-l1-1-0.dll

Filesize
25KB

MD5
115e8275eb570b02e72c0c8a156970b3

SHA1
c305868a014d8d7bbef9abbb1c49a70e8511d5a6

SHA256
415025dce5a086dbffc4cf322e8ead55cb45f6d946801f6f5193df044db2f004

SHA512
b97ef7c5203a0105386e4949445350d8ff1c83bdeaee71ccf8dc22f7f6d4f113cb0a9be136717895c36ee8455778549f629bf8d8364109185c0bf28f3cb2b2ca

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-time-l1-1-0.dll

Filesize
21KB

MD5
001e60f6bbf255a60a5ea542e6339706

SHA1
f9172ec37921432d5031758d0c644fe78cdb25fa

SHA256
82fba9bc21f77309a649edc8e6fc1900f37e3ffcb45cd61e65e23840c505b945

SHA512
b1a6dc5a34968fbdc8147d8403adf8b800a06771cc9f15613f5ce874c29259a156bab875aae4caaec2117817ce79682a268aa6e037546aeca664cd4eea60adbf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\api-ms-win-crt-utility-l1-1-0.dll

Filesize
21KB

MD5
a0776b3a28f7246b4a24ff1b2867bdbf

SHA1
383c9a6afda7c1e855e25055aad00e92f9d6aaff

SHA256
2e554d9bf872a64d2cd0f0eb9d5a06dea78548bc0c7a6f76e0a0c8c069f3c0a9

SHA512
7c9f0f8e53b363ef5b2e56eec95e7b78ec50e9308f34974a287784a1c69c9106f49ea2d9ca037f0a7b3c57620fcbb1c7c372f207c68167df85797affc3d7f3ba

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\base_library.zip

Filesize
1.3MB

MD5
f15dc87d419758028721b7c485d39404

SHA1
0cacf33887e966e118b156dc2ca2731629714fdf

SHA256
0f89f8643556dd4f996de0a0112548811ad59a71146684164405f9151a51e8a5

SHA512
2b71f2ac2016cdf265b58fbfd4af1f7389fe11e1c312c53f03fbedde7827e32789ee73ab0ca98115a982e16f4dec856badbbc150a56b033744f7022dbc11b39c

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\libcrypto-3.dll

Filesize
5.0MB

MD5
123ad0908c76ccba4789c084f7a6b8d0

SHA1
86de58289c8200ed8c1fc51d5f00e38e32c1aad5

SHA256
4e5d5d20d6d31e72ab341c81e97b89e514326c4c861b48638243bdf0918cfa43

SHA512
80fae0533ba9a2f5fa7806e86f0db8b6aab32620dde33b70a3596938b529f3822856de75bddb1b06721f8556ec139d784bc0bb9c8da0d391df2c20a80d33cb04

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\libffi-8.dll

Filesize
38KB

MD5
0f8e4992ca92baaf54cc0b43aaccce21

SHA1
c7300975df267b1d6adcbac0ac93fd7b1ab49bd2

SHA256
eff52743773eb550fcc6ce3efc37c85724502233b6b002a35496d828bd7b280a

SHA512
6e1b223462dc124279bfca74fd2c66fe18b368ffbca540c84e82e0f5bcbea0e10cc243975574fa95ace437b9d8b03a446ed5ee0c9b1b094147cefaf704dfe978

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\libssl-3.dll

Filesize
774KB

MD5
4ff168aaa6a1d68e7957175c8513f3a2

SHA1
782f886709febc8c7cebcec4d92c66c4d5dbcf57

SHA256
2e4d35b681a172d3298caf7dc670451be7a8ba27c26446efc67470742497a950

SHA512
c372b759b8c7817f2cbb78eccc5a42fa80bdd8d549965bd925a97c3eebdce0335fbfec3995430064dead0f4db68ebb0134eb686a0be195630c49f84b468113e3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\python3.DLL

Filesize
70KB

MD5
98b008be9834bfc362b4c2eef4e8cdb9

SHA1
a4a50ced1329c3986e3c1576f089b25aff5ffdf2

SHA256
4f93342b59addedbe45ebd973e6449ab85b11c0aab6ad7962124e293c5d03638

SHA512
d594ffd7d44d4d862475711973df87b08fb63a900ddfd87c7771ad27f0cc71e5fbdce92da4d4ad5856fe3cfb803257ce0b71cd8dc24ca5c421ddb1b9b44c7881

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\python313.dll

Filesize
5.8MB

MD5
501080884bed38cb8801a307c9d7b7b4

SHA1
881b250cc8f4fa4f75111ac557a4fde8e1e217af

SHA256
bf68cf819a1e865170430c10e91c18b427aef88db1da1742020443864aa2b749

SHA512
63d74a4871d1c72c2a79ae8a5d380070f9d2128c16949c3ad36c9862fcc4dab738137ed3d51caf0bc46b36655f8bd8a2d425d68200123415ee8d4de0e1cbebc9

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\select.pyd

Filesize
31KB

MD5
2663e22900ab5791c6687a264473ae1e

SHA1
d8db587b6c632200ae13be880cc824cdc8390df9

SHA256
baee284995b22d495fd12fa8378077e470978db1522c61bfb9af37fb827f33d1

SHA512
5f29ff4288b9db33976f5f79b9fd07c4900a560bb41fe98c93a33da7a36c0981ffd71f460e81e13e4f6a2debafa6d9284bc1a728734752ba5ad5fbd766659e80

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\tcl86t.dll

Filesize
1.8MB

MD5
3688caba94d9a1dc124df80aef41ac47

SHA1
66b314fc54b1d2475bfb655facacf8a8d6eacfed

SHA256
31560ca3b0eec014013405e9652b9261824232883749f0461d7d4e5f7faea3ab

SHA512
f3cd68e26f008b27370bd5222b6dafd8bb5f312a885db4e2f8f6502a719403263412f2aa7c8451b4ab7c59e674e3746710ce5a3c3c09f0cdb0266f82f226e9f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\tk86t.dll

Filesize
1.5MB

MD5
d379810228b51c2571d9071eed3286b8

SHA1
a643cda1683168e27a209b397d0eea7bc14c5103

SHA256
34d402f3d6a237aac1165a010016ac032e0ae1a86dcfa03dda49ebfc0af40cad

SHA512
f195c4d38f3e1d6853efae68ef50a2d3e70fc0f3840aa9aa2c1cddaec6a311e60cd86fc84dcdf0d4febf4d0e94bb89238c1408c5781302bbfaeafc613e10084a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\ucrtbase.dll

Filesize
992KB

MD5
0e0bac3d1dcc1833eae4e3e4cf83c4ef

SHA1
4189f4459c54e69c6d3155a82524bda7549a75a6

SHA256
8a91052ef261b5fbf3223ae9ce789af73dfe1e9b0ba5bdbc4d564870a24f2bae

SHA512
a45946e3971816f66dd7ea3788aacc384a9e95011500b458212dc104741315b85659e0d56a41570731d338bdf182141c093d3ced222c007038583ceb808e26fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\unicodedata.pyd

Filesize
694KB

MD5
c0b4c55ce3711af914b2015f707e4452

SHA1
f1c1e9f8a461cfee1199d2100f5c0796733518b6

SHA256
a67eec238162fde20ac24ca7df931792734aad0611be22d1b3a71bc15acf72f3

SHA512
fa6bd9223898ef0c54ca9a67b10207bfce152eadbaec4c91d4e951d0790f455066f5095ed739fa2452aea1420d154beb00bfa9e6e10b46bed687c5d0d7484900

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI45522\zlib1.dll

Filesize
144KB

MD5
de2e3379deeacbe476b9ee8ddeac7ffe

SHA1
b112c267f5a6e3d06809896708d9ef9f7c118462

SHA256
94675de9234f00e75c73e4973f8fb49a272a1df8003337205cd1b15fb642a168

SHA512
0dbe2d131f41258c81e931bbc459051b26de488030a0ad20cb1d2d8ce8cce0a1ddd17a7049a2878368d7e535428bdc6c7886265f43be27fbc6aeed784080c93b

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_pruu0u0y.2uw.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\ButtonEvent.dll

Filesize
5KB

MD5
c24568a3b0d7c8d7761e684eb77252b5

SHA1
66db7f147cbc2309d8d78fdce54660041acbc60d

SHA256
e2da6d8b73b5954d58baa89a949aacece0527dfb940ca130ac6d3fd992d0909d

SHA512
5d43e4c838fd7f4c6a4ab6cc6d63e0f81d765d9ca33d9278d082c4f75f9416907df10b003e10edc1b5ef39535f722d8dbfab114775ac67da7f9390dcc2b4b443

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\INetC.dll

Filesize
23KB

MD5
7760daf1b6a7f13f06b25b5a09137ca1

SHA1
cc5a98ea3aa582de5428c819731e1faeccfcf33a

SHA256
5233110ed8e95a4a1042f57d9b2dc72bc253e8cb5282437637a51e4e9fcb9079

SHA512
d038bea292ffa2f2f44c85305350645d504be5c45a9d1b30db6d9708bfac27e2ff1e41a76c844d9231d465f31d502a5313dfded6309326d6dfbe30e51a76fdb5

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\UserInfo.dll

Filesize
4KB

MD5
2f69afa9d17a5245ec9b5bb03d56f63c

SHA1
e0a133222136b3d4783e965513a690c23826aec9

SHA256
e54989d2b83e7282d0bec56b098635146aab5d5a283f1f89486816851ef885a0

SHA512
bfd4af50e41ebc56e30355c722c2a55540a5bbddb68f1522ef7aabfe4f5f2a20e87fa9677ee3cdb3c0bf5bd3988b89d1224d32c9f23342a16e46c542d8dc0926

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\g\gcapi_dll.dll

Filesize
348KB

MD5
2973af8515effd0a3bfc7a43b03b3fcc

SHA1
4209cded0caac7c5cb07bcb29f1ee0dc5ac211ee

SHA256
d0e4581210a22135ce5deb47d9df4d636a94b3813e0649aab84822c9f08af2a0

SHA512
b6f9653142ec00b2e0a5045f0f2c7ba5dbbda8ef39edf14c80a24ecab3c41f081eb466994aaf0879ac96b201ba5c02d478275710e4d08b3debc739063d177f7e

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\nsProcess.dll

Filesize
4KB

MD5
f0438a894f3a7e01a4aae8d1b5dd0289

SHA1
b058e3fcfb7b550041da16bf10d8837024c38bf6

SHA256
30c6c3dd3cc7fcea6e6081ce821adc7b2888542dae30bf00e881c0a105eb4d11

SHA512
f91fcea19cbddf8086affcb63fe599dc2b36351fc81ac144f58a80a524043ddeaa3943f36c86ebae45dd82e8faf622ea7b7c9b776e74c54b93df2963cfe66cc7

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\ui\pfUI.dll

Filesize
18.2MB

MD5
34be51649e001d1c92681154fbb14d1d

SHA1
36db635139493604dd85899a8b7855828f76d5d9

SHA256
61a03360af5cee8423fa7322ba660b54ca5034dbd97450e114c7a00d1cb740a2

SHA512
490f3851c17929b964ef5b8876cfa778c70e9145d20de92ab092e7ca71121c90fa8afec28ea0b2f91cdeebf3e67e3bd1c853f0ed532de2ad43c09daffc25c518

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\ui\res\PF_logo.png

Filesize
3KB

MD5
079cca30760cca3c01863b6b96e87848

SHA1
98c2ca01f248bc61817db7e5faea4a3d8310db50

SHA256
8dd37d3721e25c32c5bf878b6dba9e61d04b7ce8aec45bdf703a41bc41802dfa

SHA512
3e25c10e3a5830584c608b9178ab062e93e0e9009a7d897bb5e3561180b0b0910bd4178063d982eb33806a005c93931ae2ec5be520ec0d0c9a7c452cb78fd6a8

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\ui\res\SP_computer.png

Filesize
66KB

MD5
873b7c34ced38adaa2d01752099c09df

SHA1
e659d094f6e3fe6f71a3f1b047b75206bab168a0

SHA256
aced6376065f2c71b4b619823f735bbdcac967a5113cd4e6b978298a58c927c9

SHA512
a8d54d52bb5ec4502cd4bb829eef23c1b2edff9daeeca0f4fb7dbaa0cabdcac763a60aedc8393ba12a393a8263a5c06d3555d7b165cf9927dd9cc18d68b9e510

Download Submit
C:\Users\Admin\AppData\Local\Temp\nss4182.tmp\ui\res\Speccy_Logo_72px.png

Filesize
8KB

MD5
1787175d95eab213cf5a8bc25e252676

SHA1
1d4bd97b2bcaabd26f2ef7781b91233575e1ba0f

SHA256
65fa6baa9d140251d04069cf538f3262ebbb0e4e62d58d06cc58ad8b22085a83

SHA512
de1df226bb9bf84305aea43c237ea76937a9df0c56ecd9afeee1920c3f4d600fde0cc0c027ca397fb6067ffb1a7fe8c03496d82ed844bb4f47f32b2b30eda52f

Download Submit
C:\Users\Admin\AppData\Local\Temp\sce19837.tmp

Filesize
12KB

MD5
009819c0abc869038a9d184bd7a9b6c7

SHA1
3ce497bc1ce7cb35209fd2a8556dabae7ee3adfe

SHA256
2fd69eb9a60ae80b0168ff8f4656e5981701f1558bf5707997b1ee9ba35c3185

SHA512
3fe0065e16ade01bda35f0c850b6a67cfbd0e3377e7470c67680f2502b76444261f6abc4dbd6ea2822d1a76f3d386c6f7af7aa5bd8f32659d15912428ec7b23d

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir1456_2135909833\f6f08059-e854-4651-ad82-1bd392af0e20.tmp

Filesize
152KB

MD5
dd9bf8448d3ddcfd067967f01e8bf6d7

SHA1
d7829475b2bd6a3baa8fabfaf39af57c6439b35e

SHA256
fa2232917a5656ea4f811936561ea6b7c92b3c0004c5e08ecb97636d3afc6f72

SHA512
65347df34378c2bbb34417e2cccfb3251a0b2412422cc190eed9df525b6e0a9948e0295ea3c33b3ad873ce81e369e89a138ac41d6eb7229546c3269107e661de

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir6252_1654881972\CRX_INSTALL\_locales\en\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir6252_1654881972\CRX_INSTALL\_locales\en_US\messages.json

Filesize
1KB

MD5
64eaeb92cb15bf128429c2354ef22977

SHA1
45ec549acaa1fda7c664d3906835ced6295ee752

SHA256
4f70eca8e28541855a11ec7a4e6b3bc6dd16c672ff9b596ecfb7715bb3b5898c

SHA512
f63ee02159812146eee84c4eb2034edfc2858a287119cc34a8b38c309c1b98953e14ca1ca6304d6b32b715754b15ba1b3aa4b46976631b5944d50581b2f49def

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir6252_1654881972\CRX_INSTALL\manifest.json

Filesize
1KB

MD5
2a738ca67be8dd698c70974c9d4bb21b

SHA1
45a4086c876d276954ffce187af2ebe3dc667b5f

SHA256
b08d566a5705247ddc9abf5e970fc93034970b02cf4cb3d5ccc90e1a1f8c816e

SHA512
f72b9190f9f2b1acc52f7fbb920d48797a96e62dfc0659c418edbbc0299dccf1931f6c508b86c940b976016745b9877f88f2ee081d3e3d5dcdcc2cc7e7884492

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 86775.crdownload

Filesize
18.0MB

MD5
b86b975448d0b27727ac9c849318cbf2

SHA1
938c2d249c9bf7978b4828b9028b95b122ceefc3

SHA256
03c35fcb1d10cf478c0b9896699937e6e262daa4f4a4353a7cc56b238fe86892

SHA512
3c82955edde3f45fb45875223253351fe1938f58a307a4f7bc85a3971a5a92cddecd3d2bef31ccc60e233eb8a532ed4ab0f1708384cc4db91c02255e832a698d

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1384587911\manifest.json

Filesize
53B

MD5
22b68a088a69906d96dc6d47246880d2

SHA1
06491f3fd9c4903ac64980f8d655b79082545f82

SHA256
94be212fe6bcf42d4b13fabd22da97d6a7ef8fdf28739989aba90a7cf181ac88

SHA512
8c755fdc617fa3a196e048e222a2562622f43362b8ef60c047e540e997153a446a448e55e062b14ed4d0adce7230df643a1bd0b06a702dc1e6f78e2553aadfff

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\Notification\notification_fast.bundle.js.LICENSE.txt

Filesize
551B

MD5
7bf61e84e614585030a26b0b148f4d79

SHA1
c4ffbc5c6aa599e578d3f5524a59a99228eea400

SHA256
38ed54eb53300fdb6e997c39c9fc83a224a1fd9fa06a0b6d200aa12ea278c179

SHA512
ca5f2d3a4f200371927c265b9fb91b8bcd0fbad711559f796f77b695b9038638f763a040024ed185e67be3a7b58fab22a6f8114e73fdbd1cccdda6ef94ff88f3

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\Tokenized-Card\tokenized-card.bundle.js.LICENSE.txt

Filesize
1KB

MD5
8595bdd96ab7d24cc60eb749ce1b8b82

SHA1
3b612cc3d05e372c5ac91124f3756bbf099b378d

SHA256
363f376ab7893c808866a830fafbcd96ae6be93ec7a85fabf52246273cf56831

SHA512
555c0c384b6fcfc2311b47c0b07f8e34243de528cf1891e74546b6f4cda338d75c2e2392827372dc39e668ed4c2fd1a02112d8136d2364f9cab9ee4fa1bd87f5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\json\i18n-tokenized-card\fr-CA\strings.json

Filesize
2KB

MD5
cd247582beb274ca64f720aa588ffbc0

SHA1
4aaeef0905e67b490d4a9508ed5d4a406263ed9c

SHA256
c67b555372582b07df86a6ce3329a854e349ba9525d7be0672517bab0ac14db5

SHA512
bf8fa4bd7c84038fae9eddb483ae4a31d847d5d47b408b3ea84d46d564f15dfc2bae6256eac4a852dd1c4ad8e58bc542e3df30396be05f30ed07e489ebe52895

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1501855551\manifest.json

Filesize
121B

MD5
16f004af39a3675a73f5c15f6182a293

SHA1
e7027edbadfd881e03d8a592ae661a985fd89cd7

SHA256
4e5ef1851bc910ceeb59a63bb53725cf5d8149feff9483e960b54cc26fdc419b

SHA512
8ef0d80259b5a38424676918f07238a76c527b643267008999dc3b2cff5c93e29ae85cbf0605f0d0b4f880fd6ae96254ebd30e5b80097eea95f5d27b5d461ff6

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1511327956\LICENSE

Filesize
1KB

MD5
ee002cb9e51bb8dfa89640a406a1090a

SHA1
49ee3ad535947d8821ffdeb67ffc9bc37d1ebbb2

SHA256
3dbd2c90050b652d63656481c3e5871c52261575292db77d4ea63419f187a55b

SHA512
d1fdcc436b8ca8c68d4dc7077f84f803a535bf2ce31d9eb5d0c466b62d6567b2c59974995060403ed757e92245db07e70c6bddbf1c3519fed300cc5b9bf9177c

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1511327956\manifest.json

Filesize
85B

MD5
c3419069a1c30140b77045aba38f12cf

SHA1
11920f0c1e55cadc7d2893d1eebb268b3459762a

SHA256
db9a702209807ba039871e542e8356219f342a8d9c9ca34bcd9a86727f4a3a0f

SHA512
c5e95a4e9f5919cb14f4127539c4353a55c5f68062bf6f95e1843b6690cebed3c93170badb2412b7fb9f109a620385b0ae74783227d6813f26ff8c29074758a1

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1512283387\manifest.json

Filesize
176B

MD5
6607494855f7b5c0348eecd49ef7ce46

SHA1
2c844dd9ea648efec08776757bc376b5a6f9eb71

SHA256
37c30639ea04878b9407aecbcea4848b033e4548d5023ce5105ea79cab2c68dd

SHA512
8cb60725d958291b9a78c293992768cb03ff53ab942637e62eb6f17d80e0864c56a9c8ccafbc28246e9ce1fdb248e8d071d76764bcaf0243397d0f0a62b4d09a

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_1633097883\manifest.json

Filesize
79B

MD5
7f4b594a35d631af0e37fea02df71e72

SHA1
f7bc71621ea0c176ca1ab0a3c9fe52dbca116f57

SHA256
530882d7f535ae57a4906ca735b119c9e36480cbb780c7e8ad37c9c8fdf3d9b1

SHA512
bf3f92f5023f0fbad88526d919252a98db6d167e9ca3e15b94f7d71ded38a2cfb0409f57ef24708284ddd965bda2d3207cd99c008b1c9c8c93705fd66ac86360

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_2058463977\manifest.json

Filesize
238B

MD5
15b69964f6f79654cbf54953aad0513f

SHA1
013fb9737790b034195cdeddaa620049484c53a7

SHA256
1bdda4a8fc3e2b965fbb52c9b23a9a34871bc345abfb332a87ea878f4472efbd

SHA512
7eeee58e06bba59b1ef874436035202416079617b7953593abf6d9af42a55088ab37f45fdee394166344f0186c0cb7092f55ed201c213737bb5d5318e9f47908

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_2071636557\manifest.json

Filesize
118B

MD5
3e4993f878e658507d78f52011519527

SHA1
2fce50683531c5c985967a71f90d62ab141707df

SHA256
a2fb35b03e24f5ba14cbe0e3c3d8cb43588e93f048878b066fd1d640ef8e59cb

SHA512
9d24ef876ac989e50e9d4d06732a4c4f61e12df366b3d4e5ff93d6a60badac36c3e55e7f13c2539ecb525017490a887fc56580ef8e83483019041ad9b13358d5

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_559985179\manifest.json

Filesize
145B

MD5
465cc76a28cc5543a0d845a8e8dd58fa

SHA1
adbe272f254fd8b218fcc7c8da716072ea29d8ba

SHA256
e75fb1fa1692e9720166872afe6d015e4f99d4e8725463e950889a55c4c35bb9

SHA512
a00286cd50d908883a48f675d6291881ad8809dcae5aca55d5d581e6d93a66058e1fe9e626852bf16e5bb0c693a088a69d9876ccac288181b1f74254bf1da1a2

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_808100335\_locales\en\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping6252_936343147\manifest.json

Filesize
1003B

MD5
578c9dbc62724b9d481ec9484a347b37

SHA1
a6f5a3884fd37b7f04f93147f9498c11ed5c2c2d

SHA256
005a2386e5da2e6a5975f1180fe9b325da57c61c0b4f1b853b8bcf66ec98f0a0

SHA512
2060eb35fb0015926915f603c8e1742b448a21c5a794f9ec2bebd04e170184c60a31cee0682f4fd48b65cff6ade70befd77ba0446cc42d6fe1de68d93b8ea640

Download Submit
memory/1052-2086-0x00000237FB2B0000-0x00000237FB2F6000-memory.dmp

Filesize
280KB

Download
memory/1052-2082-0x00000237FAE60000-0x00000237FAE82000-memory.dmp

Filesize
136KB

Download
memory/2452-2068-0x00007FF995DB0000-0x00007FF995DD9000-memory.dmp

Filesize
164KB

Download
memory/4824-3526-0x0000000007AD0000-0x0000000007AD1000-memory.dmp

Filesize
4KB

Download
memory/4824-3547-0x0000000007AD0000-0x0000000007AD1000-memory.dmp

Filesize
4KB

Download
memory/4824-3500-0x0000000006CA0000-0x0000000006CB0000-memory.dmp

Filesize
64KB

Download
memory/4824-3524-0x0000000007D60000-0x0000000007D68000-memory.dmp

Filesize
32KB

Download
memory/4824-3531-0x0000000007AD0000-0x0000000007AD8000-memory.dmp

Filesize
32KB

Download
memory/4824-3551-0x0000000007A90000-0x0000000007A91000-memory.dmp

Filesize
4KB

Download
memory/4824-3528-0x0000000007AE0000-0x0000000007AE8000-memory.dmp

Filesize
32KB

Download
memory/4824-3534-0x0000000007A90000-0x0000000007A91000-memory.dmp

Filesize
4KB

Download
memory/4824-3542-0x0000000007B10000-0x0000000007B18000-memory.dmp

Filesize
32KB

Download
memory/4824-3492-0x0000000006AE0000-0x0000000006AF0000-memory.dmp

Filesize
64KB

Download
memory/4824-3525-0x0000000007AE0000-0x0000000007AE8000-memory.dmp

Filesize
32KB

Download
memory/4824-3544-0x0000000007BE0000-0x0000000007BE8000-memory.dmp

Filesize
32KB

Download
memory/7004-6536-0x00000267DC190000-0x00000267DC198000-memory.dmp

Filesize
32KB

Download
memory/7004-6535-0x00000267DC160000-0x00000267DC16A000-memory.dmp

Filesize
40KB

Download
memory/7004-6538-0x00000267F7800000-0x00000267F78A8000-memory.dmp

Filesize
672KB

Download
memory/7004-6539-0x00000267F5F20000-0x00000267F5F34000-memory.dmp

Filesize
80KB

Download
memory/7004-6534-0x00000267DBC10000-0x00000267DBC3C000-memory.dmp

Filesize
176KB

Download