quasar | 03168b7fc07d7572179b03b923c22200b259d4e01754e3e0df0118206ac9c2b9

Analysis

max time kernel
590s
max time network
590s
platform
windows11-21h2_x64
resource
win11-20250410-en
resource tags

arch:x64arch:x86image:win11-20250410-enlocale:en-usos:windows11-21h2-x64system
submitted
19/04/2025, 15:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

frivirus.exe
Size

1.8MB
MD5

22b6ce3fb5468a1a3b815fd49cef9e2a
SHA1

eb0e6a30595d33f486a31875ab6987589e62a1cf
SHA256

03168b7fc07d7572179b03b923c22200b259d4e01754e3e0df0118206ac9c2b9
SHA512

e79723c4e0a62dac02f2f2bcbb487527ad053069e3b6065a13822165173823b4d5b326293ebe99a5c58b1409b33e904415c0816a9d4401f4fdd518d452720530
SSDEEP

24576:cl157A4S2eWBRwRR16zhHIPbcNK0KKm77yviUSQaZaOwI55l2S62r9exnd7XrwSZ:cb5t7wR2EgKKm77LrwCB6TFrwM9

Score

10^/10

quasar discovery ransomware spyware stealer trojan

Malware Config

Extracted

Family

quasar

Attributes

encryption_key
F5F31C46BB15BEDDB643667BC441A55E746DE4B8
reconnect_delay
0
startup_key
��0��c��ƴ�

Signatures

Quasar RAT
Quasar is an open source Remote Access Tool.
trojan spyware quasar
Quasar family
quasar

Quasar payload 2 IoCs

resource	yara_rule
behavioral1/memory/4604-1-0x00000231699F0000-0x0000023169BC0000-memory.dmp	family_quasar
behavioral1/files/0x001900000002b103-7.dat	family_quasar

Drops file in Drivers directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\drivers\UMDF\usbmmIdd.dll	DrvInst.exe

Executes dropped EXE 3 IoCs

pid	Process
4036	Defender.exe
5904	deviceinstaller64.exe
5908	deviceinstaller64.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Drops file in System32 directory 42 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\idd_instructions.txt	Defender.exe
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\License.txt	Defender.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\Win32\usbmmIdd.dll	Defender.exe
File created	C:\Windows\system32\usbmmidd_v2.zip	Defender.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\deviceinstaller64.exe	Defender.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\License.txt	Defender.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmidd.cat	Defender.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\SETFEC6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbmmidd.inf_amd64_2cb21e2b14e16bf2\usbmmIdd.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}	DrvInst.exe
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\Win32\usbmmIdd.dll	Defender.exe
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\x64\usbmmIdd.dll	Defender.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\usbmmIdd.cat	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbmmidd.inf_amd64_2cb21e2b14e16bf2\x64\usbmmIdd.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\x64\SETFEC4.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\drvstore.tmp	DrvInst.exe
File created	C:\Windows\system32\Windows Defender\Defender.exe	frivirus.exe
File opened for modification	C:\Windows\system32\Windows Defender\Defender.exe	frivirus.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\deviceinstaller.exe	Defender.exe
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmidd.bat	Defender.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\x64\usbmmIdd.dll	Defender.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\x64\usbmmIdd.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\usbmmidd.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbmmidd.inf_amd64_2cb21e2b14e16bf2\x64\usbmmIdd.dll	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\SETFEC5.tmp	DrvInst.exe
File opened for modification	C:\Windows\system32\Windows Defender\Defender.exe	Defender.exe
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\deviceinstaller.exe	Defender.exe
File opened for modification	C:\Windows\system32\Windows Defender	Defender.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmidd.bat	Defender.exe
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmidd.cat	Defender.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmIdd.inf	Defender.exe
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmIdd.inf	Defender.exe
File created	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\SETFEC5.tmp	DrvInst.exe
File created	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\SETFEC6.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\CatRoot2\dberr.txt	DrvInst.exe
File opened for modification	C:\Windows\system32\Windows Defender	frivirus.exe
File opened for modification	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\deviceinstaller64.exe	Defender.exe
File created	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\x64\SETFEC4.tmp	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\FileRepository\usbmmidd.inf_amd64_2cb21e2b14e16bf2\usbmmidd.inf	DrvInst.exe
File opened for modification	C:\Windows\System32\DriverStore\Temp\{963fb494-1a76-a547-a244-d5ebbb4d8341}\x64	DrvInst.exe
File created	C:\Windows\System32\DriverStore\FileRepository\usbmmidd.inf_amd64_2cb21e2b14e16bf2\usbmmidd.PNF	deviceinstaller64.exe
File created	C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\idd_instructions.txt	Defender.exe

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1492919288-2219487354-2015056034-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\wallpaper.png"	Defender.exe

Drops file in Windows directory 15 IoCs

description	ioc	Process
File opened for modification	C:\Windows\INF\setupapi.dev.log	deviceinstaller64.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	svchost.exe
File created	C:\Windows\INF\c_display.PNF	deviceinstaller64.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3992_826236520\manifest.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3992_826236520\sets.json	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3992_826236520\_metadata\verified_contents.json	msedge.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File created	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	DrvInst.exe
File opened for modification	C:\Windows\SystemTemp	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3992_826236520\LICENSE	msedge.exe
File created	C:\Windows\SystemTemp\chrome_Unpacker_BeginUnzipping3992_826236520\manifest.fingerprint	msedge.exe
File opened for modification	C:\Windows\inf\oem3.inf	DrvInst.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	svchost.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	deviceinstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs	deviceinstaller64.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters	DrvInst.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	DrvInst.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	deviceinstaller64.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID	deviceinstaller64.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 2 IoCs

defense_evasion

pid	Process
644	taskkill.exe
940	taskkill.exe

Modifies data under HKEY_USERS 45 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	DrvInst.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133895505747832082"	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	DrvInst.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	DrvInst.exe

Modifies registry class 6 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1492919288-2219487354-2015056034-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1492919288-2219487354-2015056034-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\DisplayName = "Chrome Sandbox"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1492919288-2219487354-2015056034-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Moniker = "cr.sb.odm3E4D1A088C1F6D498C84F3C86DE73CE49F82A104"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1492919288-2219487354-2015056034-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-620072444-2846605723-1118207114-1642104096-81213792-2370344205-2712285428\Children	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1492919288-2219487354-2015056034-1000\{0CE86C3D-80F2-408B-8DC6-22DA275A92D1}	msedge.exe

Modifies system certificate store 2 TTPs 2 IoCs

defense_evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	Defender.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000054000000305206082b0601050507030206082b06010505070303060a2b0601040182370a030406082b0601050507030406082b0601050507030606082b0601050507030706082b0601050507030106082b0601050507030853000000010000004300000030413022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0620000000100000020000000d7a7a0fb5d7e2731d771e9484ebcdef71d5f0c3e0a2948782bc83ee0ea699ef40b000000010000001c0000005300650063007400690067006f002000280041004100410029000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	Defender.exe

Scheduled Task/Job: Scheduled Task 1 TTPs 2 IoCs

Schtasks is often used by malware for persistence or to perform post-infection execution.

persistence execution

Scheduled Task

T1053.005

pid	Process
3680	schtasks.exe
5416	schtasks.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
4036	Defender.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
4548	chrome.exe
4548	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
3992	msedge.exe
3992	msedge.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid
4

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	4604	frivirus.exe
Token: SeDebugPrivilege	4036	Defender.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe
Token: SeShutdownPrivilege	2156	chrome.exe
Token: SeCreatePagefilePrivilege	2156	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
4036	Defender.exe
4036	Defender.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
5796	chrome.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe
3992	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe
2156	chrome.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4036	Defender.exe
4036	Defender.exe
4036	Defender.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4604 wrote to memory of 5416	4604	frivirus.exe	83
PID 4604 wrote to memory of 5416	4604	frivirus.exe	83
PID 4604 wrote to memory of 4036	4604	frivirus.exe	85
PID 4604 wrote to memory of 4036	4604	frivirus.exe	85
PID 4036 wrote to memory of 3680	4036	Defender.exe	87
PID 4036 wrote to memory of 3680	4036	Defender.exe	87
PID 2156 wrote to memory of 1628	2156	chrome.exe	93
PID 2156 wrote to memory of 1628	2156	chrome.exe	93
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1080	2156	chrome.exe	94
PID 2156 wrote to memory of 1092	2156	chrome.exe	95
PID 2156 wrote to memory of 1092	2156	chrome.exe	95
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96
PID 2156 wrote to memory of 5864	2156	chrome.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\frivirus.exe
"C:\Users\Admin\AppData\Local\Temp\frivirus.exe"
1⤵
- Drops file in System32 directory
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:4604
- C:\Windows\SYSTEM32\schtasks.exe
  "schtasks" /create /tn "Windows Defender" /sc ONLOGON /tr "C:\Windows\system32\Windows Defender\Defender.exe" /rl HIGHEST /f
  2⤵
  - Scheduled Task/Job: Scheduled Task
  PID:5416
- C:\Windows\system32\Windows Defender\Defender.exe
  "C:\Windows\system32\Windows Defender\Defender.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in System32 directory
  - Sets desktop wallpaper using registry
  - Modifies system certificate store
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4036
- - C:\Windows\SYSTEM32\schtasks.exe
    "schtasks" /create /tn "Windows Defender" /sc ONLOGON /tr "C:\Windows\system32\Windows Defender\Defender.exe" /rl HIGHEST /f
    3⤵
    - Scheduled Task/Job: Scheduled Task
    PID:3680
- - C:\Windows\SYSTEM32\cmd.exe
    "cmd" /c C:\Users\Admin\AppData\Local\Temp\2qb3nzov.pge.bat
    3⤵
    PID:5204
- - C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\deviceinstaller64.exe
    "C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\deviceinstaller64.exe" install C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmIdd.inf usbmmidd
    3⤵
    - Executes dropped EXE
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    PID:5904
- - C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\deviceinstaller64.exe
    "C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\deviceinstaller64.exe" enableidd 1
    3⤵
    - Executes dropped EXE
    PID:5908
- - C:\Windows\SYSTEM32\Conhost.exe
    Conhost --headless cmd.exe /c taskkill /IM chrome.exe /F
    3⤵
    PID:5680
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c taskkill /IM chrome.exe /F
      4⤵
      PID:2788
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /IM chrome.exe /F
        5⤵
        Kills process with taskkill
        
        PID:644
- - C:\Windows\SYSTEM32\Conhost.exe
    Conhost --headless cmd.exe /c start chrome.exe --start-maximized --no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11 --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder
    3⤵
    PID:6008
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c start chrome.exe --start-maximized --no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11 --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder
      4⤵
      PID:2264
    - - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11 --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:5796
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Crashpad --metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa2cc5dcf8,0x7ffa2cc5dd04,0x7ffa2cc5dd10
        6⤵
        
        PID:3352
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --field-trial-handle=2036,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=2032 /prefetch:2
        6⤵
        
        PID:3152
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --field-trial-handle=1440,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=2040 /prefetch:11
        6⤵
        
        PID:5688
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --field-trial-handle=2164,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=2176 /prefetch:13
        6⤵
        
        PID:3016
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --disable-3d-apis --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=2880,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=2892 /prefetch:1
        6⤵
        
        PID:5520
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --disable-3d-apis --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=2904,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=2920 /prefetch:1
        6⤵
        
        PID:6140
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --disable-3d-apis --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4080,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=4012 /prefetch:1
        6⤵
        
        PID:4848
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --field-trial-handle=4620,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=4484 /prefetch:14
        6⤵
        
        PID:5244
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --field-trial-handle=4480,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=4756 /prefetch:14
        6⤵
        
        PID:3020
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --disable-3d-apis --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4916,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=2924 /prefetch:1
        6⤵
        
        PID:3508
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --disable-3d-apis --enable-dinosaur-easter-egg-alt-images --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4992,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=4920 /prefetch:1
        6⤵
        
        PID:4252
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --message-loop-type-ui --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --field-trial-handle=220,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=5044 /prefetch:14
        6⤵
        
        PID:1924
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --message-loop-type-ui --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --field-trial-handle=4684,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=4032 /prefetch:14
        6⤵
        
        PID:5080
      - C:\Program Files\Google\Chrome\Application\chrome.exe
        
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --message-loop-type-ui --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder" --field-trial-handle=4968,i,16144960716201276077,15185146133774186710,262144 --variations-seed-version=20250417-180112.233000 --mojo-platform-channel-handle=4892 /prefetch:14
        6⤵
        
        PID:4176
- - C:\Windows\SYSTEM32\Conhost.exe
    Conhost --headless cmd.exe /c taskkill /IM msedge.exe /F
    3⤵
    PID:2996
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c taskkill /IM msedge.exe /F
      4⤵
      PID:1992
    - - C:\Windows\system32\taskkill.exe
        
        taskkill /IM msedge.exe /F
        5⤵
        Kills process with taskkill
        
        PID:940
- - C:\Windows\SYSTEM32\Conhost.exe
    Conhost --headless cmd.exe /c start msedge.exe --start-maximized --no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11 --user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder
    3⤵
    PID:5960
  - - C:\Windows\SYSTEM32\cmd.exe
      cmd.exe /c start msedge.exe --start-maximized --no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11 --user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder
      4⤵
      PID:3128
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --no-sandbox --allow-no-sandbox-job --disable-3d-apis --disable-gpu --disable-d3d11 --user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder
        5⤵
        Drops file in Windows directory
        Enumerates system info in registry
        Modifies data under HKEY_USERS
        Modifies registry class
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of FindShellTrayWindow
        
        PID:3992
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=133.0.6943.99 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 --annotation=prod=Edge --annotation=ver=133.0.3065.69 --initial-client-data=0x23c,0x240,0x244,0x238,0x2f0,0x7ffa2622f208,0x7ffa2622f214,0x7ffa2622f220
        6⤵
        
        PID:4364
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAAAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --use-gl=angle --use-angle=swiftshader-webgl --always-read-main-dll --field-trial-handle=2172,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=2116 /prefetch:2
        6⤵
        
        PID:4664
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=1780,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=2176 /prefetch:11
        6⤵
        
        PID:5816
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=2208,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=2268 /prefetch:13
        6⤵
        
        PID:4516
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --disable-3d-apis --pdf-upsell-enabled --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --always-read-main-dll --field-trial-handle=3104,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=3160 /prefetch:1
        6⤵
        
        PID:5152
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --disable-3d-apis --instant-process --pdf-upsell-enabled --no-sandbox --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --always-read-main-dll --field-trial-handle=3112,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=3172 /prefetch:1
        6⤵
        
        PID:5572
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=4608,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:14
        6⤵
        
        PID:5720
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --no-sandbox --onnx-enabled-for-ee --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=4596,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=4688 /prefetch:14
        6⤵
        
        PID:3848
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=PooledProcess2 --lang=en-US --service-sandbox-type=utility --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=4960,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=5060 /prefetch:14
        6⤵
        
        PID:1552
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=5524,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=5532 /prefetch:14
        6⤵
        
        PID:232
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=1132
        7⤵
        
        PID:488
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.ProfileImport --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=5600,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=5608 /prefetch:14
        6⤵
        
        PID:5424
        
        C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\cookie_exporter.exe
        
        cookie_exporter.exe --cookie-json=592
        7⤵
        
        PID:5356
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=5596,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:14
        6⤵
        
        PID:5488
      - C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=5596,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=5568 /prefetch:14
        6⤵
        
        PID:3384
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --message-loop-type-ui --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=5532,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=4560 /prefetch:14
        6⤵
        
        PID:1140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --message-loop-type-ui --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=5728,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=5764 /prefetch:14
        6⤵
        
        PID:2140
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-sandbox --message-loop-type-ui --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=5904,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=6000 /prefetch:14
        6⤵
        
        PID:5316
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --no-sandbox --message-loop-type-ui --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=4712,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=4844 /prefetch:14
        6⤵
        
        PID:5668
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=4200,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=4912 /prefetch:14
        6⤵
        
        PID:5028
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=5464,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=5452 /prefetch:14
        6⤵
        
        PID:5388
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-sandbox --string-annotations --user-data-dir="C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder" --always-read-main-dll --field-trial-handle=4916,i,17613328343892073600,6937626896010634553,262144 --variations-seed-version --mojo-platform-channel-handle=1016 /prefetch:14
        6⤵
        
        PID:3728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=133.0.6943.60 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2cc5dcf8,0x7ffa2cc5dd04,0x7ffa2cc5dd10
  2⤵
  PID:1628
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --string-annotations --gpu-preferences=UAAAAAAAAADgAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=1920,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=1916 /prefetch:2
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --string-annotations --field-trial-handle=2256,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2264 /prefetch:11
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --string-annotations --field-trial-handle=2376,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=2392 /prefetch:13
  2⤵
  PID:5864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3236,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3292,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --extension-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4232,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3216 /prefetch:9
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --string-annotations --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=4564,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=4596 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5248,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5320 /prefetch:14
  2⤵
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5320,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5344 /prefetch:14
  2⤵
  PID:1940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5632,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5616 /prefetch:14
  2⤵
  PID:2572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5612,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5340 /prefetch:14
  2⤵
  PID:844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --message-loop-type-ui --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=5312,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5580 /prefetch:14
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --string-annotations --gpu-preferences=UAAAAAAAAADoAAAEAAAAAAAAAAAAAAAAAABgAAEAAAAAAAAAAAAAAAAAAABCAAAAAAAAAAAAAAAAAAAAAAAAABAAAAAAAAAAEAAAAAAAAAAIAAAAAAAAAAgAAAAAAAAA --field-trial-handle=5500,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=3488 /prefetch:10
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=on_device_model.mojom.OnDeviceModelService --lang=en-US --service-sandbox-type=on_device_model_execution --video-capture-use-gpu-memory-buffer --string-annotations --field-trial-handle=4652,i,2571383925108508257,12575450083403429695,262144 --variations-seed-version=20250409-205551.032000 --mojo-platform-channel-handle=5596 /prefetch:14
  2⤵
  PID:4716

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:4948

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2180

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:3136
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "4" "0" "C:\Users\Admin\AppData\Local\Temp\{03d37f87-711f-2f48-bc53-467998c34df4}\usbmmidd.inf" "9" "4f9666e1f" "0000000000000154" "WinSta0\Default" "0000000000000164" "208" "c:\windows\system32\usbmmidd_v2\usbmmidd_v2"
  2⤵
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  - Modifies data under HKEY_USERS
  PID:2036
- C:\Windows\system32\DrvInst.exe
  DrvInst.exe "2" "211" "ROOT\DISPLAY\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:d470a17d4e87d07b:MyDevice_Install:2.0.0.1:usbmmidd," "4f9666e1f" "000000000000010C" "5c4e"
  2⤵
  - Drops file in Drivers directory
  - Drops file in System32 directory
  - Drops file in Windows directory
  - Checks SCSI registry key(s)
  PID:3616

C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\133.0.6943.60\elevation_service.exe"
1⤵
PID:6040

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4628

C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\133.0.3065.69\elevation_service.exe"
1⤵
PID:5248

Network

MITRE ATT&CK Enterprise v16

Reconnaissance

Resource Development

Initial Access

Execution

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Persistence

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Privilege Escalation

Scheduled Task/Job

T1053

Scheduled Task

T1053.005

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Cache\Cache_Data\f_000004

Filesize
217KB

MD5
fc4f627ddf54943afa716e1ac1c695c3

SHA1
5377bdb788bc19b76e5b7cb8bcb9110394bf1812

SHA256
1c569628639cf777d2a69e37daa3c970165d1e1fc7f4518b4810b050810d0d88

SHA512
be9e9c47914d2973311e017bfd9846a7aaa88b3b90f49a45edb86aa594f32c2040aa25d1bfa927745524a7a145f2095b6f853de62d3a2118353633b990a3f2ab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1ed0ef6935f19f86a76c452bc8e5145f

SHA1
fea95838c76c4eef7dfbe2aebf46e3992515b895

SHA256
9757701a708d8deb27555aebc3bf2d942c353dbba2cca93c0df6af55d958c715

SHA512
04452ee9d3cd35d009551ff4d76458440769494aca59e11de3d00dc76360b09ba07431821b38040a87d6f29db05c650cc67cc23b0bd71c46fcef75bca1e7d41a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Code Cache\js\index-dir\the-real-index~RFe5bb95a.TMP

Filesize
96B

MD5
3aedac20ad4cc3ba66e3b1627b25fa7e

SHA1
b6fbfb19967106ac851bc07e5e684e54e91d344f

SHA256
98dd466173345325dad72ea28dedf8d0fd9d3c73172399a5e367de15ed3be09a

SHA512
ffc0188cc21b2df0b95f720b9fab7ab709b0a109cedc9d10fdfda230adcb4dc6e9995532d1eece6835b666c2fa762805b0101dbbeb12cba571302608a6082327

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Network\Network Persistent State

Filesize
3KB

MD5
45293e97b2cda3cdd800204505c7d811

SHA1
d86ee597adbb460a4b2c2feba299ab56a85fc009

SHA256
7c5b12b855ec47cfa15163b58ef55f59ecdfb21613827fae41227930dcd93ad4

SHA512
d1174a99f07b59532d261a1460e16058d621dc20126696af7c87ca852832f14152e81ae0d0ac58df84831db6dc1d2b5bc522363376d7f39c8d5cf085195e83f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Network\Network Persistent State

Filesize
3KB

MD5
09b16dc658338b2a3b782e32d45494c5

SHA1
4a591f000c805997f952e5d3799021422ebc1c7c

SHA256
d348be17602a83cbe3ee689403a8db1eb58b0494ebb77db2660fb609be0e40e7

SHA512
1ee464958ee26456fd7bebb99436bc6c634d8fdc6ad859fb97c804bc5e7ba783f73af1c2abf585a0dd7f133372e94e3c188a5debc0a5f41c5daf4b9debffabcd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Preferences

Filesize
11KB

MD5
26cb5c729a4bf4f214e4d4938ca976cc

SHA1
5d90ddc69a762ab7c6f7726f2b9636aaaade9df0

SHA256
e3071aca905c924502753e13f7d4972207611c37ffc5328de8c43eb079228243

SHA512
71de6d6b2752ff54c224395465ef61e4575a2b670024f87ee242c573feabbc30c117c36d7bd52e977e5fec9ac3d02242cb641280772b8937fe410c724841e6fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Preferences

Filesize
11KB

MD5
0e10cce3f72667dd2697968dc35313e0

SHA1
2c32a2f2c51a8761cecd8eade303251d408975b3

SHA256
08205a9850eb4c1cc5e91268882e5a85d1b6b2b165a187b3f814d36550c02136

SHA512
3e03332dda943f8c1774f65b808c58a9819b089253801cfda79c49f3579fbdb36577462fdfab73d7df7c8e95e5a4be660a84e597e0711dcc85107dc882b96f2a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Preferences

Filesize
11KB

MD5
261d8c54f65f1581e7857c4a744c2e39

SHA1
64007360e79bbcc7b3c8e4fd8433ae132e017302

SHA256
b3cca204716ea7ae82f6b5835d9006600c76b4d62d7bd19752d692c4d1b91aeb

SHA512
ac87bf37c497f87e6f5676550e0221877fe8fb93c56a0b60acf9bbc6888bc0a872c76fb45c618a1c8c4aacb5b93fbc914dc6ea6e69b70d2ed4715f958d40ad70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Preferences

Filesize
11KB

MD5
fe79dd67be1cae9ffdbb99b73261257d

SHA1
c905b6ec71d7033ab610db989f34f66c7f198a2c

SHA256
5091ea35a25f8d178f8e3241dc146f5a53ee9c2a68dcd2ac3ed47d75e9765745

SHA512
dbc1daa6185e40054af298c8e381d12a673e0540be7167d402097bda46122848468fd6b75f1c0e36fac2e840e9066b0f717d71a2d442f0a6e45a0e60a00d5109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnWebGPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnWebGPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnWebGPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\SecureFolder\Local State

Filesize
80KB

MD5
f4e4fdf60ffdbb3ddd64bd658709abc6

SHA1
8f544dcdfc14519769d161defe884e6d5093cb76

SHA256
bcb461b297d2d95d6a7c25a33d30b634b23e777f0a33e9df901ff18a611d2571

SHA512
90580bffe9eef1cb1ee2ffbf7bd55e771836cec2a3aa4888af791623cc54e9d0c9ca8184f228c46dd863bd5808f43561efc7ecb01688300d3548b81e80139509

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\CrashpadMetrics-active.pma

Filesize
1024KB

MD5
34c29bdb9e41b1f47f2d2786762c12ec

SHA1
4075131b18c3487e3e848361e112009c897629c7

SHA256
67ee11b51cd6f637795e31ab501f135ed595c8459bce885735f08b0418513a17

SHA512
ca3a978798e77b2ced27b379f38e935ef18beaa7ea23e34270a9af20b37e1b1c5edf9478606311cf1acabd83992766cb3da8444de9394c674d5955bdbc53c0d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
e20ecf65d1b4d355e026f904c4e998f2

SHA1
40f3f748b20f45568535559ff4a92f83c62156f6

SHA256
694fd8fc320fc9c1e6201499c878aea847383646c385a5d4494f84ccd5c0ce3a

SHA512
4af50ebac69f5caa34b9cc4c59ac6e1dfca747af7fa25e08f8b8ed1c729df3d63ab68c81bf61551be518f5a68d88e75278e64c5e51ad16006393fa61ce4bb208

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
7ea9ad29ed8441154df9ae6bd08f2cb2

SHA1
6923a5b95c3260c0ddf4e435d4bed601aadbe18c

SHA256
5c4443129761fbeafac282c7d3e24448873d149c8c36d083a206bb644126ec7d

SHA512
50ffa12c43e6f66400fc75aad7597e205915247964447f01196d38da935d06e8836064dc79efdee149390bc2ce4ae08d9efaa96ac0748c3c0bcbdf748d700898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
11f7d20cc2966789dffaa0c9cacba67e

SHA1
864a8b756f3f11e63c87817844b8f023c00884c1

SHA256
b016f485172d92ee61385dead1114ffbf1c73e27874e275d32ed7ba71a0174dc

SHA512
aa44e083b908fe4d42f6c2d295cffbec62f85d19c36aabba0db5a03b23985b72f66650af30a6dac5c0c0af59889345f846a13e6719ad65fcd9b1dd8a4362b421

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
00fc06f826bfa789181327cad624d27f

SHA1
70406640a5c1fa49d4c8e0f9be47c97106910333

SHA256
7bf7b9b620ee5a71e76fc2df765aac1245351e37a80588f89d823253a5fd5f44

SHA512
2b4a1c73cf3f62ecef0e4417f2a8a587be2da663ffca73ccb23de2111d2e3d0b74b16ec9d67939bccadb5767fa0bb691b11346da266b0f783f8b0251b2bcb12a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
a0200013b11c7403b3fe66c913afb562

SHA1
30563177a46585622e0410aeb9ed08305007c4af

SHA256
acd3c0f2a808c3229901f78fbbf84eba5c341e739f7bd67408338e2b3f6549b6

SHA512
050ca3c893952af1f8324ef167a7e8e0964b6e308ab1f1e5acf541e5d55875076b5d8990a7bd7ffcbf13e4fef3474c36b3b8dd64cafebf645498745dbba30487

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DIPS-wal

Filesize
8KB

MD5
40db40e13f788270192c79ac50c0be4e

SHA1
ae9e01e43d6311ab9b222ab495ed1f8be05faa49

SHA256
2ab6b261a286545490bd00ad278ca561cf72e04e39f2c4da90135fa65e32fb55

SHA512
fd6f43f4ce6129b73349e1c75cd5e435a98b602371cdec3e3f7640a318e1617a7f87881485d52cce2c70d62f8f6844c1c9d8c10e8b8782cc5e940abf6d24bc43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG

Filesize
317B

MD5
455dc0ecaff3b0fe3b0e81eee2f867e1

SHA1
103a5a8d6cdc54b0ded980dab6b183eeefd090e4

SHA256
401c8337918ad31281576db4910f3ffd7c1941673784a3ceefb9d86c3962c681

SHA512
740626bcaf4655111753f7a9f78e9a65562cc2be8ce37620b5cac94335b753b0025b89a8d8581ca8f0040c0d72d93a5571bf94a029f09f7768e12c9cf1305e8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG

Filesize
327B

MD5
8ea0a8dfb76af8cf5e08eb4bd7c56658

SHA1
5ea1d1b33ed15d075f668165d0a9718d4231f142

SHA256
30b6148c96194b74a6f8f55555255d9eabc6f72879cf2f310a4a960351de6aa5

SHA512
3faeda79536c9f96a4eaa52d4f6a1d254f3dc0acfb9b1361a1a8adba338ef9ede01b95038320569e2ada08749e4984227a63e9613a60d60539056441d02c353e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History-journal

Filesize
8KB

MD5
49e5ec1ae53b07014ff8cea16a50a1d8

SHA1
726f1949c18c84ebd7a2b2ddb3ce81e96bd76dbe

SHA256
285a16c5a2a1be2a58fe22c349a6d86d7f719cdd078779794c4fcd19965a527c

SHA512
de3514f2f10061560ac82016f1a7243767b761355e1faec96928a1541cf6128c74eb71bd761d0ec641b7a932422e7b4460adfb79b8112bc9222b76949ff3f7f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\000003.log

Filesize
87B

MD5
e4a639b9d8bf7a90cc97bb4e05a36753

SHA1
676facdabf06e5f014e95218bfc02b8c18c39284

SHA256
79da0e95b23e5777bee595201fead887021d71ddaffa79dac8d5cf03a646b8cd

SHA512
4a254245e0af42a2a86647ed24301f4f82a72c0dedad67df32317c2acdb8a7f2e5db8336871611419776e6a1cc1c35933cc5f4cb16648b51b6a401a14087d104

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\ghbmnnjooekpmoecnnnilnnbdlolhkhi\LOG

Filesize
401B

MD5
abe5900d0ff5f4065ef8ca6ba537cb22

SHA1
11148507da02db3e19815f56c6c6dd5bab541b43

SHA256
79b20f12c41257f016d7da5021a820fcd792355d526b4c038915c4d7a53690af

SHA512
410559de238d96e76618e9f420b43128d9397abe27624082aef4e9ad5f7b868244b87d7c6d38d8696b0d3f0a2d0842488e8ccbc08aba1ca1184b7712a9835350

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG

Filesize
329B

MD5
9324a684e6d271eae7e74079a7d17b4f

SHA1
1bdbb68af60ebd9ae424ca046d20bf8c7c5852d7

SHA256
b725e7f0096f9436e5afd9eb0c3f84889ebea0fde105174c33722d797560bf8c

SHA512
03b246dcb3163f1c1343eb72350571abee22194ae2b440acebefded7af431ef5c9cbfd97ffe608c8af9e54d51e7dea2b13dd22732a3bdb736fc16bee74ee27c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
8c79e81aa219f547d3c3ebf94a0f0076

SHA1
fb0ce99a93f9eccfc84f751a0bc453fab076704b

SHA256
5f6c27cdff4b27cd43947a2a3c99a56e29ea8da86b1f0e80e9e3035007ddd46f

SHA512
7220e8dd0da088ccecef90ad03490e9e32784a44b08f4bd8f322a894e2d28c476ef748deebc4b993eefa404d539baad7ecdc8a67648da92d9dcab992e4fef909

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
896821a099469cee7fde695ef50cfadb

SHA1
c72b1364b8d64eb670a59058090d941bcd360342

SHA256
145cc973e1e9a5b0e6b9ef26fa2b62e7023d353bbae7bfa313bda16a96f1d668

SHA512
7bde5750dc52b1e30c4bb829723d3ad19049907d024dd3098c53d26a5db3c91df09aee7773a77b1d25baf7e1e90978ffadae428f026db4b5f069e75213387b7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
ac03497bb54984eb25f9a590175bbc28

SHA1
750f5c30678791fb1ab061bece23e4131380ea4b

SHA256
2fef99aa8a2f8d415cdf88ae0f5a9038f555b33815c4b1f107a4e0ee212ed961

SHA512
b584585f8e3385d2d1c6ddda8d9dd37dd95d6d7c5df69f9397c25eab67c34a142902b8ed7f152949885ac39ef7e3308ee6d841514766a4a8b9ff11777910fbe2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
68f590bf42bd2cd35d9bb385a4ed7c9d

SHA1
5311bed96c75e72fae507436b554920295a54a3e

SHA256
4866023237b61e7d0f3c8cb824d8c8fb66f8655fd8e6cc75c3e1cf192544b1e0

SHA512
6867c2a18d11e6196459a9fc0c9afb83ac3f5f9259a033ffce7c8435eac9eb01115e84f7220efb87c1433181d889c28f136dcc04b4610d7d4ef45fc13b6a201a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Platform Notifications\LOG

Filesize
331B

MD5
ec60acb2f1236192202b1c0a80f1c869

SHA1
ec55540c952229b8fef8f74fd35b9defa11c6c8c

SHA256
6af833d1df526dc433946e8fdd0992c75426dcb7d316df3152bb4084d50afddb

SHA512
6e65be93c2e9a2ff7568b3416a507fd3c7472938a8a1f611927edf5dee7fb457f45d442db68b4704993b8c1c9b2da042c67c651b3251d8ff5727d5661641d844

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
ea50ba81e0699359a8d0d9fb7ff20433

SHA1
45480b8daa7c35f57a35c83bbc6367c9a883f0d5

SHA256
8e4a32546395a35fcead96e80bf7d31e44e74984a26082d2ff07e823acb9d454

SHA512
625ed8c8410ea90811617e4089cad992dd29ed0db18211fd3deeb0049b07132ad6f1bcf3cf35a0ba0ed32a45c107c25b35db0d61c6126bf3bf122cb29e10fc4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
53fcdffac39d1abd42d4ba247fdf97b4

SHA1
e8f4abf21feb7df55fc9587dfac869dd563d0084

SHA256
39b23655fb493887ea4702ab3ee2be0c01241510beec00b113c70209f0309361

SHA512
fc7bad166c814dfce38bff7d606b5b5537be1b4e8c015bd32cee6d45585da93b6e64651b1737c16c4edca1ac56a6b2cb97ed2345ed1187a635190c37d50dcd9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1f6d7f219f9c5a497fdfa51e97f3845f

SHA1
4141e62af22e7903622cb07addb0894b73f3ab97

SHA256
9193251442940d5c492d1d4f8c7bd41a3ae340824a0e1d1d4176a8e3a040721e

SHA512
9a449adf9e721aff7f6aaefae8cc65324d2af833f2455cd949a2e2a3ca099e172b8fd9ec4ae38c40077efdfcbbf680ca03f34a431fdebae916d117e2dc8f2544

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
8bcd4909abd654cbd74612896c5fc015

SHA1
130814421a4a4f4b2c8b5d8bff9258f887aa67a7

SHA256
7b5603cd115b778f510233ba050e3fd3dd1666b0c2c466e8245d9342f2bb0314

SHA512
d82c6aa98f5324a005bbbc271d22529e385209d0390b425e49b7d451f2b67ed3a16f046251211440a2ef8349f4004e41c83d7dd7238ac5c3c6bb91e61c8ba5f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
41295adb029224eb381147752e805f6b

SHA1
714cc11b483b72f769dc8076cd56ff8b075cdd5f

SHA256
d5d428cd84c88628da2f2ffe292b76e68681f8bb7f23054dea2acba388a98352

SHA512
14be99a6e06d56ee076bb06229706af57063a30951b370979135e9ae70030f31e9e5ba850a567f17e992e72fa868a31d288c90359b6e1bf089ee3aa60a6fe2e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\000003.log

Filesize
3KB

MD5
8819f8949a82c975ebc3b83fc2a9eede

SHA1
8c9a78074b2807aedebbc0c841505c9f9fb75b07

SHA256
2dbab8f32e31cc2f09fa1728cbe33f049ad0858dd32d71a1606f80db667e82a2

SHA512
48f0b53ebd81e86b9f9712fcc3651c5a9ddd2d4d5e099ce9972462e1a8110ca79e86e7793e4f13ecde226bcfbdd114803cdd3c8a49c4dc3e2231302ea2c348ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
336B

MD5
13cd98709fa07b4a6b040a9f66c47d10

SHA1
ccf5344d821ab25f6b5c76d63f0e9d95f0f371f3

SHA256
2dda24afb5dab5ae2760a4951a3113ece54d91c36f677e099231e5ad3b19d6a7

SHA512
926e5dc03000e73a11f4330fa0f5875c5ebed02af2911ae7928a82bbbd27ed7732df6cef2fa8fd840094091d6f645359e625d31a4ee23dd3cacaa2ca1b9c1396

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_0

Filesize
130KB

MD5
1b5cfb7061cf4d9458a95a4e495d561b

SHA1
f406eb1a1c4a3684e84818533a59d37086ab99d4

SHA256
502579c2a7631b93c2d0cf70cfb05d2102077dd136d65cffdc8abcdd1c474d86

SHA512
053bbeae4ada56b8143fbf204c51919a1444163d4c1e2fcf278106b529081ec6022bd3e8b8fd4442417938a67093386dcf649a19f090a43063aa3df73ffdccae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\ba23d8ecda68de77_1

Filesize
345KB

MD5
e6f02c97d22da97437666c104eb0c1e2

SHA1
6e43de9c2dafaf61b2385f826e70b5b0c8b4dd51

SHA256
2b9664f80b82ddbddc3edcd3c57c54cffb6221296e4166af71f6c51e51c892ac

SHA512
1639f92fc518a904af249e91583186e1367024e95658f9582ad76eb44c72b9701460c6e7f6e333e7ddb6636b31249bec6bb5c3f860c76726a8fde333086ace93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
0a7af771ab3e623c73f0a15e15b7c661

SHA1
95d741b550bd1d65efed8c657a004b8d397d7693

SHA256
dbd79a4aa5f44d4f9233d1bcc3d0c7ba27f0635d24e40a9b9bf9c4e4c592f48c

SHA512
9a0f311f2caf1cea45556c3214d7db78dbd8f5e66e46d21d71f292ed208f99f55d653ce0ed2256a63373879e25d6cc4873330ac02745243e2a3bc509b9ece47a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe583479.TMP

Filesize
48B

MD5
aa4e5678441016abc7a47c00ec69e9a6

SHA1
d85608cf5a5fb936edb8cf38f9af42900b7fb043

SHA256
a99cab510c4fcbbc08eb3fae0704d5bcfb321f63c7c6cfbb55bc249a7ab7d4e4

SHA512
eab9675dfc1d41cb5ebdf792f888b747dabf32de777c7e684c728a67b7bd888cb2844c1c41a33b1284c59972aa68a41408b7963a1946b7b7ad474c1d4d649847

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.log

Filesize
289B

MD5
541c42f1c98b3e1b011d22eba854e707

SHA1
db30188de1f22e3077e7044be1386a5d0ecaed9d

SHA256
0768e811c51ac61a8e573ac6b53f89dbb1d89eb2fcf62536a9a5f730329c584b

SHA512
47828c1b40deb8d37d6ff4fc8f7673fbb59b40e07f54f0fa4121b91941160134c251e20f7f28f7ee5185f3c8aee2b7e95a1bef573bc64c68912016accbe90604

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
130KB

MD5
774778888fc1e9de1d8c9e9549a766ac

SHA1
bcb062a4d1a7ae10fb8d1358e59792eac849d2de

SHA256
3cfda86fe91edd3a34745e4acb5a80381f252b132839bdc51902483b297ca593

SHA512
963e36313ecdb23b4a9d476098c00d0fa7b50cb74760ba602618c89a027dd8ed7f46bf7fe3ea658e6fd7f58e8b78d79e7b16be8c8670b7ebc2887bb1e0e6fe77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Browser

Filesize
106B

MD5
de9ef0c5bcc012a3a1131988dee272d8

SHA1
fa9ccbdc969ac9e1474fce773234b28d50951cd8

SHA256
3615498fbef408a96bf30e01c318dac2d5451b054998119080e7faac5995f590

SHA512
cea946ebeadfe6be65e33edff6c68953a84ec2e2410884e12f406cac1e6c8a0793180433a7ef7ce097b24ea78a1fdbb4e3b3d9cdf1a827ab6ff5605da3691724

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
13B

MD5
a4710a30ca124ef24daf2c2462a1da92

SHA1
96958e2fe60d71e08ea922dfd5e69a50e38cc5db

SHA256
7114eaf0a021d2eb098b1e9f56f3500dc4f74ac68a87f5256922e4a4b9fa66b7

SHA512
43878e3bc6479df9e4ebd11092be61a73ab5a1441cd0bc8755edd401d37032c44a7279bab477c01d563ab4fa5d8078c0ba163a9207383538e894e0a7ff5a3e15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
3baabb318cfa401aae95fee37935efd9

SHA1
8e48a3d9b782dd5ca6b65dede2447f6869d9efa3

SHA256
4607f608981c997b36ce77e11519f95e532525df9f1ac6faeeaa7047530df676

SHA512
16d8eb14444bace492b47d8b20d6673997f6da921bda2b1ab467b17a809d22fa15c715afc5fe7e7b9444657dfb249574eaa5a0bee8935582f79f37beaea0bb1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
151KB

MD5
e776c86443e62a6f29725e57b30fa2e2

SHA1
424c33c96483f315a52faf2d3aacbd24df81c76f

SHA256
e178b872f7092a5720f4081173f409cbd0e421bea91b96586cefb0d671f7973a

SHA512
8925dcff1057ac30e4e7b68b03d5ca152520e8ccdec1918e668dbf3f8d0659b2335962415ffe71653e89eb71f006e82ee271e6546beae190dc59332eda074b5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
152KB

MD5
c9404043ac3ffdbf18c0dd77c1954a25

SHA1
8f6f49b856aba16be79198f16ed4858e72715ff8

SHA256
7803b6bbc6bee28bccafebcae338de1f2e6c077ebdf2e1477ab23d7deede7a28

SHA512
3ff3fc68fddb83a3d3c8e91f1e7ef8a1b77290b2d194d85680e6050ee9fcb8c91fe1bbb1cfc6839fb9a850beb7654ad4b879242c4d238f6a1c1e039fb2b9592e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
78KB

MD5
5d83495c2a9713feda07d529ddfd06e9

SHA1
bb16587c228c8c958c49ce55826e3dc79bf7fab9

SHA256
562beefb41ba29d46a33e11aba125938fc67b2d93c9d5c961a582a1b1f4d6981

SHA512
bd15c18e8a3cbfac01708b530ad489deafcdef34cb9edc8e1eef80877ccbecea509049e8f0e7bed85eec7fec1b7a0a3c6f3b1901d3314d197abcc0bc2a8f1785

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
f732dbed9289177d15e236d0f8f2ddd3

SHA1
53f822af51b014bc3d4b575865d9c3ef0e4debde

SHA256
2741df9ee9e9d9883397078f94480e9bc1d9c76996eec5cfe4e77929337cbe93

SHA512
b64e5021f32e26c752fcba15a139815894309b25644e74ceca46a9aa97070bca3b77ded569a9bfd694193d035ba75b61a8d6262c8e6d5c4d76b452b38f5150a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\first_party_sets.db

Filesize
48KB

MD5
850efe88508753c95f952519b15b037a

SHA1
d8939bae626035dcacde7eec17a8b30733f43998

SHA256
181200c2094846cb32d846fd1e26f3f1490c22c2358649ea39656d4a67f1916e

SHA512
2d3c8f210916257fb45756831baf335c001514d3962d0315957cf84d87c8e9dea5d6148d4501bd93c2dfb908818ad408e99a85dd36b22adcd8459be000b324a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\33a8497b-5f8e-4c7f-bb4d-78975a1012bc.tmp

Filesize
40KB

MD5
de0cca535d665ec41fd4bf4d88b15002

SHA1
86568eb4dace786e09825cc275e3ebf3c9e5fafe

SHA256
648f09eb66f2d70a9890e2ed69bf2e1b15778933c93b730e5a98fe5005e8ee91

SHA512
dfb2570906b156966fe263a7e0642191b7ca7b191a95bcca05b97557402df975880a761dbeb4a46b5eef92943be47593d4cdc7b04804618958f79aa40333f5dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\3ae43df6-7b39-49e6-b070-974f4d97ab64.tmp

Filesize
52KB

MD5
009d166d1e1804c3d732b01c74eec99e

SHA1
6a3fb45ea46ccfb39345a729fd1dcb5d6866226f

SHA256
59902adb03078b31c500c489850d7fae79ec87e5ff4c52d0f5b5919b0a2a9fb4

SHA512
5b4d4959238d6a7a0f397b272062fc0204aa041c84573fa8cc3970515ef4e031678b1988869033fe77afbe205af0542cd706e9e1fa312854d07f40bb60e0acfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Crashpad\settings.dat

Filesize
280B

MD5
cc75c748a8b9b79e398552f29c9570da

SHA1
251f0064673a46e2f1233da3cb320c996d1d708f

SHA256
18492d42cccaf3f568856e7077ff981ca1280e41cacde87c7868da17dd055099

SHA512
d511687ae1ac3dd4144ed0e6c9a6d0182413bb33f37a1b921c0a087423de27f1c501ee78493683c3db1eab7bddcf5e0d0fed329156b116d386c95f9021b14b5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\0808fa15-d1da-41cf-8013-29c6e6463c55.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\73daf659-bb78-40f2-9ff4-5f5cf7b79ba9.tmp

Filesize
107KB

MD5
2b66d93c82a06797cdfd9df96a09e74a

SHA1
5f7eb526ee8a0c519b5d86c845fea8afd15b0c28

SHA256
d4c064db769b3c109da2ed80a53fbab00987c17421a47921e41e213781d67954

SHA512
95e45c0aea0e704be5f512dffaae377d4abef78da99b3bca769264d69be20f2570daf2f47905645217e1b2696e42b101f26149219f148b4d6dd97a6c2868b6f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\DualEngine\049ed544-cc94-4919-94f2-6214e6907349.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Network\965b8210-4063-4818-8628-3b588c559d06.tmp

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Network\Network Persistent State

Filesize
3KB

MD5
4c00e6a37e1c5aca94809ab539079d5a

SHA1
68310dee154ca954e2a423828bb0884c791c6f14

SHA256
a04ed0ce534caf78dead8e37af89ae56b7a4f69f7eca87a592c2af0cde6bf400

SHA512
5d9523205920d2f84c6920ca45381405ec363851adc024135bad6d5f56601044d74afd7caf6e43a1299f0e7ec5c8b880905207f2bfb7b2d0ef222a2f07aa108f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Network\Network Persistent State~RFe5dd18b.TMP

Filesize
3KB

MD5
e988df1a90ba8662b243bd56014f3aed

SHA1
3c1fd635f9d9ddab114a5408523602bef962f227

SHA256
8fd68567a2128408fbf09ac82c564ede39bc33babeb6d3f64dcfd6d93cbbb67d

SHA512
cd2b51ddd2a761dd62f24a2350a3937c898737f0c1d321528c5b93238fed465cfb5507001d24b49ec0a33570833c90d62eefb4ed35ce844f2be513fa9f4f8705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Preferences

Filesize
16KB

MD5
28ea04bb9d806f923d25a24902930c30

SHA1
508ca9daed05bbe8a8cc8912ab60aa3b1caca865

SHA256
ff341d7bef41ca6acd429d6f69947250cf84fc38b8db5a14346e0f1dd9c1fff3

SHA512
f5a731d094dcb607d389c5ef5f22674c184e0b95e8cfde8f2334ffe276929eac0e1b38f13c675cc99a52ae00c0b17dca96f0bfca0cf8c3c60bcb16886cdc4d46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Preferences

Filesize
17KB

MD5
c6921d2b14aa6d3794fe929ccd6497e3

SHA1
476a9bf2a3ef27a1dcfb019f743faab108e35511

SHA256
f53c2eea20cf41b5e89ce31ad05752b5d675ba69e41e984ca3f6cc6e0bd01354

SHA512
f9dbfaea19cb59d156ce77e5b087a6a6b0356d98508b5e5cd551ebb9d1177e602b5151b0fab5effc5ccc9b15017c2c01a43b471877bc86fa88837a4184abba7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Preferences~RFe602ea5.TMP

Filesize
16KB

MD5
c50ee97e5e8102c3b20f8ae70eba9a0a

SHA1
52143cbc5a10486dc43b5ad26f0206e7de342379

SHA256
6ceb7fda82de4973dceeb2618de8f7acbe1d7e094e4be67045f99418a190eb93

SHA512
83c8399e25f44afb717741d76383f319a63925eab7af2b473683c93d9208eafdfab1f328ba9f6875c922c02ef2b9b173ba950a07ffb99fc8be08f85e3175829b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Secure Preferences

Filesize
37KB

MD5
98ddcce8f2894a5240bd6b87e4bdae6d

SHA1
98f78dfb6ea0a9470da22359a6816f196c91688e

SHA256
af962ee05925f37a0c02d9476cda006b483e6e8d4cd2a9440dfbce5ba1e93d1d

SHA512
267be58d0b1a053ebdd23c4f9ea4a7fa906ee22a9e223e36e62c145d95a72157271341e6518c0a386616d8da889c98d3378407574629339b42460700c60a2aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f056efb4-df3e-46b0-bdc5-38d13a48e99e\index-dir\the-real-index

Filesize
1KB

MD5
a4ff3197d3fbf3f41c8b69e597ec3816

SHA1
70c599cc27961bdea348ed25f422f6efa35c5e3a

SHA256
55393bdf0ad56952e5eda7706b0ad8088c397b7c3c5e935d07917f608b7a705b

SHA512
1aaee76d7c3872555ca877dd8c8228acf01c0128e03084968e3a59ff5eb62aaf13e43debf139651a170b5afbc03b1a7e12a71c8b9df9b982b83adfac60d9ca6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Service Worker\CacheStorage\3cedfb74d44f2e84198d23075aef16c34a668ceb\f056efb4-df3e-46b0-bdc5-38d13a48e99e\index-dir\the-real-index~RFe5b7a6c.TMP

Filesize
1KB

MD5
b4213ceaf1cc2a9350a752a18a12eb76

SHA1
b369fe00c8ef3d7398f8bdaf633c82d348452fec

SHA256
f1b29ec57855a09a4f583c3f4a62a753329265dceb81baf5d2d6d68c8bbb0cbb

SHA512
e802e879e0bcdd9640e72c248bb304237669dcf84a91ec78c4a81ca3458ecb25f1aff880f53fa4ce44522aa66fb6bdf7e112330e976bfa6da2a5f797e69b0abb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Default\Sync Data\Logs\sync_diagnostic.log

Filesize
22KB

MD5
c6367dbd5ae0222a52652b8f4bcda039

SHA1
7649ac3d136b2449eeb777fa05026c0a86703e75

SHA256
6057168ca4a4aeda26a14687e83697da5686db829cb1c39646a33aaaee15c140

SHA512
000a5ad88d8a9aa7257e6dfa3d9b6538fb82f98fbd6ea14f57eb0b531b60e3a144c3d80b8eedd44a6c3cff1928e399f9b7ea43f0afbf1ccc07d3686f4e3f1790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\SecureFolder\Local State

Filesize
46KB

MD5
75219c3a800eb0ee796a26180b1e03f8

SHA1
aae393ae6f06dfbc3d0734e12c4f10a3d4f66e00

SHA256
bc17b25c611e0a2b58058254699474b41ea276d3f216a21b3445f0e53fb7f655

SHA512
065dad25ee7a5adb98464602abb56a5a8eb11beca725af92193e24811babf3226200784e284bc3059ab2056fc300702f4d3574982f310a3c60ab08b28b93a084

Download Submit
C:\Users\Admin\AppData\Local\Temp\2qb3nzov.pge.bat

Filesize
80B

MD5
46522a3a88cb93cf31f4d0d3a86a761d

SHA1
a347557348d275b7a55797b6600be34f3d781f15

SHA256
3259511d978463e5492f182f842fb2c5bc92b1cf144e8607e182493610c7da54

SHA512
590472c45c992472f7e49b9439387b9ebf01203495cb622afda85b5f8f4819d360750c7e5d7f633742ba8cd975ab300d04b91686080446428234693267ec5096

Download Submit
C:\Users\Admin\AppData\Local\Temp\{03d37f87-711f-2f48-bc53-467998c34df4}\x64\usbmmIdd.dll

Filesize
69KB

MD5
ee848c427145609d998725a38e7ad9af

SHA1
6b97d9ab1c3978cdc2d6735c227adca8f0aabddb

SHA256
dc135d675127113915a7e5aa9fe57c84edad6be41d0890b265ef124ab26ea9e3

SHA512
5bd0eca69d16a6fe32856978047967e44f0d49c59cd611b02e9d24ca59c0d862ad5f8a4d50c6bed816fa11e2f4fee6fabbe3d6d735224084f47161693eee8007

Download Submit
C:\Windows\System32\Windows Defender\Defender.exe

Filesize
1.8MB

MD5
22b6ce3fb5468a1a3b815fd49cef9e2a

SHA1
eb0e6a30595d33f486a31875ab6987589e62a1cf

SHA256
03168b7fc07d7572179b03b923c22200b259d4e01754e3e0df0118206ac9c2b9

SHA512
e79723c4e0a62dac02f2f2bcbb487527ad053069e3b6065a13822165173823b4d5b326293ebe99a5c58b1409b33e904415c0816a9d4401f4fdd518d452720530

Download Submit
C:\Windows\System32\usbmmidd_v2\usbmmidd_v2\deviceinstaller64.exe

Filesize
158KB

MD5
41283e1240acfc163f0e697073f07413

SHA1
a10cf33fbb23c4465921e6590c934873f3155317

SHA256
e9baa02cdae921acf0aae4d8e8c29a4cdf4057ab61f9c60862b7cc439e2753f7

SHA512
d7361a1656c8a8bf0b2bb8fa332105912285d23933bbc37ebe955b36e3fc158472216757bd87638860542cefadbbc17d36d5ef16cbd910b64fc25a2d7f42cfaf

Download Submit
C:\Windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmIdd.inf

Filesize
5KB

MD5
0a09dab1c9a7f2e685cd7f8b5bd43ec0

SHA1
14b5fae8397fbda873dcc9ffd5cc189f14490c28

SHA256
a8750ca15a86742f3012886c9932bb974158cd2d9779cf891c730d976a47726a

SHA512
f6cc96686f06f1871ae95ddbe9e553bbff506765965e4c846ee02328c6566730a9f4df493c36ab2104565d41dbd7ea67d054984163e45bc414a8f1efba293368

Download Submit
\??\c:\windows\system32\usbmmidd_v2\usbmmidd_v2\usbmmIdd.cat

Filesize
11KB

MD5
e5f60b2f3a491983eac00dc7dc7c408b

SHA1
2566bf2ddc9e58f5262a2b11dda0c451d5ec9468

SHA256
470149c4cf9970ba59070aa7c9409c9f63a15727de99bab53e7e51f55310779f

SHA512
55b31a4da61b837891be7977bdf7b96457e5b54c5216e867bb1aca4580a84145f885896b13fcb72e937d3f424fec1105b4f9c0a9706dfabbec95fb53c7a302f5

Download Submit
memory/4036-69-0x000001DB22DE0000-0x000001DB22DF4000-memory.dmp

Filesize
80KB

Download
memory/4036-2458-0x00007FFA2EFF0000-0x00007FFA2FAB2000-memory.dmp

Filesize
10.8MB

Download
memory/4036-14-0x000001DB22320000-0x000001DB2235A000-memory.dmp

Filesize
232KB

Download
memory/4036-12-0x00007FFA2EFF0000-0x00007FFA2FAB2000-memory.dmp

Filesize
10.8MB

Download
memory/4036-15-0x000001DB223B0000-0x000001DB22400000-memory.dmp

Filesize
320KB

Download
memory/4036-16-0x000001DB224C0000-0x000001DB22572000-memory.dmp

Filesize
712KB

Download
memory/4036-17-0x000001DB22360000-0x000001DB223AE000-memory.dmp

Filesize
312KB

Download
memory/4036-18-0x000001DB22400000-0x000001DB2244C000-memory.dmp

Filesize
304KB

Download
memory/4036-20-0x000001DB22580000-0x000001DB225AA000-memory.dmp

Filesize
168KB

Download
memory/4036-19-0x000001DB22450000-0x000001DB2249A000-memory.dmp

Filesize
296KB

Download
memory/4036-23-0x000001DB22B60000-0x000001DB22B72000-memory.dmp

Filesize
72KB

Download
memory/4036-191-0x000001DB23850000-0x000001DB23862000-memory.dmp

Filesize
72KB

Download
memory/4036-11-0x00007FFA2EFF0000-0x00007FFA2FAB2000-memory.dmp

Filesize
10.8MB

Download
memory/4036-24-0x000001DB22BC0000-0x000001DB22BFC000-memory.dmp

Filesize
240KB

Download
memory/4036-189-0x000001DB23820000-0x000001DB2382A000-memory.dmp

Filesize
40KB

Download
memory/4036-26-0x00007FFA2EFF0000-0x00007FFA2FAB2000-memory.dmp

Filesize
10.8MB

Download
memory/4036-13-0x000001DB22310000-0x000001DB22322000-memory.dmp

Filesize
72KB

Download
memory/4036-25-0x00007FFA2EFF0000-0x00007FFA2FAB2000-memory.dmp

Filesize
10.8MB

Download
memory/4604-2-0x0000023169FE0000-0x0000023169FFA000-memory.dmp

Filesize
104KB

Download
memory/4604-0-0x00007FFA2EFF3000-0x00007FFA2EFF5000-memory.dmp

Filesize
8KB

Download
memory/4604-1-0x00000231699F0000-0x0000023169BC0000-memory.dmp

Filesize
1.8MB

Download
memory/4604-3-0x00007FFA2EFF0000-0x00007FFA2FAB2000-memory.dmp

Filesize
10.8MB

Download
memory/4604-10-0x00007FFA2EFF0000-0x00007FFA2FAB2000-memory.dmp

Filesize
10.8MB

Download