aed71f9bfc1fd0d950f0300f000ed7cf16cc1672b1843c636d7ce064086199c1

Analysis

max time kernel
182s
max time network
185s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
07-03-2023 13:40

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

EzyJec.exe
Size

3.6MB
MD5

b7079e5c05bbd6a8539646da78f0b49a
SHA1

6d9b8490ffd8346f1f60fce239b59f3fde64368d
SHA256

aed71f9bfc1fd0d950f0300f000ed7cf16cc1672b1843c636d7ce064086199c1
SHA512

6268e96e27bf300cd5433b1ae8305596f8721f7b2c438de7fa4762393e9037c46d151a22da5ef2e5b86368eb93673612b4d192ef5e88514bb82b8c30cf154919
SSDEEP

98304:CCvE/t7ZCWqrxToDqvXGr1e+Q1mp9SLq7zXb8P:CJ/tVrMt4qerc+ICwWPXY

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133226737034935037"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exemsedge.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0 = 820074001c004346534616003100000000005456d2a6120041707044617461000000741a595e96dfd3488d671733bcee28bac5cdfadf9f6756418947c5c76bc0b67f400009000400efbe5456d2a667561b752e00000098e10100000001000000000000000000000000000000798120004100700070004400610074006100000042000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\FFlags = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0 = 5000310000000000545679aa10004c6f63616c003c0009000400efbe5456d2a667561b752e000000abe10100000001000000000000000000000000000000234427014c006f00630061006c00000014000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0\MRUListEx = 00000000ffffffff	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0\MRUListEx = ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\0 = 5000310000000000545679aa10004c6f63616c003c0009000400efbe5456d2a667561b752e000000abe10100000001000000000000000000000000000000234427014c006f00630061006c00000014000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0 = 56003100000000005456d2a612004170704461746100400009000400efbe5456d2a667561b752e00000098e10100000001000000000000000000000000000000798120004100700070004400610074006100000016000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\0\0\0\0\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\0	chrome.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

EzyJec.exemsedge.exemsedge.exechrome.exechrome.exe

pid process

2952 EzyJec.exe
1588 msedge.exe
1588 msedge.exe
520 msedge.exe
520 msedge.exe
2952 EzyJec.exe
3948 chrome.exe
3948 chrome.exe
4360 chrome.exe
4360 chrome.exe
Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

EzyJec.exechrome.exe

pid process

2952 EzyJec.exe
5768 chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

msedge.exechrome.exe

pid	process
520	msedge.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

EzyJec.exechrome.exe

description	pid	process
Token: SeDebugPrivilege	2952	EzyJec.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe
Token: SeCreatePagefilePrivilege	3948	chrome.exe
Token: SeShutdownPrivilege	3948	chrome.exe

Suspicious use of FindShellTrayWindow 31 IoCs

Processes:

EzyJec.exemsedge.exechrome.exe

pid	process
2952	EzyJec.exe
520	msedge.exe
520	msedge.exe
520	msedge.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe
3948	chrome.exe

Suspicious use of SetWindowsHookEx 17 IoCs

Processes:

chrome.exechrome.exechrome.exechrome.exe

pid	process
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
5768	chrome.exe
6124	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
5568	chrome.exe
6088	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

EzyJec.exemsedge.exe

description	pid	process	target process
PID 2952 wrote to memory of 520	2952	EzyJec.exe	msedge.exe
PID 2952 wrote to memory of 520	2952	EzyJec.exe	msedge.exe
PID 520 wrote to memory of 4172	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 4172	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3472	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 1588	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 1588	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe
PID 520 wrote to memory of 3340	520	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\EzyJec.exe
"C:\Users\Admin\AppData\Local\Temp\EzyJec.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.laugny.com/
2⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffa848946f8,0x7ffa84894708,0x7ffa84894718
3⤵
PID:4172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2264,18405676756874124940,2755319726591864099,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2272 /prefetch:2
3⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2264,18405676756874124940,2755319726591864099,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
3⤵
- Suspicious behavior: EnumeratesProcesses
PID:1588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2264,18405676756874124940,2755319726591864099,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
3⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18405676756874124940,2755319726591864099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
3⤵
PID:4516

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18405676756874124940,2755319726591864099,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
3⤵
PID:4332

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18405676756874124940,2755319726591864099,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
3⤵
PID:4932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2264,18405676756874124940,2755319726591864099,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
3⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa81db9758,0x7ffa81db9768,0x7ffa81db9778
2⤵
PID:3968

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1788 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:2
2⤵
PID:4164

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:3368

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:4408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:2300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3172 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:4472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3580 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:4048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4776 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:2056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:5508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:5604

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5180 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:5812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3772 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4924 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5432 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:6108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5452 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:6120

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3388 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:5252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3392 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:5544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5936 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5768

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=3772 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:5536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5848 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:5592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5132 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:5552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5644 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:5372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5468 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:5700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5476 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:5800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3664 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5344 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:5224

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=2824 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:4452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3628 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4940 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:5752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5212 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3216 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:6060

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=3772 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:1204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6020 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=5196 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:5980

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5632 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:3408

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5744 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:4660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3752 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:2228

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=6196 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:1356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5624 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:4460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6332 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:1
2⤵
PID:600

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2820 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5740 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4360

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5712 --field-trial-handle=1824,i,5281836401895974026,15998388919920408850,131072 /prefetch:8
2⤵
PID:2808

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4896

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
Filesize
47KB

MD5
48bdd000ecd2926a60a3d9b60c2cde50

SHA1
3e88cfd89b13402b18666aba0fe3b76020e19d34

SHA256
5ec3b828bbede2a523366db3b6f68bdfac360df69792537560b36a5f85191ad0

SHA512
f97722539cde0550fc1b4ea3d6a0331afb579d555f747ac1f54f1ba4b44090823c2433faf81d29841c06292ef9791e9a28adbbe7c7f9337aaf939c6737dfa74b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000052
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000055
Filesize
160KB

MD5
fa6149f8c3296135f4df001ad8bfde7b

SHA1
30552f7994fbcb3012362651f7c1ead1b672b0cf

SHA256
846db6fc429a1a1b297bad301abfab64ff1b4ed698041e486015ce33318640c5

SHA512
12db8b41ded054de70089c33157e1e629ad6016013ab0ac571351ac5870d6bb4de403db70974c745a3173c2169b71749113e9cdca0acae5f24c1d5e29c8215cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000061
Filesize
73KB

MD5
0fc97653c01f3452d3dad1a67acf5d70

SHA1
50a984786c593b31828dd6c55414e44a9740e9e0

SHA256
28c845a8ffc9a00e1b5b3b069bed4c0a9fd2f0d60871953e7bcdac8a87658cb3

SHA512
e5c7b901080e1b4eba0c1c6f35a192fe4065358a70a4e56cf1c2e53f2dc28a22d857e00793a32acf27306986021cf0aed4025805f31097643e0dee2d9f7fffb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
02a041bd54401d551a9e850b59b6f1a3

SHA1
f817a2e1688a2f4e79d60bf710ffc414ea15b668

SHA256
e78a47c0c0a4f8ae05004ed27dc8f0f92eeac4b86b0abf8a2f453442ecc0f3d0

SHA512
1724a82418a133c66c4e47e5ab4409db231e12dfea12e049d959ea980bcde4d5568ac9c0d6d86333be827c931aa0df99a913ed72053158b92704555bdd345ae8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f427d9cc11e9860215661619861bfa90

SHA1
8385a2dbb49d68819d69e4fb5cb695aabc954d7b

SHA256
293f1224192b1b51873e04913c88b741b07f2ebcfb0cca6b2b1633c5c0b049be

SHA512
52d1105002f52e52c57daa588bc948ceace43b1d997e2662029ce6378f449f7330ee34a9dec0224e6e17b1782118ccc49b3b3f16b46c685d3faa4645b003fe6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
0725e8626987f82a51a8e3322d60f380

SHA1
fdcf0e4c56d2aa75f39d1a941aa33edab6381fd5

SHA256
503073e706e03526de6e1792ff0c5b6666979650740061e3c89f1a6effbc9b3d

SHA512
eaa3a1b1faa6177c23cedf004ed37fbefda9e1adf66a1ef9ffb61f517129e8bde655a04b7e8bc1b72d6618091508df7043b50f64dc1569f99b4aa4f530496ff2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
b0c6ec46bca444ebf938ac1e14d16da3

SHA1
83b4afa9b196b9a2848220dbd318222dabb88f1a

SHA256
44ac8950e80c0a01033a1dc298c8a7040c5cd74628b455d34b707c07d93a70c7

SHA512
c7ab07af12efd1dfde38d8574b9d9e0131ac53e0c1631e6a93beff5caa7f54013481028638770af257e17bd095b093893efc45f0b7680bc13e5e0f1fb9682c48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
39584d72c9d266accd68594e00e54dd1

SHA1
522fcf67c6e404acd540208e864a732e9af7e86f

SHA256
1ea092335426e3a0f7ee7f53cb176e9c22990fe5fb6134f01e909b6d63b45ff2

SHA512
efcfd657963e8c839fc170bdcf88315b0846074a0f58e6f56d4c8ddb846802906a01377d24aae8f65ffb3343f8bbd2f666d4fc679d000bf456cfddf0a334d247

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
873B

MD5
12cc0e37dbff854f3ab9b7d7fa4d14c6

SHA1
bab0b59a6620faea60628c60711f2535fa5c27bd

SHA256
25e0d30d595d6acd80ae04f6b499a4551e2954077c21eb5cb70f8ce478dc8309

SHA512
dffea2271e866802e49000a37db2b41e443e156077b9ff382bb72cb48191f39752df508d6720631ace482c5a187e148c334fe56d41c72c06a19dd875467c4092

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
ef18f892a66ab9fa9371fa4a96acba32

SHA1
f85dddafb562dd35f316efe751ba5cda642c6e07

SHA256
769da3f54737808d91251e97e5445ce054d94526d95c0ed9586b0cb98475c644

SHA512
d33b5b7227f1745999441745fb757659299c4f78253751771a6995771a35794b167ce3946e737f6544b173d3deb28a2adf72499973872c53d8c72707e0a731f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
1b23d59a435d408647baaf7e6a8f64f2

SHA1
746fccddd7024cc1592a56c5f561dcfa95217c53

SHA256
4ce74b2c081faa5a2bb3bec218f9fcc4ca5c9cfb3a2299a4ab451b8893459ffe

SHA512
135a6d97aa4f9901c72841b7d9d32bb17ed579dd37a17f7a91b1c3638cd30487c9cfaa15896d1133cf655641b9bdb5ca039bb2681bdad8c8179821dfc96546fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
be87b8554477cf15e3230a75524eb026

SHA1
aefcec954397e7b6d529dbe6385522a7c695f257

SHA256
336184dc9aac453b10aba5576b3593feb2e9243ff83eccd2cefb9308ee608a0d

SHA512
12e30a38a02ad000334d5f3b46854a7448674d34f4e09942996c0009145ffaf4de0259aa36ffb1742dbc782b9cbcbbf3ec823287e63ebfe203078247b27ddb50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
65f319d36985df5545dc0dee495fa392

SHA1
6af7c756701523f9024cb97b833e647119a5d906

SHA256
3e2ee295f8f2b5791bb677b238782dab0c00967ca3b9339d0e08ca3cfc1e8487

SHA512
153b7488a9f05e1c303c9fb7a35ed4669c1d2dc59a2b3585b3422c0a758dc32705177cbfc89496f1ffe45a76f2acd70d9dd18b3fbc50da667dfe8325daaf281d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
123e0dfc9179912d28698c64f7374e5a

SHA1
05ab0426ddcbc075a90623153c67e6d0fe86cef3

SHA256
af718f6d631b63e73d9dc515e9e20fcc53b25ae4fb1316f644cc43b844adbe7d

SHA512
8eefb968e012a3c48f5ba8b6b3bba2cd743b7d5e650ebacb07889c9179a822ccd1cfa2fd8b0e3df1c724e1a2ff3a3c9673b4142f0276ccfe7bcb4435185896f2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
19ca4c30dd56bc49d529c7dd8a14a5d0

SHA1
1dde7d079a4ef46b698f7023a106f080fb19803b

SHA256
6667875a7c7be7611012e34ad9f19356abf57a94af0376d24b0251b4eaa2fa89

SHA512
52be2fc95aa322917f3873ed768e6d6b6a832b1885f973205d8062f547666b56d208d3c9c1fddc032c713e645392794e5cbdef344bba0c344fb4eb9416f0aafa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
4de9efeaf344de0077fd23afe2c36add

SHA1
62cacf48c9f953822f8a9b74914e6cf1e37a3960

SHA256
f387498000b6e3dd29908197df8d93ba67057e1a1e4a9d0c6623a048c3b73d3b

SHA512
8a341fb778372eaab85eca77dcde833e9b2780b5d1e0656f0eafb7f51cf9c692a9c2ab9d5d0e23069923d19320717eb4108fdd27658e03c9da391275fdd09fbf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
00e999d6216ea00ff04d2b53664d9f64

SHA1
468fd30799795c91b6c60eec7a172b7fd1d1e10a

SHA256
4b00624832bdffd9ceec006eb17995ec7c5f53743249afa0b42c8020feae38ce

SHA512
15c21d51c66137fba5417ffd2394582fde253731d1d78e3b0dd15bc0bdd4255fc01c57b4d463e4e9dc8fa020a5d32d743ec7b79022370d5168cf3034d0025a3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
87930f4c0f503d91daf7fd7041b22d35

SHA1
d15c29ef4c7ae7d0b74c94e02898e9e7cb608fc8

SHA256
f52fd5d419c25c7ffe397c75862e26e86281b4fa15f5b531bf55c62eb1d2fdba

SHA512
15eb5e906db9b271f8786040e736c805b069b74e4219977c9b3c6a1f16ddb49dfccc468b46c0ea7654ed3f73d92d0fb7c0b07312275cb84d8510fb8187afe6a0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
ab4ade2319740d330ac530ffc4803552

SHA1
e08f83f3faad19e275b1c2aca2faf1bd9426bdea

SHA256
16b3ab5ada2215a0b7401be45991a0464ac533c5f1a51bf265beb9c2423694af

SHA512
57a9ba0594ab9d70504e090cdb1945bf04280f98c769368b6ea2a53657e38379f909d5b3acd7ebcd16a71545e8de95a6028d6627ca4d855c1eb1e55a24f0ac95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
49f52b91494ccab595a3fee4cae1a2d9

SHA1
931f2782fed475db86ad635350c302ec747f76cb

SHA256
9a842ecf31f58908bba2f239a0aa951fe3e1588e7ac3411cb88ef46dd82da1d5

SHA512
1c5558eca30054644eea6e57c3049e3e2c7d2f382fbf02a4951d8e4bfb122f3d3fdfe394c896cae71e0d1d996eef6923df0ab6300f43a0b4c0e145130752e841

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
4KB

MD5
c495e30be9545d10d7254895b3d22804

SHA1
6de59da8489fe9f678d02d7122d0485f4e107737

SHA256
c42896c16e6a059919183f93c18a1055c4b507d101b72f8219702f1ac9bb990c

SHA512
4251d3ee3cfef086c449902f1fb009ac9176774ccf6b79def15aec695009fda4a3d2aef959e2a28502680a71c100fdace3eef693e67788a9de48ad1fa83e71e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
6c41a7b2d0191a5bb149991a1176f877

SHA1
2ebd47f62f59ed0122250f11bb665744ae0c6488

SHA256
9f0138767455a38b92418b990b10576ee8ebada8a8b84cf831e07e0a56d0b360

SHA512
32344a465cec662cf72b49a622a01c640547e96740dcce4b3ef09e7c179e0ac469a348ba80642b01229c26e526c48d2de29f316e5614872c1b4f1c8c3a9d2e1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index
Filesize
72B

MD5
47d4d7e0641f446952e0e347aaca88d4

SHA1
dfbc4b66b2940e76cf57f6acd078aaadd21daa88

SHA256
c09e012e8414ac87ed1ef4332e9eacd63202aea918d503e19c9587d7c128f070

SHA512
e47ac10f30a96c5a022c1d0a57b8ccbe584921789e04a9d91570dab1cec02591adbae3bf67ed59fb4cbc700184b747a070c817daf77b21b7fe93417fa8df8f1d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57e31c.TMP
Filesize
48B

MD5
f4312d6c0047acb28e76a805d031260c

SHA1
7be0837f15cc82240691ec35c5b2a56068c974c5

SHA256
be1555845f76801de85eb9246b6f51cfee3a9e0b660d73318dc6529b21195d3e

SHA512
32789ac31a3dd3fc1b39e9684aa7cd4ef12568fc51bc24dcf4a91ed855e185610e37fb4063ada3b29501241905ab1dfc93bc5a36fd58af8864e89fb4beee8c60

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
151f614ff7e777eacb8faba675f07c70

SHA1
e9023249cd27f387d92961db2fbddbb93962b426

SHA256
075de3d875c9be91a1ac9dd513f53227b15fe1d4f9177221f71f1cd2d31ce8d7

SHA512
c25bd17ca11ce716a2561da423f4419db303c16223c85fa6ecb6cb2d1fac1997a9a642facf800cb31a6b1f4462395c4f1f671290b6db281819e1dc56f734c911

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
8a795e42d16828a61fafb537733bf186

SHA1
78a9d0b3170e394b082d2814334be32a13786d54

SHA256
025b41dfb0b1b383b58045947f9e6d691d66a71ca36bb085a8ef730eba984d54

SHA512
ba5f0e4cd14a92dd30a8e644503d95408d513a8a1f64a5cd6749888945f16f31e33dd5b2f485a6c4cb2689278f0fc7ed0d024d259c0cf76446e3984190107dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
8584aea5cc5f49ebb8358d14c6cfa020

SHA1
3eccf494adaf76fb62dc3260dac5d4b54f43ef88

SHA256
f287933304bbd6c35f8802ee7a8f0c0002305cb0e90d4a612c7672dcf13ebabd

SHA512
d6e13a5499c80f890f62b6b35ca0cd72b3a0e095156c378134a6de29896d002e5561bb8f2e7cb2065b9e2f9559de1f93d49cb81d4cbfe53aca1c2b23c9bca56e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
970116f191c53ce5e160d951dbe6b1dc

SHA1
61d035eeedbc1b14b6dbdc388dc6c83227c053bf

SHA256
99456eac1381be2dddcaa4ae5da8df48f63cc73e7ffd9633ffe9c940d33b8e69

SHA512
a2b03871d7f2a3e1426b5e56b4f2fec9ab466cd604e8c9f6e42d6b9f4af423d516bd1b6e1a02bf84439b32db3212e3d17b2b023ee59ebbfcbc631fbb734a9997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
665c1d5e5922f45e1c393af66f00bba5

SHA1
f5c430898309bfe5fda3ab422f4c733ccf5fb1b0

SHA256
2122aaad4928c1ea38cade52ba062ae72f0b0f94475a59e1e87fcee7644a13b1

SHA512
01548067b3cef9db1bfaf5467d926767fff1b7c0eb302cfe0692e16be83505070ff58241786d94bd304083f2d3d114d85440b202ef71e089e1d586b5d431294d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
d18ac59a1cd987fa5684a6ca874de422

SHA1
cf225495d8539e105dd2f31cd9d4a14e7b261e0b

SHA256
6c28e9e366b21e68a612611f86f16a27a1e6b3ccb4c38c7b2a4a974859afe656

SHA512
b795d5bd572ea9db64353ce46af71dcfd3eaefc735ce4a06873e12f6eba8da0e07216bbe4e00a890275d416592e7ec88a0f698380ab2c9f6f104a92b6877a94a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
9c3833b87ba54f42f3b101f5c203aa39

SHA1
04802e1af32a24d6438bf01da0b96f00db38d417

SHA256
dc19c00ec933b53fb4f74cc9dad68d95e3541ca28dd52384672db43a99c32d83

SHA512
6779462380624221ba19e3d749d84b78faa03464e213cd0681eb0151ea4dcf93aa187a2af7b49d29dba1791b1589d2240189ee2957fd511c8cb2960f8eddd478

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
101KB

MD5
e79bf0a40dac704c1b5a1b23317c69f7

SHA1
84150bcbff4fe31ac42114e3fc3ea14c04541c85

SHA256
1003c551a8264ec460f58933bce0f8cb4d7605b2f6c97cca399b312af4fc906d

SHA512
65ef81be527a60dc8a01f1cde83a254ea02aa4a9b0c495ffc8062146bac1b8a2dd7b9a3f6ef7d22cbb436a31290c9d1a699f6167ef5057a42e3e044045eb9f6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5826ec.TMP
Filesize
97KB

MD5
c0f55e083c5d99c7fa2083890270504f

SHA1
4c54a1ca83239bc251e7d5f33f70c5a620961f8b

SHA256
730ba61d22018b0bf7471cde7ef337bcaa1fbcd57036341069e40abf8f884663

SHA512
4918a1d5c2ea8b996f2580a58261d7c1e55749af751a4968a35ce76027b45646c2460eb751b92f0197efb3f3534aab2e261e25d4f1b6a1cb493bcb8ad6e355e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\814383ca-e7c2-49cf-adbe-5d5022588a8f.tmp
Filesize
9KB

MD5
655d2814c47c3e03f8b0f84fde4e2e7e

SHA1
1e1b23634d660d616397e718f58d175d6f17e132

SHA256
c060a17bebdceb57c77411fa874f01f73b1bc15b65f5eb42bc748f681be65b8c

SHA512
fa8e7a0c3be1cabddbed539107189ec23a578705d27ca4fe9a957285c3af065356b0a8cb3adcbf8366fb3671ee12cc270d0d904d16d6289f3f7ee11466d0e894

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
1663ee1068e7e47c308515c2a4ce7ec6

SHA1
9e80b44de6eb13de893e983e10c06e6b66c3d731

SHA256
68d0994088f0357205da5c29e160c296c8828e5bc039f8c11fd032eab07ec413

SHA512
eee1e6cc531cf20251147ca46ce5354be0d419640d7e86f86f1bbcee95f363ffa1226089531ac586769da7bd34c8b7da080fec12fc2e4dc860b3e84f015d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
93c36e9e376720d1ebe88a11d945bd45

SHA1
8ee457edd9fa6e90638040dcee6e0b8a71f2a3bc

SHA256
44ba087c82131a1de98e3f76cf69c77dd965bee36d9ab58ea7f1a09ec48e892c

SHA512
0dd7005daaa0506bb3ab812fff974faef05e0b830b376569aef19787ee2e117db4fd5863e6f4fb0aabf5a1e3278c91bc9de4ebf86b24c8fa7ec8468bc8447d86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
d3d83d7f5b47fd0514e28153bded7060

SHA1
fcdd01a5347945c6538e8b75e167e7298787a77c

SHA256
666b63fca0bd10adcd5e42eb38c9270cf38a2fb6ce0b7396eac8a475e5ace287

SHA512
0ecb04d53c8af5487cb51f5d4176ab22a61a798edaa1d163cc634e01d67a5bbd378f12f719085e117a89deea70b0c3acd327c5f71c25ab852ab3eae96b66e416

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b261452b84936c97c31b8f349320296f

SHA1
867e4218aa723a7bbcffb9cd54c584fa182f71e1

SHA256
eb59b81943030552ba447991d72135f2a6c51c2a6a23899f7ff8a55aaa7518cc

SHA512
538ab6ec59d191209dbc452e713c6da71b03f1a45a598ab3df2db38bb9ab25d1ef7819e5a27ff6f99b1feb6fbd8d13c1bc25e51920c0feb6ee15216430a79146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Caches
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
10991e818fd35e1b12ccefaa303e531c

SHA1
b8162813e54f4e5be6475c16d5c58e36d9d62220

SHA256
ef68f4b026df10abc485a3ac1c0dd7934e66c44362d98128db0dc4cb7dbf2309

SHA512
a45e1c87cd9562c969c0c5fb8c5bc43275b5c36d328dd5c58f426af434b91023d6f051d38c9a377b1b8f97bbe3a05f9d41e6ceb7c2e20a22c5938214539cb9c9

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_520_CWDVAUHIXKGCDDQQ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_3948_TCUNNTITHZDJLIVC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2952-141-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-139-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-142-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-144-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-134-0x0000000005A70000-0x0000000006014000-memory.dmp

Filesize
5.6MB

Download
memory/2952-140-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-133-0x0000000000590000-0x000000000092C000-memory.dmp

Filesize
3.6MB

Download
memory/2952-135-0x00000000051E0000-0x0000000005272000-memory.dmp

Filesize
584KB

Download
memory/2952-396-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-143-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-138-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-136-0x00000000054B0000-0x00000000054C0000-memory.dmp

Filesize
64KB

Download
memory/2952-137-0x0000000005420000-0x000000000542A000-memory.dmp

Filesize
40KB

Download
memory/3340-158-0x00007FFAA32A0000-0x00007FFAA32A1000-memory.dmp

Filesize
4KB

Download
memory/4164-401-0x00007FFAA32A0000-0x00007FFAA32A1000-memory.dmp

Filesize
4KB

Download
memory/4360-1144-0x000001B0685B0000-0x000001B0685B1000-memory.dmp

Filesize
4KB

Download
memory/4360-1143-0x000001B0685B0000-0x000001B0685B1000-memory.dmp

Filesize
4KB

Download
memory/4360-1142-0x000001B0685B0000-0x000001B0685B1000-memory.dmp

Filesize
4KB

Download
memory/4896-425-0x00007FFAA2C10000-0x00007FFAA2C11000-memory.dmp

Filesize
4KB

Download
memory/4896-426-0x00007FFAA19F0000-0x00007FFAA19F1000-memory.dmp

Filesize
4KB

Download

pid	process
2952	EzyJec.exe
1588	msedge.exe
1588	msedge.exe
520	msedge.exe
520	msedge.exe
2952	EzyJec.exe
3948	chrome.exe
3948	chrome.exe
4360	chrome.exe
4360	chrome.exe