cba6e26eb7209d748803660004c70b227848798900713fc043f7245b097be9ac

Analysis

max time kernel
215s
max time network
262s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
31-03-2023 17:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

4KB
MD5

49f3a1d6a13354be7af0a1e34a051bbd
SHA1

b0fa3f021dbd37bf5fc737efae4746636eb25964
SHA256

cba6e26eb7209d748803660004c70b227848798900713fc043f7245b097be9ac
SHA512

3a42902caa6cea859aa2189aeea3430208d7cf1b839231153b3aed8af67dd87ac22c28688d9d8f027d8662e1772965417dcda9086d7645b4302b3282dee9faa7
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C89ZqXKHvpIkdNkrRB9PaQxJbGD:1j9jhjYj9K/Vo+nuaHvFdNkrv9ieJGD

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

5116 MEMZ.exe
5352 MEMZ.exe
4268 MEMZ.exe
5888 MEMZ.exe
4928 MEMZ.exe
5340 MEMZ.exe
4412 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exeMEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

pid	process
5116	MEMZ.exe
5352	MEMZ.exe
4268	MEMZ.exe
5888	MEMZ.exe
4928	MEMZ.exe
5340	MEMZ.exe
4412	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133247659075536620"	chrome.exe

Modifies registry class 2 IoCs

Processes:

chrome.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1529757233-3489015626-3409890339-1000\{09740E7D-446B-4014-AD41-CB1627DD6EF2}	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
404	chrome.exe
404	chrome.exe
5840	chrome.exe
5840	chrome.exe
6044	MEMZ.exe
6044	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
6044	MEMZ.exe
6044	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
3848	MEMZ.exe
6016	MEMZ.exe
3848	MEMZ.exe
6016	MEMZ.exe
6044	MEMZ.exe
6044	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
6044	MEMZ.exe
6044	MEMZ.exe
6016	MEMZ.exe
6016	MEMZ.exe
3848	MEMZ.exe
3848	MEMZ.exe
4816	MEMZ.exe
1812	MEMZ.exe
4816	MEMZ.exe
1812	MEMZ.exe
4816	MEMZ.exe
3848	MEMZ.exe
4816	MEMZ.exe
3848	MEMZ.exe
6016	MEMZ.exe
6044	MEMZ.exe
6044	MEMZ.exe
6016	MEMZ.exe
3848	MEMZ.exe
3848	MEMZ.exe
1812	MEMZ.exe
1812	MEMZ.exe
3848	MEMZ.exe
3848	MEMZ.exe
6016	MEMZ.exe
6016	MEMZ.exe
6044	MEMZ.exe
6044	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
6016	MEMZ.exe
6016	MEMZ.exe
3848	MEMZ.exe
3848	MEMZ.exe
1812	MEMZ.exe
1812	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
6044	MEMZ.exe
6044	MEMZ.exe
4816	MEMZ.exe
4816	MEMZ.exe
6016	MEMZ.exe
6016	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe
Token: SeShutdownPrivilege	404	chrome.exe
Token: SeCreatePagefilePrivilege	404	chrome.exe

Suspicious use of FindShellTrayWindow 54 IoCs

Processes:

chrome.exetaskmgr.exemsedge.exe

pid	process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5552	msedge.exe
5756	taskmgr.exe
5552	msedge.exe

Suspicious use of SendNotifyMessage 43 IoCs

Processes:

chrome.exetaskmgr.exe

pid	process
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
404	chrome.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe
5756	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

3300 MEMZ.exe
6044 MEMZ.exe
4816 MEMZ.exe
3848 MEMZ.exe
6016 MEMZ.exe
1812 MEMZ.exe
5392 MEMZ.exe
4412 MEMZ.exe

pid	process
3300	MEMZ.exe
6044	MEMZ.exe
4816	MEMZ.exe
3848	MEMZ.exe
6016	MEMZ.exe
1812	MEMZ.exe
5392	MEMZ.exe
4412	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 404 wrote to memory of 3516	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 3516	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 2512	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1620	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 1620	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe
PID 404 wrote to memory of 4016	404	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xb4,0x108,0x7ffa77ef9758,0x7ffa77ef9768,0x7ffa77ef9778
2⤵
PID:3516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:2
2⤵
PID:2512

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:1620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:4016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3212 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3200 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3316

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:3576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4840 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4836 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=3540 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5516 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:2452

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5336 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4180

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3460 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3388 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
- Modifies registry class
PID:3080

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3464 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4264

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=5856 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6036 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:2620

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=1676 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=968 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5864 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:1104

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:5116

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=6512 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=964 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3276

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5284 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=3424 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6784 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3404

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5032 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:1456

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=7140 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:2268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6404 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:960

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=4604 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6380 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:2608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7400 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=7684 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:1884

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7720 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=8400 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5448

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=8268 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5440

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=8148 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=8040 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5760

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=8764 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:6068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=8872 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:6136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=9064 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=9068 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7176 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:3400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=9332 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=9372 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=9676 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5952

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6736 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:6020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=4432 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:2676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=9364 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=9416 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4724

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=7732 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7824 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:2752

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=9016 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:6004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=9832 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5888

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=8492 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5568

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=9884 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5932

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=2724 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=8296 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=8128 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:1668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=8852 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8408 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5792

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8064 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:1468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=9444 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=9208 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:936

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=9376 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=7232 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8748 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=7268 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:2848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=8780 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9984 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=9096 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5840

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9116 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9316 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:6040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=5836 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4312

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=3896 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:5056

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=7504 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:1
2⤵
PID:4700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5872 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6140 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7820 --field-trial-handle=1812,i,823309883492642513,17599833285547020843,131072 /prefetch:8
2⤵
PID:4908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1576

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4fc 0x4f4
1⤵
PID:5332

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3212

C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3300

C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6044

C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4816

C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3848

C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:6016

C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1812

C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5392

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0x11c,0x120,0x40,0x124,0x7ffa83b546f8,0x7ffa83b54708,0x7ffa83b54718
4⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
4⤵
PID:2468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
4⤵
PID:5748

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
4⤵
PID:4904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
4⤵
PID:1856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
4⤵
PID:1860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
4⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
4⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x290,0x294,0x298,0x26c,0x29c,0x7ff763115460,0x7ff763115470,0x7ff763115480
5⤵
PID:3096

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=5676 /prefetch:8
4⤵
PID:1580

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5600 /prefetch:1
4⤵
PID:3476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
4⤵
PID:5692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
4⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
4⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
4⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
4⤵
PID:712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
4⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2088,14146291445831240617,11845578013381667153,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
4⤵
PID:944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
3⤵
PID:3408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa83b546f8,0x7ffa83b54708,0x7ffa83b54718
4⤵
PID:760

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.bat" "
1⤵
PID:3856

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
PID:5676

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:5116

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
PID:5352

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
PID:4268

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
PID:5888

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
PID:4928

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
PID:5340

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4412

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:5716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa83b546f8,0x7ffa83b54708,0x7ffa83b54718
5⤵
PID:2884

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
Filesize
43KB

MD5
dd9d690deb90c0468228de13f8fe1cb4

SHA1
f961cbdd565f93f7a677c23f4955c987f7954e3a

SHA256
5b0ff4adee0254fccf69cc4f8b115f49b31659cc04c9f435116810b45159c08c

SHA512
379c08bd465373801097f52b91569194f7c07c2f75b75d66d4b6563a3400c9960a56c71f79a950cfa377c140c6f2ae4210ec27715c463f2bf608bc9d28da01e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
Filesize
31KB

MD5
6bd2a8a030a60dde27685c28f924d149

SHA1
23348e4cfd7948b1eef36afc36b8fd335485de68

SHA256
566ef8029ac691c6a29b152e77fc2cd64831fccba3a943150495840879aafef9

SHA512
7eaed3650d0da46e5ba998a5a7d1642208385eb3c2441bfe89778c41076f4e4cbba4e55f78420bd81e483489ea5d3ec4a34ea026ea89637c602985beb47fbe6b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d
Filesize
16KB

MD5
9f71599ab764b36c5b35d29eac19704d

SHA1
aaf2d5b87e45aabc47fbca46dfa830e70365e2ea

SHA256
bc87fda17f43b3ea826c82cf89eef1fec730778435928418ff9513edf2f0567a

SHA512
23c50a96e2b84718d5cdb13b263084d983e494fa533061af1d3b350c05d357b39bba41355ffe0edfec120797d68bddfdb1fb387e18f2b5d55c8d1e515283b173

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e
Filesize
47KB

MD5
351e9a80bd41ed38f558ae9a8c72d4f6

SHA1
6b46f6f929bde787af78d57107ca5ac08456e0ab

SHA256
c1826c77619422cbfc2d6c86317f35c583411abd2f75de81a7ee8bb309cd9135

SHA512
5317bd8fb5eba7255c6f3d79685eb899cc689b71cc378be45834670e34e4b1fc8c67c00698338643919f7f3b25d718d7adbedb107adb656ea5530963df0db78c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011
Filesize
48KB

MD5
d30f121916d4bf160bb14f81a5040d37

SHA1
52c938abd9bc0781e49c3b79b325e69430b53f13

SHA256
def204730f39c95f0262c0e7509d11b4f1a1780f3951e87cd672561a9e8c8c1b

SHA512
228a833bcb57508474feb2d0ce159314f0ee905d9bbaaf002c2d18fcffb1936a4b49827443306dca686db9decade42f4f27ae48c94d25d1e0cb9273b03fbaa07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012
Filesize
65KB

MD5
bfd2b7446e8be3f95581ee73e80e29e5

SHA1
ce60b472d20d44350a2d92b70b4ea17202e7205e

SHA256
10c1d725dd07ab74bb648a1fdd02e8997d439234350877f1f4d1786be79d29a6

SHA512
4f895a2ee48f830f35b75f041afcb992d92f3930c9130f05632b235d6e0ec8894df1bdf12ed9fcaf14fecbcc0b015ff2ddb67ae955dfb8f5ee556a1866af4bdb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023
Filesize
48KB

MD5
1e7768364a8db1e88535d1ca1ee9cd6b

SHA1
90d26fec8305c95cc5f6fa4b2398456d88627570

SHA256
eb24872de47889683879df871844b6468d59bb8126f106189b44bbe305853a0a

SHA512
a47fa27c6b7fe18bb7e82ce09f30d3cebc32a8cd63da4ca822ceeb1ac90569bf64e66632367673c1da9e3983c330f26a6edd7696e5e6e1814cfedef017d0fa19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000040
Filesize
54KB

MD5
c34a6c2b3c7070003edf85a0b29a14e6

SHA1
f56f550ba5544a3a4ce97b36a2f8119153b2e0cc

SHA256
49a6e71d87dac6881d809eea8801f419f1510c54f24693135a8092b65648376e

SHA512
44d898f4221d1f35083942d08c5a528930a573c7b89fd5743a60bc1ab5b67f229137c4ce1653835c8aacfb94dc09b050defcc32651473a17a41d68fe0a545a3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000042
Filesize
19KB

MD5
ca7fbbfd120e3e329633044190bbf134

SHA1
d17f81e03dd827554ddd207ea081fb46b3415445

SHA256
847004cefb32f85a9cc16b0b1eb77529ff5753680c145bfcb23f651d214737db

SHA512
ab85f774403008f9f493e5988a66c4f325cbcfcb9205cc3ca23b87d8a99c0e68b9aaa1bf7625b4f191dd557b78ef26bb51fe1c75e95debf236f39d9ed1b4a59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00005e
Filesize
225KB

MD5
d644a098f0c7498e46ce3f8f44d65b01

SHA1
fc1bdd868c9116f00579599625c6497ede96f416

SHA256
13e6e4124e77ad6c2b77a9b5db6387330bbd884d53e71718ed5434d8a7d8911f

SHA512
ff67b14e51657f58bca25bf5ab4875c2cc0217b6ae3e7d6b72f6add36a2d1fe877fe0105f2a16f7bc379e33b3d4ead1d146465b9812150ac5a246916a56c41a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006b
Filesize
164KB

MD5
8f349c8f030812913f366f923773e2bc

SHA1
9f0eda8df49382f4e4cfe04ae8e0e758aca8d63f

SHA256
7a975badbb8693baa07efa75f8d69304e60517e2bf3aa60764095f16d1559a7a

SHA512
15bcd3714778d67c8b0395e99237df1ce99cb9e17d3c815647006d51bd93094ef39e547d8d9d2efbe93e50740a2ae28b919b1dfd9aee2ca41d349a4ecdefd1e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00006e
Filesize
44KB

MD5
9a0bb063c614dc5579da0398973b819f

SHA1
a46f3a3c46edadad1734483287ce7c7935eb4759

SHA256
b39c5a46dd8d2e3914eaee1d8af3c2e7dbbc8d7ce1abca43d8d4a4da66c67f8f

SHA512
6a484c86322726e770abc4942e8ee08aaaebd3638c4ed7b21cb7a43dbf575293b2eb5b5e09fbb10509c0d8bd62e390615665ebc5f4f05b6c194ced3b88bbd858

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000070
Filesize
120KB

MD5
c2d70df73499e23387c1eda579478b7b

SHA1
32a36c03960dbf550aa0e9e0121234de0c1e4c2d

SHA256
16050abb2aca61120f204a56382c48d9f41e1cc123d9bf0255e905089d6dfcbf

SHA512
154142d9517fe576557e90b3dcfc1a59d38c0a8cb536bed1c17c4cb0bb810ced98503a11a7feb613bdcb626c009ab4ff39a7de7896753015f11326acab097a9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000071
Filesize
16KB

MD5
49295de6ccd23cf80b6418a2d209868f

SHA1
42a955b4560bb22cb9b5b39577f7a691ea345018

SHA256
d5a29c73c6200af2ed6918a61106e649b92098ecd476830d725ed4d2ea5a8efa

SHA512
2954ab185fd84a08933bb6e79d91e301021fce4e632b477e765c172cacf72913561e101ed2f7e66bfbdc5946b35f2b63eb2b6f878e0afc9d26ffe71ee112a1c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5c557df0a69e0ac5_0
Filesize
299B

MD5
1242c2b48f7f51beddb1862544013938

SHA1
ad14f93af931198b15e2ce6438dab9be19605c4f

SHA256
8316a129a7cfd0f1dea8d5d0c66a08025db0cc380d8e43424003c327a7a02bdc

SHA512
b413ba42bc55096e5fb04c95f4294799c199dcefbb206aff6fc4020e78c12e73b215c7b9e9744277422e48037d6e7e35f777a6c0d95070c2709b7d36414d87cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7deb77ce54c4ed7b_0
Filesize
296KB

MD5
6901c1d34148bb72b51634311851a1c7

SHA1
c31a9862032c45759eada32d74af9a56d530038c

SHA256
3c5e1544ced609f5462f37be3813fda0b5b7a5df5bbb0a3306c08c256dbcbd7e

SHA512
64e8e5e7d99860371bb988a8767721207083f6db8bec91ec025753692d8b9165ce980f83601daa41933f465b18cea0b3a657779f41761a1e1f3dcd8bf6c95f2d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
4KB

MD5
5d0f69d560b602c18fe4d808753789b5

SHA1
5298f4900d90c59d7082ac5a32c3192965ff82ae

SHA256
58a771d4a64d525f21a66454c1400d144f61d842a8ed99e9ee684bd28cbadf4a

SHA512
519b8a6dd4c0aa96336dbaed0d33943826266aa922afb770810985cc789a5f733aff2c38a099f3f6feef2a042090d16792f58eded057577edf2c025fde3f22a3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
6KB

MD5
98bed463c16394c2e40cb6b0898d039c

SHA1
604c8d2bb1bfa06ab7f745f6444ee8fec687f2aa

SHA256
f2ac2f264e6c39e5dda69970dda0f512115f82ed53d2e74b070eede6ad85f9ba

SHA512
039ee84064df6a7808b7cd40438793456f52cab3978ea0878a4d34445133968d2bd149f1d49e27b41b3ef0609f283c3344fed53a7b6b31588a9bf70cdcfcc56b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
23KB

MD5
6059845706bfe971209cdbad3bea766e

SHA1
0c64ffd0324cfb598e619809738cab8d57afb9ae

SHA256
f615a00bac6a99e8cff1513ee902b2c48330bbfb39d76b5ac999f0cb4d60c30b

SHA512
713488fa176f63502d90f0d52d15cfa8ac8cd2875bb7f520ae793957a3de0c21c26e03720aaf8585c2bf8e4af774b062d2b6bf252233d317f69752a842f2e1d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
22KB

MD5
0fbe0f1814d51fde827bf7b47894340b

SHA1
ffbd0544f835cb593915f2d8b9eb0cadf4aa0270

SHA256
2cb655306c861b1baf939194d668269c2692a0d71d1fb79609ecddf6635fa2c2

SHA512
653a5628618348fda75c8fb905ec5ffcaae544dd33275a468f33affea468b767bf5885661f04f4965b064a3dcb5bcf1a5008f2bf6dc77517730ce8be4ffe8e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
568136dae751e10a61b3f043e43aee43

SHA1
6d6c66d70cc276af775a015c7cf736befbdecdf6

SHA256
50af482c27d510f55f3ddef528b5e6979237bf5d9d7d3797ee0292d689441ef6

SHA512
542942527693c79fe629ebe6595c6c499aa131999776944980eed7bde3c126d3accb41ed6b63303d19806d2fd98d61f873e1e96c1aa460a157358ce5d1e0584a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
9b13b303fb2ee072e1524da8e2689919

SHA1
a85efe1985893a6e5c600fc8f5c3e8fbaef1091e

SHA256
0539cc64b87040db6c201b6b4d13b2018d7a1e21abbf7aaa29fbfa64dea81846

SHA512
c82d4b7c555f351c3201147e13960f08bcaf289b068fadcbcdd000af3384add582cb1e18ec97e46c5d4cefc3ade42ab84ed1b82d753c5b9b98bc41efa2ef4d68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
920f0c484d7328e00415bac9287613c8

SHA1
f60dd8006def4359735897e9c3ef072a35cf9cc0

SHA256
acdacb159fd80b1b841759244f3b16303e6c7f156c108611afbc3fc29c40044e

SHA512
0e0b45cca37ad29328b854106316a1de951084b65badce022c062446b2a82068ae0a299e048569f79e116857febeb5f81c29b46cbc84aa67e04d6813e25f9135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
5KB

MD5
305ee3afd8a5b2ede7024af234dbfa4f

SHA1
8ac922b728e4cb362704aeccc824af395a2da8a7

SHA256
30c7b36dac160aa1d8e781b00110994c1df6a3610d190c264211d35042adf366

SHA512
1459501522b78bed0901cfa353acae3dad98326c0b98244d3f4e425931eae53b0f9f562a184a85ee8682bcf9baa3adb73c948ce2a4226727652dfaf1e1ea3abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
d0c12fc081648e4dab734b019e9718a8

SHA1
dd222a1b7c2604433025641cf2488dc75005b81a

SHA256
4d7a1fc39af1a6a9b3e3532d2430f7c2b31ca41d495cfb74f6454a8505ece819

SHA512
df46d5285c3e0ba33773beaca4d27cd7e5d3d21f6e9968aeba5b7035bc90ff401d1bca5e543d6f79d8ae534984c3dd35ad657cf887b7cce793a33c28736b59eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
7KB

MD5
82be5589f7708f7834ad9f50d9a0e389

SHA1
82e1841c9a270bd4d972286f8a237fd035375077

SHA256
97511e757649a5f3839134dafe85460f8c8df27b2f95e8fada8419a973e1d813

SHA512
2d3075f6dad0da89a6ab410f24a8109fc26849f8beb67abcb08c8cb5ecdb3f36c36f9853873a98db6cd7c0d17347006a41289f0c500e58044f8694f57960ab3d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
0c503a92777298ac4174f139ec960f86

SHA1
543efecd7b5f0e43551cfae60a839b633a98edd1

SHA256
155ec52280fea165044cce11e9a8d60065b6249206e598f351f31339315ac316

SHA512
d0c3369544983a4190a5594f49b5ba3f820a4e7ed4ec5f61757d4acf5f85ab1adae7d387606f2dce54c56ea889583c45b636a57798e58474195634621ce48fe7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
b5f3bd1de88f7f8f2bbda471fcd865ca

SHA1
930689d17115b723ea030820cc6ab82d4340f162

SHA256
0a2cec70db123479a0fb0f29f0f3b59b0650bca1a26cc95c570fe6917b4c2a70

SHA512
3fe290bc7cec184b955d6790eebbf2b8b8bfa632f831da64177063acfb0dd2386df6d31188bfda5b9d46b043d1fddc44755d088b712c32ede37d24d433aef80c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
8KB

MD5
92670103e2e62c84b3a049955a4a3ff9

SHA1
279fed07a88360bc484492234f2233f19332fbe1

SHA256
3f5859b0ed787456efabe9a2a7362bea384c7242639a56662f5fbf1805bf18bf

SHA512
65f7c6a88ff7be169ffbb0a6d662c735301583d953ac2e79b56cc6246a3024aa46ca0f0cd52b9f973a08f38624faac4330df8454b1839f53f314c22f0b35c8da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
2KB

MD5
cb3b295e0c9cfc61eb56e12495e973dc

SHA1
c313b0fcf5956aec0bbfd6009afd66259bdd5817

SHA256
13b217d535150fd0afbae5bdedbf5f7885388679376ca62e013d50132712052a

SHA512
b80f235564774abe1235ee475f573df11b2fb08b751e1f68cb19402985be05f17e8cd59e0bdbc6f5ecdd4516d507f854073e9c22b40a16f801bb256183db4e33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
06f3d01c6161572f47aaeb9f054f2b39

SHA1
e247ae0ba83ccf268f60524751c0a011ca9a06f2

SHA256
61116e25ec53eebf8be51038b684159f46159c92038db20356da7a3b72b6af7a

SHA512
59568dfdf530848cbc3bd9d9a8a4192c967ab769e9343aac03502b485551b7bc5ddd72ae21f4b6405f72b80582b0e66d17475ec4a8b941c643d4ad95cdd70d31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
79d89ad87e434654666aed983da1222b

SHA1
f1003153658db195146b7203b6a0b1f9bd40af0b

SHA256
14058600aedbc792b745bd68f5e5b6db39b228ee2c41b3a5fdc7bcc6154b74a3

SHA512
cd3719607a28b99e8455e26138f1a3e366cc9453346b9e77dff5a8ba151553e1bf32ccaee017ca8d42c318d7290a050d01b8f1fb997b07dec97b5f3c81f7daae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
7e662c045120881904276b60414b779c

SHA1
9c930c814b749fa141973bc272e2a02458c03173

SHA256
1240722eac30b46b1861e848f7374eeafa664078cd0c3cd2addf77dea61eaaef

SHA512
43822b9ddfbce6885a9a84d6ceaf245ed67dfbb14178d8b8bcac7d42746a219830adc51c81ce6e9987a836a4e8e5835861176a9425d02ffdcd8f0a60d5c7a2d3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
2693b127ca2543c86146be650749c5d2

SHA1
2c2ed39975c3c57a5471c15d12e43a0fefcc32b0

SHA256
28f255f09bdb758bad864e47938e8ea00849ad8cfc74ae747e1b7da1bca66284

SHA512
77d6e9a42879ccffc768397ae22956c29ee666058f9b033cf0d42030427934bbece1f93cc3570f9b6bc1a1dec535ba2028372d88581b885152fa3905cc48180e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
368f6ec24e8d5acc681d738e5e747da9

SHA1
2fda87c5b5f3efe015ea39800c1d8ef209addf04

SHA256
c51f229fbece5ba14bb1df3bfb14ab6870b291971057d9d51c553dadb3d17a06

SHA512
bd16d05e45e6efcc4f570cd9045327c6a3b219a09c3c3c0e703c4f99d42be3c5e2a2e6f1cf673712cfa1858077756f57b603bd90506399a99d274a447517e9b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
bc86eb127448a82e1e25fca046ec90c9

SHA1
86e26a08fc60886eded3ebdc9f2d57467d98f50d

SHA256
263816ff063e9f5d89b134f9a3b6c3214b2a9510681728863ac2d3b470efd07b

SHA512
bedc126b54f87e68bc1dc253358bc53c6e53f8308e68849ff22c00d86e08765948ffa005c4f5b47ae41e9c7bee70908a281e98359b2e2cba40ee55d16b06083a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
8KB

MD5
c6aab3d399b3132f6a55e5e827182fa4

SHA1
e1caf22ed621a0d85b2dd10bdf66e70c3facbba6

SHA256
856ac6cb2e37413071754c8336fd757da5cec246b69794746c57db6daad8e5bc

SHA512
14a635f9cafcddee06d62f6de4845c0db1acd88b6fe5896a20aad459dd89e74e3564db9753beb7714aed6413fdae3744312bbc21d931285166aef948a7fda1f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
01edbf8d582fee19471a60651f1105a3

SHA1
f3f37c31f49a7cf2057dd965b368a53fff3252af

SHA256
bae4601f1e1b300c04b46968c15fff7fc3046c7553a9eba5fc2086b0280f87a4

SHA512
990bea46b8b6dc31fc47f6add4df4cf98e73ad0481679efaeaa93ee285a347e479ee31e4d6880f2d21425c14bdb295169b594d89addccc109558004c72c98ad2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
cc03f17655bdb53cf45cc302390cb4f5

SHA1
f38ecbef97c58956150ed815ac21653a560e9b48

SHA256
5d1645e3bc8e7b25e8e1549b1369166358bc103ef62aab009df2b11798e724b4

SHA512
798740b02590661ad286b548446c2f56d9fdd47fcc24f7ef26ed59c4351fa7b75e5713eeb1df5bdebaa232a60b13f16cd7bee3817f4999dac50fdc4c29a89d8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57088b.TMP
Filesize
120B

MD5
a1b30aa3e3612f10338da2585a611432

SHA1
6d7b07b81df03cb10890caeb7788f0bde1f26889

SHA256
22f008a6051caee52efb4bc6d14a1608bce5e4e40bd62de23e18c1f08fa0c536

SHA512
9e884903141532122de41516cc5ed04060dcb805d32a4e0b00b502ec0bebb31eca0a09a3e1b54acacdcfb41f64866b02e7d3b96be0b43b9d60f546bc623e75b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
52a758acd3019db140d140c8776711c6

SHA1
8c49c7531ea543a78114d2a4dbdbd018dd5bd08c

SHA256
e80ecf8c0550e3930a6e57354b7a08ab2b650ba1ce56c97286f85dc628bb2f79

SHA512
31231ad95f0e7e71543f3cbf6a6d1fd3422bc4b52e2fd6d65050d86171ab6f69125091f67ac8e2d93bdb676580eec1d3150a034fd13837b985b20fd411e4d32c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
be4648890e21bd1c63530b5729d96531

SHA1
3a729d75e49bf5ae4fab01def530c6f036755fd9

SHA256
8d0efee21f5a4dd3015a9a75266f02e14f037af31939ed28cf09e10511ade82c

SHA512
be9784ece172ed68d8a5197b6bad0f3d4ee38e4e0c13a2bf50a21ac2ffbe5b8158d44ece0903715effd097d107aad264d115fe72bd794d69c345b2bda8850d75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
726315b5b79e79b45de44d568ca78c86

SHA1
c9ae85d2c23e16de650c8d1d5c2c35aef0b18034

SHA256
08def6351323b154b2303ac9941dd80aa4aa9c14bbd50092ddcf2d688e2b8366

SHA512
609b0c6a7f09b281d5bb9b100b7c90c058651d262d5c7f42c85aad5bb4a56c930a15e803eac022cb620f7ebae8a9f84bbdb54b81626f8261b6ac253cb1fc6014

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
173KB

MD5
06419db3ff91cbb35e643cce1fdbc46d

SHA1
35ad5c190588f889d576d505d18fd006a4a7e34c

SHA256
c53e7b266d3c433164ccb2cf61ee394b07586952b160d145bcf656802521c6a7

SHA512
80c5b21c567a7da9eac1c405f4414ed672472ab7227ea90d69df07fcb04a22180c44463de8f5afd73e365a0d2437b1adc7301fa2dd1a62789f10b2cee8de9b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
113KB

MD5
6a1133dfc7105d58d595b93490796641

SHA1
93a7c23076f03d43681a0998abddcc73bcce88f6

SHA256
8bbb6408c50e6d59c4065500b942f11d7e1a52babf5fc1f65fc8a084f0184dbd

SHA512
c7db9752f76e5de1b391d38bab3b3c9e0a598c0f632b1acc2ed6cf5de08b3dc5844b540459ef0467f769f863caba9f224f5b778708f597d56abee838afbeb53a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
104KB

MD5
2c53c5559216b68af448c41093002b68

SHA1
39ef6bfb8fc9e0e29e54c695852765a8abe4348f

SHA256
b779abd769182270f5fc7e99297682bdc4f411ed1c9ed680b0d4e44c68ae9c07

SHA512
e2fd52364f5acc749f1454bfb0999307e729322f75d3b58dfa191d96f62c94d966a7003bbd15b211f9fcbde8b28ffc02959f4ab73e4eba3e7eecac91736f08fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
106KB

MD5
ab6719487292ba209a7438bbfea8be07

SHA1
72d0a91d826f81dae8770f77d0bd457607d029f6

SHA256
b04975cff8b0abd27ac47d409d82242b3a306f63d4c71abb9010e1a9c00fc8f2

SHA512
1a785cb96968a4080daaa6f870400eb388f24cc6c644dd7ce01e3f232c5839e122da28d745adc7f02dedfff9a2e5fd44d75a2549a6c31cd291c16c49e69c0cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5744c9.TMP
Filesize
98KB

MD5
1c975c67c768894f2cdc000e39067a11

SHA1
cc732dd96766bc394f1a2fb758f57fe372adc8e4

SHA256
38d307172f46ecac64900269923f9554a6e7020d77b97ddecdd3ed24ba0ad0a1

SHA512
cfa03e43e2c069111c1ab696220d1ab30170391b8ffb06e02c891061729ebf66a83f76d56bcbe5abf1312a957ad1015556cbd5f4066c480ae27939c20125caed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
375ae54e2bdd1c0c4262a689f0da2306

SHA1
acee73eab10377a5dccc6ae01b7ff7cdaaf19c56

SHA256
bfbc794ac8706cad098046369b687e64599725a5149402f187d9c4141597a72c

SHA512
151abd264714fe108f2a301a071f83fc9fae673299d46b8a947e5ef86f9a83aa008e730728b3d5b804adeb4e51191b25ffc7629446ebc0595045d9720eff6715

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5a4008.TMP
Filesize
48B

MD5
250544c318bedc99d6a5de66361c4ee9

SHA1
9fb1b6ec16fb033db9041362a688e99de82384f5

SHA256
c3eb55ba49847536cf44f4031bfcc5f68927aaa8c4c5599727adeeabab5f9daf

SHA512
8126d331eca4f00d551970f2f24138d4cc92cdfc254547b8554e6b20b7975515fe4c087ea8e03f7e5e7466b30036f3a7f5f73f977bc6200940cea5811c9bdbd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
65d67e4c9c4f0338dea66c93560c09e6

SHA1
a4c9519182e6291b87c8cfdb3fd9594261881a1d

SHA256
6d244204ed7370d5a8428e33dca47e6b278391435e291e2c6e7d6a453a36af0f

SHA512
4785c46684eab81abc8847e5b45ff0a36516b49ad6e53af22c41234eb8c23afc87c2238199c27ae101e47d310b1651847b224d7972a82fc1ab4a05005375edfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
b63031402612c2ce2e2dac5e7a114c5e

SHA1
23cbc0c1f0d742c4951fdb5cb93b3942aa0fdcf8

SHA256
273b3cb188f6875c641e1de5089282c513f46b05e877195556d7bab8031d054a

SHA512
af1c191d0a152ec28b68bc39a01b848bf13a5fc29c90ae5086fe0896da7dc3f6352bef9bc963d6a2f3ab739c4fc5e4dd22e1d7ff6d145dd66b156444ba28dbfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
525fe6454991ae39e5d474df55b15a99

SHA1
301ba4dbed985ff49fcd040b6a4d859517aad656

SHA256
d4b1aa50cdc673169e4e1660b258393db0d8d373a86f8e5f91ad7540590e2f62

SHA512
e83dca3209026ea39b73a06677d112a3836321e965ccc59417a1261c73b51461bece2bd37543a6d2ff96dcef2c9dfe5a6e23c3bebc03f71953aca6bc728cf072

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
6d017dba125ce1575ce324426a7e4d65

SHA1
a2a52d4e2fd52957d0b70dcedb1a736ef8293c10

SHA256
744ea0f6948d0987b1f80308945294a09d52242f718f8dbb7f48ec2b841e2175

SHA512
6a6393934e1fe6c2575f7ed33c30176c3833b46e433577983aaf1d14949bbe604f79c4cc8a60018ab17b9d4f8abf617ca6f45c404f7b1f4e746e2e8fa9c6c98c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
323709d2e58feccf8fa9809b5670c716

SHA1
973a7c34cd7420f6e9ce885260c7f6303b5210f9

SHA256
848d86740cc83446a33dc424bfe9098631656ae0db1679f24b7a4dbd708624dd

SHA512
5d4bf8a6f433f07edc07af5d1d8662ce447f9cc43c059b1c89bb4990385ebbfac840b074a0ea89b18aa736ab3760448b314aa9c22026263f1157c4357ca58564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
121f106a1cc1cc75c33554ee34b22f39

SHA1
74c8940e538f71e4924c46e6e58f2aa3beb96aaf

SHA256
17ed01fa983cc1657ff812017f3fb7ce95f3830c0f5c48ad77bf4422ec9db8b4

SHA512
3646137631148dde1a1f986c850604483e24a07991cff102c0fb00ed7344cda10aa51f372b65910ab3da915a6b626a5796803993902ef246bd46750eb6813ce4

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
fe5a89ea517b2af8b087795aee30403e

SHA1
32655ac2e62581ddb26c80c3020dc52c9e532a69

SHA256
757a14845ee7702a2f5934af0a4f9ac99bc32c192ef73008a46315909e7d86e4

SHA512
1155ad145e23f9a8df225c0460f3d99f77d23dc6a8322469c1e65a07a675a9c597071f2d33cde01510d977e3920fb3d6dccfc70d1e1082440724a99e48bb04df

Download Submit
C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\x
Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Users\Admin\Desktop\MEMZ 3.0 (1)\MEMZ 3.0\z.zip
Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
\??\pipe\crashpad_404_UHBTZIRIAETNSCTD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5756-1716-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1734-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1725-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1726-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1715-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1714-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1728-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1732-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1727-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download
memory/5756-1733-0x0000025F756C0000-0x0000025F756C1000-memory.dmp

Filesize
4KB

Download