hxxp://o | Triage

Analysis

max time kernel
330s
max time network
378s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2023 22:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://o

Score

6^/10

bootkit persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\76ab9080-ba0d-4880-b6a2-96aa49c4004e.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230406005440.pma	setup.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exechrome.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252157650158520"	chrome.exe

Modifies registry class 4 IoCs

Processes:

explorer.exechrome.exeexplorer.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4956	chrome.exe
4956	chrome.exe
1716	chrome.exe
1716	chrome.exe
4448	MEMZ.exe
4448	MEMZ.exe
3628	MEMZ.exe
3628	MEMZ.exe
3628	MEMZ.exe
3628	MEMZ.exe
4448	MEMZ.exe
4448	MEMZ.exe
2088	MEMZ.exe
2088	MEMZ.exe
4592	MEMZ.exe
4592	MEMZ.exe
2252	MEMZ.exe
2252	MEMZ.exe
4448	MEMZ.exe
4448	MEMZ.exe
3628	MEMZ.exe
3628	MEMZ.exe
2088	MEMZ.exe
2088	MEMZ.exe
2088	MEMZ.exe
4448	MEMZ.exe
4448	MEMZ.exe
2088	MEMZ.exe
2252	MEMZ.exe
2252	MEMZ.exe
4592	MEMZ.exe
4592	MEMZ.exe
2088	MEMZ.exe
2088	MEMZ.exe
2252	MEMZ.exe
2252	MEMZ.exe
4448	MEMZ.exe
3628	MEMZ.exe
4448	MEMZ.exe
3628	MEMZ.exe
4592	MEMZ.exe
4592	MEMZ.exe
4592	MEMZ.exe
4592	MEMZ.exe
3628	MEMZ.exe
3628	MEMZ.exe
4448	MEMZ.exe
4448	MEMZ.exe
2088	MEMZ.exe
2088	MEMZ.exe
2252	MEMZ.exe
2252	MEMZ.exe
2252	MEMZ.exe
2252	MEMZ.exe
2088	MEMZ.exe
2088	MEMZ.exe
4448	MEMZ.exe
4448	MEMZ.exe
3628	MEMZ.exe
3628	MEMZ.exe
4592	MEMZ.exe
4592	MEMZ.exe
2252	MEMZ.exe
2252	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 29 IoCs

Processes:

chrome.exemsedge.exe

pid	process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe
Token: SeShutdownPrivilege	4956	chrome.exe
Token: SeCreatePagefilePrivilege	4956	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exeTaskmgr.exe

pid	process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
3232	msedge.exe
3232	msedge.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exeTaskmgr.exe

pid	process
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
4956	chrome.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe
6004	Taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

4300 MEMZ.exe
3628 MEMZ.exe
4448 MEMZ.exe
2252 MEMZ.exe
4592 MEMZ.exe
2088 MEMZ.exe
4852 MEMZ.exe

pid	process
4300	MEMZ.exe
3628	MEMZ.exe
4448	MEMZ.exe
2252	MEMZ.exe
4592	MEMZ.exe
2088	MEMZ.exe
4852	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4956 wrote to memory of 2388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2388	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2744	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4492	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 4492	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe
PID 4956 wrote to memory of 2176	4956	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://o
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4956

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd468e9758,0x7ffd468e9768,0x7ffd468e9778
2⤵
PID:2388

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:2
2⤵
PID:2744

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:4384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:1592

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4504 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:4328

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=3236 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:1616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4948 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:5096

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5020 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4556 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:3784

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3156 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:2880

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4408 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:1772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5436 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:1112

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5064 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:2700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2716 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:3472

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4964 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:2260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2316 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:3756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3400 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:2344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5236 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:1
2⤵
PID:2624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4644 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:1812

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=752 --field-trial-handle=1340,i,3237407274851906231,10909212816367872417,131072 /prefetch:8
2⤵
PID:3376

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:768

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1600

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:4300

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3628

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4448

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2252

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4592

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2088

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4852

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:4292

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:1048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd42f346f8,0x7ffd42f34708,0x7ffd42f34718
4⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2160 /prefetch:2
4⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2284 /prefetch:3
4⤵
PID:184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
4⤵
PID:1716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
4⤵
PID:496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
4⤵
PID:4940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
4⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
4⤵
PID:2500

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
4⤵
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6160 /prefetch:1
4⤵
PID:3400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
4⤵
PID:4104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6424 /prefetch:1
4⤵
PID:2208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
4⤵
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
4⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
4⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1852 /prefetch:1
4⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1916 /prefetch:1
4⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
4⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8864 /prefetch:8
4⤵
PID:2804

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:5816

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6ee765460,0x7ff6ee765470,0x7ff6ee765480
5⤵
PID:5908

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=8864 /prefetch:8
4⤵
PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=9092 /prefetch:1
4⤵
PID:892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8120 /prefetch:1
4⤵
PID:5584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8632 /prefetch:1
4⤵
PID:992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8572 /prefetch:1
4⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8560 /prefetch:1
4⤵
PID:5856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7852 /prefetch:1
4⤵
PID:3468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,10066009940827290479,8163955076054133692,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8972 /prefetch:1
4⤵
PID:5536

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:988

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:6004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
3⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd42f346f8,0x7ffd42f34708,0x7ffd42f34718
4⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
3⤵
PID:5132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffd42f346f8,0x7ffd42f34708,0x7ffd42f34718
4⤵
PID:5380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240 0x448
1⤵
PID:2288

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5412

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\4959e5d6-15c9-42dd-b41b-52d6ba070b8a.tmp
Filesize
199KB

MD5
9ffee8f618b3c6388d428a4edb8fcf93

SHA1
ad2ba969d9babe7b87b298922e69e9521a1a7d5b

SHA256
8a0fe97a90b2ea1e404417d0916030da16da34b5fab897988f2ac19ffd6c27bf

SHA512
d001f822d4761a3e1746b01ab6a5c052f9a7426f86e4e74f06311bae133129bc25b74f3962c287389be3efc1c5df42dc7c4fabd5608c8835266a86ea8dea7efe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
99bb1a58ea3052a00436f6163bec43b9

SHA1
11fbbef5516440bc07096748339671b4216abbc0

SHA256
be4d2fe8e37f383320665291d2002b4e132c46d0d38a101bd59f5fbef6a14e50

SHA512
cace6d8268088456d7b3b369ed384de3715694e5f3bbc08858d578024b9bfd0d4338fdc483fcb4ff4a08ea4ef45659f64a732c8ceee32849040c097b78ad9713

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
c9a329f2db0737418634c1cf8196b6fe

SHA1
ea497744b488ac07599ddba115a44fe2c3bc2150

SHA256
5fe867aafb6c5912861c4744c4573ad8656641d51081cab784bde4985f66db2e

SHA512
49427843733675cf7e5584024109c2e59df6b0bd20918901d336736a039c67516f103b3b05bde58b200695a47acaf6a8adb31df1d610cb6621d9fe8603f55215

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
3c9c4dc89178b803f12ea2799f501208

SHA1
c45cb64c9302f54e4d4000d566eb5a4e9ea6c1a9

SHA256
0350c5c4dacdb879155faa0ff4e43c4fc545c47abdcc61c9794ee1aed380a962

SHA512
a62ee38217b03df6e9c51e92478b784b81659144f7b0c55ed31d19b150a9d08be6fed0f096b76fc519955075f6d32b1a1eaad947dfb874185bd72f9fd03f9235

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
3f612e72d1e14c6ea19c489470eb5410

SHA1
d45def08d7cd3980684567b2543f6066a2971799

SHA256
1b22c619727a7393ab987599a604e3181ccb856ec3ab4eaa6c5af421ca0425aa

SHA512
ddacbfcf04fd090fbd898f01b64acaeb8168fd5563982dd0afc06f07ce237527c8ed45ba047c80550ff05efc56420d821ece2c089f774a3cb80847c9fd8dab1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2feef0d90d3f1cff1e45a10ddf6486a0

SHA1
e8cfa81229734be4549e8be262ddcd18351b1f3a

SHA256
4de5a724b24a8bbe479576732b8a2e95e72be25ba9c76ba3b8789b072758d315

SHA512
29082650bdf47a5a81f6360db3fade8920804aff3e5b302c242805af734ec4145dba3107ae2f68047b483a5f064c86cca5ac57cf54fd4bc692b514e12f588464

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
8634b871ac2d3097a1d2df70ccebd6e4

SHA1
77975cdd5fab15a0b70726b8726638c163451b78

SHA256
d6bd14984b4cd3e0bccdab698d6234879b7a9f95ce456e9ebe06084fe22de6e7

SHA512
bb73137f4aac4ab6b65659262a1dfc42a57526f7854421ad969b926618647d94f7ebccd58e0ef8ffb1e80daf95aa288047d4d23d7ec16f3d326f6c761ef5e4c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
89830c7aad32728d9aaf1126bd9b6fbb

SHA1
f43bda7126063d817ad5ddc003334cc89be7e080

SHA256
9c94500a3a8bd43f4100a9d7c8b14c6439fb69524183cad5fbe1392d8936a57b

SHA512
1d96e128da2e05826411af08250e2eb0a4c38692534c0739aa3207dffc1addc1a0eb81452b98c4d4bbe6df835f76dd32dcf22789f4da8859fa2f2c7f86e867e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
7c0853846fc6d67caab65830b5f36278

SHA1
d087224ca78db41b62828ae868a79226d4a66b13

SHA256
4b0b16d0108878dd7d90568a0606aa8eeaeed391bbdcf69e114ac24d65994801

SHA512
a9bd877a94267034b82a9143d8ae2444bc3620d5e6a68dffdcdd8a05897d31bf03180364469545d5e02d0f01a46c8219dba4d9bc592481ebbb49a322cc3cbf7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
70c7e438fc0551fbd6525d2ce6076f39

SHA1
2bc206d475988dec9384b70fe0ba8d875d8f23e8

SHA256
83b12a01beacfc03b7e895781548ef24c53600d9c6e749eb437329fb61967a45

SHA512
9ed0e81d5c4b652a1860bb5558b62b7e662d71ae6f2350ce51295e032b86a94d0ce4c53000bee60afcf6a38abbac444d48318d43a6a73bdf788917e75c3e3dee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
a958d9d6b794695269dd62625bbce272

SHA1
56889981dadd6b3d6d5031c70eb4a921ed5d02a5

SHA256
c86bae67d83a180ebca443cac5d879c7e0799919fb687801c051d80c57968ebc

SHA512
ae01adf095bf41b4b56a8ac82156bb6bd3aecd022291e616cbbcfc5b9d590772c63eb5f4dfb6152c0c7a10e8a619c7948dab4b5a265daac4d8628500765f1b49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
bcd94e295e739a3c3be13abede102710

SHA1
a4b8c322fd152c1bfdbda8a632e7d8a228851eea

SHA256
9c6b2797fa21aacdffe0ad6883e98b74d82679207172199a56a785eecc51fa7e

SHA512
c7d181c0d1994d131b5a3abc4af61a58f4d77fae95545dcd41bd2a4d30fa9b0a1d75c5f12d3c5dc04d364933e3883e4284f146f27eb55d0ec1c9742f50e757a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
bbf01d9f320244241e0a5888eff06a66

SHA1
b855c584eb2741129072624c697a30251b684b7c

SHA256
ebd7799238c1427821b621f917b12ec5f3534de086a9e3f68d0993fd8e893a9e

SHA512
609471197b93033470e25efaa720d2bcdb71bedd35b8125560a92359a565489a174f518f497d811f46c92b6fa36852b09aa8414a63f2ac9367342a1667f291bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
98ca9042155b588086fae754e07f4371

SHA1
30ac79590f797989b9094da02d6862f4709bba06

SHA256
ebbaab3b806e1f13f94d3dbf97f42350c6ac153ee6e5bc5d158bb9d94b14f108

SHA512
fd304d0bef213468307c87af2a0ad65d817f6ce03f006989b2c0628a53c89cc8843799d8fe6ab2ae8ee7019aac07e36b19b9caf3533a65bcbb9be63f87f869c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
120B

MD5
7d16d1c336aba5975b4b5d9411c2f9ea

SHA1
433ef47d02e5deeee1683a6ed71ad944a804b7f8

SHA256
ffc611fc9bd894b7800473743fa7aa17dd1887de0d03b33a0cb4cc344589ae1c

SHA512
8f56dea28010f3397562984a7a713aca7aa26468e1badbe1dd36884a42b0bc94601f2c71b10ec26c79e994c1f53552df926468f2fb554b4261e5735c9fd219e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56a3e6.TMP
Filesize
120B

MD5
6afa425f929871ff668d767dcdd062b1

SHA1
fba64b3b5c0ceed8bb83e3e82b7dd28db44fbfcf

SHA256
e7547e29786df4982277415abc250fed1109242a8ff1d360003702f68824f871

SHA512
2c7e25823dece4280013faf6ac207edb10fe5d880e787d66f9b8280ba9a7538c85bce1003d441365b3bfca37ad967ae27d06648c4908dc30a3293b8f1c1071fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
36d31dde509a418c4d995f9ac227ad52

SHA1
cc44f03557b22a5ed493252c6e3007ccc07d3060

SHA256
5faf413b029c5d59d8aae44e6fae6c06987615f4a207c18019cc2bd5c8fb838e

SHA512
1bbbe411a43fa04fb964ad295687ad7bb4552b8f16fc409bb3fbfdf03da8dfd8d15206198040e810f130e6e39a7f304221b765855d4110f2948a9d68600bb5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
36d31dde509a418c4d995f9ac227ad52

SHA1
cc44f03557b22a5ed493252c6e3007ccc07d3060

SHA256
5faf413b029c5d59d8aae44e6fae6c06987615f4a207c18019cc2bd5c8fb838e

SHA512
1bbbe411a43fa04fb964ad295687ad7bb4552b8f16fc409bb3fbfdf03da8dfd8d15206198040e810f130e6e39a7f304221b765855d4110f2948a9d68600bb5dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
5a0a3b23929c57446cc3a0f259183d11

SHA1
0a168ed0a8ff1e12fd274677d9979ca567ee7106

SHA256
4a6cd5ffd04a56ffcb63b380895efff1e2347fc7d0f760c30ec0b1eeb9f5ba56

SHA512
2515006cc30b06af0992c9fc1c770c380e69251604f7d8656881fcf5d584a2fda3e56e6cbf30d9ae06b0e0ecab4a578a525657ceef001014c18ba472eba5c6c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
106KB

MD5
ffaa2a8ffd0de152aa3abd01e5702f92

SHA1
ceafde072b311ebbdd755f1ec058bb6bd18f2b36

SHA256
1eb2dc89a6887116f83a6541b84265b5d72a54c6e4a1d84afd3bb8a3d3468a22

SHA512
c28e3439bc389020aec3e1403730b0406a7e19a4c1f2eab6200215a4c3afb534894b66eaa3f67c6cb44d63f8bace26c7d0065bf6cb5014c669e2ff89f04c6c85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
109KB

MD5
c550475628c57ec407135c9151614728

SHA1
9f9746972a05d111f5945518bb0afd7d0a7f9884

SHA256
ff882fd015cd86d58f8411f6eebc04aefc441244cbbaac8909b5e7c607ef6128

SHA512
56258298cf9d1b02136b72869873035d170de860470f3be3b7b7a0fd73be4177fa43c069c599069219272df3515ef08b534a5d256adcd76764ae77fa5f12bc41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
100KB

MD5
e9dd3839feed36aaddad77558dc905f2

SHA1
4ef635f93bfaad7e694ed2c4ef6644a788f4f9ab

SHA256
2fe7652bc6d7dfe12d739e3faf5f0b795d962ad5cf51e78bd0c1f852a90e210b

SHA512
5dd63cbbaeb321c99be96cbd9aef7362fc52f9cb2f85f4f93637a6b475c606344da5993a32f31100e0a5d0c98e6247fbc3219ae844344cf9257731b29cb3257f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5714e0.TMP
Filesize
96KB

MD5
0a00f4b6d225bffe580a47dcfc4bc0a5

SHA1
a324e3c2625d286535c9ed08b705d40a3adc0e28

SHA256
e597dff47858eacb983926aa2be6308e8334f89a169369edebdfbe6900f67f33

SHA512
a1de17a997761b311a3ca359c469179da916ec027cbbbcc23406d01cae10694680f55806e42dcb03af212ea719b14a2ca4ccd4aa4610257786877923ad6eb811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
425e83cc5a7b1f8edfbec7d986058b01

SHA1
432a90a25e714c618ff30631d9fdbe3606b0d0df

SHA256
060a2e5f65b8f3b79a8d4a0c54b877cfe032f558beb0888d6f810aaeef8579bd

SHA512
4bf074de60e7849ade26119ef778fe67ea47691efff45f3d5e0b25de2d06fcc6f95a2cfcdbed85759a5c078bb371fe57de725babda2f44290b4dc42d7b6001af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021
Filesize
64KB

MD5
1067041b8fa46bae06ebeac837cb67ed

SHA1
9a1e51cfe25d04692592f1dc13ce75058db813d3

SHA256
e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533

SHA512
d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d
Filesize
61KB

MD5
f71b0894d35d9dffdcc3db2be42fa0df

SHA1
abfcb6ffe0b38228fcf03fcfd01e5ae7d363d9af

SHA256
bc12e3374035e04abc80bec91a6abccbc6f736c3f91ec29fcc5b715fb1b3dfd2

SHA512
bfb99588b5a33da1d78a2b79d0734029cf16cc85cba2c353361fd1187ea4fe3ad9baf250548edd96980ae07167a1026fae106c2f0fee8792d36479aa3b3350ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002e
Filesize
50KB

MD5
6d81cd0d857a5d1728e08c77b9b0ae22

SHA1
3cc0e10ffa948e94df63f20a66f5190224c57d07

SHA256
703521ee76a6b56c41ea6bec08e91e25e64705acfce7abfc2ff9e75c3d92b2b4

SHA512
9d0cea67338db2e97b58f30e25c702aaeaa41ea0f480a5b2b0c8e9d2935e4ae65c10b1186507a5bcd86540c6b333b5856fe0902146e1a9ce57cd4ed0eb67d959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f
Filesize
107KB

MD5
36fe1a732c58b0925c88e9f5516a5783

SHA1
5c442ceeefb55696f32e57c79899ddf6385f5643

SHA256
257a3b8ba1825a852b21df00c49e77d09fdcbcab5a24c92f671ac004f770b0e9

SHA512
f44dfb9e71ef980dacc6e0d8a3231ffb412eafeb734502bbc11fb919ed6e3ce944f21d97918cf50c52aa049a6306c501167940d2edf941084d81be6a76216c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030
Filesize
613KB

MD5
117a24f8df93cb18f513ca58d426ad41

SHA1
cfc25336c98be31856a0d4a064c9119033a95ea8

SHA256
6914dd9ba2bdc56c2dc31ffa487b61b71240d238445d99d1cfd1ff395dc0692d

SHA512
406bfcf17969f06e17dab79005db344ea3bf6bfde4a0891fd4314aebf7e0f21e49364a7c4c3a160908b9f5d2dba6c93ed481ce32139cb7d17540f0eb84aa8285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031
Filesize
35KB

MD5
aef13a646c7327cbd4a6d3bcebb034db

SHA1
7d9ee720386efcddc69c6d6f810732f5debfd067

SHA256
e22cf8b805411472bc63a30289ad2fddf603a0d4fb1f7ad6ba5a72511da75412

SHA512
ded8aad01610fd13228905f618dc5f6954fc4a175f4ddafb681bb504b1990d75b6c00d55907f8b25ee8aefbe35fbcd3966dd5de8d69351c83bc725ff554416b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
624B

MD5
dd46696e9c86a9c8863b797f4a0b8b59

SHA1
c22abade8b94267079e61630e6cf8fe8577b2b26

SHA256
cbda9d917aa899860172afdf2b2f820d065e435ebe541eb6be4fa8c356aa9116

SHA512
42a89f00e4b9c27c19d9031a6789f116fbffd07b3126a767905d02330a43f70f1576364fd1e6cd6e5716785e97aba7782a7e9892bcbd9905ee21fcae89681b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5b0bf3.TMP
Filesize
48B

MD5
1601b41ff968f1887071e3dcbc9d30d5

SHA1
b0f45de2cdbfd7a1305c107ecac8910a972d06af

SHA256
bbdedaeecdfb0d391242b5fa49a855ee5b70cd74b107b4459b8f2e2c718221f7

SHA512
9ed83eea1fcec800f97136c0f7af704448cf11497e2d45bdebbf254b3de4141167f955ded228d69c7ba3107cd0977908f8d9bd87212aa4903b9404c8fff930af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
9748d5777cb9e11e8d73005db707e87b

SHA1
7fe0cbd84358b1e930b97bab215c76c4d14020f1

SHA256
4e1d6450778822a937d778cb5887fd3386390ec5159a8a413b0aeef01908aaf0

SHA512
2698a358e1c59a865c9160abd9952bab6b1f6deed8d6b726ba3dc265bb184606ced698f3834da614aea47be0f271881339da28a52f1fd9581b993ef169a0a505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
8KB

MD5
65aff87598c282c5a6bc0765b0770280

SHA1
f3cf6297a41041b1badbb575a3d0fa4158b2cae2

SHA256
7860ff7f53fb25d1cb7a6e6a6ae155e62f0266e7bc348c61fd4a1f261a0c4e66

SHA512
52209715917b3e5ebafc5e9b22bede77e41be1dcd79b9e25fed9332443ac1e32b818d6007d740f1360e45a72142adc89c79f2d5a2d3efd531b67710e56ea7bf6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
3c54acedf0d51181fafa717231ea97ee

SHA1
0870d32c60576a5cc364c4164e8489b3f74a5a88

SHA256
2940ae94947b6c07d660ceba998ea27d09919aab766262bd1089ddf0e0e41886

SHA512
ea100426aa480d918d149a37f5010ddd588e5d3fb35cb79939c097b2dd23d5310bbe1e1c1fec11abc7220d74e66540590cb996b1dca040462f6c54c9d00d3f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
7dfd4c2484c7fe2fb7307f53bc50bd47

SHA1
b76b962e5545fb67fa9e6fcf4cf5770f964f61db

SHA256
6bc2cab4393a302a702903cf50ecc41e09a6362ddb0f80625961cceff7dfc308

SHA512
b13be5ba3f259c456ab9b8f34f73673658ac17eabf40ffe3730770ffbf40491e56f71eb16afee31f68730f2b9292db80e84f0ebd0e51fa4f6795d6efe2386e11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
bdc1aa0f7d62d4bfbf8e0e829f87e6b7

SHA1
9b40970e90860138b98a968fe6050020d0fafe17

SHA256
043688aabd3be3f5647ca3568e80fcb3cdb6fa14d2d773461a0213c5e577673a

SHA512
dd6acc9526932b822765d7ea4ea00347ff74abd3b88d7f4204f10e1e10d26cc66edf37f48202ee7c8e6e1b5d2c000b0a8954f0c6dec6cff4325e6a533f4efdaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
263f160eb94364bbeb8b64d944d6cb07

SHA1
9a45b5a7917bd0e6f992ff6ef7a31e407da59b6e

SHA256
d1de26e3353b2bbe9dcae683a8c2b9141710b5be8cec4f32028790aee70bc385

SHA512
a9b4fd777998134be7702f47a11502f44ce8430bf5b5f52cdb00a00c9874b6da00ac650c245dbae3226f60bbdf72513a23293bac520756d81accb9d5557e71f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
0affc7ad08538cea345180ecdfec501a

SHA1
42e6632a2679e6244d657c60b6a716259dfff8a6

SHA256
d7a60982c35ca1f62a5fee2512fbc0d7d9273a833f87e139b28cc4c594a02865

SHA512
1052bce59a72e5149d5b811f8873a20c1e8b138445478b7f28f7f0d59bd19ab42ebb96513c291a3d122d375d0c75d8a849cddd190d567f1bd5d6e46b8dba7241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
13KB

MD5
b6126afb9fa27197fb6db95b503c5d9f

SHA1
4d532c35fd8601f9951a3ca33b00e399c358e8e5

SHA256
c5629045cb9a5cd836bf4ad1109d35e76d9e4d395ea6593afb7ac592d03bbe86

SHA512
3b2d195db5a545839c67a4a05469217f3607d5920e25f43ff97f250bce289b881a2a9843656bee331e883511a95de5b09a5520f0699ecb48ed2a7d5a46196644

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
12KB

MD5
5a778653816d38c7196990bbfeadb6e8

SHA1
cdc91b2a5bc63dba53d0001871791ad4ceca7e39

SHA256
71564b4174368e01687655a4ccd13e957d816ec6890e653cd25e7d0998b2f945

SHA512
46632fdbdc8377ae29879e7386bd1e5be32421e6bcfcf7902b53aa6e21ad7cb3b93adae196b2ca5e972804dce8cf27a75fa0d3f878ebcc9829c4e50d21535c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5b9e30.TMP
Filesize
90B

MD5
ceff1660edad8bd621970262a63d0229

SHA1
4718e522c0e6e4ee841b443ab0051a0a5691ad78

SHA256
db699ae1c918c6a4052d8d43d61399643c26e249079e4f83ff1b9107e53c08f1

SHA512
562be3c35541e857fa929a2e61168b4d336978f492975348eda5321c85d31672849abd68f6a167ce92f67fad9721d6fcf1f470e4caec7e1e2002f1361609b4c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
9b091916697d5c5bddc2dc31436c3c7e

SHA1
d107ffdb4490cc3a6bb58f3546a1662d2b9a4d53

SHA256
81586ebfe320c0d00984bcb7b8310721e497f995ce9fb6b0b32afe45e8f69d18

SHA512
e5f033ab0885f7553f1975f8b342166793a7472e4fb52944787c1ac4c0c159fcf54ab4f19a7ce6a66fa3c9ba6492156cf903a71226c3f8e9c9d160f6b18c1042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
7fd4882c0358c0a3f08366b2885e6aa0

SHA1
6797a9bfb553a9d6831473cd230c7c7966f4dbd1

SHA256
8616134764f0f2500b1f42d668fa3d7a58d75f0cd4fdd09e72234a1f7d064891

SHA512
e6b39a65e2f0901d50101d5cd17ed16c2380a19c37be3b9b8b5b5320e94bdd47670af66bcec4a459e1da066fff672494f63bc0f7dbde223e09f56300ad70ab7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
3KB

MD5
777f311ef1ec30af42bc66f28cdd7973

SHA1
b5d104740155539192f2708367d7de6bc92df438

SHA256
e71f9a20b13ebee025355e581931aefd0f9ac3cc95e01d47ecc6352812a0b6e0

SHA512
e0eabb7b67435c1105b532b3378e86a3cd4e73459ca08e2d15944973c201744bedad11f8f7538ef421644bc3a4733ed5d2413c3d1aeeaaf5547be09212e0fd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
4KB

MD5
1afae240a8f85c806567c9ba0b0e6307

SHA1
afeb4e7550b883280114386cfaa370c027d489e6

SHA256
07e3e174e1bcd6c936d8cdbab64571cbac6fa05bd723b49d2d09061b0b1fffa6

SHA512
7835a2ff24e7ded1f4d058a07652703ab4aaca80b784a24cdc327d244b71c67761f938812e8be007ef63233a3799aa1de91ecaa4467961b3d1876e73df4d1e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5aae52.TMP
Filesize
3KB

MD5
a0dee725a198527aff81b2469900e0f7

SHA1
d1674bb407e8da92fc03383658242c9b9b06b4d8

SHA256
899f134cdc3a2442a19ec59fb52f7390a5e8220cbc35d876ec8f5dbe22e7f7e1

SHA512
f1d77cc74a295041b7968cdae4114a030605fa8aa0be7423d83014e467b1e2f98fad261fbcc626b062f23ea1da8df16f7844fdee65512f2474c63cb70c2c5a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
e367aece21b6c4beeadd5d3259841886

SHA1
0e3993c45cb3e32d396a02bba4b5eca69b575c9e

SHA256
44bea8d5dfdecd9fa3e8f30f0576bc133352f4a16b975db8e7670c2908d5acc6

SHA512
03ef82e2bb64242604ecaf879d14fb50627f69c6ef36bfce27f18b4b2350737144668be717372d6d4ac67b77bdc497990a6eaa16b54f9baaa5ad663d7bb5aab4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
722967ffe24c211784f9337fe5dbe6a6

SHA1
ed46d599e340c6497a709a7372dff68a350ba8d1

SHA256
14626a48bcecf475b77cba2b2df805fd399d9544ffe6f303fe275b682caa98f3

SHA512
7e10b2f3d682577cfdc3160501db14d055aeb805dba49b3ddde8a1c24006534ef337afcfd7715ef44c0193efba518cad6c0d1de9b946a53bfaa21df9b5e92d7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
6e295b7e668437a1b6ba4f00c15f1a6b

SHA1
5aa073a27812ed2210c288f882b0cb0bb60049c8

SHA256
4504e884f662136cfe933967e7bd6a0d1cf613eb204f88698a864fcd4384a3e5

SHA512
7d8a96b57fbbee27a4b69ca20d68e411552368434ff481df8ee2419e4143a4e819ae15088e37511f456c6730adb86b234ff1211132648b0476f0def50a4b97dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8244da4d9bbea27165c79418cd4e792b

SHA1
8fef7079fb0d35763b53d9a99030517534ec748d

SHA256
cae5757e640c2504b8bfadfa4430935f9c287fdd0e39cbbbba3c2cbfd9b23544

SHA512
4536a3b58db414ff0130e5af7754c655c25a49e8cb09eed5c65c3887ea9ef864a473a44b9a21b0b53d0bf61705e030d94c032a6621c30a38856464c3e7b05d4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
8155c9dc811983acb6629904b9d4cce0

SHA1
8ac33c4edbc2e3c7f03c3e96a8f0556eb1471aa3

SHA256
2dd381d63fe9017b8a19698b52d2cc7d536c0a1c8ad9116d0849631725d3e510

SHA512
2913bcb5178d32a898d9ef3c96e5184db237b2c012531d5035f14feed874e5fd331074b5fc796d032c738efc5509da10c5565aa2d8f35b0b10f733c85d956c40

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
38b70d56f16fbf0abbdee647c2cb3756

SHA1
725e8df889044658596f7ca8f3fcc6061d976294

SHA256
ff92026573cd6e27a74280bc143500e039f659c36ab452d7376eb0516a8edd0f

SHA512
58e0b6123c643855a82cc895a2c2deaf952adc284d77b7b83e7d0feca90a5b5f0885008b0cfcea5f36c6d56d99fa93756a0fc55e07d8f3771eb94faa14df934d

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1).zip
Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_3232_DZKGCJCZUNABQHCW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4956_TDAZAFZAECUBPYEP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/6004-942-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-943-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-929-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-924-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-923-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-930-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-940-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-922-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-941-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download
memory/6004-928-0x0000000008760000-0x0000000008761000-memory.dmp

Filesize
4KB

Download