cerber | 593a5b367baa6b9f70709df1a01b361a88e99da7ce89fa55ad3dacec4cc8acea

Analysis

max time kernel
574s
max time network
579s
platform
windows10-2004_x64
resource
win10v2004-20231020-en
resource tags

arch:x64arch:x86image:win10v2004-20231020-enlocale:en-usos:windows10-2004-x64system
submitted
26/11/2023, 19:04

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Batcc_permm.exe
Size

3.9MB
MD5

316066f39ae143d8223277aa14a44f2e
SHA1

f31c203bd986252ae939af3905643046b13ffbd8
SHA256

593a5b367baa6b9f70709df1a01b361a88e99da7ce89fa55ad3dacec4cc8acea
SHA512

f34f6addaeb0a2bcabc7c6c65b3252ecde63556c66fc46287a900b70e2b84d277f246a96a9ffe7d2b542c92d154da1372ec526c8980e0d24213c9ebf86eb2fee
SSDEEP

98304:kHalpo3dMT2/pCPua5bxt9TeJ/QJNBSUbhFS6kTUytwP5hW:EdMT2/pYui9jBJraUbC

Score

10^/10

cerber evasion ransomware themida trojan

Malware Config

Signatures

Cerber 30 IoCs

Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.

ransomware cerber

description	ioc	pid	Process
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
		2112	taskkill.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe
		2936	taskkill.exe
Mutant created	AFUWIN.{5b5b8120-cd0e-11d9-b61b-0001294c3bd8}		zhjers.exe

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	Batcc_permm.exe

Stops running service(s) 3 TTPs
evasion

Windows Service
T1543.003

Impair Defenses
T1562

Service Stop
T1489

Checks BIOS information in registry 2 TTPs 2 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	Batcc_permm.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	Batcc_permm.exe

Executes dropped EXE 34 IoCs

pid	Process
1964	zhjers.exe
996	zhjers.exe
3936	zhjers.exe
3516	zhjers.exe
3084	zhjers.exe
1792	zhjers.exe
3620	zhjers.exe
4840	zhjers.exe
3360	zhjers.exe
4072	zhjers.exe
5028	zhjers.exe
3172	zhjers.exe
2812	zhjers.exe
4416	zhjers.exe
2932	vdfjdisfudasu.exe
3576	vdfjdisfudasu.exe
4080	vdfjdisfudasu.exe
804	zhjers.exe
3628	zhjers.exe
3244	zhjers.exe
4072	zhjers.exe
1712	zhjers.exe
2556	zhjers.exe
984	zhjers.exe
400	zhjers.exe
2944	zhjers.exe
2920	zhjers.exe
4668	zhjers.exe
2860	zhjers.exe
3600	zhjers.exe
4880	zhjers.exe
1016	vdfjdisfudasu.exe
216	vdfjdisfudasu.exe
556	vdfjdisfudasu.exe

Themida packer 15 IoCs

Detects Themida, an advanced Windows software protection system.

themida

resource	yara_rule
behavioral1/memory/1324-0-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-2-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-3-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-4-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-5-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-6-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-7-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-8-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-9-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-10-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-540-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-805-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-1323-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-1351-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida
behavioral1/memory/1324-1920-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp	themida

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	Batcc_permm.exe

Looks up external IP address via web service 2 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
140	api.ipify.org
141	api.ipify.org

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\System32\vdfjdisfudasu.exe	Batcc_permm.exe
File created	C:\Windows\System32\zhjers.exe	Batcc_permm.exe
File created	C:\Windows\System32\AMIFLDRV64.SYS	Batcc_permm.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
1324	Batcc_permm.exe
1324	Batcc_permm.exe

Launches sc.exe 1 IoCs

Sc.exe is a Windows utlilty to control services on the system.

pid	Process
5008	sc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 5 IoCs

evasion

pid	Process
2936	taskkill.exe
2804	taskkill.exe
4512	taskkill.exe
1180	taskkill.exe
2112	taskkill.exe

Modifies data under HKEY_USERS 17 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "167"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133454991222388797"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3811856890-180006922-3689258494-1000\{F7CC8210-A0B8-4F85-A1FD-CA7F2DA3D4B0}	chrome.exe

Modifies registry key 1 TTPs 12 IoCs

Modify Registry

T1112

pid	Process
3836	reg.exe
4440	reg.exe
4864	reg.exe
5008	reg.exe
1268	reg.exe
3540	reg.exe
3208	reg.exe
2724	reg.exe
4016	reg.exe
556	reg.exe
4804	reg.exe
804	reg.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
1324	Batcc_permm.exe
4940	chrome.exe
4940	chrome.exe
4268	chrome.exe
4268	chrome.exe
2464	msedge.exe
2464	msedge.exe
4020	msedge.exe
4020	msedge.exe
4524	identity_helper.exe
4524	identity_helper.exe

Suspicious behavior: LoadsDriver 27 IoCs

pid	Process
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found
660	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 53 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2112	taskkill.exe
Token: SeDebugPrivilege	2936	taskkill.exe
Token: SeDebugPrivilege	2804	taskkill.exe
Token: SeDebugPrivilege	4512	taskkill.exe
Token: SeDebugPrivilege	1180	taskkill.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe
Token: SeCreatePagefilePrivilege	4940	chrome.exe
Token: SeShutdownPrivilege	4940	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4940	chrome.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4940	chrome.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe
4020	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
1480	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1324 wrote to memory of 5112	1324	Batcc_permm.exe	88
PID 1324 wrote to memory of 5112	1324	Batcc_permm.exe	88
PID 5112 wrote to memory of 2112	5112	cmd.exe	89
PID 5112 wrote to memory of 2112	5112	cmd.exe	89
PID 1324 wrote to memory of 740	1324	Batcc_permm.exe	91
PID 1324 wrote to memory of 740	1324	Batcc_permm.exe	91
PID 740 wrote to memory of 2936	740	cmd.exe	92
PID 740 wrote to memory of 2936	740	cmd.exe	92
PID 1324 wrote to memory of 2728	1324	Batcc_permm.exe	93
PID 1324 wrote to memory of 2728	1324	Batcc_permm.exe	93
PID 2728 wrote to memory of 5008	2728	cmd.exe	94
PID 2728 wrote to memory of 5008	2728	cmd.exe	94
PID 1324 wrote to memory of 4400	1324	Batcc_permm.exe	95
PID 1324 wrote to memory of 4400	1324	Batcc_permm.exe	95
PID 4400 wrote to memory of 2804	4400	cmd.exe	96
PID 4400 wrote to memory of 2804	4400	cmd.exe	96
PID 1324 wrote to memory of 3008	1324	Batcc_permm.exe	97
PID 1324 wrote to memory of 3008	1324	Batcc_permm.exe	97
PID 3008 wrote to memory of 4512	3008	cmd.exe	98
PID 3008 wrote to memory of 4512	3008	cmd.exe	98
PID 1324 wrote to memory of 2616	1324	Batcc_permm.exe	99
PID 1324 wrote to memory of 2616	1324	Batcc_permm.exe	99
PID 2616 wrote to memory of 1180	2616	cmd.exe	100
PID 2616 wrote to memory of 1180	2616	cmd.exe	100
PID 1324 wrote to memory of 3148	1324	Batcc_permm.exe	104
PID 1324 wrote to memory of 3148	1324	Batcc_permm.exe	104
PID 1324 wrote to memory of 792	1324	Batcc_permm.exe	105
PID 1324 wrote to memory of 792	1324	Batcc_permm.exe	105
PID 792 wrote to memory of 2324	792	cmd.exe	107
PID 792 wrote to memory of 2324	792	cmd.exe	107
PID 792 wrote to memory of 852	792	cmd.exe	108
PID 792 wrote to memory of 852	792	cmd.exe	108
PID 792 wrote to memory of 4396	792	cmd.exe	109
PID 792 wrote to memory of 4396	792	cmd.exe	109
PID 1324 wrote to memory of 3784	1324	Batcc_permm.exe	110
PID 1324 wrote to memory of 3784	1324	Batcc_permm.exe	110
PID 1324 wrote to memory of 3360	1324	Batcc_permm.exe	111
PID 1324 wrote to memory of 3360	1324	Batcc_permm.exe	111
PID 4940 wrote to memory of 1688	4940	chrome.exe	116
PID 4940 wrote to memory of 1688	4940	chrome.exe	116
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117
PID 4940 wrote to memory of 3056	4940	chrome.exe	117

C:\Users\Admin\AppData\Local\Temp\Batcc_permm.exe
"C:\Users\Admin\AppData\Local\Temp\Batcc_permm.exe"
1⤵
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks whether UAC is enabled
- Drops file in System32 directory
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1324
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerUI.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:5112
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerUI.exe
    3⤵
    - Cerber
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2112
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /f /im HTTPDebuggerSvc.exe >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:740
- - C:\Windows\system32\taskkill.exe
    taskkill /f /im HTTPDebuggerSvc.exe
    3⤵
    - Cerber
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c sc stop HTTPDebuggerPro >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2728
- - C:\Windows\system32\sc.exe
    sc stop HTTPDebuggerPro
    3⤵
    - Launches sc.exe
    PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4400
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq cheatengine*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:2804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3008
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq httpdebugger*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:4512
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T >nul 2>&1
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2616
- - C:\Windows\system32\taskkill.exe
    taskkill /FI "IMAGENAME eq processhacker*" /IM * /F /T
    3⤵
    - Kills process with taskkill
    - Suspicious use of AdjustPrivilegeToken
    PID:1180
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3148
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Batcc_permm.exe" MD5 | find /i /v "md5" | find /i /v "certutil"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:792
- - C:\Windows\system32\certutil.exe
    certutil -hashfile "C:\Users\Admin\AppData\Local\Temp\Batcc_permm.exe" MD5
    3⤵
    PID:2324
- - C:\Windows\system32\find.exe
    find /i /v "md5"
    3⤵
    PID:852
- - C:\Windows\system32\find.exe
    find /i /v "certutil"
    3⤵
    PID:4396
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:3360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1940
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3412
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3952
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3968
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:4808
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:2400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4928
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Disks:
  2⤵
  PID:672
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic diskdrive get model, serialnumber
  2⤵
  PID:2008
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic diskdrive get model, serialnumber
    3⤵
    PID:4028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo CPU:
  2⤵
  PID:4732
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get serialnumber
  2⤵
  PID:2112
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get serialnumber
    3⤵
    PID:540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo BIOS:
  2⤵
  PID:4192
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic bios get serialnumber
  2⤵
  PID:2428
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic bios get serialnumber
    3⤵
    PID:4464
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Motherboard:
  2⤵
  PID:4052
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic baseboard get serialnumber
  2⤵
  PID:3128
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic baseboard get serialnumber
    3⤵
    PID:4996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Bios UUID:
  2⤵
  PID:3588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic path win32_computersystemproduct get uuid
  2⤵
  PID:3708
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic path win32_computersystemproduct get uuid
    3⤵
    PID:640
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Mac:
  2⤵
  PID:4820
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c getmac
  2⤵
  PID:612
- - C:\Windows\system32\getmac.exe
    getmac
    3⤵
    PID:3528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:4452
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:3724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2528
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c start https://docs.google.com/document/d/12hlKTtxy_X65oSvI37fizynWqKKp8c0OnkYglbxb2X0/edit?usp=sharing
  2⤵
  PID:4848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://docs.google.com/document/d/12hlKTtxy_X65oSvI37fizynWqKKp8c0OnkYglbxb2X0/edit?usp=sharing
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4020
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x40,0x128,0x7ffe032946f8,0x7ffe03294708,0x7ffe03294718
      4⤵
      PID:3216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2256 /prefetch:2
      4⤵
      PID:3236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:2464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2880 /prefetch:8
      4⤵
      PID:1480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:1504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
      4⤵
      PID:2520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
      4⤵
      PID:732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
      4⤵
      PID:1780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
      4⤵
      PID:3952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,17013186363024198913,4842896958901090502,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
      4⤵
      PID:792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:5068
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3624
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /SU auto
  2⤵
  PID:5084
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /SU auto
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:1964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /SS "To be filled by O.E.M"
  2⤵
  PID:1640
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /SS "To be filled by O.E.M"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /BS "To be filled by O.E.M"
  2⤵
  PID:4524
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /BS "To be filled by O.E.M"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3936
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /PSN "Unknown"
  2⤵
  PID:3208
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /PSN "Unknown"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3516
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /CS "To be filled by O.E.M"
  2⤵
  PID:1824
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /CS "To be filled by O.E.M"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /SK "To be filled by O.E.M"
  2⤵
  PID:1784
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /SK "To be filled by O.E.M"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:1792
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /SF "To be filled by O.E.M."
  2⤵
  PID:1808
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /SF "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3620
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /BT "To be filled by O.E.M."
  2⤵
  PID:2172
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /BT "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:4840
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /BLC "To be filled by O.E.M."
  2⤵
  PID:3972
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /BLC "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3360
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /CA "To be filled by O.E.M."
  2⤵
  PID:2984
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /CA "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /CSK "To be filled by O.E.M."
  2⤵
  PID:4580
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /CSK "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:5028
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /IVN "American Megatrends International, LLC."
  2⤵
  PID:1712
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /IVN "American Megatrends International, LLC."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3172
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /ID 06/27/23
  2⤵
  PID:3980
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /ID 06/27/23
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:2812
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /IV "A.F0"
  2⤵
  PID:1044
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /IV "A.F0"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:4416
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\vdfjdisfudasu.exe C:\ 1C6E-93E4
  2⤵
  PID:1096
- - C:\Windows\System32\vdfjdisfudasu.exe
    C:\Windows\System32\vdfjdisfudasu.exe C:\ 1C6E-93E4
    3⤵
    - Executes dropped EXE
    PID:2932
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\vdfjdisfudasu.exe D:\ 1B9B-2091
  2⤵
  PID:2776
- - C:\Windows\System32\vdfjdisfudasu.exe
    C:\Windows\System32\vdfjdisfudasu.exe D:\ 1B9B-2091
    3⤵
    - Executes dropped EXE
    PID:3576
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\vdfjdisfudasu.exe E:\ 7CE9-36BC
  2⤵
  PID:4896
- - C:\Windows\System32\vdfjdisfudasu.exe
    C:\Windows\System32\vdfjdisfudasu.exe E:\ 7CE9-36BC
    3⤵
    - Executes dropped EXE
    PID:4080
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d %random%%random%-%random%-%random%-%random% /f
  2⤵
  PID:3184
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 381326524-15919-14079-15078 /f
    3⤵
    - Modifies registry key
    PID:1268
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d %random%%random%-%random%-%random%-%random% /f
  2⤵
  PID:1428
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 381326524-15919-14079-15078 /f
    3⤵
    - Modifies registry key
    PID:3540
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d %random%%random% /f
  2⤵
  PID:3516
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 381326524 /f
    3⤵
    - Modifies registry key
    PID:3208
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallTime /t REG_SZ /d %random% /f
  2⤵
  PID:4864
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallTime /t REG_SZ /d 3813 /f
    3⤵
    - Modifies registry key
    PID:2724
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildLabEx /t REG_SZ /d %random% /f
  2⤵
  PID:4436
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildLabEx /t REG_SZ /d 3813 /f
    3⤵
    - Modifies registry key
    PID:3836
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {%random%%random%-%random%-%random%-%random%%random%} /f
  2⤵
  PID:1780
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {381326524-15919-14079-1507830812} /f
    3⤵
    - Modifies registry key
    PID:556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic computersystem where name=%computername% call rename=%random%
  2⤵
  PID:1788
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic computersystem where name=QOLMEYBB call rename=3813
    3⤵
    PID:3460
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3420
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3532
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:1644
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:2776
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4964
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Disks:
  2⤵
  PID:60
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic diskdrive get model, serialnumber
  2⤵
  PID:4220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo CPU:
  2⤵
  PID:1016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic cpu get serialnumber
  2⤵
  PID:2484
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic cpu get serialnumber
    3⤵
    PID:1076
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo BIOS:
  2⤵
  PID:3184
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic bios get serialnumber
  2⤵
  PID:4524
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic bios get serialnumber
    3⤵
    PID:1344
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Motherboard:
  2⤵
  PID:5084
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic baseboard get serialnumber
  2⤵
  PID:5048
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic baseboard get serialnumber
    3⤵
    PID:1824
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Bios UUID:
  2⤵
  PID:1780
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic path win32_computersystemproduct get uuid
  2⤵
  PID:1984
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic path win32_computersystemproduct get uuid
    3⤵
    PID:4356
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c echo Mac:
  2⤵
  PID:872
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c getmac
  2⤵
  PID:4852
- - C:\Windows\system32\getmac.exe
    getmac
    3⤵
    PID:4496
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c pause
  2⤵
  PID:996
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:1248
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3884
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:4012
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c color 0a
  2⤵
  PID:1588
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:828
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /SU auto
  2⤵
  PID:740
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /SU auto
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /SS "To be filled by O.E.M"
  2⤵
  PID:5104
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /SS "To be filled by O.E.M"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /BS "To be filled by O.E.M"
  2⤵
  PID:996
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /BS "To be filled by O.E.M"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3244
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /PSN "Unknown"
  2⤵
  PID:1248
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /PSN "Unknown"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /CS "To be filled by O.E.M"
  2⤵
  PID:2632
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /CS "To be filled by O.E.M"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:1712
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /SK "To be filled by O.E.M"
  2⤵
  PID:1808
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /SK "To be filled by O.E.M"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:2556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /SF "To be filled by O.E.M."
  2⤵
  PID:4616
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /SF "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:984
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /BT "To be filled by O.E.M."
  2⤵
  PID:2528
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /BT "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:400
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /BLC "To be filled by O.E.M."
  2⤵
  PID:1276
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /BLC "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:2944
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /CA "To be filled by O.E.M."
  2⤵
  PID:112
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /CA "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:2920
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /CSK "To be filled by O.E.M."
  2⤵
  PID:4092
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /CSK "To be filled by O.E.M."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:4668
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /IVN "American Megatrends International, LLC."
  2⤵
  PID:3140
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /IVN "American Megatrends International, LLC."
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:2860
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /ID 06/27/23
  2⤵
  PID:220
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /ID 06/27/23
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:3600
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\zhjers.exe /IV "A.F0"
  2⤵
  PID:2856
- - C:\Windows\System32\zhjers.exe
    C:\Windows\System32\zhjers.exe /IV "A.F0"
    3⤵
    - Cerber
    - Executes dropped EXE
    PID:4880
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\vdfjdisfudasu.exe C:\ 6CC3-B81A
  2⤵
  PID:3548
- - C:\Windows\System32\vdfjdisfudasu.exe
    C:\Windows\System32\vdfjdisfudasu.exe C:\ 6CC3-B81A
    3⤵
    - Executes dropped EXE
    PID:1016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\vdfjdisfudasu.exe D:\ 3A2F-9A87
  2⤵
  PID:1428
- - C:\Windows\System32\vdfjdisfudasu.exe
    C:\Windows\System32\vdfjdisfudasu.exe D:\ 3A2F-9A87
    3⤵
    - Executes dropped EXE
    PID:216
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\vdfjdisfudasu.exe E:\ AEC3-8C82
  2⤵
  PID:4260
- - C:\Windows\System32\vdfjdisfudasu.exe
    C:\Windows\System32\vdfjdisfudasu.exe E:\ AEC3-8C82
    3⤵
    - Executes dropped EXE
    PID:556
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d %random%%random%-%random%-%random%-%random% /f
  2⤵
  PID:1780
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Cryptography /v MachineGuid /t REG_SZ /d 402226294-12346-14035-19851 /f
    3⤵
    - Modifies registry key
    PID:4440
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d %random%%random%-%random%-%random%-%random% /f
  2⤵
  PID:3596
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v ProductId /t REG_SZ /d 40254275-30210-5331-30165 /f
    3⤵
    - Modifies registry key
    PID:4804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d %random%%random% /f
  2⤵
  PID:1344
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallDate /t REG_SZ /d 40254275 /f
    3⤵
    - Modifies registry key
    PID:4864
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallTime /t REG_SZ /d %random% /f
  2⤵
  PID:848
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v InstallTime /t REG_SZ /d 4025 /f
    3⤵
    - Modifies registry key
    PID:5008
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildLabEx /t REG_SZ /d %random% /f
  2⤵
  PID:2244
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SOFTWARE\Microsoft\Windows" "NT\CurrentVersion /v BuildLabEx /t REG_SZ /d 4025 /f
    3⤵
    - Modifies registry key
    PID:4016
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {%random%%random%-%random%-%random%-%random%%random%} /f
  2⤵
  PID:5036
- - C:\Windows\system32\reg.exe
    REG ADD HKLM\SYSTEM\CurrentControlSet\Control\IDConfigDB\Hardware" "Profiles\0001 /v HwProfileGuid /t REG_SZ /d {40254275-30210-5331-3016523905} /f
    3⤵
    - Modifies registry key
    PID:804
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c wmic computersystem where name=%computername% call rename=%random%
  2⤵
  PID:740
- - C:\Windows\System32\Wbem\WMIC.exe
    wmic computersystem where name=QOLMEYBB call rename=4025
    3⤵
    PID:3628
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:2372
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c C:\Windows\System32\shutdown /r /t 0
  2⤵
  PID:1196
- - C:\Windows\System32\shutdown.exe
    C:\Windows\System32\shutdown /r /t 0
    3⤵
    PID:4072
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c cls
  2⤵
  PID:3868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffdf3ba9758,0x7ffdf3ba9768,0x7ffdf3ba9778
  2⤵
  PID:1688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1672 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:2
  2⤵
  PID:3056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:3664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3176 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4648 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:1180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3764 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:1192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4964 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:4228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:3880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4028 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:3216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5596 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=2700 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5628 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5592 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=3504 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=2700 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:3596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5504 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5780 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=4800 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5896 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5560 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1644 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6200 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=4056 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=3256 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6068 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3712
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6380 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6368 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:1468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3332 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5820 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=3476 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4704 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=6176 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=5140 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3200 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:1976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6576 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=3980 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4060 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3228 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=4148 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=6608 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=6768 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=6288 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=3452 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3464 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=7028 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:2280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=3916 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=6864 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=4744 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7012 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2172
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=7160 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6924 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=5376 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6036 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:3528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6808 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=4648 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=1640 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:2064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=5208 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=5700 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=5072 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=5396 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=7056 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=6976 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3404 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:4996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6304 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:1964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=6360 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=5780 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=6952 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4708 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=6896 --field-trial-handle=1904,i,12981586970379618968,6956472886064472317,131072 /prefetch:8
  2⤵
  PID:1908

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4848

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2492

C:\Windows\System32\Wbem\WMIC.exe
wmic diskdrive get model, serialnumber
1⤵
PID:928

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38fc055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:1480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Create or Modify System Process

T1543

Windows Service

T1543.003

Privilege Escalation

Create or Modify System Process

T1543

Windows Service

T1543.003

Defense Evasion

Impair Defenses

T1562

Modify Registry

T1112

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Service Stop

T1489

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
57KB

MD5
b53a1fc454aa63424e5c225ccaa85cbe

SHA1
0b844f1bbd43a6b09deae2d7e68de17478c76435

SHA256
2d2b14cefc3044acd7738632eaad89ca61316144c2e6cdbb6b64b7a5339bd580

SHA512
823566f4a2cb53c30bab2de57b67600fb6f658eedb31c703acce3df52d5ef4f76cd00d955f97190b2e4cbfdea8ebee7533ebd5dc3afa134453f26a35edbc603d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
27KB

MD5
638a4990025383a0f83ebf29bdb84a68

SHA1
153e8818dc42f598e47fde8cf398f1447649a4d0

SHA256
878e34b89800bb271d3588e526eb3598eb3822e263f3bdaf53645847d39d0ad6

SHA512
59a505fa1a3bea1511e8fed16dced733299928b4081665d3e3fa4fc71d6f0ed0b09934805f442bf190c9093937e1494ac938167f9beaca0223243703f73efe87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
21KB

MD5
44129a82842153ef9b965abfb506612a

SHA1
c0964eb2ee1a76d48e4e09e31915415d74e18bbc

SHA256
8a3908fb32a414703eff3e435566b1e5598eb3a5d50c500e70eb1a5c20d003d7

SHA512
77d149f19343d765834f2bcaa02bc160c75bd42db1fc431aba87f78257a83c4c8a7e5953c247cb7cbbaf4ae44ace269eb0a5194dfd7489d66f69489ce5dd78d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
617KB

MD5
30ee031a5a48feddf3fba9f334d46f5a

SHA1
6ce18805ec510f69631e3e09f94652e579d69ad6

SHA256
2b84f47391e6b5841c18d916f3a184d3dc38895d6f6e48d1440ca9c94571ee99

SHA512
1064f35fee97d905ae25ff59e16c9c19217e0234f1be43356c9192fec197046e852101056fcbd72292518d1e4cdafe01b93dd1716b31e82305c5a9098f992ea6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
66KB

MD5
04fd3bf6183767d78cbd4306fe8071fd

SHA1
49f72ebe102c4fc4f45791cae84d0c2e51e6aec1

SHA256
f68111d823de974a0b985ef898cc7e0b02a46183afc99351abd62c92bd0bfe68

SHA512
cb40ea5f7925437e750d03d5a4bcc1f3d8d3448335021946cf939050a298c838b523a0395430b055a4a3414a3ce05ff0fd2f45e859d6fdfbd4242af7e5d417f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
69KB

MD5
40f306aeed47033ebee476d23a868741

SHA1
6a0f8e96ae9ddb01beae818119d3e6b1071055e9

SHA256
ae851c65f517536ab4972a3c04236a0048101e100353841fe710319794f13990

SHA512
ecb9616c0f7fb8e78f42f5ff8ebe07e23c80f6a42eea41615a236118ac366e6aaaff28c09856d3f848632cd90712b2b1768b0f69e360684223bf13ab62a34837

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
75KB

MD5
295af656a244a30a4bfa31fa3910817f

SHA1
b578e59f7dd41403ca813eb1f35f3655e418b3b0

SHA256
0d9b264fd8b7aa2b88d38de59c2e7470e20f1124b389a9eb520bedadf526b93c

SHA512
cff09a34469f52108d00a388f2e3463c848021f3a02e429a358dc33de909a8ff234a9773ca98ddc06c8a5b0460a7243f987df1f7d6c80c6a40d42c31fd97cc4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
83KB

MD5
587bb2edf02ab8f2d7a99b80b6aa8c35

SHA1
53fd4eaefd0b34c03d8e9d37f84b090556a62309

SHA256
61882e80cade456de0aee9819ca0a08f99e68135906c4555e57d9efe78df2071

SHA512
c77baa6f8bc78376f91c17d0d1d4076cd7d42a958e0badb129ba9692a28d756f8fde55ff8f21a36728f2477ef1ac8afe247fdf2b27b863888a0d74dafe58e083

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
47KB

MD5
d8859fb602805d7ec0fa0e9df5e71257

SHA1
03c359d1c54e8a2e7d58ee4007d5b7736bbbc4f3

SHA256
86fbeb6f36246afd9ca11f2194121a92517bd40f570e136d8f086336d16d0068

SHA512
53a46650cf49cfbe0751bd390843a3b52c0faf73b3d6a22d0c75182716dc9c2cae6671523ce065eaf561dc07692b0b1027e39af78b372120ed002993bb7e040b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
37KB

MD5
3b0025a51b5b2dcf022cd417f2bb3f45

SHA1
86ab9844e57824be9c93f2d31efd14d43899bc10

SHA256
090f29844b4b6e70156071f64e17e1e1a099bf2df6ce0719fb367d6e60f978bf

SHA512
d4aedc714dfe766f66d695cc4be5d57f0ceb11ebab959ec9bc1f4eecc42df9e367376d869e35a3ee342bff91442f625a903df76051f0616c6467069683148593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
36KB

MD5
f58199dfc0de09820b4b08581b8b2049

SHA1
736e6183dc7291936b593c95332914cc9dfd8d4b

SHA256
7a1f0857695a81514a1589f75f600b599a99894f96164e4ff7cb4a453a6141ab

SHA512
8da779641a0963ec37f3e1c4b099bdf6020507bb18c9e6ad2532fc4534a9a8eb98cbf2d3e1fdf70ab5fea1c181efffd0b6a20b2a5021ce8ce2d389d8156ab559

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
48KB

MD5
ec5d553ed1c592ef6c64daaa94194358

SHA1
647f0de2ba6b511ceab755fbfb84a0cdf5d0ac6e

SHA256
47825a900e347c3ebe2ed17dba529d293ca8a3016faaad7ac8b3850df2fcf9f0

SHA512
2bd6127cb4ac72949bd136cd47b9646533e9bf224846a5cf7f3390d22b2d4c16873d12d6079e333e62a74c5e163842547cea631e12e7dd610cbfb39c908f999c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
29KB

MD5
c48dad5f984e1d7ecedb89e6e73e94a7

SHA1
843e55eddb99a9800d779cb9a860eb0a1b5e3821

SHA256
304476467e3fc9e244f8d986a405beee84da3e81646c64c8476d70e64e8c7ad7

SHA512
c78e81ceb18c94a0b8c95d2bf976a29278f2daf6c552404c34ae2613a98ba138453b431ccb0ab08ac4565633449fbd22f13e7b91a1c3721bb29c265650f390c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
50KB

MD5
cd2f3074326840d55a3c3ea1e99e83fe

SHA1
3a2e1d1a93506526ae3ed2b44d584af7771ff8d0

SHA256
9ec9f50ac6a5dfdf7ace0a047ab4e86a7f8ff297030f93f9b8b4e27c57fdaa51

SHA512
0685f7e50451e87f8d7d47f3373d653f7d6163ffa8ccd143a85b179d2c5c51cf494e8b5f7e561436c35bfb8ffb9304f0c49962a8bf7065830f0cc95281f4ae6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
125KB

MD5
a4160421d2605545f69a4cd6cd642902

SHA1
aaae93b146d97737fabe87a6bc741113e6899ad3

SHA256
4a4dbc62fa335e411b94a532be091c58c0c0c4fa731339f11722577d3cf6443b

SHA512
d2ba5c00c3b6c1fc58519768b0dcd23951e74c00fdd424ab4565e7c2dc9c6b8e8077dc75015d9158bfd12f4573a7feed6bc3fb16eec96785c356511c9551416f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000019

Filesize
27KB

MD5
0877ea7355d10966086547b998905bb6

SHA1
3c52763dfe0ef40e88cf4653c46bc2654cb967a8

SHA256
031561e2fd5ccac4f5c8d4d5389cbd9622f05484814aa4661f95c3db898ae731

SHA512
94bd69287f1d857d02bf7ccb8d62f404b3fb45831cbfd0e3be6b296418a3cd69f24d9dc8640ac3708386ded373ff214b77c4e549959efce952436ef36456f59f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001a

Filesize
24KB

MD5
a40e5b28148dfb6e9725c256b4921a38

SHA1
27488eca43c8628cba68db938d85eeacd7e69c75

SHA256
4b8b179366d287992d8a2b5dc63d1b9cb0770bdedf6afb816f9c74158b09d549

SHA512
fb650d4aa05b2ea491ccb96581182891208db228cdf5ca4f077a3bd4dd6cbf77684a84d1e3c85c34ace4ca754e6a20251f43221b0bbf8838f68a76665532fb9d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001b

Filesize
42KB

MD5
eb857000b0ba5eab2bee66faecebf05c

SHA1
21a7890ce8b4ab7a595a386e50db8febed1d904f

SHA256
e7d857759b99e85d17d350346e7fdd6221ebe91d61c22255d94b143cdc156447

SHA512
f10c5ab024bd00ae50d2f0f38accbebcd24ed3a9ba3c9c7f35740ae11976a46c5e41a45b18d4f8cb881dcd3b516a12f0b565d0fd075c440029abb1642a6d9c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
67KB

MD5
cf3f240ee4a2d9af64c91fd0ed1e4e79

SHA1
c702b39ab63c0615f710c03b6186c08361c9e306

SHA256
aca29e24236503b747da81ae375b318bf8b7ae651b674115b2b8558c75ba0dc0

SHA512
38f2425f6a5119e5ffb41883f637b37b4046195638266e6516bcb55ec62739f43b108521b9e8efd812266e7397a367bdd5ac07f6c6cdde480d7daec65c4256da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001d

Filesize
169KB

MD5
e14d5158d1e05939397417dd5bb9b1d9

SHA1
f907589f8c9a0b18a1aad48ecd55a714bb4ae34a

SHA256
681287104282dc8124141c485e0336abd200a2cd897a410a8d4ed50193526372

SHA512
4c987354afb6b48a82d896e941e59c1d7f3190683a7afd7fae00929e4ac64b0247827f48cb6eec1780d3bdce345719a9cd25165ccef59706fbaf4c3e36f5747a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
43KB

MD5
a115db7f5636300921717c36884e1f07

SHA1
4460921190bf2d42666d7643ba9491d45b037634

SHA256
a6dfcde0dc0c3dedce306c45d2be4233af688f73d885fd1f970e08ea722b6eb2

SHA512
0af2fdcd684cf1d0f7f657fd02acdf7397ec293970944127676504fe08706278340c006b936dbc67aa209aced6f90b83e15bfc439f31a210878452b228e523ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000022

Filesize
21KB

MD5
349b0cc412e6ee5c16990d0c61d25800

SHA1
991ead7096e5a46b35b33da181f839c6cb89d481

SHA256
63dcf3c262bdd7ccf0f7cf9a05e01be3f2bd3253acd960f25e9c890bf89ef7d5

SHA512
a9a7c3a8d515fd2d07482b43e92d88007dd4b365391eef32ba5b56c84654867199180553c4b1ce7f29150df2729443934ed0946c8406211727b68b9870ef038b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000023

Filesize
91KB

MD5
47d79b43d49893cf358aa532717fa23c

SHA1
8ebc83a45b0890a7494472f5331bac15810185d1

SHA256
b7ae16c87165af7cc52f8d104be6958ca3e1f61fb35a153e92f163bc66e02abd

SHA512
b58ddd25abb5d6f54c1d11f1833da42d38d717ee6623bb45254dcfacc208c5d4cca886a6270b84ffac066c70326fae7cc7f75ccc9c3a64a4267a27a7e7dfa913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000024

Filesize
91KB

MD5
4223b169010f7230ccc3249c02cdccad

SHA1
245a78b0e448f4fda69dc98638e54c709417d437

SHA256
c9860d2d1a0a73088687375eef257744969a5e9793f080f46296bb8398de55b7

SHA512
742a006c1bd0e3c1f16bdfbd303fad21c8aaaf16380c651b9853330348cce4495dec3f05e47a7524a880c8c063e52f3196ecb342d9b3f7017e5e157a1ce26a25

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000025

Filesize
218KB

MD5
32b598628f5ea403f6a488f4ce834174

SHA1
3036078fd0633a8ae23b9c49786dbea2b3490f37

SHA256
09e48af2dbd6c5919e9f2ed5acc0db762d6a64c3001c413749ca113b2fa9c947

SHA512
94354f12c1c89bd54dbcafb69eb28597de1200aee76e61c361934d9173dd37c7d3c446fb928afd4a94234cd2b62b4feb545095a6ee79798dc30de12a0320b011

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\08b2db8606665a17_0

Filesize
264B

MD5
300d80121b1faf42a79dcc9795a7c210

SHA1
64bb67a95816521a3d93ba596a5bdda84976daca

SHA256
265d4287418af97e0acf113e3afa8c4a698c97147ba6fd1697d605223fedba5d

SHA512
fa3e8e32447576d4827bb26480e664456ea57aa9fbda010cb5bd6c349034f042477269c432ad58587c9b72ba2e68529f737bf957d7cdc619261767c35552c7a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\092f3ecc1df3f14e_0

Filesize
292B

MD5
20e0bde6839972c4e7f946c90f652acd

SHA1
d4e3155577956132be72d151f480e515dea69566

SHA256
867d08e187ebb21db15641cb624c721d65886f9985b40ba0aa93d0e696fe0842

SHA512
ebdcec01277222c80319485c8a86cd90443e0465096f4e3b0cbd134a00e5a303154175dc3b3dfab9c5cf405c016552c2e34b38a0adbbbaf73d579b0e1b887983

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1325fe2da04bef90_0

Filesize
277KB

MD5
388195eb09fe6178f05ed820a40c3668

SHA1
8e5da61b90448a129191d5b331d6c9cf802f4dc1

SHA256
06384f58b433abbd68ca40b22cc04c0bfca367454c9659aa2814f2c5fdf8bd1d

SHA512
5fef21f871a1286bd72bdf0175ee5ca4a5b8648c666d0b78535df1ae3ea45e99c30aafbfec9ac8ea1cba44f348789c7dde8ba35a94379f505c179895011ce9d8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1f84fd1564199b2f_0

Filesize
18KB

MD5
16c12d4add14aab2fbda6c06f19d7be5

SHA1
0b1ea549e9cf75aa0df8375afae815f1dcb3fc30

SHA256
070d3b3ffce97f906639b550ad82494323cf021d7401ba13f02efc918419e33e

SHA512
79017300bb4a79ff0e5e66307d71359130ae324d53002f4081c6f4c45df6d21c1cf8e66572b05249cb17c39a0918dccc2938163bf98f20cab32de76302da3c58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1f9f174c2ca82a06_0

Filesize
157KB

MD5
bb84ebcc42180bc8b8aa3d547b3c0ae7

SHA1
65624a1c7f8330eec2cf5ebc9d7879240a3bfdb8

SHA256
c8aaa67243eba0400c4db00f0081bc7fe49ec305e4050e1dd5d7d5646a9c2946

SHA512
a3ca7a0102a77f55475675b5438123c2cc096829c144a9c8d96917181f26fabbfae2c906da09f0e751aa18bf550cbd72cddc497c56c6259d64f072b1ee7053c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4487e3b171215c26_0

Filesize
541KB

MD5
fd68f80debd4a25ca91c8af0b6feac6d

SHA1
9a924fc8e9594ca7bb0b9c2449094453ec59de85

SHA256
77959918a39be86ffaf52887429c656e714d8a63fea2daea12b853456117dbd9

SHA512
81d2b23b3388692cbde02bc9a802bfecb7c40758046b3aa845546721faf870867b08d8bb8897595c5b6acd07ee605b60742b1004c41256e6a21b33098582aef4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\4665064ad2415496_0

Filesize
216KB

MD5
c6e0f4ecc3acf43a1f691c5bc23ee678

SHA1
bef9e2fb5cab69173484d8b849fdbe2c886179f2

SHA256
f51c5d09bac19f836b649d2d38cff61c7c2e12627a032263cbc5a85961fa9799

SHA512
8b945b24e49ec04e255b414ff64e757da495ddd9f7a11a4f21ca3b4103041445240912067f7acd62adb6798080aa68e3ae766282e258e09fab600461bc66e6a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\5fb52880a37aa2f8_0

Filesize
254KB

MD5
d8abc0f607d9801db0639cd21e9ef704

SHA1
ee35bef50f0b9fe9b2b9fb3cd934d151bb906493

SHA256
fb3398740254e7cd4d1caf43b19eec31f8186b1a7e1c1eeb85d08d195ae0f215

SHA512
dcf7288b26f2e84cf25a744a569fb95de2bcd53af34d2a8d9a6aefe058d65174ee1f54369c2b2ea58f69c5493a207e5f90a3c6f22cf6e7342057593aabee3466

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7240d684bf349b08_0

Filesize
295B

MD5
631353538562a7dcd784d8232fef6794

SHA1
23016d477f70d0d0d55df4ab10c72de5ff76ebe8

SHA256
4d547cd32fbb5dfac12812d3931d4fe2a69af24cabb40dbb6b54c762e4869c26

SHA512
b913d44514492dc0370b8bc873be0fa502242713f8f9325e4681591ff8b6a75682bd9f4be1d602bbabd92af6f605045bc7ac17b6e2964a3c15a8ffa846c29db9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\7dd90dff893f78e1_0

Filesize
26KB

MD5
e6a6d4c4279a42a9b0f707bad4abba1b

SHA1
b151740dd818ae1b8315157f027fcfd9c16c4138

SHA256
b7c8150c6d63291d9106f7f8c58c57432339ef3914b83e910ae52089ea581772

SHA512
ae79f08742624513163d6f433d9c8ed6118cbe096f7dcd84d5c7dbce485a2edf087bd9a9c900297986fa5b9f029f5466bbc40416540a5e4f9b4c95c5c9cabe1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\81f6dc517e3ee3ed_0

Filesize
269B

MD5
0fc28176159d8dc9c777923806ec0e4b

SHA1
dee45431bbcb2b9ff19dfbd7b8bf8f4aecc9e495

SHA256
d7518bb59613e4670fe91b615e1fe92a1c840ed5ad407cd4e8c26759e56468d1

SHA512
22af7c3860deef7cb246344eb3556b2708ab388b60ae919f39882b4eb86f7566398b8f38655d005a2ba6b37f35d6bb99957a3502d23ed3e06aebf133e704a5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\936082f8e4653aea_0

Filesize
27KB

MD5
e5cba12b3baff401a7afa67697bf0a77

SHA1
7e84d69cbf85907c7030ca235aa4456a0fc4a762

SHA256
f00b62732c71518fff3a8eb425153c48fc769e3cd31bbc643d3c2fba2bd444c9

SHA512
a6eed0c4015665fbbbd073829e057d35a1467d7f40712405c88525179f79e5290e6d0fff4fd7973124e8df1026339c2483c293ecf72ed376da489adf4d634e26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\96a382b60a749cb6_0

Filesize
268B

MD5
e7d5e4271308c1a78b65c79897674fd5

SHA1
7fc320f9aaf45cbb50a1f793aa9db6531f0be90a

SHA256
f51315127558c3755b8b97e3832882cc412578ff73b4fd3a804d0d14ce0ca526

SHA512
f4bcb79a16f65943817188b9278123a8911233abef112e91de0f42bfb3fc1ad024ab50ab80c9ed56fe97fdf90d9a7b912e43ba6eac8d2bdca9e7cd9e9b83455a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9a6b640937851832_0

Filesize
5KB

MD5
2b6a9327401cc8c13b548e24b83fda8e

SHA1
8a4fadf45692dddcdb05fe7f76fe1d512a13181e

SHA256
8ac1ec2c9993793f5227df0a7880bd0bc0ed9a9be28bcf4b032dce59e5abbeb2

SHA512
e7c6a49cfa358ffb72d268d7e4961d984af457a77b33b4daf138086962c43054ec636f140727a8b86854149f3c93ebe76ca8e686e8b17266821f72baf78a304b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\9e03bed36d4ae1f3_0

Filesize
254B

MD5
527943a4657545b54ee7a66ff0fc5ce3

SHA1
7a76a4621353fde48a602a2ec3144dc018ea00f0

SHA256
02f4409452cb401d58f8bf3d552e4aadb32951a0d2e3d83012025f099c78187c

SHA512
7ed2a0c87ab047d7a5d49fb5c57ec9d6a47a38eb1331db5048157ebf60676f8ff05895ee13421e9ce199cba2d7923871164dd6ed7d162c7154ea70b3429ef831

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\ae74f8bd1b91077f_0

Filesize
284B

MD5
77053cc6dc832717289171cdf655225a

SHA1
dc13b953d04c6f9b21b05c9b9b8bac3ad9012f5a

SHA256
bf04deaa00283fb51fb8c3352118288f1bdf5797e26e4416e36879044c89cb84

SHA512
b66cdd2b0e9eb18ea47ea41459abd8ac92a1c378c3059c00cf75f04ecf73c9cc23f043786fc4b3d8de6ca68ddbe742f9968f89001a0f98d5501b89c4c9e3052f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\c92304a15579e0ee_0

Filesize
72KB

MD5
ac21a7d8ce5a3c6fa473e982813f3c30

SHA1
f5a78078fe126f10a55fa4ae1aa7f7ab3639b64e

SHA256
bd1badc254adec2c524fe839a34f3374212358db0dd71411e2f26edcbe3672ac

SHA512
cdf17a3495a5217af61adf518ab47781367290619f0b7c1fb95d88401af565d7aba78de517af7e4832cb971142b25b34cb0345fc1a0ee71ccf7db3b184faf653

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\dc52d10620c8f7e8_0

Filesize
6KB

MD5
48bbbbeef4003409ea6f11591bd3d0d2

SHA1
22e3aefe3caf56e5cdf11d4b06718dad37117e15

SHA256
c20f7a3b0e06ef3302d367014593a797fc56023de7db1c6bd7c4353a40946cea

SHA512
fe2400ee9d1df6554d0541022ff77c2c1d9cb1c15c024fd9612bac7da75279ebf01e33545728e8e468f01f07a872d158ceec1f90e784302ea6fe620bb08d444d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e99d82effb9a0cd1_0

Filesize
265B

MD5
4150c9e8c4a41677443d1c2b9fad9cd1

SHA1
8162d9849b39cf1d9dcdc4d6f21ade16b260c89b

SHA256
2bc53399457a6e1523c6626eec98311b758b2a8bf782049beaa1abee0634b567

SHA512
81b92f133e13a92f867fb9e5836d02912eae127507bf649b891f693291c79662d889b8b02a7ff679398722329371254cba994c1e6421655a27710b7b31f09f19

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\e9f34b34eb31f8ae_0

Filesize
294B

MD5
cf0a06cad75cf5661cf409da96e7b7eb

SHA1
0abc22a5baa9d70e3845beaabe29d8a7d24f7767

SHA256
0b2b1584040bbff4616adf0f8c7768978f9f473373f02b5b5948ebfe78b0faa6

SHA512
2ec65a5497e4e1b5b3d20beccb9d548ae2739c47fd6c708100336a4858abb1b134c068ddcc778d40fa4cd04107763ec76a872d742f76214fcc0cd5e7cadc16a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
2e344debcf54f870b336d966ecd0f99c

SHA1
73d50d96459bf14be901327cfc61c5597f157a7d

SHA256
af5234dfafc700b224bba9c213cc7d155e88652431677e45c07334f0dad9d227

SHA512
a88f3e174cfeb8f2a61cf001db2fe2455c53df7dc8c3f51c88773e5d6fc3d6a9f9f5fbfc5376d9e75c5f2e7b2df6d0b66963722b650522c526a359f60e4113ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
7294a0b1ad623b5eb53924487c4f26a5

SHA1
e751a5a13acc5e62f376378c331bc301fa1065c2

SHA256
e972cb7f60935805042f0ff4337c7baf8459f82e88f81ab62bfbc55566f98f0c

SHA512
aefe8f5fcfd083037e6540dc296337042821096521b2bda3e16c7c2c536fcb9e97c2cf933f62fff26b13c175bb3df7be556d82087c28fe2e4cee40071ae98c7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
958d52ebf08a71efde803b8079a3526e

SHA1
a95d2f38cd971abcc1e200eef31731317eae0553

SHA256
01302905ea06c26ec5c4bfd7d92b6c873719185c0b42dcd41a6c178520c583a6

SHA512
a6947d160bd726584e2599a5ef08084e7885bd1022e9abdda827531522b5239715fbe16aa18357e53ff6d136863c357286e2d8d89e729e20977537818f59bb49

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
11dc3075be6e6176403d3ac1e994ce7e

SHA1
a41764dcad779aa8e6a4116117030b827177c674

SHA256
9d2e051ade614340daa93a7c8c141a3635a88a27c79b669eea022ea8e3794610

SHA512
c986fe243a98945d953b9c9313dff396cffbf7bc5670be20a71503f67587648c900b084627670f7d101247f14f4994fd1d65cff135296eddca3e01d8ef4053a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
c646e68ad7d8fe449376411c74e8cdad

SHA1
e1ed2110da646d61d74651437ac4f387e1215edc

SHA256
a43694d4ece33c5fddd965c97d43f34571432ee673701a33d429893004c6e779

SHA512
7a97ebe0d841b95b0eec19e61ae0095c4fe657e6aa46ccbfcbfff9ec44682c4abca45dfb4c723ea8bf4aa57d92231d71a65b97cb61a7647683204c378e46f73e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
640f133787c1b837c4b8ce4de5e9cfa4

SHA1
e58de641e1e5a1b58d0bc00579bfab922edf8241

SHA256
6e406b94caecea11c4dfc8aaa0fc38f97cc17948c90791ed3f97419d6a1befe4

SHA512
65ec22cbf5772482828d7713ba1290ff42213274762cb56f4f577317b0c744806d845e39e10182bbd68e4e1bd4ac34c3fef85cca20dbdbb00f478681d843206e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
e37ddad20193b279037731a5642b882f

SHA1
61fd30a539ebf4ef7c35bc90d012251ee5a4c8d1

SHA256
4a1ed52533145953c051a95690c5de05b6b61d744de226b7cb55fe94d4b6779c

SHA512
c5e2beda621c90916f608661a9730af81f6b4f845c70b12fd8ec0060b9659a58e61f9d18f16f570ba36a09e36705368ee5c17516e8cf011f14367ad55dea0dca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
c324c5e554b53fdfdcdbb84d12574b04

SHA1
6477c245e641724b00ce7f3d641dbfc174f3327a

SHA256
a914a094e025d6882ca0a3ae72009eb141b49334289a3759f7ed5aef0cd67603

SHA512
bea5a38980de8e1fc423cf3c7553b61539d8db406b7ef370900830f8f22269d08f864fa474c9aa6b599e5e129e099cda85ff806a47f3a85a333c72643b27962c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\JumpListIconsRecentClosed\81243dd1-c5fe-4ecb-98b7-c0ca8d4d1a1d.tmp

Filesize
27KB

MD5
ac635687b8e2f81be8714fdcfe7b7899

SHA1
a02c0934d689e1cf33d864c0f9af3e89ab71943c

SHA256
4c97f0b775c61a612c957145c9b02db8f6d6423372de208146ccdb56edb84905

SHA512
bcf43e275fd59481a2afc593813c7f47b0bbdf17999f563ea49db1897cb00c3a30185127b67520e560ff9f922c69fc8020f8a4b1e6ebbd67cece0afe3d6c1353

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\67d94e7a-9c8c-42d4-a5dd-7fbf9f226be7.tmp

Filesize
2KB

MD5
cd7b97fc5bea08df9d1821462e896198

SHA1
aaf42ff7783f52a1d4fad6403d7a52c59a185a75

SHA256
84e9ab908339e113ba5cebbba4e0e0bf25812651e40c7e8999636a612c504f89

SHA512
9f971e2f97b7d40da6e86bb7c5d66b38f30830465388260b4b8a5cbd8a9959774a7909fa2a3840ecc7b81600632df8f126cb942b83528fe7f0e6ae9d129f48d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
45f46c2745cba0e1ef85ae8fd18521f1

SHA1
a8216998df5c00d1b8c5def10bf0548565d11515

SHA256
3eac16f810d6d1dffbf50cc0601a0926284495d91c3da75b20b11f7f2ace7d94

SHA512
fe2619fd8847f794e51d5e1bd9be502645ab72cdf61695ed52cbe455904b0425dfbea6da8a9735277071d3a18c27877fec586104bdc28d86ad4b7a0122539321

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
17632af91b0c40933075da2539c177b4

SHA1
6810bd2e5e0d8614cd0ef9e3a82d586ff39948dc

SHA256
28c7dd5d262ea0b856e68285a853380c90a114781b5f1048835fac9b7f714d97

SHA512
7d03ce44265644e1e00663aaa8fc10d3fcc80f6a79437d2b220e60a9c14136d318bdd5175303cef13943b3f7077f534423619aa9983967ec91224d09230f7bc1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
b004b106bc8b90f174469d66d0c06e11

SHA1
63e9efaeb5447f95634cff139030c7e0aef8566c

SHA256
b55aa3c0a1687b522656a21bbc84124b8bdaa9cc812e288cb2ce870e9ed09940

SHA512
91f491306d9f1a909aeea84b66be207ba241891ba6371391016a1379ca6f6cc3b48c83cf7eacc4428f94aa8ac02f1327d1c2e6c3a4f5bc39b7559c49f8c76852

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
c2ece8d413d5d4b7243b9e8eed9b9e67

SHA1
c9a5bd9209d3dd7252e3c13a892b0093e6b55245

SHA256
0f55a2aa46d2cd8afd115bc5a747248acb218f868aa452b2eb2e60311f59bf15

SHA512
1cc8521516b724bd442fa9bd32398c35c5f4e65a53e862940c01262745dc4b7dd45e919b2388dea83eefd5ba8ceda342625c472bb4ebc22774bf584943adb578

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
79dd7ec86d6b30e6c8699f7c59dd2d73

SHA1
b71c1b666d0bc3816fba023ba22cc4744c8be23b

SHA256
1a87d3c80713df55df1c98e39018496075cf83a1c2d00f9548d0ea696dab69c9

SHA512
f89896490b27887d9c1693c568b0598b3bf0040747e079b878cea2a37209e27f34080a0acf2134f8ac6859139f1df5b9a9ea3ad75f704060f934c3d1c32803e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
30daa53029a26f8bf887b384d43f61dc

SHA1
51e4f2611bc2ef01d94c01607674994a9ef07a36

SHA256
9525f2e599f4df9a45e291df6fab775c4ab43f349308d792ded6350eb38f957c

SHA512
c76353983f56574b13ba4ebdaf0a5657ba0c77d6936ff99216368c47bcbc41b504d41e1d49d3e7c5ae20d0c5790b429033597773c019708c32f621f905b26898

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3f16d25367dfbab46d4805c48a44e8d2

SHA1
e7483c94d5f18952c5093061b580eb8a6274e901

SHA256
679396ae1e766e93e7200a8dcfd1cff8a826386c307cad9790efc105e05eedb5

SHA512
5d5318c3a1ba7869b3a823e97009a6ebbfd7a55920c2fe14ef81fd124ade0d84e4df2ec75f37c6a7763a12b07059bb2aaa88646027313035f552ed873db57169

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
565a6ca7d6bf63396d7e8d6a1136cc61

SHA1
d42c84e2d43fab9fc45382b5176021a4bb0aa406

SHA256
66694c785fc20b199ec73655bf7ae9271fd994e981a680aaaea7f321d6fbc803

SHA512
97d26833c95611b1672caebc71abe8bb0816a7925fba13b092df9480ab6ce8459628c8402e59175baf7e26846857b0e6a15ed52f66db5c9ce0c63fc5d381d44e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
20323f9a4ee4e0583d9437845956452d

SHA1
0f07b631f31426482e2c5aa0aeb11d61325d8fd2

SHA256
f3e20d096b0805da96e5da7c1577447a28514ad64a19ff91a7e558c70451d28a

SHA512
5bcbbe405771440854d86319e1f2afcc291a02d67f6c5677e00011cc53876bb35fd91a74561ea672f7160e57a4b06a28eb4b73cd46ab60c9cb23a7668a03668f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
3a03322906632e5aec3d48d6fc374cca

SHA1
29bd25243e08f8a8a8e98e005b35b811370035a2

SHA256
a3132e59ba9a8bcc465bdefbaff75b66f3ce98c6dcc605f9a65f67275a4dc2ca

SHA512
d36e20a5989dde3b6331b0c1ff21b3401a79a72bf41e7c13546e139d3d25e0c3f8ee2855254acd025fc1f19340dd85b0112f3e21c6230d43d4fe40ccea727626

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f202110283cfebb7bea5983adca6f825

SHA1
b0d960b49a6613f01e2af5d7bf683f957da57daa

SHA256
ff9adf66f50c1860bc91f4ceab738ecd7fbc8c1829886cd676eb2216242ce63b

SHA512
1124673988325ecc4122fd7a7a0783c7a8c24c157e9f4b37bc2dcf4d1c2bae18f56c4fe35d8a5e5ab22f2bc9c0563646478f801050fb7427a785f7be0207ba3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
f108a34883d61f760ed9fdb121da3f08

SHA1
6a9d8131b6e590232c6e4d5159f4e9442c95c774

SHA256
ea6b939268eeabf855c9868a5e2453ba292c4067b9329893889807d34a8db8af

SHA512
bf897a914063ff84787c3ed1ac0cce8192f41a8500a5c60e1514f97463c4feefab41598ec94f3e7696345b56516a1dc2a8dce5219255d874440e2485dc8478cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
eb2eb8417ef9e09506ab686745709567

SHA1
2be65e910236f1b061c4a79f23fae8f82a2da86b

SHA256
cf612c42e0c3810cc44a5dc7305c96cac5faddfdfc96c3002746b59c41c7e262

SHA512
5176188c0c073d8d58787cb9b68ee82c75583389648abe68d7401be9932bf5dfa33ead927ad36209804af9668a8df607c19e5a2f415ef5812ee09a3d84e0c689

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
926328d804f3c4fa8da12cd48a8c1efe

SHA1
ebd36cea9ac1a36c60c499958f98d7c704f69e8e

SHA256
96a9d0535267e0a1804793a6e25ce1591d17e3369989209e3f3070f14e9fa880

SHA512
9089824e4ef4ce5379084eb718f764d7ade69237e5857ac1075f7ef370455de254774920aa4a0f31453848b34becf284e993364a493739ce764021df0f88be47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
93e4fc2f0443cf9c163dd8f135405dae

SHA1
8d45b1016dc45e28fa0686e34e2787d5c81a50a0

SHA256
44ba6e783eadcdf0d5619f139d5fc71e9892afa797a644bdd0446a69a99b29e7

SHA512
0c4ece935ea1809f85c27129eb017e1d6da055ce6106ca4de40bf6e0734963177a1ecd2d01f5f826be6497cdea65b5774acd75eb78feac396b21dae103ee225e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
a039a96ad17a5f43bc24903dc5a60fe0

SHA1
92e6ddf03f922568b2319f0ad7da0de1ef20810a

SHA256
01f6e987dd4f4f28e868eb2c563487665131a6c5a4f4e26d3063af82e3d5ee1f

SHA512
982eec34a305584e6d847fd20c3afcb4abaaaf68126b8fa944565eca9228de96496d5c5215f79eba503dc91a307954f42f85f0b0b650b606a4f014453bcca686

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
d72d03a9e5b57142c8a3dda2b1c67150

SHA1
58bccc823edd4a77f43f12a6c2fec7822c582bc1

SHA256
c1cbac692215820dd685d443df182aa64603108eef9dbc4a8d75b7da27008d78

SHA512
369cc9eb73a97ce47285ba9cf2d8d36143f9bb6f51e7bb78b2f023b99a39d955a3fce4e59c74e02ff88390c326d24f97f870b7fa584b037008088131dc8bad5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
586c2b11010bae37438d623653e80ac2

SHA1
4f7dd20c70dbe2be71893a485b8bbe0aa0157946

SHA256
b7dc1e292ff1a5d7ce901587c526869946169b5e1022394278151a4d4498225e

SHA512
27547a58f7c03aa1f0206ef066be01025958637cf5b12ad0b1bb9ba3ea391cdcef5a0cc9a4126eb3dd7d2872d1b8c8890f53f0140ef0a1e50cd33b28299461e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
56d81671d4e08312bf3c565e895717dc

SHA1
68a4c8423c768759e2d72e8099015be6b94b84fe

SHA256
b969e62fa7790402e94b23a14ee89e77f1424dbeda47bfceb03c86f0f6fbd9f8

SHA512
c54810cadc83ca7a319659943c5210658545feadec18356576dfb963cefb9966723962c703c3f6529d8c74f6c8499925c6addb2379b3895c9bfc49f5085d61c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
20dd9182b82ca9aa868c12f303efa5e8

SHA1
38add54450761efedee26f4c264e5b3dd690e63f

SHA256
91dee6d275f57361e2b6b56696da484d1b6a87432a5b4809b37ae32faaeee7c6

SHA512
e5326a20c4e33ba991dba9971383344cba82c7e9ee3583c5a73fdc4e4fb8710c32b29daf795e329bde710b8b0c7172919a179614311aa6ab71ff8ab996c7b13a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1d6ff445cc36447adf5c641a927257e6

SHA1
01e622cdd5b38d7e50acfb73022562a046d8c753

SHA256
9f4d989f57fcf0ee59beecbfcd44f04f86eba9f2af0bdb2fd8cb28bb2573b637

SHA512
2275d422168c3784fa7ac2eb84de443ed0bae55ae1fc62c356d086884d6c2563cf6aee09c946d8dbe638e0a2ed52a2f9ea08d0820b2978f02298aa237babe9fe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
68f3ab42db25fc8a79766e1b5826717d

SHA1
081a28f2b0d98620673f8b1be06a2394ee63726f

SHA256
5db3227cbcf92788e39e6c0798fb0fbfdae76b0fc48bef66f69734aea2cde47f

SHA512
5ccd5e900f5578b834876110a5c3b06baa4f194164a6908dc81ace9544bbad017a6de7f6055e81b588263027a24944442bc40230408947e06dae9d5bb4bfae7b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
0b060948b0e33fef3b955e98986770c1

SHA1
d7e47ca77010eb6d053953f3cc4c4d17eabe2ffa

SHA256
5534dd4dee7bbc46deb463f78e71084bbef3fbb6175ba05856b661cb4e977062

SHA512
91cb60cdb97202d86ff2133359b79d3eb16e962c868149ff4663d602181bd477faa639bf9039d1912db81f5200a80168716483875643e6274fd8e255b172d8c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
308b9428fd8855f6dfd873c09f437830

SHA1
b2b690e9ae953d1bb750305af8b10f61dddbe4f5

SHA256
e26754302790bdc86b9cee75bdc1f251b5ffe3d597c19286c3d7c59a5dbb71e7

SHA512
3781521b65d1e800e78cc88ed2d7cd00711711ee22dde55f7446dccb5fed34721d8c03b0697d45a70f50a2d32db2a3da06a2e42bd11d2e5451d8ad2244e5b569

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e45535accbc5ce9baca5bdc11d18d636

SHA1
e9301f6913db6e22cac12e2236b20a9761c22ac7

SHA256
1bfe2e6de24b726ad2f2cc8d8d4e7f40069e50fe6d875c5827c4a7d41265ac5d

SHA512
e07eb4091bad6ae7f7cfd0cbd2026d5ee0f3e9905dc76a8744230c189eca1809410019393a1b26063eaa54d70eb31b47eb5c0a767f9ac82ec972ea58aec6be5c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c45a8512b1db1f5162a9e15330875f58

SHA1
a0e77ed0a10c1cedf669ef9438540667a3e99cd6

SHA256
75701c6049e4006bdd8bd7656a4a98a245d372e2d5a068968e9a227dbeaf801a

SHA512
39030c7e009b6fb12bfeba60e399be17f88e35023fb0dd028a8f48333b9589de4917434a045e61e00428491e379d913a4c25f8d1139c97d148f627360d65cf00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
50b3ce3f0516dbb7e0c6002869902a86

SHA1
6194e6df91da8cf99fc3122306a50d9523161fb1

SHA256
0b26b2c435ded1daf7ea275f5f2983b9e2b632b39240af684e15ac93ba6474e9

SHA512
cd8b511cff2dbb062d1a0e35f239ef41d1097d4824776f78f5e3fd9d64be20266afe6c785d85594865396fe3489df562c5c3d9dc8562cbd0f380fc139fd4d5d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
27139ecddbde9064a3702fd2b552d577

SHA1
a5f60930509dbc52aea46a16088f16c807b0d249

SHA256
904b8b3d25c124eb3cb93376440e4a134d0fdb65d878320052298124ebe8294e

SHA512
4f44ea6995c6aec3985a082231236d6e8eda4bced4df9a5be3b7574bf16a2c9fd0b7a4df643088d05de3ee2a8c3602ed6ff1aeb7ea8350d6dfd5d8d65c42f7bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
5594241f4569a4b16eba73777b00fee2

SHA1
569bc51decc67690abd06d28eea774deb177c718

SHA256
605a3c74dcc557ea3fc795b4f622774e21c9e92e656c1cd29582ff55b10727f6

SHA512
7fd14d6fb07afe8f61aab6f3654a8b490ea80d8b9108ea0771811f690628a52fb48dff6c70bd4e545e1b9554f6e0d27e687740fdaf57fd9159fbbf17003dc5e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
1704352ea3c9f3ff6cd2745c243a091a

SHA1
d15cc1bd7a0dbc7c72c1f5da58d3812ccfe77aea

SHA256
4ae84b25b44bffdc94a6a3b2f07bbb43b0cb381df43f75abe4466822718a0b24

SHA512
a5e937bb8f1e44e176007ba993fd3cd72ec949410b8fc372d9b56e34d9e00ee42fefb4b93521c548522cdd6aec72bdf31f486cbb4855fcfc5d8a0ab44ac8c5e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
78e036d91dbf1e4d75ba3776f2d38e12

SHA1
89479f72aacabc07ca62dacfeeb70aa90987301d

SHA256
ed8cbbab871c9933acc151c66b79feb5e67c70a74fa3aba932073f0f2b285dd0

SHA512
7bbaa0f3e1dc41b001a81734a45b912ef3b539088a48bbe5820518a90f1742c58bb32a5b7b45547bc39027e1dcc0ea13b8bf910d00f87e61551be8f4d81135e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
ce5f538513e195849f6f1c852077b2c4

SHA1
64a018051c64fb944adab9c21761c23a2cff171a

SHA256
d9ad90d15665300cce5822f7d08fc16f34c19e8c06c4025e094a7fa373b338ba

SHA512
33aa3ec4f6576a5a9896fbaff74359b6c012c4f7832fdae41230c38ab499978cba04f5035527be78c2ba792704926d3a61b482d6ad9ad542f2401fdffb9db3f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
ec065e36eb2875903552343a624c1ef1

SHA1
1d8e585ee790a452dd936f6953050837538eba89

SHA256
33cda2480b5a2d8eaa68bba61e1ad26a1b29d0a4dc2c8bf074b3693ab32040b8

SHA512
af872e0c1e3b2feefb69b9ae342408a4fc894d98d7ab35c5c84af819a42476fe6675bade4062f29b74f4992029dc942417c7f3c71ba29cb50e56d7b43baa2510

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
2b4138d3079f800b0e75a8f1cf12df93

SHA1
4e8ee3c9e7e1e60b7bf05d825861cff35fc9621e

SHA256
47b52cba9088c6e001e5876766931b783f95dc20e6a3c6888e56cb5e5700ee21

SHA512
54831da7dc66c8ed299912a05a8c398cbd8130c3f8d2b2243a58b606005d1fd7a124f32b05c51d47ccdbc76353ad1786bb4a619c861dfa7c03e7e5e83fd5af28

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
5b063069a890ea5cb21e481709d0be88

SHA1
2653846f65e9ee4e36a1f2a5406bbadb57569b35

SHA256
ec3c9d4f04602ee8643e27b783c57027b472cad81147559024130147f4769512

SHA512
f4a1534e8641b268f4846236f268b5458f7a7e069b35ff3fc8aa02856148554bf5e96702b9fb592b69b90d4f2744045600771875afb85c93e1a33db3f8b09b47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
1930003f8853624e091cb82fb3587969

SHA1
b85da7383a72d77e563963e00770d98bbc71a59b

SHA256
19826d8d5e40b10116a6783b3ce739116a99c5630e11e5b0f6d245b27f0b876f

SHA512
a4cbfa98190655b15d99f4506473b8e2adf47a5c09b99a5d1cfe7540b283d0affc4231a7606ee7d6343563a10eb694ead3ee4e9d06331606447ccc5632eba281

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
516c3b51a1ed9a4855224d43e9825884

SHA1
f4ff860949be8148d3ebbdc364fc610f73d60431

SHA256
3bb3849b2ee578bee0c0d54a809feb4188df966da318c3750712cb86fbeb7b2f

SHA512
071edce025c5f4af8b2440047cd36edcfbf2e703691c5a5174a6c9ef6e213dfcf705ce01c74890b608e3d46feb37e13e3f165e794b7dff735f022caea945841f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
801fe48a03cedb031cda2577621870c5

SHA1
583e854822e75d11d3a03c1dc8df6d6173e9fe9b

SHA256
686441d236505fb346a91d6309def803973c3639e404deb3cdae1ec31b08039e

SHA512
04e9e71b99b02bf9a14f742c5c5a7c9c685e84101ea8cca29e88d5f4a660973891058f0b6f1d50bd083c9b41da76d682271504c7baaed7b56d9e24dcd1f86132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
220KB

MD5
ef98c7974a52911166bf6817d8574c8e

SHA1
33e9f36fddf8ac5ac6752e23a1f07c34a2893306

SHA256
3d46d33de8843496bf005d81a8c63205df2eca6bbc5f70156e63cdac58291d3e

SHA512
2fdc9f671b8aef6c5a172abe52b98d591cfd78100d87e0548d4b64f6520bde85056d1b494325610d6d17caadcdab58f580838b5fd14962d5ff129b2dc899b5ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
e650b5bb52bc089b0f2232b3183dfca5

SHA1
ef9131a167489497d810417e1b1252db2b1c1af2

SHA256
9d85b2dd4ef98efa66b5d9689793249220567f52b390859f787bf56146825d74

SHA512
dfbc0d3092cca3fde5724a7e19badca42e6c903e3cc45e5b31510471988310a70fcf01d90777f11bcf37cf9bb468516b4b601e51c8a5d73192964a320e987b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
110KB

MD5
36487730d51662b444f0a3ba261ed69b

SHA1
26fe8527e954c8affe454883aa9d2ab473759957

SHA256
065dd803dcfa570fb856f83b55c77596a6c2c194a8ab751daa14c97c5acbdfd0

SHA512
5e5be089efed81ca5bcfc2699b7aaf6ba883d5e2fcab434d19d0facd6864580e31337a94bcf5821af7291148aa5a8c6aa6408272d4a6fcc3815ad9d44ef9a737

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58f8c3.TMP

Filesize
98KB

MD5
f7f06b00e04f7c911e489453a921a9fb

SHA1
1cf08cc1453a4929c73d5f210b73cce907b2089f

SHA256
b1fed003249fd32081f38c3c872481bcd495e5dfaeaa271b0405b8a40b8985bf

SHA512
0a42e9cfe274d1ecfac5c030e49cea85f97885e996bcb9a0b42ea52cb8ff95e59130ee04f9b68fb5ee1e05c2060a1fa2f2888b77c4b9d4cc28fb31f0d3b3ba3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0629525c94f6548880f5f3a67846755e

SHA1
40ef667fc04bb1c0ae4bf2c17ded88594f0f4423

SHA256
812576f4a24f399abbd54b83ba7f404f021d4a7d2ec0fd2f988ebf4cbf8477ee

SHA512
f74d2e4a65a152f46852eb78dd70a958fdfb8c14e060ca41ffa783b7362e44659cc5fc73f59f3edb1f1d817000b85de7c1860512aa65d937eb5a0a8d9e5890fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
696B

MD5
c77de57f553bb4d267f708403305be01

SHA1
1eadee917b3a65f0baaee2a745d39f1e9b3dbc34

SHA256
8cff570eed85f93c655d1495c7939ec578b72a9fa9ef0b8fc1b477a3003cce0d

SHA512
921114f767cbf26676d3234534f3a840e8a890149eef8afaf831071cf1c4bbd2866b3b2fc13efb550dd2e12eab75f52d02400495c7ac5714b2b8cae1758df20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
06047b6dd0acf6736cf6eee1d410351b

SHA1
bc52aa43b1805bfb17a73cff76ed4c5b6621f824

SHA256
2dc70f29da3404461022f386dd2438143c9c26f80bb90c20fcb10464b8a5e2eb

SHA512
13566a08c09f007a7fb9cbc8c7f7afcc211b06396f300a6c4c819c58ce3a4ef765c458375b53e5c01a9c60201629cc914ae9989dc5b713984b52ff307161c91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f202ca970d677c888ceaa3f0447da9f6

SHA1
60b49f413e918d3b85150c712bcc36c7b2fd3c00

SHA256
748a68a4ac8302feb8416fa552e9e400d1ee3539c46ddec6c6dd45b01d83f385

SHA512
2a7b21f6aebd31ad60847d2d699ad967f51bac1eaf47d9d638a144f826c0233da473c85d3b902960904bd760177de28a6017e88449608ac181154d1ac043333d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
cd0ed7c8644cdecc168a5192cfd2efdd

SHA1
e0905346bf6a27787abc5c944c8cc62eaf1b425c

SHA256
938e98a41b8f41152fd384c956d78de8136e4589802c5201927e0b9de060e685

SHA512
f0fa49a7691c7f41bfc48bcb51b0a8e44ce1268b74bb35a830c2ed977d28c5b83007ccc975ddf38054c9c8ccfb5ea26d66d4a4eda2af1331a24c2dabd7be6468

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
14c9644137a3d97bc37c168b6d5e1528

SHA1
fa3f5ac69cf36aaeb02fdcda7b098e5ed4e0605b

SHA256
4f724b86bc965b040915d7981e0ffa08c67e152738ba11c2fe07e529f4941918

SHA512
b8d1bec27b50aced4ecdfd4a47edd22d4b0cdd20ae0e266187ca2c973bae21bd8de06ebcdb0c45f920c28caff21ad14472f8b6cef1d69f4135537e4b25706a0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b3925410d5a7f27e9910157be84eaffa

SHA1
bf20bc91bf6fe033052ebf8dae5108b736fa833a

SHA256
b52dde5c67d23a638bd421826b89cbe37590b12a49859669d69c79872b023d24

SHA512
18d40e894cbb09c2075beb691e445a3686cb3984db869756d6a38489660c3e57e966af577f65b7cf463b0c37c41b2eb0168f8b908d4c6eebcfe33ce6864e0aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
fd20981c7184673929dfcab50885629b

SHA1
14c2437aad662b119689008273844bac535f946c

SHA256
28b7a1e7b492fff3e5268a6cd480721f211ceb6f2f999f3698b3b8cbd304bb22

SHA512
b99520bbca4d2b39f8bedb59944ad97714a3c9b8a87393719f1cbc40ed63c5834979f49346d31072c4d354c612ab4db9bf7f16e7c15d6802c9ea507d8c46af75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f2ad7c7969978c9648560a995ae5f863

SHA1
c1e1e300c9adfc4364ce2650898d1f878169d7f3

SHA256
fd93af3d40595cd89a88d70075ab59b1a51dab9a12a4ba03458a8deb91abf72a

SHA512
80c1361062b5b58725a44285f8abc05deb88743efa677a4a10b652a5092f9b01ec3a85a43ec4c3ea768febfdd52badddf8da4c8b65583cf2869a170305e29c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
de08d1faac2a331c68c32175eee1cdc9

SHA1
00e891812b449001a7a19a8749b928fa14ef5d2a

SHA256
8b0ba0e50ca25e43b7e0ec4c33543b3e33375972c247855c6e5b2933bcc35400

SHA512
cff1243902251669317c58c33ebe4e22fb42aba15afbb4860ae87c1dc087dc2a7534fc5f8dfb8171c0feda1b81b649d3a3be684f6466910ac1db305a240cee54

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
47dc3e9eed28cde7d83422048f434a44

SHA1
db18d1c16b5d3200a4acee01c40975c0d34cb87a

SHA256
1800aa79be8260055b6d1e61c2768a5d69cb38d9527d1c84251e7a2644d2f8ff

SHA512
f884d2516dff09e1ca7b2f4768f39e57fe4fad137647181eaebe7447f27c9e2aede080f669bd985bbc892b47f70ec9c1e3d5d289e15403f3960ef3771eadc359

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
9c991787b8df9fc493f9489ce6c8e134

SHA1
a5e07e14d1a7dc0083e046add2e56fc10cc9d35b

SHA256
e495c6ed66494916a45eb3daf081cbcd32ac4127ecd82cf4fc134fc85353eea2

SHA512
f3411dfb35eb6195c183c36eb5fbb1c64259a2e33ebb6e8758cb35785837281def3de75b9319594b14895eedbe11c96af3f268b1ddf86302f0c009dd6399ee42

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
1d13e1961730b81348f2a068f2fd5fc4

SHA1
b4ad5bb493c071455e5805396305e1b8408f8b9f

SHA256
eefb7dd74c514aec6c0c4cf40e624ea9865dcec6267b0488161b2776d49d5f83

SHA512
f2edaa3c7621f58a3c0968bfa32a6f51057320fb3827afe07d47bc78ec4591d54b6f4694e80a9c13ea10410be9d48a818c9b2c9ffa602f45cef763a5d9c4ebf3

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
d0f9c139d63c63bb404a38c1339b73e8

SHA1
2b6187b5b4f442c0ec0e876375f350245df430fc

SHA256
678675b4600a2d66abdeb9f6072d3f0b43a6a8b943df78bf1bfe622e058299d4

SHA512
815a26b5bc031ad1b47fde6c3a50400eb8811bd89ee0f87888dc6f070bf892f6a34f0db4199fb69856ffab61327949cc5d10d80b20e2ff489454a42205c840c2

Download Submit
C:\Windows\System32\vdfjdisfudasu.exe

Filesize
228KB

MD5
4d867033b27c8a603de4885b449c4923

SHA1
f1ace1a241bab6efb3c7059a68b6e9bbe258da83

SHA256
22a2484d7fa799e6e71e310141614884f3bc8dad8ac749b6f1c475b5398a72f3

SHA512
b5d6d4a58d8780a43e69964f80525905224fa020c0032e637cd25557097e331f63d156cceaaacfe1a692ca8cea8d8bd1b219468b6b8e4827c90febe1535a5702

Download Submit
memory/1324-9-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-1323-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-10-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-1351-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-3-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-40-0x00007FFE11910000-0x00007FFE11B05000-memory.dmp

Filesize
2.0MB

Download
memory/1324-0-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-2-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-6-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-805-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-540-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-4-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-1-0x00007FFE11910000-0x00007FFE11B05000-memory.dmp

Filesize
2.0MB

Download
memory/1324-8-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-7-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-1920-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-5-0x00007FF67DF30000-0x00007FF67E998000-memory.dmp

Filesize
10.4MB

Download
memory/1324-1943-0x00007FFE11910000-0x00007FFE11B05000-memory.dmp

Filesize
2.0MB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads