7d510c591ea3fe3dd0ba019963f2ae41ce6b22fcef13d979f6cfa2920eb87fb9

Resubmissions

27/01/2024, 17:37

240127-v7bjtsggh4 3

27/01/2024, 17:33

27/01/2024, 17:23

27/01/2024, 17:17

27/01/2024, 17:07

27/01/2024, 17:00

27/01/2024, 16:56

27/01/2024, 16:51

Analysis

max time kernel
235s
max time network
399s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
27/01/2024, 17:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Верена-Вермут-Забранената-жена-Преживяно.pdf
Size

5.5MB
MD5

e8e518d9a22374ddcb271650017cf2c4
SHA1

7fe3dedb6df963944fec6ce87a3c5e2b83a37826
SHA256

7d510c591ea3fe3dd0ba019963f2ae41ce6b22fcef13d979f6cfa2920eb87fb9
SHA512

b31059e623ee4ecf10c52fc94b0793cb6b8fbbeeb4a81383c15386965b6ce72dc22863b3a2544229d6b2b8c35554b298b5dc6172e4d3978f2806fcee6de9d609
SSDEEP

98304:cLn/fhzkxlBUKvImbgB2vYH95Wl7CxS9bunt9RzXtFzGkXfJEy5UCtahfS:0/t4lBUKvImbgBkYHKhvszXBEAgS

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
4324	MEMZ.exe
3480	MEMZ.exe
4312	MEMZ.exe
1980	MEMZ.exe
2908	MEMZ.exe
2508	MEMZ.exe
4864	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
92	raw.githubusercontent.com
91	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	taskmgr.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
224	taskkill.exe
1560	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133508484929368364"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3204	chrome.exe
3204	chrome.exe
3480	MEMZ.exe
3480	MEMZ.exe
4312	MEMZ.exe
3480	MEMZ.exe
3480	MEMZ.exe
4312	MEMZ.exe
4312	MEMZ.exe
4312	MEMZ.exe
3480	MEMZ.exe
3480	MEMZ.exe
4312	MEMZ.exe
3480	MEMZ.exe
4312	MEMZ.exe
3480	MEMZ.exe
2908	MEMZ.exe
2908	MEMZ.exe
1980	MEMZ.exe
1980	MEMZ.exe
2508	MEMZ.exe
2908	MEMZ.exe
2908	MEMZ.exe
2508	MEMZ.exe
3480	MEMZ.exe
3480	MEMZ.exe
4312	MEMZ.exe
4312	MEMZ.exe
4312	MEMZ.exe
3480	MEMZ.exe
4312	MEMZ.exe
3480	MEMZ.exe
2908	MEMZ.exe
2908	MEMZ.exe
2508	MEMZ.exe
2508	MEMZ.exe
1980	MEMZ.exe
1980	MEMZ.exe
4312	MEMZ.exe
2508	MEMZ.exe
4312	MEMZ.exe
2508	MEMZ.exe
2908	MEMZ.exe
2908	MEMZ.exe
3480	MEMZ.exe
3480	MEMZ.exe
3480	MEMZ.exe
2908	MEMZ.exe
3480	MEMZ.exe
2908	MEMZ.exe
4312	MEMZ.exe
2508	MEMZ.exe
4312	MEMZ.exe
2508	MEMZ.exe
1980	MEMZ.exe
1980	MEMZ.exe
4312	MEMZ.exe
2508	MEMZ.exe
4312	MEMZ.exe
2508	MEMZ.exe
2908	MEMZ.exe
3480	MEMZ.exe
2908	MEMZ.exe
3480	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4092	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
3172	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe
5244	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe
Token: SeShutdownPrivilege	3204	chrome.exe
Token: SeCreatePagefilePrivilege	3204	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1156	AcroRd32.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3204	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
3404	chrome.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe
4376	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
1156	AcroRd32.exe
1156	AcroRd32.exe
1156	AcroRd32.exe
1156	AcroRd32.exe
1156	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 4944	1156	AcroRd32.exe	90
PID 1156 wrote to memory of 4944	1156	AcroRd32.exe	90
PID 1156 wrote to memory of 4944	1156	AcroRd32.exe	90
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 4376	4944	RdrCEF.exe	91
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92
PID 4944 wrote to memory of 2840	4944	RdrCEF.exe	92

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\AppData\Local\Temp\Верена-Вермут-Забранената-жена-Преживяно.pdf"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4944
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A9C326672E85E056C0BB123F243EB443 --mojo-platform-channel-handle=1748 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4376
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=B6D36C678C1CD59CF1F18BDD01464A54 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=B6D36C678C1CD59CF1F18BDD01464A54 --renderer-client-id=2 --mojo-platform-channel-handle=1760 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:2840
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=BD3BE641B323B15134ADA61861CAE6EB --mojo-platform-channel-handle=2156 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:1524
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=DC3AF87232E29DAD7E1D2901BDFFD300 --mojo-platform-channel-handle=2320 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4200
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=4223736C27A1735D0A858279316D8E47 --mojo-platform-channel-handle=2192 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:2800
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=AF08E11B691160D870ACF57AA10E5D16 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=AF08E11B691160D870ACF57AA10E5D16 --renderer-client-id=7 --mojo-platform-channel-handle=2308 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffceffc9758,0x7ffceffc9768,0x7ffceffc9778
  2⤵
  PID:4840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1760 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:2
  2⤵
  PID:404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2052 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2256 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2868 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2876 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:1
  2⤵
  PID:1072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4632 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:1
  2⤵
  PID:2424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4872 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5240 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5144 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:1656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5440 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:1
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1132 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:4004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5664 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6012 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:1664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5828 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:4660
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1084 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:1804
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5884 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5884 --field-trial-handle=1908,i,8093873415291525470,18423078520513339439,131072 /prefetch:8
  2⤵
  PID:2032
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:4324
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3480
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4312
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1980
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2908
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2508
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    PID:4864
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:1812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:4376
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
        5⤵
        
        PID:1112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,12898169999888730783,11716906182572949484,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
        5⤵
        
        PID:3704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,12898169999888730783,11716906182572949484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2324 /prefetch:3
        5⤵
        
        PID:2320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,12898169999888730783,11716906182572949484,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
        5⤵
        
        PID:2824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12898169999888730783,11716906182572949484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        
        PID:2308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12898169999888730783,11716906182572949484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
        5⤵
        
        PID:4480
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,12898169999888730783,11716906182572949484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
        5⤵
        
        PID:3584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,12898169999888730783,11716906182572949484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
        5⤵
        
        PID:1484
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,12898169999888730783,11716906182572949484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
        5⤵
        
        PID:4748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:1544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:8
        5⤵
        
        PID:860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        5⤵
        
        PID:3420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
        5⤵
        
        PID:4748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
        5⤵
        
        PID:1908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
        5⤵
        
        PID:2748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4344 /prefetch:1
        5⤵
        
        PID:1260
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
        5⤵
        
        PID:5704
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6589747507919377113,10430993680540701622,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 /prefetch:8
        5⤵
        
        PID:5696
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5244
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
        5⤵
        
        PID:2184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
        5⤵
        
        PID:1720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
        5⤵
        
        PID:3996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
        5⤵
        
        PID:5960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3708 /prefetch:1
        5⤵
        
        PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
        5⤵
        
        PID:6124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
        5⤵
        
        PID:5232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5524 /prefetch:8
        5⤵
        
        PID:5548
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5632 /prefetch:1
        5⤵
        
        PID:5744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
        5⤵
        
        PID:5724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5876 /prefetch:1
        5⤵
        
        PID:1536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
        5⤵
        
        PID:1584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4372 /prefetch:1
        5⤵
        
        PID:2344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
        5⤵
        
        PID:876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:1
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
        5⤵
        
        PID:2644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
        5⤵
        
        PID:4344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
        5⤵
        
        PID:4120
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,3782750118357732621,1021933456838217923,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6400 /prefetch:1
        5⤵
        
        PID:2440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
      4⤵
      PID:5740
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
        5⤵
        
        PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:2436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
        5⤵
        
        PID:3756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:3736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
      4⤵
      PID:2620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
        5⤵
        
        PID:368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3188 /prefetch:1
        5⤵
        
        PID:1668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
        5⤵
        
        PID:2072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
        5⤵
        
        PID:5812
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        5⤵
        
        PID:2004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4412 /prefetch:1
        5⤵
        
        PID:5796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3592 /prefetch:1
        5⤵
        
        PID:5220
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
        5⤵
        
        PID:4384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
        5⤵
        
        PID:4308
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
        5⤵
        
        PID:860
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
        5⤵
        
        PID:4592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
        5⤵
        
        PID:3248
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
        5⤵
        
        PID:5280
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
        5⤵
        
        PID:4296
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4380 /prefetch:1
        5⤵
        
        PID:5400
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5812 /prefetch:1
        5⤵
        
        PID:5356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
        5⤵
        
        PID:5352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
        5⤵
        
        PID:3380
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
        5⤵
        
        PID:224
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
        5⤵
        
        PID:3468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
        5⤵
        
        PID:5576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6468 /prefetch:1
        5⤵
        
        PID:5580
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,1110917183407025297,3451034454969750914,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
        5⤵
        
        PID:5616
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:5948
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
        5⤵
        
        PID:5888
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:5944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:4252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
        5⤵
        
        PID:6076
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      PID:1560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:5648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:5984

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3984

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceffc9758,0x7ffceffc9768,0x7ffceffc9778
  2⤵
  PID:888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1732 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:2
  2⤵
  PID:436
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2248 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4100 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:1
  2⤵
  PID:376
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4740 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:8
  2⤵
  PID:2216
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4896 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:8
  2⤵
  PID:1084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3044 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3036 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:1
  2⤵
  PID:2560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:8
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4892 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:8
  2⤵
  PID:3316
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5216 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:8
  2⤵
  PID:4380
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1824
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff67d907688,0x7ff67d907698,0x7ff67d9076a8
    3⤵
    PID:884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:8
  2⤵
  PID:1892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5588 --field-trial-handle=1868,i,16855893901417605301,9615144912888960803,131072 /prefetch:1
  2⤵
  PID:2532

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2340

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:4092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
1⤵
PID:628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultc504d48bh5fa3h449fha3b0hb86ff5bef04c
1⤵
PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
  2⤵
  PID:5136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,11150760209115298792,11949757824831345326,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2224 /prefetch:3
  2⤵
  PID:5416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,11150760209115298792,11949757824831345326,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
1⤵
PID:5308

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4a0 0x2ec
1⤵
PID:5788

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:3068

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5260
- C:\Windows\system32\taskkill.exe
  taskkill / f / im MEMZ.exe
  2⤵
  - Kills process with taskkill
  PID:224
- C:\Windows\system32\taskkill.exe
  taskkill / f / im MEMZ.ex
  2⤵
  - Kills process with taskkill
  PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
1⤵
PID:1360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
1⤵
PID:2784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
1⤵
PID:3240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
1⤵
PID:4148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcee2f46f8,0x7ffcee2f4708,0x7ffcee2f4718
1⤵
PID:5752

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
a43c5442720748bc3520106b9b6d4737

SHA1
3ae6a4bbe5cc3acc29b02debfe78a366e7d046ab

SHA256
0e33c15bae9de0161695319643a4e46b888255d6b11af246e2050f7863708e3c

SHA512
9167b7a8ad92b7b82119edc9591c28d53b18256cf2259b6bbccc7c5c1833d20be514393845c6acce3dddc44d71a2c258ae27da3ea0ced8cded56e689f0b4479b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
ec340c0d3c359b1c6bcbc51f91c8e30f

SHA1
59bd9fbce4ccf8df99123a9e51fa001f3571fef7

SHA256
9f42a035ac5f5bb4837f70d38b6b2abad7f9312ac8fbb3ddb3b86c24fa79bffa

SHA512
b79c444261a670cd735581c3866d0118dc92f7961cd005ad237032cccbc534dba383034f9cdb75125df13c67e7cc75622778abb826c00fe38e77febdb10765e9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
b7ce0a7ea295f07926a705c31ece8445

SHA1
4581dc104ebdee52a1ffb14559aa561d956427a0

SHA256
b1a12b0d30dd26cb0f1bf3d15b2a864e2af16851ec8ea754507975599737edae

SHA512
5f31015f8f94ac0745846fa8fc643f9affebdfe489ac6f2d8169036fbe58e4c441fa315ff056972caf713b3703c5b0e18028d521813084bfce8e9fa1593003f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
638400079510f513479b04a0fdf470a3

SHA1
3bd14f3e4955f740907d3d07465d48763513febe

SHA256
25051496e57dfec19c37b28d46af3965cfe4d8d75d3d3b71b8a03cb579cb55b4

SHA512
7422b4e405d9622b3230a2f9760cac15003e144df10b7d426bda91b053211f81e12df50bfda0335524cee8ec8484a074a2c6c22ed4f24879bfc52d96d8d3e1e0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
bfa7871ec6a76b8c1d47cf42ead9be0d

SHA1
01ff21af8c9b99d6da555042a80529dbade9ef44

SHA256
179b279e1e587cd50163c91af92f5ee9153eac3ecd7eaa385775f35701e7940d

SHA512
ca55e094c0f9195c89234090b6cf326360abbeb5822b2ae938cbdafd18ab11fa888fb513ec48f72b18deea3538d34249865268f0d2e8799a86d4b3550f1b84f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
37KB

MD5
5308491a1393e4297d085d1a05eaebbc

SHA1
8d250676377e5ed94bbabde01bad4812d9c33541

SHA256
30bcf906ea69d5a0738e0de682377146ddd41848dafc33e6d74accd3b50dfef8

SHA512
b86700b02a4cd565e553349e7bc3b2981759662b99e48daf1664186bc325224290ca335ab92f2a3c746649cf6f0ab4ccef1e255bb9a3139c6c01781096a40d90

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
58KB

MD5
fd260693cc675c611743b0211a32cfda

SHA1
217a28596306e1738bc53fc2d49b1338e46fef64

SHA256
4d614d69036285da97a42eab9bf618774ffdda39338e10cec94fe6b3084171e1

SHA512
c6983ae9447c62719b7418ab6c38f1f00f4529d0ff044a07377dde752cc0058da05a1e6b571866ba477fb8aed670ccfc146d8507919a97067669c6279126955e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
40KB

MD5
1128652e9d55dcfc30d11ce65dbfc490

SHA1
c3dc05f00453708162853a9e6083a1362cc0fc26

SHA256
b189ff1f576a3672b67406791468936b4b5070778957ba3060a7141200231e4e

SHA512
75e611ba64a983b85b314b145a6d776ed8c786f62126539f6da3c1638bf7e566c11daf18d1811b07656de47ff8b50637520cf719a2cacc77a9d27393fc08453b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
32KB

MD5
8cf8b9b9826f0678f1de2671e1ad9994

SHA1
797b7c40300bf8ad984a9e99dd0600ca815125b1

SHA256
d9cfcd3bf54caf1927bbb7c572184da99e0afcd8761162b476dba36b5360039f

SHA512
3a88f4ebc628351df9075a7103fce69aeb44115bea9594533cec3068d6d864e24d1d7de90964e900203e6ffde6f54b774d36a2b25e06111764902a9e917e4bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
24KB

MD5
657ed1b9ac0c74717ea560e6c23eae3e

SHA1
6d20c145f3aff13693c61aaac2efbc93066476ef

SHA256
ff95275ab9f5eadda334244325d601245c05592144758c1015d67554af125570

SHA512
60b6682071ade61ae76eed2fe8fa702963c04261bd179c29eed391184d40dc376136d3346b3809b05c44fb59f31b0e9ab95f1e6b19e735234d1f0613720e532f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
49KB

MD5
f7e1f7ebf7b0772a26bdbcafec40ebf7

SHA1
86c0b90aec6597caed8ebcb28126f4b536ba03e2

SHA256
1848b05d00f9d60f36980cecd03faa1036b4393759da3db21a012114159b64a0

SHA512
9bdf66a8376de92f9bf452366e6e3cc082e3ab018c6ca4a8fb8a3c5bae40d004ee3cb355a371b863da0b422a58e1b9e3e5a2bc94f20a32ec25a9b403cc64aa3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
42KB

MD5
1879c9dc38ce7aef3947c0f9963fc7ff

SHA1
ed288bf964df5f07ed19c7aa23cdfef1da9e292b

SHA256
3a1a061d4b7710ce71145b10a1b7b7a1312df3d59af5cdfc35d34de156694026

SHA512
b314cc921e30f6ac762e8cf00ef93a22ea25067cc87678851ceb3a67ab481c1e1de2f58a362bc51d3e8634d83f2575ad17b0c97a1e1648039a71055ed8b72456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
24KB

MD5
ee20ff4f865963c5512505b83bfc4f6c

SHA1
242038035025ab0edfefcf8fc05f38a2fe7cf062

SHA256
e59ca013c55cf1a75bc70767e54d9956940d84c22c8da24d101f656efd70f120

SHA512
4d7e447d9380af298c48acaf56a25c656e4591ef062445efe778c97a706c0c21a8a2c3ad3217d934cf8949fd173f3f3c4ef558be18973db9047d2eece3f8e9ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
20KB

MD5
8b2813296f6e3577e9ac2eb518ac437e

SHA1
6c8066353b4d463018aa1e4e9bb9bf2e9a7d9a86

SHA256
befb3b0471067ac66b93fcdba75c11d743f70a02bb9f5eef7501fa874686319d

SHA512
a1ed4d23dfbe981bf749c2008ab55a3d76e8f41801a09475e7e0109600f288aa20036273940e8ba70a172dec57eec56fe7c567cb941ba71edae080f2fdcc1e0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
28KB

MD5
189b25745f13cbbd8f7d93268bbbc896

SHA1
3de2b8c580b31d0bf22cac4170bd4235a0a6c286

SHA256
1a37365b28b4af25087c64ad87c9840317269a0e16e74fa141a0f777d3437562

SHA512
adb38856463a88a862f9e12ce3ac7dd597220fd784d07ceefd7cb464b8ba888dc3a64793febb9aa25a45208fd6da60082db4217b0a144bc3371aa39839c9e98c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
19KB

MD5
4aa893c429d07216f61f62c7a3f65e7c

SHA1
2708912e04fe64f50da108e5ca0fc156672a5b66

SHA256
7c3f0cad1b5fa0d3f5c11fb715fc313d74ffd95cd51f93de85c887b618c5a2d1

SHA512
cf17e1898863fc1e3ea7a8b772e38205288cd67f10b400060631b7d3cc13bd6ac5c843bc1f7dc9d67a17deba6e3413024d35028865eeebd18fbc33abc9c15c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
64KB

MD5
5b99022bea1733d66c6577e0cf1911b0

SHA1
511394bd50e5aecf6bfa2476d4ac0fb71e9c1c94

SHA256
31053408dd81e091ce7da816f8bf340a6fb504f4512c17d54d90a056665b618e

SHA512
275c58bf1a832407ca294bb4b353ddf67835506a5a4d270d8be053f3ba46993539ced445087ca30d6a182c2cd74e8bbced4ecf1ffa60f2b2f0341fda55b12952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
59KB

MD5
063fe934b18300c766e7279114db4b67

SHA1
d7e71855cf6e8d1e7fbaa763223857f50cd1d4bd

SHA256
8745914e0214bcd9d2e6a841f0679a81084ef3fc3d99125876bee26653f4253e

SHA512
9d0dfc21306b3a56c2ecdf1265392271969e3765e161e117c8765125b34793e24458217cf6514b364f351f47e65baaaf5856be0d13406a789f844d6ba8c7075f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
140KB

MD5
74a677f2b142f1b6b4f8cde1c6d49b5e

SHA1
ddd50d3de3b0c849de66d87dc6cafe5cf9fcd7b5

SHA256
c8bd28fb081b3eb04ac62eec7224063aef869281e78d2070b961b2fad2238cd6

SHA512
09715d3767d497ba71aa58f8f6d24e9c47e659f007fc597ed042449d03b15f98450ade90b8ffaa680504f37428823842dc4cd4fc8a1b1ec5a9e5f82e1a289997

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
103KB

MD5
6f0efffd5ae9d10f46f5f5c4a257e03a

SHA1
77f83015eb618257c0fd3fba9ea4ebe825a0a94d

SHA256
7c45f1548cc4c1f1bf872c81c0b74ad177e9aac5ee21a020564ead5177ec9006

SHA512
70b69a6881885eee58de41d0e95d817ec67d0d0b3896d0d0bd6b571cbbd067b327ed740c4f51328349b7233dbf7962b582c11c76f711730af7762aada3365432

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
18KB

MD5
f6156812861653e7e000020c2d5bd4e6

SHA1
fb657b36f4dc69d4958138640c83bc122a5bb707

SHA256
9f5c4378b7e7bba6d7b9bd3d410bc0323b287a0890e7731ea10724025007f8cd

SHA512
5475d96bc8cac335de35b37d33e68f541229cfe7fa47efe8788595f4e0b2275db8f6d753ab91109efcb326394729f9dce3c913b307169d26f6045cc028c6e722

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
28KB

MD5
c63feef9e0dd23efc5998adc13801617

SHA1
8fb20d9e7ae5cd4ec93d9295825117f642f30488

SHA256
501bf53a7d9a90297093cd5fa2ef5a0878483f0a582961bc2a14b53478942dfa

SHA512
6f42b31a09984e415f96c2e2af3c9910930a71d1a673ae21bb4fd7614baf46e9ed95c2d4c807b41b3398d95e0439fcf08a448ca7cc11570bb38166553e5aa35d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
d870a3bf44d63155d1fe654f445100d2

SHA1
a086f893ee1e05329a865778e501c30099810cbe

SHA256
98ee0936bda5aab17c9d993e143babb8708e4432647486e1c23edc03ef3d71ca

SHA512
e70a926248f413e382e18fdd503a1c5fd68039433fc51a45fd4549b76449abb33474de7c92f23636ffcbed65745c0b6a6df3c2861de044c11d4a992c25a45660

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5bd65f58e83d75155f7d8872889760d0

SHA1
5a2315444b77b7af36f3be1ceaec86bb4df20058

SHA256
f0b0f4eaa152b6bb67f6ae76405394361a1c0c0d13d5d53a14cbeb2706878c86

SHA512
d4eea948d10001cf1531e088bcd5d87b8bd0e6213218dfc9b770b214bc0e67121e9774ab5e0f10477d5ca24a0e2ed8f0eeaf9287e9bbafeec6348e3a6a129fed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1

Filesize
264KB

MD5
831ef15857435c2616f9402a27612a10

SHA1
f32a57da1342bb41e58f0da8ef768a51c92efd45

SHA256
9685957893630504926624837a6de2a2985d95c211405c3b0fb9db754aa92425

SHA512
645aefc32daf086bcc83f00f34fb586fa174f70d949b93255890233aac91c99a9625399a802bf192e957d0e7ef17c10e1ecfb74fd6472072257adbcda98c8759

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
742e7526215bd88bedb666ba5820bb63

SHA1
ac4bdc3482a7ee480c33ff49752db898e333de5a

SHA256
b6850e0524422dc598478409c7a986e02b07ce2aada9f05fc67dda4487f6f26f

SHA512
7b272077f4f220991f6d52e56b3189ebd3fb9eea5b6bae1cb679e4a29e97d7523a431d9cae0ff804e98b7656cec3a1c4b6f162e2cf4099a185aca3f7378b9b95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
148KB

MD5
25ef36db7548cf6266fae8144f61b862

SHA1
8cfc4bf3622750f9a35632cec2f798bfd27d400b

SHA256
be31671c7e56b21a04ff4898e7442616a5b7becff0d8ff112272bb9a22300064

SHA512
2081950f4398dadd6bdeda87d206715aeb522606c95e19f5578c40a58fed9e0ba55c289120115863b77c958c98bcc5256535271063273c4e59323b65300d4cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\8236bf85-05af-4323-b6a3-681cbc173572.tmp

Filesize
1KB

MD5
53871e5c154fb3658d0b3c5c318d3d63

SHA1
e4cc601909fb9bbe80f81d6b293dbb21673bedb5

SHA256
ef02179aa89ae55d4fc3ade0039535e56d8369d172ce8333ee30923234d736eb

SHA512
60cf34ff3d55165314e5741fdd6f3c6e99b40c3502a76b5dbe4874247d2671a9a8590f4ea087080f31a8da010a37e63809433a3a972cc4079a9e214c151ac026

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
1c7a710a07c531a0828e1d991450003e

SHA1
c6bc06de84b6cd76bfa9c01bd2fc31016aff33bf

SHA256
4c936d315a3c91c13d37eb0661269053c0062b92bfc64688e54d345279e64a4a

SHA512
6da4d738b37a02436bf89ccbe73dba38753074be2bafa9f4b935a51c738081add7423a0c379ee614acd158736b2128d8ea584bebeebb26cf84cc3cf00e69bbe5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
538c2ffbdc005967b558849f37dc26cf

SHA1
e9e98597ac49120622b5edf79589218d19469a45

SHA256
dbe62de5b84215036eb249a044251ba56bc812cd39d3bbdcfac4d1c7a6013fde

SHA512
74909f598a8c92cebad1ccc6300f8909c98e2d856c28de621b35e1a2ed7d7c9d98dc52b1360a56b59295c8954afbd23f5aaa88fbe89995ca10f6d09862ba1ce9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
714c339215c59d06bdd2ac25850c27f4

SHA1
0f75a2fbacbf47e80b479d52fb9e32db97c0dfd6

SHA256
f204b43d6c9360e18db6605d955fea4bbf9072e47cd060c75bf6ce20c67378e9

SHA512
e458c205701f350f1ca54e50cc7efb1247c170071147bcd90c11842e4d7656c5a95205bbd3c97f850a8aa48aa2c82db4c24977ecc0b6a0142d65e5c6a241fdaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
2a7116b418f76bf591fcad8e61f4371b

SHA1
57b74882912919220b21692013d07a7ade062713

SHA256
819f78fdb01fe47a9bfc9da4c56872b3ad38707e1d455c870d218409d14a058d

SHA512
6e898b2138d139322337edcf5200d12f125dcb0fff807fefe368019fdcfb0dbe7f4774460ea67716ce12121a5693647dd9f26697e2b593a2983154623cd34d93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
926a1c95bc7bfdc7a2e6c66b551a4071

SHA1
26ec9a7f3894c8a14c5964afb3ac72125e36dbb8

SHA256
5bba1dbf9dfe608e6f4827e5b421e7c3470dfcae5067b040617fb34432d78fbe

SHA512
5338398e755469ae25e81dbabf1ed180dc765d0ff01d605d8422d39df554f8b7bc709ed629215c8d3315846d652739e2b95b514bded26552a4df9bd975360c1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7ff48c9faecd9b176cdd890b63766f47

SHA1
85734cbc0183cad6bf0b6f609bd0d6121665a6e7

SHA256
6425c8e70ea7be46d5d61dda8da6b84ec5466512ca67a2864a96d6ee8203a941

SHA512
c082b7d411620a1c38ccee97493a7ee5b846b83f1bf052a3572a22561a34e688c58cc5bba357a92090a3ece7671cc8462e7416ade94f30895249a643bfeb98b3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8658e8f59c6cc0f3d7e3d3ad56b753da

SHA1
847a17db938aa62c04283a6e45da69cd392b1ba2

SHA256
c61eac1e91df7c8998aaca04d40b347a24a40e5c35ce2c035efc64e242f3701f

SHA512
26761cc47fe3b2ae418f92906b1fba4ace8fe4ccc6fee9632e829f05821a762647f787b5eb0ac4d77db43ec80d53fa876346ff447f6f4f2acf2286af8883d974

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
9592cf7ab8534603d01ee63ece0dd5c6

SHA1
f95cf2a07254c1f7767d6e8ba4e9603ccd665d8a

SHA256
25dc7dc68dee595068e9bfe574ea89a50350ac59df09c1f97611c68d6ec52b0c

SHA512
72dbbe03da891214c5756d199c46896d922860349564182107c29ea67dc6bef0dccc0fb4b10756f9a945783778b511bc4e931622ce015ca6f58896315c60c62b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
dcc740305ac8fb0462eea40d5ec8a2e7

SHA1
8934d33922cda9e91fae3c2760e89cd8030d13ea

SHA256
94548f1a1d4a6ddb0a54df8973e3f21a8ffe41a110a08168766d1c3c81e95d05

SHA512
b6668d4e032c21173df50fd579e46fd4e40f9a58fc497929f862fbc639645ce2de519d653e1a5af3c07115efdbe34d870b9dd05f49ccac253eba159b51abe7a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8abe972110b3b499cfe0a529e93e81db

SHA1
7014cda39642ac553d5a293c98ec095093757caf

SHA256
43325e3d0b3802f9b90c7ff14277a2a33c333d694b15b2cb7e876ebe6c8029d9

SHA512
7933d0ca5bc9b59e41daa6704137aae413df9a424529a85421b508cbcda81f8af8f5c12fedcc6ddb260d341c761939e651373c363684fa369e962ec82714b74e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b1b79e27ead9128f0a2bc2bdd9075787

SHA1
05be827362b56fb897b3c40f19b683b2ebb00ac9

SHA256
8e384dfbd2770cffbfa1f8c64ecef811dccc4954a50ff026d578bfdb91cbe3f7

SHA512
858a24c4d409fb4a7f513f3226662d7f85a2f0c6fe818f4ceaaee1e5a8434a8fed4404e2d13f50dbc2a87b53f3b967258d15a76030fa59988b3d9fdb89ceaaac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
804eac41a2361142af5667379740821e

SHA1
924584bc8f71ae14a4f29e5232e2ad83940ec209

SHA256
3b0c600c174b8883efc1317470e4f66432d58d44085092b5b2b2c5d9c9dc6621

SHA512
eb98c3da47cebdaac0cbb3e24bf5eb4218275904109d70ac7540c96d0f616362cad064fec0b376de503c6e24dbdb2e3ac34c0c84def997fb6d2cee0a5fb1b89b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
ecd6181d37853f212033b56758148f63

SHA1
bd1a94501fbc8e824f07cb0cdeb3eed70b8245eb

SHA256
615aec8f676227b35f8c9455ec20aed350dbb2c262902abc4f85d0a7790ea40b

SHA512
4e83fa694dd02594581e32faed9756868fb76f7965706fb0275f73ce5631778e9aa37f6e9ba50fb39257d812f654e39b9cbb53522c8a3373d77d80dce65a367f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG

Filesize
345B

MD5
2992bc42d7428606801f8ef7e78be3c5

SHA1
d74dbdc343db048f47ecc7893cbe2cf24e022d3d

SHA256
63a45241eb5f5d89aa6583060a119acf56c636c91c634d5c79525d36d14ac5ff

SHA512
5056c6c3e40bd9017585f9e7765601ef114b521134157fd59ef52c9d485e102708e00e787308a0f012f8970bddc38813c4cdab1e6beb54b51a33b0a59262ac97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
f032637053f9f8eef4cdf9f07079e10f

SHA1
252f8cb8645e3bc607010a2c11fcedbb6fb67b08

SHA256
35587cfcab7f6acc0d11c7aa6f3643db23a7b60b58d5cc5e47e44d65c139e9df

SHA512
c7fd22b2b1b5bd1e0c03cc3bcc77d11d53ff0241034d0cda7c12b522014455388e26e25620daa1139c36b65bdcf1526400036d4e6f6a5e2b4f849f5443fbfac8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
cda4bcc7df96f34c7e45df3a32cfa79c

SHA1
1953842ec20ece137b600f5d155337ec69e92511

SHA256
2a4aa23f154f775071eb6496749e1150618949333c456aeb054c5867997db8ba

SHA512
6304c6b8a2c0a116c2ea784303f223fd4726520a2cb58625791c8332cb31eca0532ec5c8017c2efbeb7d210aaa03d1fd10d31b50c59bfab4aac8fc04c00b8dde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
9eae63c7a967fc314dd311d9f46a45b7

SHA1
caba9c2c93acfe0b9ceb9ab19b992b0fc19c71cf

SHA256
4288925b0cf871c7458c22c46936efb0e903802feb991a0e1803be94ca6c251d

SHA512
bed924bff236bf5b6ce1df1db82e86c935e5830a20d9d24697efd82ca331e30604db8d04b0d692ec8541ec6deb2225bcc7d805b79f2db5726642198ecf6348b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
2b2113c012163383cf8291fb7f3a8c7a

SHA1
fe5ee2260ad72ec58b82d5fed78a4db8899e68d3

SHA256
99a438176209f6ac55911f732aa566a79ebb64e8aae92361602a54a235163496

SHA512
8671159a7aad6c5b946934393ca51d692c8be5bcce4865b6c9574c15f215ca4d1bf0cf4b6abc5d178dd259b14b0b67da25f228f10579905774eb19942e1c6537

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
43fe2bb9c6d1e7706f18cc814fd3f195

SHA1
2196fbc61d20bd808c79e440cc9016165936ea53

SHA256
ea1fce32f80b7b86130ae1c3f1532ccc6716f37d8012cdb0ee759e1fc3321611

SHA512
c54552f51eae43540dce130a5cf599a3b0873c416ea5fba65f421890ccc42e636c302178653ac08f80ab0dd1f9176a23dd549a587299701b8d23832fcc1d9c71

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
121KB

MD5
bf372cbd6f83b416ab8c52047a3d2103

SHA1
b34747732f599fb33edce32b0b294f95222e5fd0

SHA256
e04bd7e33445d17b039c38fd19071364e48a1443a7990d4cd475467e25ba45e1

SHA512
78d2e9a4b0f0ff5285a064b3943d6cbd485f8aeda0bb7b75d02fc5e2989d6c703b4fe836a80ca9285daf370c4bc5dba6d3a1ab369c5b62fdfc69a0581efd23a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
bd020a7a5235d139c549b6c20e037b93

SHA1
e2f3ed20bb27b9b4bb7cf3a002887184ba3382df

SHA256
578ddf8d5f0e60d89f8ec8e0cea608fdca5e86ed7cc9bfe9e7e2fecbffced625

SHA512
7f2763c69a670dacc4ea8b4c844fc8610cb5791cff29c48f79316095206b5aafd2715146dd8eeea942291e7cb78244286393a64f40ef3f09455906be3b1bc644

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
589e4f928e6b27c7d23f8670fee27719

SHA1
471a9d91cbbbde7d0db6582fcb96e94fe2ec4e27

SHA256
fe4900e491ef0114d49b0e7fa5a949512760f3d273908c39f64aabbbab4e9bbc

SHA512
d5d5bf27869611614ea3cbc0152dba3f8d0cdd9b0a195360157b622a0af0909b2eccad4609cfafe73629f53cac43c8705ab82fe4f417e3f12509220cabfe6c66

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
762d6b427ec74880150483e8a81b80a3

SHA1
9a93b9a5646fd8e65969a10cc212867a83d017ab

SHA256
f1fe4369c1e39bf95a6982dd79b9dc1bbacc00c513b149b768447b75bc1bb612

SHA512
d2b12cb0853d9389e0799970265f1f1eb4d7904dcae91776e7660381d6e52aa8dbeb7f78c026550fa5d901f42b7e914432a8478febaacd35fe662714533d66f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b88fba8688b11cef254c7d85565484f6

SHA1
bd093dc358050d221232400ea9a7405aad9122c2

SHA256
c9e401a221dab7b63bc5c48f7d96ea669c5b6d89ae4b57df9e651d35fad419cc

SHA512
9ed3888a3b40f2456dff4514f4a77e8ac598ea608d8e0f759a5943da5a7d656892f5033f66c9b7f7653ed3e22b773cd02870a57781eba7c391b30edb1385ce4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
85849e37f3a4022812d0197ee86bf46d

SHA1
e29a01ccc1759418a0fdecc471ba28f09dd9d83e

SHA256
3766dd9ae49ce5cae205fc9f9d1d863a053db92661e8e6b7598849e6d8470945

SHA512
2c6357397eea592914f6deef0b264fe052726b14587a33bce260455ef70f344b17637038584802c6395ff81cd3370dd7701484a5948dedb940c914a510ce8d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1386433ecc349475d39fb1e4f9e149a0

SHA1
f04f71ac77cb30f1d04fd16d42852322a8b2680f

SHA256
a7c79320a37d3516823f533e0ca73ed54fc4cdade9999b9827d06ea9f8916bbc

SHA512
fcd5449c58ead25955d01739929c42ffc89b9007bc2c8779c05271f2d053be66e05414c410738c35572ef31811aff908e7fe3dd7a9cef33c27acb308a420280e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
db963b44105c42e206dbdfd6311e9b2a

SHA1
759e125171a7eaa0c5461786b18cbd44d902db42

SHA256
417223467a05caf5122008aff5f25279fce9f671d756d7ea8312be4cf5719bac

SHA512
cbb3fad18a8104d18e1a6cc95c1ddf7414e26433d35bc64064b5216f60e4f3c09ccfecd9edb89546a53ff20ce0675c63ccce109f9df955e572421022e6f448ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
771db6f0930da5df9aa94111e4586a8f

SHA1
e9ffab6cc21a7e7ba0c13e75f221337c7367d942

SHA256
fcb5b7b64dd587c7b473d683f92e2f561d66ac0d9725f60511f3c858f205fb1f

SHA512
521ceef144f278ef7a7126dd0b10d32dd762bf467425dbc74a6226a38747b07e0dcee9a370de4f0bde36bd07c313054b421a8769990dbe85208b1b19417abf7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8eef34a7-d902-4655-9515-d1993d699fb1.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
126KB

MD5
42a1b9381394bc1f7cbdc6549777c622

SHA1
bd627b42151c6e263a3fc62b7995cbddb7bb6d39

SHA256
323689d296dd6d8688db59f7175c87a3bd45be967cfaa909f42ab191417981b9

SHA512
0e0108606ed91a4cfa5212447729198007a926b5060c8c00580ad61608463ceaf1303a6d83b7f6fea446f4676940471624e04474dac747637cd8d719eddf9d0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000027

Filesize
338KB

MD5
9670dbc8a2165416dd2d1da336d8e553

SHA1
c68cf90b3eeabcb5242a4f0cf730519bbbfaca97

SHA256
06412d308ad0d6faccd13c4275ee4636a967937ee5f0f6cacbf80eabb7ff14d0

SHA512
a269e3e3d5956b729f29fe4df97e82a8d370bf7d4f2d6eba205a0210eac68fcd5f1eca12b7c92105b633c423516d0e014da8cc2a67e97036d4054f4ad17393cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
222KB

MD5
0dd2ee682b663f0dab80fca2ae3e4b9f

SHA1
63cb36d6fea333128927a08d9b890719c73d65a3

SHA256
ab1871fa9a9529a446cd3cde14d052903220f98dd588ee1ee6a13203a164374f

SHA512
99f47a695a430b98d7afbcd47523c3689d8441e44f5342278a697c59953af82e4072115bee7b590de2e9e427760e26c4d947a9b4f3c3e965da2fa478e7b64452

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
80KB

MD5
77e11cfc273992a7f2026a76274f4abe

SHA1
523cb0ff043a996ca882fef3785011902e41325f

SHA256
2db89ae8cbafd1d202254ff4096d1864994c32c0bb1b2a28cb20524bddd49e5d

SHA512
2a3b529799a1521642bc52568edfac1970396dec2cd458a104ca79bd41247c7fd45f60b8514cb18762d0b25d5ef1fde5d1479b9058d1cd1174e6f0e30faaa2e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
432B

MD5
0d60facfad97adb0012aa6175f211917

SHA1
fbce3412632968a3bef6b17bf9dd90a3fca2b68a

SHA256
657a027e5ca83d16938479e4fb4bf5b1ead1af44064c4b1aeb275c767958d8af

SHA512
37a966913be717514b5e20b826413b531e7212214c75067a0dc047f4f02d875b31233ba7ab3b525631e71d174489591b8bea3da0a15839b5335b044c83cd38fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
012cc18d3d733999b63718f206fc1c44

SHA1
d8238e704355332eb6f5094b202c583328450273

SHA256
5582e0199448593af18a60e4c79090b97dcb6e2f832b818f33084ad27217c15b

SHA512
96fcd608c952128e0958c64fe170708637eb8331074d8473695c62cb156c6976145131ae497e2ea76bc586375982caa824bf4580568a4d2c6d9c3608706ccc5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
baf172a0fde55d424cc2662b0b618a35

SHA1
6e3ccbfec907c46125ce7c72dd6e3ba88765436a

SHA256
c190c48f15127bc9a85f25528111f3ea2a4da96586ce1166973aaa23fc42cb78

SHA512
4d10d8c03fc98d8d996a50cec170ed24dba8192f3cc38c1d193e1a1abbe993182e1d64eff1856e63c5b824ab8c871f38f37f55399ceb6fc90fc7b3c0df2743f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
40c42450d4b28c97f6fb4cd815c63fce

SHA1
12f876f9dbce46e5b1b017fd292d8879a6c04c91

SHA256
9536f305da0752397a92c2182c4394f4f8b0dfe7725c04d65c13d6ccedfe08df

SHA512
49a2cf1eeb2fb25f55032160e0ae3b4aac872a167ded7871f74ad66453b1f2a8ab4fafdbc051ed5e1833aea18e8d98e11028651be1b909440e70d286e01688b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
80a481170a21418e78437a48f3b12d15

SHA1
a6ff3e0967615815f96f6d485c95915cc34c4702

SHA256
073b98c4f41c246f196ccc19a2a677c49cc1be0c0ec3b39c44a710676c588195

SHA512
caf5d79e132cee181534cc7d3fa6e6a6471f3b924c1d3dcff065ca2438f9a44a70ad69a9dcd527c9b7e5a93f55a3ae02eaa7c8f707c371513a6dab18846d8bb1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
10c022ad9ba22dff4d06898efc0bcd68

SHA1
26df47fe72745f5d2fd238136a3d5052a00d836f

SHA256
dd6d748e338198f83da4b63da82d29ebf67a6909e376507dd8979a86f07330b1

SHA512
0708edb1a9d677f201eea8545eb8ba842096cd2fef16cddb0f8c66e2abcff523994aec8f7646fcb378296f970f81250cb04866b2217ea7d0939e8b75466be18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
fcdf9d3aa73b47ec5a82f13835974a4b

SHA1
46e5bd4786ee3eab1d9f909acd853647e62a420c

SHA256
8fb38ea2ebed59a429feaf0924a3de98ef95bd7c9d1c6d38cada141ccdfc9195

SHA512
04652d91743dc79182c2a3b1df2f0cea913934f26e3490443ae8b34247e06c7e315160b8e0010579de2e379271fff3ae505aa28c8d991bff514c20703076d395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
f080394f1071836f53aeb61e6063f51a

SHA1
dc7a53c2ecc5be96e8f78a21af9f605f474c0e37

SHA256
ecc45b1dd7d524022cd8b369233cfb6fe2a974f37e6034a8ac6b1deef89d2ac0

SHA512
c92f63d2a84454041c90e28ac19754ea374c274f716c956aeed5a55bb74ca54812c6ea9e4c4ef5e0adba60606fa87ead860ed9ef926ac066c16165dad7e69689

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
818e7a5e799257553e5f1619f81d0fc1

SHA1
f9355b668fffbf42008f4b4384b1fcd4f56998a5

SHA256
103ec993c15057c0fea19d3e15f7deebc50782b88844721b602b5d788c5b1486

SHA512
94f33b85245b61f4a005a6d255c14ef7ab9c014a616d9c33b2e6c9b4664f5ec0bf441adeb913cda50a90b36df323bedd02ab776ae8cc538a35543c17e828d1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
42a14300d5cd00980ff8aeee4c6e3133

SHA1
311b74a7f442fbfeb4798a00cc6644a4efeb8975

SHA256
787f8839b7f4e40c2e5b42c76e897951a3a0267add961ea2296a34b9bd0655f3

SHA512
57e650bc5513bd8d6a5dfb8a1a68105b05438d1775def333e7f7e82d40022af7d0a80170aa439c27a239e49f832202e846029a81efb098467777db779a565609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7b3ac5c9958a261349b8e6c1a40f28ba

SHA1
7fca71accc63f21cde440a6208cc5440d6d5bc09

SHA256
c16d33a241e04cba83fcb7385b65e67dd3d7ea3563a8aae0e3a24a939a1dc563

SHA512
a2ea3961a2b9f0d7aad8c22d6a5249a54f249ba139fee94a95e2e0c76241049739c57fd5b9e7c64665207623eb1322c680a488559ad8286b8b3b774b57ac7291

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fbce1181de5a3b267c6cea41cc99ab9

SHA1
94093ce0878b74c602c15eca856a8763fa6fb218

SHA256
f26e910da4eeecb48125b5f177123e8647a7002132b994bc766f793bf3ae3e87

SHA512
966a54e0fa7be5258695ff50abe6d53283c72ac39f5b22d22b65a5d96af7e5a3d1ffc36a309c5f6a4c9e8f8cda023aaeab92cd63485aec5ee997d68cd03b679f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7fd75199b109000e7bb56442d9a16f8d

SHA1
a26d0202834f65131719dbe860c15838591197bb

SHA256
483800df3b58cd6f01580a5d8bf5e105b04775f3e5f5120b29f951d14fefcb91

SHA512
836f4518af9b0ca6eb665733044bf0ff509fae6e1b540c11a4ab3fc36621f7faa180c479ce915d8880664f603cee8350b7e7af4091cd3a61075f07095e3437a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c0d0030139ee75f12979f8bd45b74712

SHA1
174842e4fe97dc6e699bdfd284301958283f885d

SHA256
3e0b4f0dbafebb5ec1733ec40538b835092905fa996d8ae83fd63760c002992b

SHA512
921ff9a50fbc34348f44751b5068b99f4928586f6fc6d2afcfb3bb28468d5cc2f56868748a7bf265de7abbcf9c8adc81e4f53f6a20f28c170f837c223c474928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7821222bc1a067efaa2864e02fa34342

SHA1
8be3312673667a2bbd9910143eef1769ecfe01f5

SHA256
aaf2701ad143e402f1661095447ed2f676dbee9f038dc40609078d5b891b8b47

SHA512
7071508d16f6d44136c1ad5717426cc96cd8fe5030e51ad3d0e970c9cc3319612b2e20bf49abb0f48df33bbb33ea9b6d94e46fc5f0c3685741d37fe4d7ebfd82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7d51c035bf3f3278c388a3eb681d70fb

SHA1
b32db718820b1b675c77e472d69538a40d07fe07

SHA256
79d97871ae07b1730a90a65dce83e128a388f5bf72746f6d59e3befa72406cd2

SHA512
60cd843b11a3774f2151fee6b5d0769ea6e53807cf51325b52240a90dda1f9427cfaf757facfd980f1c88c6213a0c9166384bfd74bc578e3000b320dd71d8ba3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2a247e8a443d670078c1dd146d65f38f

SHA1
d01b78754ea86081d4595f17adae618d93bd162c

SHA256
a0d3013d9f8114225e2fa3cc8dfbcb288d5240608f86482e760126c030890b3b

SHA512
b49bb5fc591b02599ace29791471dbcc7bb757762c0b013207e5b6e3fd69850463f4532d0abb06a709355c90b6a96dc0a8ed5bc3d6fce2fc41413cbe4db3302d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
269bd6a06d2ed2d7bafb09a65006a1aa

SHA1
9900c810d01776628792a06027690cba4d60cd19

SHA256
71e4a7d20bb5c510693944a104e685fecdbc470ae34c450b09729929d8e83ce7

SHA512
6d1620dc0f5111506ef8c13fd447d0ebe9b42298495791d5758e2875d5def191772423853895a8a75c3e4faefba7c24885da8e794cf3eea795cacffa70ff2352

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3e1a44a3452231ccd70e25d0076186c5

SHA1
6fa4e7e48eb6ce5680c9e3548187ca36d45c6643

SHA256
886f1ce9fc153c869ee5887033b7c1622a03def100869f7e17f09ae4ffcd76de

SHA512
656dba3b05f8a82aad89a50687327be5d304594b13738ed59f280ebf0f691d2ec3dfde04e3f0002df8af8f0cd6787d477fa2d4395a8cf20b43b86b2fa75ffaef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2bdd3731226d5d9803dfa507b137ba85

SHA1
c00fbbc34096b2cd9e8cd4e72c642afcef3e4e46

SHA256
ccf015486b4d76844b44864d5c23d12bd186a1b43e08b512118878f448190d0a

SHA512
96f154dde73d80c979b66b3b8a7021b2851e7ac5ada5c679c0fdc4398bcccd88c381fefecb82e023e61f2970c12820a5759deedcb0fe20a0bf5e07f0f96778bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7c832a908bbb9d1cd2a1d5df6dbfee1b

SHA1
9daf43b817a85c98823206265905ebfaf66ea30c

SHA256
5d207304da8b073ed3640b79e2ffc9f0049b16b335207df41dad5c6bfdf363c4

SHA512
f04cb72808a3ba9c6a4da1a0933c3a0749b195490655083bb631f131d940125324b7500541dd34a5d50394473cd44913710f5b904870ae6710148adc5d0f7ac8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22bf66d8846f9dfee632bc6377cce2b8

SHA1
079a4c5d56094d4121c44c11141f8982d516ed0c

SHA256
531aa67a190deacc6b888ab276c632e95e9dbad83fcaa819d1060ec6946bc988

SHA512
146af05de3eeb498e6b9a6c912c735ac4c3a89debed45ed2fd806b4ad36b5b80aba41351dca7d8fa8242af5aad596c8cfe410aaf1c784e50b35df05e70e558f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ebd0993b572069dc723f16e4b4d4836e

SHA1
810333deb1808dae726159471493349c54505333

SHA256
d9db2affb42952b05e5ac003fa2eb3b718a82e56f9e8de8034ed8638baea0071

SHA512
806a719ffdac2c2baaa3198e57b25f40cf76161bc09ce5a1102eea0b85a496b0c23d99a0ac944c956e94267908c370c35ef9079a7dcde6313e6b6ef70c365dd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fdc432f588fd3f2164aeda749edbbb72

SHA1
530473d393eacfc4200a3edbebbfc729334c4808

SHA256
d64a2de1680b3708e005bc33f3faa2287956e35f7b8f7d0d9ef50560fda3e637

SHA512
3b5d73ebbc4b3046b0414008da92b663c68e6befa2d0bde56522906428f621d05a54f470afd8d6a313e47fcbd1acffdc59f896b7505275b8803deebeacaff25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
86ae273c9f14660c717074bc89bda778

SHA1
9e74dcb982a4525a8f98d2a04f64af13c4af58db

SHA256
9c7dd2bc3c6f898bb11853c641851dc1271a5f95ab0635a58171fe64655b07d9

SHA512
91184c50afabb4d3bba66ad4e600b2644f12cfa2365752c245792df2fca0bf79c94548008e2c34830fbbc99f31c29d19c1e7289bf38a8d39697fb845e3693fe5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4722424e1774f1dad0aff29eb5e0c904

SHA1
e86952834e1d83a0e20b14d39eac6507b0434bcd

SHA256
9566708f67630aea97a593f2c7decdb266d07cf2ff9e2cbb7b18d52ba3cf2cb9

SHA512
92c4ebbc856edf030e9d44ca68d20df8bb3c2391f90a133a1aec2e4f9325508fbd6be64228a54c7c14d8614d38fa60d1c2df4d130583b444178560b737c9cc60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2f19b587726c425531322220a7476091

SHA1
d29151e137362b7322eda77f7e8f5248f88f4014

SHA256
0f99a0d4bfa6b956f865af446627a766107e9c936d9d3cc5c9597496cdb214d7

SHA512
16e14d2edab4bd3ecc843e16feabc5ed6543aa7303b2cee966f19338ede7810f62e407725bb7a47d62267964a3d38ebcdc1f68004dcd89d1e64e5240787f5476

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b0eb767c958066609ebae91e51c53686

SHA1
269affb8faf728f892fd82e0daaa813db79541e9

SHA256
28480c20dd59f02af15c23239bf94022d0583cde824ac7916078a431825d122c

SHA512
4560a3c3cf9582e845d466600da3d536c731541d27cf034b8afd7ed41beec4dcbd6ffc63790cea7cad068c7eddea4de3875d87fcfef7b696988870e470146fef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e664066e3aa135f185ed1c194b9fa1f8

SHA1
358ff3c6ad0580b8ae1e5ef2a89a4e597c2efdc5

SHA256
86e595be48dbc768a52d7ea62116036c024093e1302aced8c29dd6a2d9935617

SHA512
58710818b5f664006a5aa418da6c8cd3f709c2265bc161f81b9dfe6cdb8304fabaa4ce9deba419fe4281623feeeaa0321f481ae5855d347c6d8cf95968ee905e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\4f400e69-3e17-493f-91f0-7f85335280a7\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
68d4c06c2611605fed208401f12537ca

SHA1
be0da279fabfcb7ed6e7010728953b15cda2f6f5

SHA256
e9232a3dcf6831bb219a9c91925bc8406f71c8391ceb37e345a13ac169718268

SHA512
b3e4785ed6af9c4e2c14c11ad1eee94843ba65af3e8233bdb305b972645f42baf178409230e05144fd61fd13bb91cf0ff3438b8d42a8441cd7145ea70003735e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
5887f55f3451593b73d5c0c1404fa52a

SHA1
1a118fe8c6927673ad2198fb771a56620af60eb4

SHA256
2e79f75d19187c4a3e2f3d9be35297acbc33c76b06d0dec241bb2d7dca18b685

SHA512
8a1c5471b94379de06a7990e4c3a83bf7b19aa98f930facf44ccf013aa950f35c2a2f92d2efd8d32aaa0f90e768e03174c524c012a42e3e8ed5600ba099fd99b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
2d07a326d1a27808679c20ee1895ac22

SHA1
3d84729935428ecb5dfad980e8c5bec90998d04d

SHA256
0766e379f55f23fa9bfd33ec5c0ae2878794079f5f6dc218df84ae3428e0eb37

SHA512
bc5b7dae4fa916da55f8fe3edf2e295093873b102e59efcad09bbc1297906e6725c1d902977378c4fca12916cbdd8a249606eac219f94d6d1de2abbc7479b60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
3e738b7d88744ee9e7b63244c6028dcb

SHA1
fc2b0165831c9c33624a5f5e3bac876b2f60ef8d

SHA256
0f2c2b1b9f7ab0fb7890a6da9ca7cb0522685fe1770383529d6d80a4c7c364f4

SHA512
893f857efb579d15a8247cde0f6f7ea0859c8488d2f7e3b2a06432460daeaf7873a0a36628d083c0bbc1a8e6115354a77bb5aaa30f5f2e50fcd700edbb88d444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
fc95b5b5353508fbab77a75e348c66f3

SHA1
fa0af62700b44c8eb81649485fa7a2878c51f592

SHA256
d893eec968cb4a97ee86ea09ddcf2ecb9d0f68fc29c184e661f7c2e39bcedca8

SHA512
86db3bd1f7b5d93e7985113f148fd60359541f235480c6502108225ed7f4731a70995a174122220e42cf5a1553ad8c30de798332f46931cf001ad028831edc63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
90B

MD5
0cd78828bd4dc2587f1eecc0f8d56ece

SHA1
83cf3958b68014cd5806a26dfdef55de2534e8cd

SHA256
ccfe44029a53ffb14f2b3e62d036e7f0e5c3bd4a62db2c3ae7cb14eb8a3fbf94

SHA512
7e94fe99c00f4f6a89fc40e72e45226e8c278f4d95513b6c66af9f027d076c290e735d2aa1c99ecafc87c1d3539b0fd8e0ce5eebc5b4e42335870e9e67ec6cfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5a21e1.TMP

Filesize
90B

MD5
5c1c3e6dd343d8f5b8e9a8b03fb13099

SHA1
0006416db896a2ecadb45c264183e5fea63dbb9e

SHA256
b370dd85ae4e8d0d5e1637cd1a43a65c0ad6b0c4f35707e1206b6f54c080c32d

SHA512
fca50ac7ad19e286248d046255bdceb35aa397bb68d1228eed8fab2de6ff38ef62e270fb8554462b7f88c74b675becb892a9e3acdf3598cd67fb393444717e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
88f22d78c1e072acb60b6f4510b75852

SHA1
51325fb9347195a045c3de52b955eed0cf6fdf05

SHA256
0954bc3e77b8555456786dc82b69beed1c49161cd511ba140dafad9f245132fa

SHA512
d64a501d613b2b28535215bdbe071fc2b2b53f87f79165184906c31424690ab09b89736a45eb3c72c7ac9e1e5a92d000a6f8d3000aa1c2597090c9f817ad12fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
ff740d5309ee383a3535341f48bb86b1

SHA1
c820cfff0c40e3e70f2338c1951d26c342550e80

SHA256
f76b7c206ec658c80d4e6055829b1db09f392e6d61bf0ab105149c87af9e2d45

SHA512
8d7153f6005f7121ae0782812ac4e23f9f330d53dc85f4ab4467c59ac243fbbba35a0942f0f9e4e4f21914aac86209698d7e5fec51864f9bba9f54f26dd53224

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
ed18829838889e869f0812b1fdb32063

SHA1
775ce8301652cca01ace7740c5db2e305c64c4d4

SHA256
866a63173ff53670186aae42a67a9254dc45e00fd95f1e3ab8fc8b9b6842972d

SHA512
8a3404be2562c3ec11ef5c125463d895e287148fea45952a0481a1b4940b9706be33c804628ddd878bd33ee48a843722ffe1ee26714aad760a0852f16f6f7c1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
bb6aed8bfc59be4c45bacb2f5bbece65

SHA1
2dbc8a381c29a52593b417ba8df27cab52df7a7e

SHA256
4d73029559044f4e7ce9414adec8048104828d756fe7ff12d133f53ef96e4576

SHA512
52b7b750d9e70346d4977c297d0c9bc9d424888e0e168b353cff69aae0b32ccd866150aa2619213a8c1ef8673d25d11bbe4ab23289f6402e1b2dc7af5b0874cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
ae7986959d05870b01c3e6520ae5321f

SHA1
f66c81b78dd2bf401b3e3b36256f2caa2e5ed019

SHA256
7609ec0adb892b4f51c3db52f1ddebfc9233e078cd0c738a9f67af58a17bed3d

SHA512
11caad554ed92e8de527976f7f871b86dd2af832abbc11e2de43bed6aa60bcc1f0f4b59bbdd6a5960e5ebcc74fe3e9604a6e9dc8abaeb8576c3a81c039cb5276

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
d8a933fed09a4c6156fbb524a23ea30f

SHA1
903cc030c5d96ed35909b38fd7910899a4ef236f

SHA256
852c88b301dd5899c8f499f495fc306bb996f16c3b7af96c04822cc383f3cf6b

SHA512
e47d255871225a2da33ed1dc6da5dc4d44d3b486f6b653cd2c167430a7a3feca7a79fb987d9644d176b810fbac57b7258368e13891022a2cb98dfcc16949ee52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
25a8cad2c8749f2c9201fe697e53282d

SHA1
4c2a343b79c10027dd2ada01b24f29caef46fea3

SHA256
42f3314e752124a1cfda26b4f9ad02f243f5f46aa65872c15a0b698774b60454

SHA512
626d7f68c16b50aab94316c7529b4d9c0504d58c85c104abd5e11c5e4be4fdb19fdb9ea7133cdc2481468c8067731a46d68dae7624445e9f6549ab4799bd0a14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
4c78a1789112b85f3f9cb9327923a7cb

SHA1
31c56446ac3011f6c4f97a59ad5dbdcc3b27957a

SHA256
fa1f9189741264d79aad61c6f4603c21b532ce2862279f9140b789a2aaf02865

SHA512
6b0e20b55041f288a1ea682c0a416d8394f465d34e6df4148d07f1bb3d2588a978e36ea5be58ec5c8c511a9ed0b0ffc2084535ca6d39b081c3fa7133f8fb1528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
372B

MD5
8bedddb43507b8b58176b066a81129f7

SHA1
0f225de046a2a7c14b7c4adff17d5bbc5286fbca

SHA256
8fc9ef230035bbbfd648309686f82af3fe6fecad2e2c0c0ddeae39d627c3f3e6

SHA512
554c68d31103e06076d18db76151db0ef32343e0957b4d8726b3adb1f0feec3dee231426ec0c333d5df34884c2ecb92f3df1e85a4f45ac26afa60f60eb222529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
20e09c55e0b5cc7b7f3239ea78c31e5b

SHA1
042d1f5a5eced94b08935829c54cc6a549a14976

SHA256
ae547c1ce7c73f6092aa4be019ffda97f99d459c32d6ee356245e096b7a7b86d

SHA512
34b6eda3904235ed5bcb2414cb7dd5be1de1f5a3b7f08240c86bfe68083cfe7214c313f084b16ffc1686e5d06e5676725516ffc1587d89d42c396ee60038a744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0b00867e20508a65a1f34608a9a96489

SHA1
ee91aa5b0dcbd858011314f871fe0932086c01a9

SHA256
b22daf30563d2ef7dd096d86b15f45e9dccd4dcc4000fa88f301aa020579390e

SHA512
b77223d9473ebc56ce332c36010a30256a1f1498317d8cfe4b2b6ade47ff6ad32831f3bd6ae50e8082415322edcad6717657f7997e673f03a65430077d3afe87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a1e5500a3e5c8ef8fa9bdf2ac9a82508

SHA1
c2a77aa95fb124d6b9af3553c399f777878b36e0

SHA256
68bf86dbfaf3ca73a38dd0a9f0d5fe8cf09463147854ced2144e2ddf21c50e1d

SHA512
465ccac5c3af92dd88f3bfb9f0eebe200e9e74d71705d033b65fd45fc33e7a6dcf52364b73632086ad2e284a8b1ba155de1a7a1c3f3581ab61e3757889dca3d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0687c6f75d6a390f89b7d68eca54f679

SHA1
40bbdbe91d3b7058c5843f113a4aff3503302a62

SHA256
d99705e44fcd35e3028e25a77ad21fabef452e12dcd437bf22992db6dd28cf0e

SHA512
b35410d7c0dded87cdbf6473e02e031e14b46df057f26412eeb23cb953c74ec09e5f698c9525845c5ca8fe876c5547d9d8dff219cfac3d40f537a2feaaafae36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8f78357045098e385c1015583238435c

SHA1
63e974e1d837cfafbc04ca4de1ba7c588570cf9f

SHA256
e5cbb57c60403c78288e7b22c7d0c93e7d9a5c28308489dd9a22525103932c4e

SHA512
b2c0eb3efc8ff9536943e9bda59150c7d7ace646caac800f9c5ec2e2318ac5e7a8556e350a7585b0c7a8f73c155246f617cafc450e09aabc6de8146ebe76a131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
92f7d9c3158b4dae24112e0f1f825a05

SHA1
b00f425ccad558e5ef0c2f7df48053b7ae21b1e4

SHA256
26e1cb72b3cd52fb5ac63cddcba90707aced51976021f4c7be3eeb20922b7797

SHA512
376d6d44251ae881b2a6958d011f55c7556647e2da7e73786ee99f05da2ed3a7e0ab0c26a8319c727d09f16f2529d330735c124ff9bcf2a7dfed1ac72341bde8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0568b1c45f499f52b28a44402ab8d660

SHA1
fc1948955fb7ea4a5d3411279588183e546e17d9

SHA256
a3f940e943cf05dc2adad474c83e1dd0b7ee4332917b57fb0604a7fccda5ff1c

SHA512
ee2b7cc77cf5a968f612705e999384b20c25e1809a07db191a675af11e6703e7d1c61d37ccb879127e72ea57b151b7b154af2f723e56755ab36b491abe778aaa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3c76ad1895ad9ea357180fa4b71c1d40

SHA1
918915e9d46411843db0c0cf8c395be0649d490f

SHA256
840a89549265314fdbba8c01224fb0e7a5e4d78a51b5a599fd17f3ced8b23d1d

SHA512
0c06a622d1248a26011dbf2047468ac42834891d7f7576308024d2477a490ec6f94509573214863de6562cb60f0f2a00d9c089b2998cadf7b577148a4db7a865

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/1560-1999-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/1560-2001-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/1560-2000-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/1560-1995-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/1560-1994-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/1560-1993-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/1560-2004-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/1560-2003-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/1560-2002-0x00000000058F0000-0x00000000058F1000-memory.dmp

Filesize
4KB

Download
memory/4092-914-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-922-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-921-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-920-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-919-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-924-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-918-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-912-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-923-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download
memory/4092-913-0x000002D90E910000-0x000002D90E911000-memory.dmp

Filesize
4KB

Download