0f9765f58fc4389dcd7541172a4454c0f646dbec174e828a64abc9aa19de4990

Resubmissions

Analysis

max time kernel
372s
max time network
608s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
14-04-2024 16:01

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Muse_Hub.exe
Size

38.2MB
MD5

113b0b7cfcaf7b11d541d6860534ce2c
SHA1

443a0f24974652fd2d081b952061a5e0f386e71a
SHA256

0f9765f58fc4389dcd7541172a4454c0f646dbec174e828a64abc9aa19de4990
SHA512

78f09c46d202d73194f7c648effd03c250a20dc280e07bddb9380128c6077ce86d78da1ce22be1fcc14024a09aa35bd23f9288f1a650d66233b21ddaaa93c9e4
SSDEEP

786432:mt+ooIxXSZFxfPfRLtX630iml6R/YwsNnoPv7pAMVUZ4HG04Rgrk:mt+ooIJsxn1tq30iu6R/vsNnCVUZ4Hl4

Score

6^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

83 raw.githubusercontent.com
84 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

MEMZ.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation MEMZ.exe

flow	ioc
83	raw.githubusercontent.com
84	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Drops file in Windows directory 13 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exemspaint.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Executes dropped EXE 9 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

5072 MEMZ.exe
3112 MEMZ.exe
2256 MEMZ.exe
2516 MEMZ.exe
1832 MEMZ.exe
2020 MEMZ.exe
2064 MEMZ.exe
2892 MEMZ.exe
4012 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
5072	MEMZ.exe
3112	MEMZ.exe
2256	MEMZ.exe
2516	MEMZ.exe
1832	MEMZ.exe
2020	MEMZ.exe
2064	MEMZ.exe
2892	MEMZ.exe
4012	MEMZ.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Kills process with taskkill 3 IoCs
evasion

Processes:

taskkill.exetaskkill.exetaskkill.exe

pid process

6444 taskkill.exe
60 taskkill.exe
6308 taskkill.exe

pid	process
6444	taskkill.exe
60	taskkill.exe
6308	taskkill.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133575855003912115"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 260a9e16898eda01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 54ae42cf888eda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 509221e5888eda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "21"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = fff17004898eda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8a2e88cf888eda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 2de693db888eda01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-0876022 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify.	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\OneTimeCleanup = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{EDE7539F-FB2B-4F20-BEA4-5124D307B5A1} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164C = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1620	chrome.exe
1620	chrome.exe
2872	chrome.exe
2872	chrome.exe
2516	MEMZ.exe
2516	MEMZ.exe
2020	MEMZ.exe
2020	MEMZ.exe
1832	MEMZ.exe
1832	MEMZ.exe
2020	MEMZ.exe
2020	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
1832	MEMZ.exe
1832	MEMZ.exe
2892	MEMZ.exe
2892	MEMZ.exe
2064	MEMZ.exe
2064	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
2020	MEMZ.exe
2020	MEMZ.exe
1832	MEMZ.exe
2064	MEMZ.exe
2064	MEMZ.exe
1832	MEMZ.exe
2892	MEMZ.exe
2892	MEMZ.exe
2020	MEMZ.exe
2020	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
2064	MEMZ.exe
2064	MEMZ.exe
1832	MEMZ.exe
1832	MEMZ.exe
2892	MEMZ.exe
2892	MEMZ.exe
2020	MEMZ.exe
2020	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
2064	MEMZ.exe
2064	MEMZ.exe
1832	MEMZ.exe
1832	MEMZ.exe
2892	MEMZ.exe
2892	MEMZ.exe
2020	MEMZ.exe
2020	MEMZ.exe
2064	MEMZ.exe
2064	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
1832	MEMZ.exe
1832	MEMZ.exe
2020	MEMZ.exe
2020	MEMZ.exe
2892	MEMZ.exe
2892	MEMZ.exe
2064	MEMZ.exe
2064	MEMZ.exe

Suspicious behavior: MapViewOfSection 16 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid	process
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
3928	MicrosoftEdgeCP.exe
3928	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

Processes:

chrome.exe

pid	process
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe
Token: SeShutdownPrivilege	1620	chrome.exe
Token: SeCreatePagefilePrivilege	1620	chrome.exe

Suspicious use of FindShellTrayWindow 36 IoCs

Processes:

chrome.exe

pid	process
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

chrome.exe

pid	process
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe
1620	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

Processes:

MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exemspaint.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

pid	process
2524	MicrosoftEdge.exe
1804	MicrosoftEdgeCP.exe
956	MicrosoftEdgeCP.exe
1804	MicrosoftEdgeCP.exe
6032	mspaint.exe
6032	mspaint.exe
6032	mspaint.exe
6032	mspaint.exe
5208	MicrosoftEdge.exe
356	MicrosoftEdgeCP.exe
356	MicrosoftEdgeCP.exe
7216	MicrosoftEdge.exe
3928	MicrosoftEdgeCP.exe
3928	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 1620 wrote to memory of 4732	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4732	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 4608	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 3720	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 3720	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe
PID 1620 wrote to memory of 1416	1620	chrome.exe	chrome.exe

C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe
"C:\Users\Admin\AppData\Local\Temp\Muse_Hub.exe"
1⤵
PID:4444

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffb67c69758,0x7ffb67c69768,0x7ffb67c69778
  2⤵
  PID:4732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:2
  2⤵
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1864 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:3720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2104 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:1416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2904 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:2156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2768 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4540 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4552 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4780 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5028 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4672 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=948 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:2128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3060 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:2324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4904 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5016 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5424 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:2540
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2196 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5804 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:4388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5460 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:2372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5468 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4676 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:2472
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:5072
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=6136 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5808 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1620 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5768 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=2232 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=5404 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=5856 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:4484
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=4776 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=5184 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=5860 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=6136 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5060
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=5848 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=4524 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:1992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=3660 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=4604 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=5956 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3048
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:3112
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:2256
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2516
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1832
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2064
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2020
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2892
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Writes to the Master Boot Record (MBR)
    - Checks computer location settings
    - Executes dropped EXE
    PID:4012
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:2436
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:6032
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:7628
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      PID:2796
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:4036
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:6152
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:7900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=3128 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5436 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=4632 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=5928 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=5504 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=5488 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=4756 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3140
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=3944 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6536 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=6232 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6644 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=6756 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=5260 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=6240 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=7172 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=4524 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6212 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5388
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --mojo-platform-channel-handle=4832 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7608 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --mojo-platform-channel-handle=7744 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7760 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=7768 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=7780 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --mojo-platform-channel-handle=8432 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --mojo-platform-channel-handle=8592 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6152
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=8612 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6160
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --mojo-platform-channel-handle=8628 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --mojo-platform-channel-handle=8644 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6176
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --mojo-platform-channel-handle=8660 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6184
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --mojo-platform-channel-handle=8676 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --mojo-platform-channel-handle=8960 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=70 --mojo-platform-channel-handle=9244 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=71 --mojo-platform-channel-handle=9292 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=72 --mojo-platform-channel-handle=9392 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=73 --mojo-platform-channel-handle=9412 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=74 --mojo-platform-channel-handle=9424 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6320
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=75 --mojo-platform-channel-handle=9440 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=76 --mojo-platform-channel-handle=9472 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=77 --mojo-platform-channel-handle=10520 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=78 --mojo-platform-channel-handle=11540 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=79 --mojo-platform-channel-handle=5240 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11696 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:8
  2⤵
  PID:4260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=81 --mojo-platform-channel-handle=8944 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=82 --mojo-platform-channel-handle=8336 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5276
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=83 --mojo-platform-channel-handle=11284 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=84 --mojo-platform-channel-handle=8328 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:7016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=85 --mojo-platform-channel-handle=9684 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:7816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=86 --mojo-platform-channel-handle=9440 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=87 --mojo-platform-channel-handle=9984 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=88 --mojo-platform-channel-handle=5800 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:7604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=89 --mojo-platform-channel-handle=11748 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=90 --mojo-platform-channel-handle=8420 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=91 --mojo-platform-channel-handle=12148 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=92 --mojo-platform-channel-handle=10080 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:6688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=93 --mojo-platform-channel-handle=10008 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:5384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=94 --mojo-platform-channel-handle=7780 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:7456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=95 --mojo-platform-channel-handle=8660 --field-trial-handle=1836,i,12812528681886524756,17876419991241655975,131072 /prefetch:1
  2⤵
  PID:668

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2524

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:1804

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:956

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2320

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5640

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:5156

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:8080

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:412
- C:\Windows\system32\taskkill.exe
  taskkill / f / im MEMZ.exe
  2⤵
  - Kills process with taskkill
  PID:6444
- C:\Windows\system32\taskkill.exe
  taskkill / f / im MEMZ.exe4
  2⤵
  - Kills process with taskkill
  PID:60
- C:\Windows\system32\taskkill.exe
  taskkill / f / im MEMZ.exe
  2⤵
  - Kills process with taskkill
  PID:6308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:7512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6184

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x1e0
1⤵
PID:7276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5208

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:7208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:7344

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7216

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:8092

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:3928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6640

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:2308

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:2956

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:360

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:8140

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localservice -s fdPHost
1⤵
PID:8104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5676

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:7028

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6448

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8180

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5400

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6456

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8004

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2616

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
PID:5260

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6668

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4704

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7980

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2544

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\070E0202839D9D67350CD2613E78E416

Filesize
1KB

MD5
55540a230bdab55187a841cfe1aa1545

SHA1
363e4734f757bdeb89868efe94907774a327695e

SHA256
d73494e3446b02167573b3cde3ae1c8584ac26e15e45ac3ec0326708425d90fb

SHA512
c899cb1d31d3214fd9dc8626a55e40580d3b2224bf34310c2abd85d0f63e2dedaeae57832f048c2f500cb2cbf83683fcb14139af3f0b5251606076cdb4689c54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\29349a64-c632-4807-9e76-e528aa849eb1.tmp

Filesize
270KB

MD5
9b2fcb6c322c4fff01dd9ee494d57c5a

SHA1
afb8b4bf1d5f0c6dba8838d4420247231411ecff

SHA256
49c45cbafcbd8dcdc5ea6cd348c19486989e2ca0ad0aa1ebef4af26ed90106c4

SHA512
5fe96f5b4d458f0a9136b6d514cbcf6e5e293d4c4c2cfca28df75897798f6f2aee835ab9cfc5be0499cb310ba965e282138c1113cfd80a772352d89ce14fff9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
67KB

MD5
6e802165991f1776b43c9e91851ffb94

SHA1
f9e0018db3292d7f4d33ddd9a326931acab62d11

SHA256
6ab5163cda6cb3883035d4f9fc85de1b4abe397025493c64febe46a428e335d6

SHA512
4417ec601068f7f5bad6ad2cfb554c7d48f8a6acf3b5b3133e481be4fdaa253dded60d050274ec1b0e009df020c8550eeee5c8ba196d74c5ce5a32da118869e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
324KB

MD5
dcfa7b7d67b048cd7732d5087d15638d

SHA1
e58189b1791ad0941deff5bcf74af9e63408bcee

SHA256
4e1959eb356b1f6e083d3a831f0bd32f358dd33a81305d99df2870de648109a2

SHA512
46d33e4718610e8e89aed05dac8842cb6789780f4f62cb11bb0562dc15a6699386b97f5c99c20db154e18723721ab01645ddb8427c9ee0cf4054bf11662929cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
136KB

MD5
c4fe6354ed0afad7ae6bf84a2d33e1b5

SHA1
64fd8625cdeacd52a456c39d219439ad9b78c51d

SHA256
3081f5764760204346ff3307c2eaef15d07673fab0a7f475c3debc20cc5b5821

SHA512
5d41d94a2d126fd1abaf94f2ca7497178f5e6efa58105e6b15bcf202d487e2594fa2af5a228cbddd0d22699d3b3fdd61a4539c71cf1647ed9106b6567d270fbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
29KB

MD5
15dfb80b7b3f08dbe2e62734ad65fff7

SHA1
6877349b7b0a5401ef123df889ae54ab2944e667

SHA256
f3dbad1f242840072ae998fd8aa5c4031d468ffc1a610ded44286a2823322787

SHA512
09ff548e80480edfe57427d33729860ebb9a803944ed8d3c88f3d546c185e33030c6438bde00d35e6c377969778439fa35d742f97aa136ac8536ff9216028e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
66KB

MD5
1e3866fae78400e2271411d54c132160

SHA1
15ce0b2c130b987ffe9376c47b6c246dd44c32d1

SHA256
00a918386aea10ee2c25d529038843c9f4d70e61a7e2578c3aceafd81673968a

SHA512
e50bbcada0323759e3a6a796a6455d5a6e8bb613a1f7d5e0b86ccec95df44139ab9d3c5fdc5649853532695fe7135037b0ddfa4757d742bd94d93da4303cb4d2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
249KB

MD5
dbbd66d41fb2f81afdd3e296e67628bf

SHA1
0fa7b14c9d2b0b761b2e7a809e245b73771ba9e6

SHA256
29aaa2b83d9c41a5467005904ada58d58201ece53377065be9e9a52dfa6f199f

SHA512
45e038a64ad3ebad58367e2e2dd16f894f04fcd427ae253a4568ac57ec0c5b9490629ced6369bd251e5dc22492c9af7e98a86a43719f1a30faaa705c30348e14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
47KB

MD5
045937268a2acced894a9996af39f816

SHA1
dfbdbd744565fdc5722a2e5a96a55c881b659ed4

SHA256
cc05f08525e5eaf762d1c1c66bef78dec5f3517cf6f7e86e89368c6d4a1ef0cf

SHA512
71a025a421384ed1e88d0c5ffadc6450a9e1efd827fe929f5ef447d2901cd87572fccf13dfa8b2706c9fab8160163e3a0c80bfe1ab49d63ffbbcb0e4e591a84f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
17KB

MD5
9d4cf01f846a0613c620463794b1a31c

SHA1
0b4a8dfdf83967af3380d3693c34cf264dfb8c27

SHA256
89f76dcc3cd90019066409a4bc6ece01d9fcf5ebdf193de83ca5b518f8428ea4

SHA512
53ec47a27c937f62006e4631a762e842cfc608489b40dc3f0bd35af963e8ff79292e8ae52152c728e1dcb7638e350d826806cacfdb8dadae3d4b6dd4b17070cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
95KB

MD5
0fc830d06ac3635b8f24773df1b87b2c

SHA1
b9d82949f40c63ccae4395650095430bc6863cae

SHA256
f996cb602fc30f7dd054c83ba995833ba398706946eab563a2d987b859fe383d

SHA512
a2d7f3473cc6cc43465c2bb01c85da64dbd367868e79a76b58f2b8756fb656675ee61ab460cd023959251cef7f8cf2acdfc233b5a2137c7c08347f8175b86a72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
169KB

MD5
b73947fdf5c00a67f9b335f61ce1fd18

SHA1
5d8b3bad9169b72e48608f477d8e45188c8c8260

SHA256
f1fc18151c988f4d2f775d9d920bccc1f669923bffd65f8f2c1bb1cdc1a326da

SHA512
c957068242baf52071472ee30a296f9da31f84445351dd574885f098f77fdd466e5928c793cafec12e03e7fa87963c6966db2cd7ebcddedc6a055324ebed3753

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
789KB

MD5
0f49bb1b91100dfca4aa9527f09cb7fd

SHA1
1a9d1c5eeda4abcaa18694e5f0694e69ed13d147

SHA256
a8fc1cc23aaf6985814a81e2dc22ceb156cdaefc038374fafac1969b24e73c78

SHA512
7315d44ab0de3824fc228a9cc9b5249a548782872cc563db561a9a818d52a5f38293cd351f536984a2170cdcefafe8a0d6969ed1b6a8e3fbafd20c6bd363b628

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
211KB

MD5
42d74ce329ff04bf03c10c6cba3e653c

SHA1
6508eb5c9894d0466b5412aa7802aee3a1265b71

SHA256
c79e1fa5ccec708122f13424efaccf978834fc62b00556217c8bc5a0aaecdd52

SHA512
96c875ae662fc6b9ac86918ccf767ddb2691674b19f8caab92735d048d8fdf755a42063a6b127602c166105ee7d59f671ba426a7739a490011624d5455fa1608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
41KB

MD5
f586f40abcc939430970ef87fd323cf9

SHA1
1e44e2610b247a335231fbc12c6e52239aa6a704

SHA256
c765bcf8f28b883be0d11ebedb7b2b0fc133ff7e5493ba16ba2e909312f7789f

SHA512
6b63992a841c739cb28d7bed24948db730014a2d0e2e42c0e294a8ab2be5d3909a0291d030b7602a1bbf95d2f98301d8f90201b19ff216fa408ded5a31cfcfde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
33KB

MD5
b54a39d6949bfe6bae0d402cd2d80dc5

SHA1
9ac1ce7c7c0caec4e371059ac428068ce8376339

SHA256
6d26dfbcb723f0af3c891e9e45186deccb0f7e710106a379464c6f153792f792

SHA512
d86ac61ccc0a23d18594a8a7e8e444de4838fe1b7cfeea01ace66c91da139bedf811f5d1d5732c7da88a352af6b845f25bb87fc5a130ddf7450fd6d6b4146b6e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000028

Filesize
235KB

MD5
b729cdc7138f5c7e7f68c6a7a44bdb37

SHA1
644abfec643008cb84f132da9dbeba7ebd64d5ba

SHA256
399cc77df7ac61ae2e1eb7fbd2fb7109df8c9989692e8d8a0b43ebf596297991

SHA512
aaa0ca3960df5b246648caab108f69f4bce592e65ad6b00864c5d0de9016615c79f169805168896b735bfc6dd80063140dd83fddb6dcc1919a49f0d3b84ac3c5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000058

Filesize
49KB

MD5
5185d1be2e9d22fa5d251cef9aeb99e2

SHA1
13b0e52e3c8178c9036441322da41f6c5908b4a1

SHA256
5ea0f8d453c59f7474eb7855bf801fad6d93530910d28a83347e07d6f1bb55a2

SHA512
8438d106ba5ff3cf198f63a429da1130b675d0f5ff2a24fe97e62200b92766cd419608cf754fec25df571d82d0f2465651d9d05b268d43d354255875855cd72f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000059

Filesize
137KB

MD5
0e0e705467a3d68ba4fd283cd2c798cf

SHA1
198ec147c38d0ca9115734e901d687e453ab023e

SHA256
a724606e934ea5c408fbeba8aef7e8e4c3c5ff6e542d5f83639981eec5f3888e

SHA512
a5009adef8085dac5274c5f98f5795e6ba29e6376157233bd5042c77458023d2511b9c86628a3e62c6cbf583258d2fa240adc501968b33e39fdf8680b23c6b17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000060

Filesize
65KB

MD5
34717ce01e946a0d385473ec97d2e845

SHA1
a369937730ed782bd4ff490db7168da743d24d65

SHA256
3cc6335d28f8eaed16356da8786fdd98b861605f34b685e1ab011b152b34f27f

SHA512
4e389044e0c2095f8365353aed53f25e3f5138622f1c34ec33d4b7f4c19c3f07df21435b1b23e2f97b562562ed02d92edfb6cee7cdf60c1c78d97988860095d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
6893111e02310293ca5e7a839af41527

SHA1
772912a6e01de4bfbcc0a31ff7a01e21604a40fd

SHA256
e36eec358f4016308572f12870d762dc57ca0447e5b4e7d40e79f629dded7639

SHA512
cb390c772c5a11306efa8059071f50a5e5f10b0e2027a15e1c25ebefaac060db4b63f24816177a7f73feb8b93d4e9743cd52ccb3707e0c3bd49b8da3b5a56972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
732a05e6a9341b69d37931e6ac24b5ec

SHA1
e09f7f5dc60554d83abe3021b8495a7c83a2dacf

SHA256
be43379f3deff6d59813ec8d8c23f39e94e897eafd3224d8dd31d8b3fc1d642c

SHA512
604211c055e8ec09d604a2efca2b25ac3d6d58e7efe928aa0417b8c80fef69b37d8736df4a1797b52b510fba3098bef1dae0c5050d1ff282510e549c428f5f63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
0b81ea7859c79f1656970c2c7ca3d470

SHA1
865336024b7bd08d01ba9f4980e9e1e3d73791f5

SHA256
787a935c79c36bd053708bc391647c1b06b108559ab287cc7b1142a4546d746f

SHA512
dbaabddda30aa049e333f718e5d0b56d111f8fa0c4ef929522cdadabb0cceb97a7745d7e539eeab1f01e2cc5390886403aad908124917f17d607a38094281c11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
5d2f4503420cc465a586aa5c4b9c6e24

SHA1
6693250a352cd83738a4f885039d5406ec3c20b2

SHA256
b1a49bf9abaed484b3e79bba37a8606a9605a7b09c4d046d691b2cd7fc0b8908

SHA512
2f20b12c63b71e9b3a7b0c0545712c977c24181cc95cd29c3eb0494cd930fb9371aca8a5dfdac81af486338064f1b0402ee8bb0891c245a5db54467539f34f11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
9577208d7612372b6c557070f5eb2db4

SHA1
db2df1e818b9d47d0462d588fa7b723388c182ea

SHA256
e9b6d8414f96bff435395b2c82e1b676545d4fa70570bd6162bc5dffbf3e79de

SHA512
d3ddcfe38a86f8b9aa115e5f8be1fa63ec2ea44c7207330c3881aa00db9f51dcc5eb0ea7dbe8efc3b637d9589ac643263f9d92ef1ffac358735a8d66f64bcd3c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a21932b9f6f459444fb5dcb8c17e4d90

SHA1
40ac282a0fee8a122bb648cd76554d955458264d

SHA256
a6c7ac434c43e59e18afc6cf7529ec997ea9e144dcd8fb8097471575e71f8b0c

SHA512
0fe78b6f7b598cf38eaed63f8a585806ca15ccc087b8ce0ef7d960c2af14aebe10dd83f3089e3b4dd7f4e7638571c6016c80fc211c69e4ef54d4afcec0dc201e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9f7602e3f92cc096ad076e7fd3c28743

SHA1
781f5e1bcd798dd79bd822e45458d91c3c2ecfb5

SHA256
28b0627bdd4bfa3a70f8c1205fa2ef7b8af397efab3a02ae1bbf3f85c28e51a5

SHA512
ede2c9014ccd8245412b4b843c974acacfa63ce26c81e0718c0456c62b996136daaa60ad66c670d70ac14b5f9901e7b682f16e4a63d51a84db260a1a6eba2bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
4d91c352cba4134242afb24991eb6402

SHA1
d865a16be0b9fe18e9575fb846a330a41b2c3537

SHA256
fb474a2450790ccb1f35caf4f91a318cc7ee542f4c6ea06cd946c6c3d9bd15fe

SHA512
8515055f54709bb98439f5382205d744188ce5ffea45cc83b0c2da8ddab361972b213aeb81103fe5ed09d99950bf7cdda869370e49c6f7d716379d088390e398

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
96b6e389b461c6ed827aa9c400e92e74

SHA1
a370775cbcbb6c26db4850a46238b03f5613e706

SHA256
cbbab7ef17c8058a81ac590e10e9c9a827ee46132d5615076de35bf0c3a791c2

SHA512
f94fd1afbeeb178685e691c546d862f9b5dc02a35ffac16964d49d1d157250c73a2f49c8b4a3239ca8f368c41f45fb8232579064a03897b13516460357d23772

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f83342a49d9c9311d7768d00e66e0dec

SHA1
8698b643f9121e4c6eb7aebe7b7b95da53d8ae1b

SHA256
683bb36cbd215673f2b5d58feac9d018fcba853bf6ab1cf24481d64ebdcc22e7

SHA512
8ae097279cacad716f8392b613a242422b98d7526152bdd0dce29865cda02552e625cedaf39107c84e2c6b3754adb184ccbfc2e60657564ad17dea54ffa8551e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
097811d81c310154552ebd0b4280b0e4

SHA1
db44db615dc250fb2cc07a3a8a48576af5ee6971

SHA256
cfa894066333a88555cadc3aa187af49b728f303461a3861366fa37d521428b9

SHA512
fa52bb8f820a7ac9bc1b256b0fd44b00d135c87f65219fbce77d82b1fd062fe857695d9f906ce26846a1cf575c94156d86f111ed94bd5e4e613333b6adebe146

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\000003.log

Filesize
54KB

MD5
d747c8bbbec0a3a2dff6041c452f5168

SHA1
a341299eee3c2155fe004df971ad66153b9d4f3f

SHA256
5ba1fc01c13c673a003c335f7f53f843e16ddb60821b89079224f1d72a579b61

SHA512
5779d926ec98a84df131f291eecf3547f8d386cd8193014286c51c1e6b162a89a2e0d1d0dbdf5b85d40d3b04985966c3d59266fe11b31e4077bda048f922095a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
45fe4f762b0741a7ff59b3ed2f9071c0

SHA1
bf50f7779bbd7222dd20b8e2978180ea60b890f2

SHA256
a5be80b68b6d308e024ed62b711fd1f2cd89bebebaa116c977b6555b0e07e5a7

SHA512
b8142c2e521083b8a7f2d19e1a5ab71d076f64eb68dadf5a0f998c5b9baba1718e783574fe44196669c01bbb327fc531917ab7438ec55d12bcd88c353c1d9f48

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
93a2770b27f7e531d7e72ffc2f2d8511

SHA1
12b9973874d2f05c50d5624b0d6f102ee7f4f0e7

SHA256
3aade0d292802d6aacc2c5ce941e6403e7cd0eb754d90c9bb5e02852c0c650a9

SHA512
a721069e1d90fb2a447b6e4449f00043e709563e2056df8149ceb78c90fa0c1f92f80de485c6b81bdb784334f9c10ffe424b6e1242678284f4abc23aa6d03c3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old

Filesize
389B

MD5
746cb8ffa04939b181d7b4b80d39662e

SHA1
7fd0d68443734c13acd6db8d6097cb954e3f2503

SHA256
fb0c6c87b859e61821f36108ef89d42db92a761afdae05198299781b07148bb2

SHA512
285d5c40a074528f7c9dc30483969f4b7936ab3b5f17df0c7a7016b0c668fa14637689ffc93a2f0aac5e4813d36bb24aaf62a3a0308b24248d27b3331ae47e84

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\LOG.old~RFe59f3ad.TMP

Filesize
351B

MD5
fce7f2e4bb0763c71eba64cd363b748d

SHA1
e7a2597186c7cab005842bf72437bda17399144e

SHA256
b31799413ec1d7b19092966692038eb3cfde2c1e84d68a39c6957e0c96edf1a2

SHA512
b8559b8f1f9308f75f35e308d62b6cc1c7c2e39be0af4f31a43da11146eb4e40049eb56b131ba731ba5fe55ed17b4a914dfe571a6711db21ae6a8c0719594cf5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
11KB

MD5
155056bb473b71f3cce5df7e50598ae3

SHA1
95453c0de6a79a94bef7af4f7c587e059dd218b1

SHA256
ec05d239481047c853236f4c48efcd6f0c29e3e6954c34e5aacfde3561cb94a0

SHA512
a4ace6ac43dc16684840f2ea121562858318cbf75f6abf19b9dc9581e1840ade32fb171a6adf571e4233a7d2b227908907121094217bdea8ff35916e960bd880

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
70c724da5187bfc80d15576ed4477988

SHA1
0013ff4dd5a62df84639527912c12e5133e8aa11

SHA256
0e1bda885ad10f351cc72c4a0f38b4c3f8eb840cbfaacec269e05d0d4a8d3775

SHA512
1bb428625b651ef0fe55c158501bfaad0fa06b092cba6e58ceccd28d226a8b1b6e56d5b4873ec926aba251fc9df356cf80f0db29ad403a2d1330490f35bffa45

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
72c36ad6833ccbc1e7ffb0efd061c229

SHA1
425bffed3f5006a69b0662c5849b67370ad4bd62

SHA256
f6aea0bd9546dafa99b2c51557640497f402caa5f4a92351b45825f42fbb83ff

SHA512
7a8114da9f50dfad725cca4ddf06bdd78d8f566fde7dab7d48a07d5ea330dd7bdd00315803308c45b8e162589de6f53bc46ffe86b7c285b44b37dfad1021cf99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
52e30e3a4bc6ceddd29ffeb5b4be1173

SHA1
0e2e337508eeb7e51e3a7de2da59ff839b3d5b2e

SHA256
2066e1b25d85160c2cf6ab3a6364911079fcbbe320fea44dcfdd21670e816525

SHA512
a9656ac50c38fe8ec898e6d983e6cf96ad8d427b122e6936cf3f3476214eb3c1cc33e06700a09de3e9e1320360a062f632aaff29c626d3fa2077c13b3b7bbf55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
84fa9394a824b82f835fd02fa565ce30

SHA1
a59254c9d3b0acdc9ba1ce58a14117f0cfe33add

SHA256
1d81c313be0aa3c832821151c157b2ced6bb9ad59e423a74cb0c1125aada1908

SHA512
82b93fba443104bc0a32aaa0ac65bdbd0c5ebbee165c7552e3b977d3db64878d17001a18ec400c2745debfb1c9c181756f76af936ca1a1e4643823dd21cc5520

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
cdf8290eedab7c9c34b439a688c568b4

SHA1
39621571881cd91fda00c6c6ee264d75726d83a5

SHA256
f5807f883b3b68498a2e8fbd8b0fa9404342b4850e5faef2d4e265ff6a42b8d5

SHA512
3cc75e77f88715104acc51b5ec6999761a29119a7dc2f87a0d415e21e26f4c49383460f6093974982914ffd634cfea945a82461ccc424717b61cda646ad8657f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
e9f373d19bea486bb3bda11b0de6b463

SHA1
3abb6519e2d30f61707179a20b11703148f27ff8

SHA256
633f7065bc47ef17ef2b681fce8a18b690070272981aba43e0c0514d04954504

SHA512
5ab15fb3f2b91a3b1f3cd3acfdf06220bf894287998d1511a2b24c3463d3a7346e6911f9014f8c5a176a905034a89504fa91227f4484c87ae0115dbb4082b690

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
b090a049757f7d276121d293a3ad1da1

SHA1
1155de8297268e4cf2809e4f9e0adf081f0db6c1

SHA256
916b388a562b9d1e991ca064f381aa8b5c6bd81d1ac6ff5e053ea37a38217870

SHA512
6c08955b113157d6cf348887b3966f800e01acc601c2dcaf30ec19cbb3e031787856c9f4e18d56e59ffc31a81d7722f7f1f1f53848327dedfe63ebb9ea22ac8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
5add699f5226a9638575105dfe4adb4f

SHA1
d54920de11cf0dbee0e4a6b4831376a2ca3a5d7e

SHA256
9ebfd2ef9d075e93cd05110d958411c858ec7f6e5b0d36e44e644f561e762227

SHA512
effcc4664986bdd85c981e4da23a18d172d7f399419ce78d963cc915a38730878aae03335d337510aa54d84024745878592057c5a7be7f53e37272e7c2e9e990

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
0dfddddfe59ab80a057bfa352d51860d

SHA1
479fbeb6fbbd165f803fbc337ecd22cef6e4d80d

SHA256
852378e6e45ce6dad7cc21efbf350b6cff27bd3ffb005bf121f0ded6cbc83791

SHA512
54bb24a058f13b0950016874063b088bb53dc3837cd7ac1e0164ddfdf5875296e47ff7faf1cdb3930b2b0f679df2ad2ddeee67d0bd98a05dd05a45b05de8876f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
1ade34e0273c5858828ca60ad8b613e0

SHA1
e06a1096ef86bdf79f8033cf48935362bb63ae3e

SHA256
3b1a79d48128de3688f71a6fdb22ab8dc69e0bc07fe0823ace779d89484a8262

SHA512
74987438dd7c96cf899c6d00f175921806d98d83766a832c6b8365352b82e8e16a54c73596a35246009d69c1406f66def839eb75a75d1c76c393268780df7b6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
49e8e4b65a7393f815ac4d9d253ffe0f

SHA1
80cd23a9bee65f3b1d82ed2f916065cd3e1057ec

SHA256
4ac3a458ce40b03b3b412eba9112f49e0ac8173f4a25e3e52839d11786240a0f

SHA512
700ab18e8013bf87d964683c1a9353e93c8480f17ff767851482e9e75efde0cab3117bc61a28607c1e862096cb00839860604f8230e6b9c221ecc194e4ed46b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
a668e66321b5f4cc8e0e3844ecf2c98a

SHA1
d11c0625371c5174c430807335a826a5a5373b01

SHA256
6870ce0cba9bf007d55d934914bc02543fbfd23a73195be04456f355542f4e5b

SHA512
dc2bd6a9dbbd9a7fa837e2350de07d05a99d26bae2cce86d6eb787f25dbfcdde6f35edbe84419c8c541ed7b1c476c2602853e3fc4ce6502467ce16fee3264212

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c48823c3eda63c0aa16adc1dc7d1827d

SHA1
b12bfa157907b8066314978b0ee96f6ca8f91633

SHA256
a3ab8fb07703da597fbc238c860591b4ece8dd305de6804495495d8f9b14cd3d

SHA512
5cc6ac7e3f1a446bfe9f1030b31e59b3f70b4f35672d2765c8fdefe617d928572386d81944e269c703dfa260c94a91ae558fed2d6c0256e40415d2b052188c87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
43a876e86dbd3418b28c6a9404d391aa

SHA1
d88cc7ccc2804cc8df661b3aa1f8894f4520fb18

SHA256
edc92bda3c2ed6cbb652ac16e2cfc01578123af8afd40a670169a90ac9437a1d

SHA512
e84386547b6a53ef8e9424239e03fb886baea15c336e6008d793f58963135200ff9e40a759b8cff399d91588d15c4d12713712b5b92ebabdb01037fe48524a59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
65ac61ea948e3699d8a134032ca4b310

SHA1
8b87b91966f0159a6c39b00716d4462b6460de1d

SHA256
a4a4de7eacd238329ef51f10db1ec42d8f68f20f19c365f8ba069266aa36f6c7

SHA512
f3296dd79b21adb93c73a004cf580c2bb43b6ade366b575e978298f8c06bda91887f09d87dfea9c6e26e1e2157f681a0a2184e2b90b5f2a06b6991c25f916f0c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
8a43c3c8c5eff5a74e2b72bb072507f5

SHA1
7036729d1907683e0e2b8e6b9cf3ebb4d5541f79

SHA256
22cea296a7e60173138298d246106723f0ee3ad66607ee4ded548024ffa03de2

SHA512
7b201dfd5da9b6f6b27d2554c11c23fae9e72f18afa6e66804803317581726b1928e38f61c7a6f365344962346f06fe594102c105f00fc73e91f2c4439a2d92f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6b28cd09549a5ce8b6eb6bdb6f95d83e

SHA1
91a035d48c0e4e36ad4141d469cd14122293fdd8

SHA256
589f82722e27857d2dd9a8fd8dde30ec24326a10ae6b5116c64ef619fada880d

SHA512
61c5d42637f1430674b78e73b6de639632b48ecba57a31553d6a9b4f6bc364796e45f0d1f330ff76d3281da7c38e35814855e59eb3492081404feff756164fc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9872ea450755f16084564a93436040b7

SHA1
cc6ff8e6222dcfac9eeea5c920aa5ac95259a2ba

SHA256
8349c5d60cfc664786db53586cdf159778dc9c7f597b038ac18c388d862efd76

SHA512
500cb386cd94643a22491861d388a4ac28f3066526b8782ee9bb33e94240e39b535ccc0259590e5e02c6eaf7cb9143dc72cbe4c67b4bdc2fc7f0465003db9e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
406f5b301532fcfec5a39742ab36d0ed

SHA1
5adcf7e09eaee07c3e6a2ddedf39cbc0e9241e24

SHA256
e5df3031470c33f360344720565282a4e75afc7794dd63b2ba3818db58248d9d

SHA512
561827ef1a95981287f1376442d90df8849712ae7d41d722b943dcf6e7c421a0414267f5a84f587971a698d1632cb3c1e8d6160b1b867aa7c30c2f3d6cd21aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5a2e01bd4f6c72aba44a9a6ebefafa6a

SHA1
7a5fed3e1de0c30da637e199b6d73ca15a2fa4e4

SHA256
7d7b5cdc2a221814041825d516d29cd9fca909030a2147f12a7db72bfec28e5e

SHA512
7aa1a52858b0f138bee917261e37861bb50086259527e9db03edd711e5484832199b114b69fa2b7633f1fd91ebbbbd2596977cde161a54c9586fd6b2dfb6ccb8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
49f7177112316085db24bc9e08ebbdbd

SHA1
49940a5ede12f766f4b07313a2716c516f7eb404

SHA256
ab433cd768bc229f473a8b0b3a829393c41666fe98d8ec87282b744ab1d36c5a

SHA512
c9ed5fb7992e4e62cc65042d5f2f609a6a31d3c5bc34e304033fe8b12866e270bf792ec272bec1ddfbdc1aff3f66420a432a97cb52babc22dcc1fc05853c6048

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
8f59d7b87fa35995f8876779d9fabc00

SHA1
ffbf573aed125436c7f1af33e69bb5cc8ad379a9

SHA256
f73a43c75ed5e25b76591cbcc7bf0d05f099e6b36baabfc0b0be566dc06a3f4d

SHA512
51f81bf0c8f6d9fbe74e27f229bed16d35f6291c403748a498c54b8722b60bac1903d18478141d538312e29303664c321c08b8d761e586ccf373a77595bd7e38

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
dfdbf909c5e0af910af626611eb1c7f2

SHA1
03a0c76314b031ae949469885eeb3476722e96c8

SHA256
dbafc16a07fbb7be2c6def6f9f45b0de05fb69959487b9f0e1867b62dffeaf53

SHA512
f15a4f23b16b033cdf9ed30e4806473e4a40eeab9f49e3991cd199bf35b4cb91e2d453e64b72ccaf69146767db5501eed802d5eb644d6d689bd92d6c31eae622

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
c3e611229d77f1e31de7e15fabaa02c3

SHA1
9fc15b021682b1b68a881fe7a8b428f021d00019

SHA256
83e9604277acc6883a70638eec96086f53ff0b83c45ae1f44b9decb8cd96a9bd

SHA512
384b4b449c83c47138e7390e2b457771607904a6639ce18dbb32e6e702a3fe8aec199e1f4917fa8832f0d6e981a887a24294fcc5aad92da0ce3f746165926262

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
617a3824e1a521da249edd75e5b1379c

SHA1
486c5a738077a08700de7f7a6f9aa2765f555efb

SHA256
a24812f1d8c82ebd9514c07685e718f4423e487c325d3c6f0b220fead81adbf0

SHA512
63065bcb3b26b79bb4a09e42534f2f2e53b885517b4565dafcd472b5994fbbabeeb8a97e4f341e3a443ad78e366248f3d8306bc846c3b00acc9e998d4141e132

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9645cad983a9c0cfd48c5727ab0f6cc1

SHA1
cc48099fd41b6a12d361cae3bdc03b4d07f93113

SHA256
cb7e29044ba67239b83e13d52da31b35e27870bbe71000e3316f501d32615072

SHA512
97209a92db7449930c26a676352f7f01d4e017ffe8b5d70b144a6b57599fad0d733852d6ce78cd3888656cf43159c710b637fd334dc99f2516f77322f42a6ec8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
4da208f42f28cd5d006ba4b6bd5a9575

SHA1
42bf21408f5030ef76ae61ebe725a30a84f7ed43

SHA256
e008855a15c052434f968e255500c880d75a49e5ae9c06c701a2ee73915df152

SHA512
7f499a7f6ee653ce6917d6ec8ce30f362008e2f5f6f1c95f7f9fa3038f5b06c03da78042291f160baa7690eccc818138ecd99611a723c337d768042bb8dd9c9b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
3689d150729871347530255599037cf3

SHA1
d05cf5c54f64ada510844e29e12dae6239c13c8c

SHA256
7e6f81dfa5e8a2b7da573b53304e701a5ac3c9a1878dc22c078c5a83640df464

SHA512
90da9e61a8633f2327c8b43105a82a544e71c663f96d822acc70469fc8fbed1145fa6a3b5c2857a736c754c0b419f8f79e52ed10f880e2dc019f7942a08ce515

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
2d23aca09bb52f2befa62f3a409329e0

SHA1
2f4b3168a8d113ff8afef5484d1dd0a72f43ee3c

SHA256
0ca1579996dde77918b51e820440c83f91deaa5c1073e86581b45d0d7a4babf3

SHA512
309f967bfd70f2759ec0622f9907ef674e6872c701f60cf532e4b7fde6909496f5d9f4d8c408c2fdd9a71df99a2f7c7280134772cb56c3194c09a1f5f056518c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4ee0f42b9bf6f77d5d96ce5bb6a4c8f6

SHA1
8237d1a7d6a5332a64762860bec0332ad1c7c712

SHA256
d74f3be1c0916b225c5e36c030f3475c9f3396d25052d58278fcc23b18ce0b15

SHA512
39ed263cdd23363e312d154310ccc0f57ceb4d9c08cddb5f5ffc4d9ddcfa7b562f18e610119fdd47e04c79bd04788b78e844e8fa06e331ccf9192fa71fec9570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
6fba0be97194c592af2c1e9a4c0541b9

SHA1
a992ec42ae7e96cdca9487ff8763c92b07488773

SHA256
6dc611b29d656502e943d391bfccfa0f5650b2ed4133f96db227b7e49ddbdae8

SHA512
c729bd418b68ef79d5d3f175e026ae59c958aa50829b5b2aa1e6a2b0cb2657e3ca3d854acebc57c67da9ae4b10b850463780a4f8c59a1da6e154b7c56978721e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
131c58b40f06ebda3733493e6570104a

SHA1
e3e404184491424cd0189041dee5d5548879409f

SHA256
d9e4866e0f09d2cce87de8a00d90c9c221bda75b7f076401cabc649844098085

SHA512
47a188b67367146a7f52c0060ca60afbbd0afe39b7ab6f09518a33028ee46e091edc7f2b6995bd7cdc936c5ed9b104bcc9e0ea03ede28f0a50ef0987c332f4a1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
274c949c75f886ea0e5b4339677e61fe

SHA1
90d6f545f17b9dc0509e40fc0709c84b2f5c5035

SHA256
76b5053ecee460ec2a2c1d745ebaebe3c3a0b0a741455d13e467628247319d2d

SHA512
0a49e2811735780ef634aa5f183aa578175829b602ee2a8493d458fc502cfc22623adcbc24f7cd9a7aad0875eea79d7aa54c96a4fb453610437788267128ce31

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
a44ce7009863017b6d537c648613149a

SHA1
576d9ffeaeddcc86ef0a1d23da4f6fd72e7eb1f0

SHA256
6ba7915587a535bce1961cc2d84a2a3c4ecf6973a805e51faea53881da87b946

SHA512
2f3d8f3a9ffcfa624b1f2eca12159294931abb5b43863256dff63c25405aa52417340704e147fe0eb1ebbfd129c4053b28102b57788d61306859be84f4c53d5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
d6c8268c88835e0d328bf2d7f066ee18

SHA1
2de0f344eb0ce783a7ace20008419790975df161

SHA256
0bdc43b9a267cefddb5faa2b6935e484469e8d8668885ff88463154b29f96ff3

SHA512
0b29b3000172a7bc07d76296db6b37f0aa429f3ec06973ac8dcd8321190c32edfcae9c88046fa80099720b37760b02600904f79993f71fd2c62f747e0763a680

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3b42f49839d92f7f273efae6aa28f17a

SHA1
9e145a1a00752036863f65a57f928cdbf07dbe94

SHA256
7ee7b8121740d72f7f599b7af58f9f17c8e9b3a74a91c3ccf2502e7b64dcbecf

SHA512
55bed41fbbc509785a45ba1158db0aaac65337f02d4962a67343e86004db17135045810731de4ecdeb485fe86953c755cb70ec58ac47b428326c229836de8cc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
bb8abfdecf72ec30c6ee5b1c25e8d579

SHA1
ac30b663de97fb11b57c978dbf7ef6a0a1144dd9

SHA256
b8d3fca9f75b29e186076de027df3ff4196589d8f058cf5a5c99ca985af6abaa

SHA512
5d6b21d6ab52c044fef3a35f875243b0ec161068a4df96c38148a56f0ca7d1af81de234dcc1188f1bde3fe64667e08aab26bec1b95be1b37a7ed626b416986b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
8451fe27a9a0d49ce2cd11ff61796b2e

SHA1
68e3c62893e7eef49cfc3e47bcdc877b40f911ef

SHA256
e0f26a3c9e1a9130d0baad0688dae64d56b3108fb9443342f590c4f26c9e3871

SHA512
9edee6451571acfaaea6828e2b43335fcf5b332519de2e40150cb3245c9d8810e2bf73cb134da97c02d6f0650df88c7d48fe2de418cd355386df95ec64358ff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\1d94759d-bc8a-4c1b-8369-6c0a90572439\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
1f68dfd4aa8d15bc7e73fade5e418902

SHA1
3c923ff501f644877387a720797e4f99f4c542ff

SHA256
fc5e6642a84271e5af8fce9d513bcf162379d4d4e990ebdbcdbbfc2ce02acea1

SHA512
159380ca8cf76bb7927e31653feda52d95e7cc4ccec8985951bcc5ee0abd3402ec142c1e8231b3a66af25374808815729b5c44f6fe97c55f870fcb2e7e0b0593

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
e4fd1a9a7a5ad8254e7a0ed69d56c144

SHA1
5e7c6d001eb1a696b19c142e50321c1ffda17c67

SHA256
893d758bd1a10a18d9825a875cc499793e6bcdfcc5880fe32ae21b248b6d85ae

SHA512
6b7948d4facf55633a53946acc929054356cae4a58bbff3a3ec600b32fa85438f2c0aed9199e80bcf64f74fb0d489163deb1d399d852d2ff9c103c62c4d28575

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
74a7dfbb1c571ccb871678ef56fc6cad

SHA1
9589397816a2d1c393d4527d02c4cfdfaa3b3f46

SHA256
a7dd0fee5c215d3ff5fccac4e1d75fd2f236e7cb47faaf7777bcb645daf0a110

SHA512
a6e70e7e48eb194ba0366c36d2f5d3da978334c4409b798401419319f14fa8fbc0f270071ef3714f18247186689c16f824a26bb22074d388347d43ed74359726

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
5c4c8e645ea47e5fc2070b0471ffdef4

SHA1
0d5809e1fae0636a34e4812f0bb327e32614870f

SHA256
6283eeaad3ad570eb38349941dd23c3e1fa7fbf0d03f728383f0ddc884826d67

SHA512
9f939ff926f1fa3d4c7faa3b6f5a63843b8b0467fde636e07355d4970447a8d2799cfefea584dbb4b3ed809b9fbb0fd41d974788d01144a213d8bd0690fca700

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
5dc45ef9b331d9c4c865eefb84d04c77

SHA1
787d4013c3f487861ecd2c22934f2e668cd180ec

SHA256
912820a058265eaacb826ac0f706abd1422995230c06d52df914ca12cac7ee94

SHA512
adadf5c0ff5d663b37b45de48a9ed8b1ac4ad4bee3a67cc09aa5376dfb81919d348eff67b5fb0dea6961391439cf95e2e953f03484ca387e5d9ead8ebefb5c96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b454838692341dafeb8d11fd37381d1778b9c409\index.txt

Filesize
115B

MD5
a73c52a44e6efd86d3988252fe2d68ed

SHA1
a6172be3d7dd9bba0a40748258ac3cfff61ada2a

SHA256
9eef099ffec98c1400f2bffc46de42161ae234a5711e8dd5e944639dc8b4f36e

SHA512
323dc96e471ea5f5798f785b96628e5cef4d122e508138685599a5c29f204bf4e51b9f12d9bd702ae9a855a18dfc69261c8a3eb09b13dcbc9069915c70735113

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\b454838692341dafeb8d11fd37381d1778b9c409\index.txt~RFe5c3d9d.TMP

Filesize
122B

MD5
30699a4842af16120c23ee5d7194a18b

SHA1
3aeb3d86bfb4377d18633d3d738b343c2f5a420a

SHA256
c5b04cd02179146594ca76265ec244992d41ca46627a6284e9f88713f532236c

SHA512
57bc32f4f33a015f2c6d00ebd22c7ffad9175b8f1367a91a4a3b1d6b7252560d82d5f8ee5aeea57078d96f4ffaba72f5544b0dc609fd0e06bf71e8b623958b1e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
1156e1c3211b1ead931cde8d7f838ba4

SHA1
1b8a032960ecd469932a16856219179236342f00

SHA256
a25db4c10279483cf1336bafa2783db65f315f3a5fe72861dd41b5bd4d7765ae

SHA512
3cb1fafa5d3f1c7e953ec42ed42f9724813b672e347a070f37adbc396c31cb214732f27b89ebd9657708c244032a1f91c763e8d7aded9094c796ffb537812d95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
59556d979d8d7d3e47a902a64b3be11a

SHA1
92f1cc167018ad079cd9ffe70f652c90e5d57241

SHA256
9821a129877b55ba2e9b78f999b4372f77ff20006d1b38ab4f90b225c798bf1b

SHA512
493a08c87629c4dd525e1dab432ea498aed6af2060e1dce16e3217f1c54917fce3ad08f108a3d9653633b62f05bb1d4a6e467996712055d9c1c5220d7cf6242c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
dd7739451883707e4f3371283d406b0a

SHA1
180775e1209047a655389b02e11451df1fdc9258

SHA256
f154f5b68f5dd990b07bdc80c1b6055704df07b136cf1236bd01dcf1cf7eab4a

SHA512
d59480bb0b6c1360fc47783b4ed64e546fc4a5028815712e07e9e41da2976d1230467357cbbb5bdb4642fe8f46ffbc78fedd33bb6afcef34e676dd2151581a77

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
270KB

MD5
c3066c1bee7691a3f351a4e19cd6282a

SHA1
fa68c045faa2a795fddf0f84a55a7edefa178471

SHA256
343836faf73a2b5f67928d8ec3e26b2e725c0eea0e723343b87cb0f88d56af6e

SHA512
afa0adead5d23e643e5547fb6da2d1a1b6e550dd0a257c1c312a1c1f9c23afcf760666a26cb974bbe005eac1e8730d4d5a68fbc05c84fde04471bfa5efbf1fe6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
111KB

MD5
1255309600de0940d7d124379cb66ca5

SHA1
f08ba8406947a0920c4af84488bd4a7fd0d7d082

SHA256
b1b91564d50984db16a1a616522264576e2b3f921c9c009a21c071044c3047a0

SHA512
32a7ac823573167186b19de8ecac4713a5fd14683804ac5dfd35270138b7bd175291393eb3c1b4d8586def688832a1eac142a505b7bea065599ac82ee7ebe0d7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
7e33d4d6ee6d861fe581b409c1f2cf04

SHA1
3385b0f142642f1e5f28cd0937aef3f89a917f34

SHA256
2e42ec90926a6b42c6131853718d2b017488661a714db533a29ca5acc4f647fe

SHA512
844a6aca0d3311f818dc74553535fa56a4189bfb9660d7dcd353b9912877488da43eecd1f29a92a49dec1a23877cb0c5688ebfff2984d7d019ee3c6ee3e6cf34

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
113KB

MD5
293e77167d47f5d592edaf2c58b3c969

SHA1
3c928c67e5736e0bb6fa4cf34daf1994ce63ed6e

SHA256
0d15e7bb48c37440db7b513c4fe191700e023a143263cf2b00c9d0a72961d570

SHA512
a2ce61ff631b300fbb150f8c25d82f5df2aced2c564ca220286b8f7f29df39433b4c69d902e3444b6e8250f0a17dc2164355baba17c894f980334346c3948fe1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5911b9.TMP

Filesize
92KB

MD5
a002f52b4c4c50d892308785e74be6eb

SHA1
ec8997bbea77025d9c11d3bdabc5a7f140c1c782

SHA256
acb931afcca022015dbac2ce1e0183988794dc5a43edd0948a7b2440e8684830

SHA512
c981cb203199837f9d25ae9bcc6c565f2737d3d4e98685b4e6757e5d6120cb84dd7b7dcde1acbf764a478bab2ae989706ab02555df84f137ed699204bf0518d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\e60c8528-af2a-496c-bba1-47d547f6256d.tmp

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\2TT8RSZ7\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\65705QD5\styles__ltr[1].css

Filesize
55KB

MD5
eb4bc511f79f7a1573b45f5775b3a99b

SHA1
d910fb51ad7316aa54f055079374574698e74b35

SHA256
7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

SHA512
ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HJGGRVB6\webworker[2].js

Filesize
102B

MD5
701c50fe2f9d8cfca61542dee7684552

SHA1
952a04f81a291e11f5d4ecd7364a3840412ba65e

SHA256
9fc5dfc54de18e9c98733bbea6ebdcbc1f01c0b23f985556f24684ee96dc0582

SHA512
5ca3c342f4be563ee68235f32bcb8b25b62215a961b903b3568c496fcad4508b9408fbde00c6592085a819826630462863630f888fe73348f13fc037a9ab2c99

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LT76BZ1Q\anchor[1].htm

Filesize
45KB

MD5
c1ddb7706d149aeb1ca91b50b610b00a

SHA1
34d28e28e7ed4e2c9143ab9c413e2c11a669598d

SHA256
f6549d4521cb5d282e370308c4b9e73232024fd741d9e25714b416bbd90cbadf

SHA512
ebf3dc28e52822e7cf424c7e67366fbead7fc64cd0812093e25c549c6bdcd499d4b89fe69801ca8519667b983ed46b8da9036d65824916ddbd5be5477c4c0f83

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LT76BZ1Q\bframe[1].htm

Filesize
7KB

MD5
0e4ee29ff9e0e53a3cff2ca1ffb1e3c8

SHA1
966ca195f2554274fb559b59ca28bc75e40fcd48

SHA256
714696708175631a81d7f624d23e77386daf5db854e113211c382b69611a19a0

SHA512
6444cb1775139869e1bb89a746ed98a50f2dcda4a13fa720b7c646789b3dedeb43b5ac4e27aa34ee0195d6fbd0791c38fffe4ff354055c24aea944104aefdb0f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LT76BZ1Q\recaptcha__en[1].js

Filesize
498KB

MD5
e9ccb3dbde79ba5ffdf9cad4b32d59fd

SHA1
3a8cd67adc7c885bdf683f1e7f491e6a4a50679f

SHA256
8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137

SHA512
5ca7c8439030c9b4b966760c660640a094b0d6e30e10df85d7b900c6f9108b0e309298ed93c006634bb3f437bab3cff1b83a5d1b18c666c04346f0856294c461

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\H57TUCVU\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\U66XGZJS\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
455cc1c7ebfd7d316179342c2753c215

SHA1
530819353e14beef87ae733a53246ba84733f096

SHA256
eaa0f22e4b95435dc5356c655e42b9b113d9d2a9a2ef7d87feb01a0e9b9f7e8c

SHA512
21ef36e9b0256972e78d8a8d7f76031e00efe76f2331c7e8191a3a5e3fd1bb8f79d6d8baf1de3aeae036df09eb64bd55dc9c92c50af1d1bb10f23c1b81cdbe98

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF7647B81B32478E0C.TMP

Filesize
40KB

MD5
0d5ffbace29e6a491a84a09612c57f60

SHA1
98effe5cde803b88faf5dd587237cfe235b787fa

SHA256
957aad488a2c92e8e5d3fa9012c37b8aa950d538b03cda7d657b4af2bdaf257b

SHA512
bfbf86a303442aa410e566ffabfc0ec4871372a9ca124e72a4da70d38f277964b5c2807de97535e27aa7dc6b0763a68f5db79a0d8d9f13302267c3e97b8873d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HJGGRVB6\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2

Filesize
15KB

MD5
e3836d1191745d29137bfe16e4e4a2c2

SHA1
4dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c

SHA256
98eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd

SHA512
9e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HJGGRVB6\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2

Filesize
1KB

MD5
57993e705ff6f15e722f5f90de8836f8

SHA1
3fecc33bac640b63272c9a8dffd3df12f996730b

SHA256
836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d

SHA512
31f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LT76BZ1Q\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2

Filesize
9KB

MD5
efe937997e08e15b056a3643e2734636

SHA1
d02decbf472a0928b054cc8e4b13684539a913db

SHA256
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

SHA512
721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LT76BZ1Q\api[1].js

Filesize
850B

MD5
1613f25e7a73976f440bd3c174bc1dc3

SHA1
ffa5be6619ae6109c6e412186e0f12b8d8a73cd9

SHA256
091a7de491da06df67c869b9905c1d028eb2816e68360c0b5b7a4fa8ce590322

SHA512
4b6186a03368bf246c04af801962c19f4ffb4fc06fc493b6f5027a97a084b3d9094d6371622459ff63772bb86feca587984c4b68f314bc747164f5854a078b07

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
1KB

MD5
06e1ee65f377a305cd4350c0888bef4f

SHA1
5fb42caf3ec934526e3937224f5a78bfb5c40791

SHA256
36da6e4a1f68107a5ca4fa6cd858c8cec5734203386303e978f330abf65b385e

SHA512
467d5d5c25b406480a79356acf71857c6a20d4d30377894d2f91c51d2e327f608d2f9d13878025b3d9c9cf21b30537ce9a08cc6cd660a25b30f203fa95eed126

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_A1F02DC8148108B28D2F0231550FD784

Filesize
472B

MD5
c5844e853faa736fa4573fc74810d1c3

SHA1
899ccf22e455466ef20402d331279c0faada6b52

SHA256
ba262bbb3465aadedc6bfe14078e8719cdc1880dcb08e1e9ab98d2d97ca3ac8b

SHA512
8caa79d82b8942d811e612bf09f711fb65caab98fe20411bc785a69105daed74de1ed56c001beaf45525bdf4ac351eaff2880f2b7b86e4466c401b8b43a9df2d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA

Filesize
410B

MD5
08cb71028bf5d9c3518982131b699050

SHA1
da7a3e73105ecb639f6a30015b4458d9ac97607b

SHA256
d971c0194fdcd8da447dff9383a3fb3a2e846855b56169fc951924277c87fb26

SHA512
c39feb649f91aea352c6e4d3c1a67cbd3f5324c6cd580be9d9fefcc1f5ecae48a1863cdfaf7e6be77fcf802acafc1fa6e7ba20d3c21e1bcee27da8b9d3f3e1b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA

Filesize
392B

MD5
68de92f78e82a7b55aedc84981607b14

SHA1
2e0bccb1b27adc4482fc4e971aa59a53a742fba8

SHA256
1e790b2ab6b207916d1dc7a252c795f8db49848a9001547dfa58fdc17df942a8

SHA512
7dcd120c4c2b424e51a207f3d646a164af7ebb6a8ba1ebdcc728bc6ad667f02fe2eaef6f79726c334386950f736252589135e6e9d38ed0348a3528e98b711147

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_A1F02DC8148108B28D2F0231550FD784

Filesize
406B

MD5
ca8754327866d1e0df33ed99b5795147

SHA1
058a5234c9ca9f7618af2b2d052dda40a8f5584b

SHA256
c3bdbc9b1290e785b8da8c9c7d248d0d67c6a6d543e52483cc626d6bae98d18d

SHA512
b49fd8c96a2fc39019f50ada39e4b9b758f64f13274c6c966c443704afb1856bd6876a381e997ccc196ab252f66c4fc91a45be09323f2552982eb1c890249a69

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_1620_LEKQODSOEHOXMKVU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/196-1388-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1135-0x0000019421300000-0x0000019421400000-memory.dmp

Filesize
1024KB

Download
memory/196-1395-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1394-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1393-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1392-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1391-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1390-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1389-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1398-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1387-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1386-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1260-0x0000019434370000-0x0000019434372000-memory.dmp

Filesize
8KB

Download
memory/196-1222-0x0000019423CC0000-0x0000019423CC2000-memory.dmp

Filesize
8KB

Download
memory/196-1216-0x0000019423CA0000-0x0000019423CA2000-memory.dmp

Filesize
8KB

Download
memory/196-1396-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1127-0x0000019411200000-0x0000019411300000-memory.dmp

Filesize
1024KB

Download
memory/196-1399-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1397-0x00000194109C0000-0x00000194109D0000-memory.dmp

Filesize
64KB

Download
memory/196-1094-0x0000019421990000-0x0000019421992000-memory.dmp

Filesize
8KB

Download
memory/196-1096-0x00000194219B0000-0x00000194219B2000-memory.dmp

Filesize
8KB

Download
memory/196-1092-0x0000019421970000-0x0000019421972000-memory.dmp

Filesize
8KB

Download
memory/196-1086-0x0000019410BB0000-0x0000019410BB2000-memory.dmp

Filesize
8KB

Download
memory/196-1084-0x00000194109F0000-0x00000194109F2000-memory.dmp

Filesize
8KB

Download
memory/196-1081-0x00000194109B0000-0x00000194109B2000-memory.dmp

Filesize
8KB

Download
memory/2524-1068-0x00000171647F0000-0x00000171647F2000-memory.dmp

Filesize
8KB

Download
memory/2524-1049-0x0000017164CC0000-0x0000017164CD0000-memory.dmp

Filesize
64KB

Download
memory/2524-1033-0x0000017164520000-0x0000017164530000-memory.dmp

Filesize
64KB

Download
memory/2524-1098-0x000001716AB10000-0x000001716AB11000-memory.dmp

Filesize
4KB

Download
memory/2524-1099-0x000001716AB20000-0x000001716AB21000-memory.dmp

Filesize
4KB

Download