2a45e44be359fba4c85591e7b13d1ec772ed181adc41254d8b00d31b2d15878e

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
25-04-2024 18:14

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Memz.exe
Size

14KB
MD5

19dbec50735b5f2a72d4199c4e184960
SHA1

6fed7732f7cb6f59743795b2ab154a3676f4c822
SHA256

a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
SHA512

aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
SSDEEP

192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Memz.exeMemz.exe

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	Memz.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	Memz.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

Processes:

Memz.exe

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	Memz.exe

Drops file in Windows directory 1 IoCs

Processes:

mspaint.exe

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133585424704963862"	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

Memz.exeMemz.exeMemz.exeMemz.exeMemz.exe

pid	Process
1936	Memz.exe
2720	Memz.exe
1936	Memz.exe
2720	Memz.exe
1936	Memz.exe
2720	Memz.exe
2720	Memz.exe
1936	Memz.exe
3012	Memz.exe
3012	Memz.exe
1936	Memz.exe
1936	Memz.exe
2720	Memz.exe
2720	Memz.exe
516	Memz.exe
516	Memz.exe
1908	Memz.exe
1908	Memz.exe
3012	Memz.exe
3012	Memz.exe
2720	Memz.exe
2720	Memz.exe
1936	Memz.exe
1936	Memz.exe
1936	Memz.exe
2720	Memz.exe
2720	Memz.exe
1936	Memz.exe
3012	Memz.exe
1908	Memz.exe
3012	Memz.exe
1908	Memz.exe
516	Memz.exe
516	Memz.exe
1908	Memz.exe
3012	Memz.exe
1908	Memz.exe
3012	Memz.exe
1936	Memz.exe
2720	Memz.exe
1936	Memz.exe
2720	Memz.exe
1936	Memz.exe
3012	Memz.exe
1936	Memz.exe
3012	Memz.exe
1908	Memz.exe
1908	Memz.exe
516	Memz.exe
516	Memz.exe
1908	Memz.exe
516	Memz.exe
516	Memz.exe
1908	Memz.exe
3012	Memz.exe
3012	Memz.exe
1936	Memz.exe
1936	Memz.exe
2720	Memz.exe
2720	Memz.exe
2720	Memz.exe
1936	Memz.exe
1936	Memz.exe
2720	Memz.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 35 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	Process
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe
Token: SeShutdownPrivilege	2584	chrome.exe
Token: SeCreatePagefilePrivilege	2584	chrome.exe

Suspicious use of FindShellTrayWindow 53 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

Processes:

chrome.exemsedge.exe

pid	Process
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
2584	chrome.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
6256	msedge.exe
2584	chrome.exe
2584	chrome.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

Memz.exemspaint.exe

pid	Process
4652	Memz.exe
2008	mspaint.exe
2008	mspaint.exe
2008	mspaint.exe
2008	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

Memz.exeMemz.exechrome.exe

description	pid	Process	procid_target
PID 3776 wrote to memory of 2720	3776	Memz.exe	102
PID 3776 wrote to memory of 2720	3776	Memz.exe	102
PID 3776 wrote to memory of 2720	3776	Memz.exe	102
PID 3776 wrote to memory of 1936	3776	Memz.exe	103
PID 3776 wrote to memory of 1936	3776	Memz.exe	103
PID 3776 wrote to memory of 1936	3776	Memz.exe	103
PID 3776 wrote to memory of 3012	3776	Memz.exe	104
PID 3776 wrote to memory of 3012	3776	Memz.exe	104
PID 3776 wrote to memory of 3012	3776	Memz.exe	104
PID 3776 wrote to memory of 1908	3776	Memz.exe	105
PID 3776 wrote to memory of 1908	3776	Memz.exe	105
PID 3776 wrote to memory of 1908	3776	Memz.exe	105
PID 3776 wrote to memory of 516	3776	Memz.exe	106
PID 3776 wrote to memory of 516	3776	Memz.exe	106
PID 3776 wrote to memory of 516	3776	Memz.exe	106
PID 3776 wrote to memory of 4652	3776	Memz.exe	107
PID 3776 wrote to memory of 4652	3776	Memz.exe	107
PID 3776 wrote to memory of 4652	3776	Memz.exe	107
PID 4652 wrote to memory of 2768	4652	Memz.exe	109
PID 4652 wrote to memory of 2768	4652	Memz.exe	109
PID 4652 wrote to memory of 2768	4652	Memz.exe	109
PID 2584 wrote to memory of 4372	2584	chrome.exe	112
PID 2584 wrote to memory of 4372	2584	chrome.exe	112
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3188	2584	chrome.exe	113
PID 2584 wrote to memory of 3624	2584	chrome.exe	114
PID 2584 wrote to memory of 3624	2584	chrome.exe	114
PID 2584 wrote to memory of 4516	2584	chrome.exe	115
PID 2584 wrote to memory of 4516	2584	chrome.exe	115
PID 2584 wrote to memory of 4516	2584	chrome.exe	115
PID 2584 wrote to memory of 4516	2584	chrome.exe	115
PID 2584 wrote to memory of 4516	2584	chrome.exe	115
PID 2584 wrote to memory of 4516	2584	chrome.exe	115
PID 2584 wrote to memory of 4516	2584	chrome.exe	115
PID 2584 wrote to memory of 4516	2584	chrome.exe	115

C:\Users\Admin\AppData\Local\Temp\Memz.exe
"C:\Users\Admin\AppData\Local\Temp\Memz.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:3776
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2720
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1936
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3012
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1908
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:516
- C:\Users\Admin\AppData\Local\Temp\Memz.exe
  "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4652
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:2768
- - C:\Windows\SysWOW64\mspaint.exe
    "C:\Windows\System32\mspaint.exe"
    3⤵
    - Drops file in Windows directory
    - Suspicious use of SetWindowsHookEx
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:6256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x40,0x124,0x7ffcd6c246f8,0x7ffcd6c24708,0x7ffcd6c24718
      4⤵
      PID:6244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:3680
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
      4⤵
      PID:5528
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2688 /prefetch:8
      4⤵
      PID:4884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
      4⤵
      PID:4640
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
      4⤵
      PID:3852
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
      4⤵
      PID:3276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3968 /prefetch:1
      4⤵
      PID:3892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
      4⤵
      PID:6932
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
      4⤵
      PID:7132
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
      4⤵
      PID:5880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
      4⤵
      PID:6724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1956 /prefetch:1
      4⤵
      PID:612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
      4⤵
      PID:4964
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1380 /prefetch:1
      4⤵
      PID:2504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
      4⤵
      PID:6280
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
      4⤵
      PID:6760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
      4⤵
      PID:5200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,1691791884458070629,328833635654896033,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
      4⤵
      PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:3352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd6c246f8,0x7ffcd6c24708,0x7ffcd6c24718
      4⤵
      PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:7040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd6c246f8,0x7ffcd6c24708,0x7ffcd6c24718
      4⤵
      PID:760
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:5352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd6c246f8,0x7ffcd6c24708,0x7ffcd6c24718
      4⤵
      PID:6124

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcd9e1ab58,0x7ffcd9e1ab68,0x7ffcd9e1ab78
  2⤵
  PID:4372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1756 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:2
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3052 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:2008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3068 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:3748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4252 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:3724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3924 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4572 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:3976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4516 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:5240
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:5296
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4956 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4388 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3300 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3104 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3256 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:5428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4968 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=3296 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5144 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5364 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5284 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:3864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=5684 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:4012
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5716 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5964 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:5996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=6192 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:4200
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6128 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:5908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6196 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6348 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:5880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6884 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:6204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=2752 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:6680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6424 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:6128
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:8
  2⤵
  PID:6740
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=7076 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:1
  2⤵
  PID:3932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5668 --field-trial-handle=1884,i,12912915092807134494,7122288302717936013,131072 /prefetch:2
  2⤵
  PID:4320

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:2816

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5276

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x4b0
1⤵
PID:7112

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1c697f1b259627440bc0163b60e6a48f

SHA1
679ba37bbdfd53c9d5e3e567610264c3ce12be4e

SHA256
bbda7bde8f18c6e1bb5fcc00dd00de4cb811cd033f7789fa37702690cca8dd0b

SHA512
3236ef2b8c15df10437c4bd39ab2e916f64f6135edb3687d516bc8334729899f7301dc5ebca1e52e820487465747b2898d71c3ec12eea2ea6ffd3e12d730fba5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d7a6c0ea78f3a01ce2cc40d3ed0e4a0b

SHA1
7ab5283e161c0850537a2ee899a04a9fac473111

SHA256
0f278f0f84d2568ba5ed8fcd2053872e7e6c9baa83ebfaa1b9a90d3cebcf2172

SHA512
c4fdd6d13357faec9f2d8ea19fb48d13d8796d5035fe91fc5d238db376fef373f993b7e89cd69cae00c6a460f23a5215d0dc92920286dde757120e870acd51c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
55a5737decb0270422afb8d2a1c6cc24

SHA1
ef5f969d4bbf5273869ea4b06292ec257916ffc4

SHA256
7066c2d5129118a9a3ba518139c0fa2d3f12bf5fe41a2c3fa42797aec3fc8564

SHA512
de7f56dcf6f9247fc8acca73f37e4ae780ed6c152761102fe36203113d673cf8cadbdf82d892b905df22637ba8e11bf60b6a89ecfc792488dda62da39cb9062e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
15KB

MD5
72222ca7b4f20266e8247b37bd1f4a95

SHA1
388cc0e5dd23fc8c61e65d415fff2a52e1c32af3

SHA256
0ef2f3fd2fc6ed1955bac87ef94331facf299827b6c8d76f1aa3ef76670ccebb

SHA512
52212877921d41e3a11c6b3df4796c3d67d5ef93112f08ca07245b704bcabee0d2f5acc9772da0341b20c3f31383fc0b0adbbe91bcf3449036490520862406e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
be998e6da9a6f8125bf260b0528e7de5

SHA1
c6db90f406cd41e0eb62786f1dd3ca441efe98c3

SHA256
57215215f43f3cf4e76c249fa5dd7e9b248bec7b612decb88f41092c80af66ed

SHA512
b1cc7c29a3f4e55be5c3ef046e544e4010cceda121fc6b2e1c158ef96a41f1a43449f6feb67c971360440aa61a63a9dd82564d042e50c77ad4462b437655c4db

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
26ac0cbfa689083bc3488d40a9dd2188

SHA1
51e98efe41d5c5366edd8ea012c394dc4f1014aa

SHA256
65d90158f79172a1a2cab6b91a7d800ada1484e8a28a50903b34ef75a0b82760

SHA512
765c7a82bddb8769e25ed9f1e108830adb3c73d764f521fed9edd4cb90b3d55ed3a30511f10bfdd9cf9c9e4a868c81eb066c6210fbb54e75aefaa234fa3dd270

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
df5332fb2f538036d427f32d3bcdfbaf

SHA1
9235aed1bd4caa54093d777f2e8b681654a72d7a

SHA256
aa4b8cf59b470daf3757abdb83050081ace79be378b1da0994382674a76b1d33

SHA512
cd582b6bceaca7c4a0dbfdca51b265a458661e13f88a6c08315630799a14f49cd65d1be4b04e6d0f9789e159ffebf53657e02266a2dfad8826529ef18a600987

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1005B

MD5
53c0df61f8596e1553e43d6f9eb396eb

SHA1
0969e60d688d3110c6ce37f7313a3836d356ba01

SHA256
3b44c7011ad5e9eb63ebc7c46ae32b7109a1be7c2665cd84a1e2bf1113172181

SHA512
e54fb51abaf798086b41b5f6419fc792fa4decc5ac7bcc89af82ba0f1069496b6d9de83ce9e782b9da04de90c0af755799e59851adcccec13b93e0551266907f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
82f73ee498c58fbfa6d9da3052acdba1

SHA1
c9b21d7530d242374f846ac2d2c46e27d90a6842

SHA256
1dccf799fe84c1dec18806f641e34a9e40565a67e3070e92fe9e2f8c18b3e03f

SHA512
dc1a87cabc1c9b27322ed09c737beb3d1f87e12958a2d515e046771328e664310f8350350ad04a4b94c3c4e8cb17ed27e0d1d96bb116a11622206dc81fcf43f9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cf576df5c8ec46b333cd3847fd0dec74

SHA1
53c0d0d27c844dd670c355ab1fc19351fdcfaac5

SHA256
5dfb3e1fe5bebec2c5ccc666cf0134641d00485c31b25ffa8d08117bfc68c4fb

SHA512
9cfc3d64d363df910aa2b3e367dc91bd26f785b09f5bd74f2703f2ee064ad12432327627a83b3cc9e54ccd2bfc3a99f8be1387c110571badf9037f6cc4e6855f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
cd719a41c5f25f0f39ad0ed9abb0df48

SHA1
84d738fa6c59bd6186f6041ef1fc9ad10d6162eb

SHA256
534e9b857046f9b956e523ee5150d15c55523914fe21159f57ede755472d6d22

SHA512
82b38e821d60850c19760bf56c380ecb4c75de59b345bad40a9b9946bfa7a247bbe98cb7a6befaa682f324820fd9ccc98edcf0b99170774e38cd30e5124b8abf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
2560e0ee94c8749a977775ca23a9c221

SHA1
5e015c78b06d5702a23cbc1f384f93bdada2f5e1

SHA256
ea3efbef839cf2c74cd2830f6de217246f4f66b2074adb95f916754299953bfe

SHA512
06e35998124851630f00fed64ad5221902535b89b220946b6eb2c35562d4e712fd436027a5397e86e4b36ca49e4bb11e08bd45b17486b8413e9e7b197f093944

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6e9b60fe98dcf62083ff40395b9e8432

SHA1
807d1a6693eea2abc491ea6a36d9a6213547351a

SHA256
95ca1d51c7c890913d00d98769bc2f1c732a73840097d1b41ed4e22e80431975

SHA512
d19b8b459bbfc9b68b3c01bceedec15ff0bec9c3a3c0128745f58d3cc0b36d7210b83fb03c77437d7a15e7f7107ba48a7bc87abd4151350426d3b686c69ac248

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
f070012b541ce15153609808b4a4f2b4

SHA1
6138b57dfc12dd0af728acfc35a2029436510453

SHA256
9ae9094c7f2b8e4bcc3553c542d0841ffc960f704c51846c2dba6e5a277c24b5

SHA512
2ff8d8e1e934a8dfc96d9df789da99955114a9e428f7d35821bf17e90c3a259e1dc9ae91cfb40c63b20de7f0ddf3aa91a369de021131d2abca1039a719485b36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
55993dac3620bb3cd0aa5cbd79f7400e

SHA1
62611dfa80e1f614a77b2b8d446f0a5757b691fa

SHA256
dde76674addb0ea12aae9de9abe88862807d698060d16341a3915f334d9d39b0

SHA512
e31f65b2dcaaa015702c4bfd6d9a43b6ded05795548558143104558a4fdfa620ad77e4c2dcad1ef803991b08d0ab8a76eefda1c63a3b1b49e884cc4481364072

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
3b68b993db794398e745c6314c2cde75

SHA1
0a699adc8b3ae7717a3aa5a09ed90372108b517d

SHA256
b05df65edfeff0d8c0d7e53309f6c2c0e833bbb4061b98b4ddfb39a9999354c6

SHA512
66fd651bb3fe15875670bc18245c0f8efc57892b23f9aadf8077e766fe9385d319dcbbf5f939dc230d10f0861ce1ca94b57f05a50cd179ab2566f8fd1d8949c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
253KB

MD5
285b3b150227f3750bc2dee91ef8f671

SHA1
1a7bf71492368dc0faaa85255ea6aecf58c78e47

SHA256
afd58b04c589ec66483fe199b153d009dd641b9023df81bd5d1a531c81024442

SHA512
f836242464e44c44ff0494deb6b523465d6fc13cf8a8e81e079e25a5d9f11890b4dff6d9146ea7bba712d837c7e5e52961ef26962bab52960131eff2714ee65c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
91KB

MD5
3d2df7b59536c3e20b7d842c48f83cd9

SHA1
645ced7db3cb052791bba417dec3a8efce9d42a6

SHA256
9a426e5a90b0eee8a53b9f9bdc72564fe221b02ffc633377d28188ef68506932

SHA512
53d6e8b835d0c17e37c21a7645b49a8b8cc482149cf06f7a04e2ac19b3e5a7e895d459de6c8f8cf9a66b7446efe426c67a6eb6822e05de190b01eba5ff4b16b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
c538d39cad0dda500ee141604ec48c17

SHA1
55b5e9f71681a7e8262fb84c6be2ffdbcec27941

SHA256
161368f8ae173e831db33e159392bd0a1135a287a5f31b7489d926c08efdc7b6

SHA512
f23629112f335732a1cafa610f190e62cb703e4b270d77bc1cbea9d89c5233ce092366546182830ef6fbfaf39d60cce38aaf372235647826ccb429a077310b4d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe581f1c.TMP

Filesize
88KB

MD5
7bc16cdae2d17fb8e65d814b1c0cfced

SHA1
8b2611274ccb76543bf5a2d2d17fad94a11152af

SHA256
593755ea8ec728d90f172eabf220395643c89819623da87839b7025396896750

SHA512
d8012e12fb6cf3aa88b64a023f79fb50fe60d33dd8c06664ce78f37b633113a55c6f114bec008ea22b70261f9ca1261d82601650a59d2cfecdf813de4fa532d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
69KB

MD5
86862d3b5609f6ca70783528d7962690

SHA1
886d4b35290775ceadf576b3bb5654f3a481baf3

SHA256
19e1a1ad6c54fc29a402c10c551fa6e70022cefca6162a10640ee7d9b85783ed

SHA512
f0746c23a06effd14e1e31b0ea7d12156ff92b1f80445aa46e1a4c65cf5df4bc94f6dabe7aead01f1bd6a6c7b851b577a11697a186426a2c8dca897c48515ef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
264B

MD5
092d3e980d13d4d5bf26bc39429e6a0b

SHA1
19b4ac99d34099d81c0fa89153baf41e83c860c4

SHA256
4c6647f881542258fb56fe012e9200d6a9f80838e057500152818e8d26351315

SHA512
d40fa46ca1f7f79b6c0ff5869293ad5c01dbf602ced016bea98eb7e9af498ee7e424b442df57ee2281f80c5cf16569f613af1a1c817e07327a4a92268fa04297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
85f5586c4e38612cbf9c6705b71e0138

SHA1
37c7f38c15a249ba69a6ba6be57e3baccd5c595d

SHA256
4b2b7a8c48faf424f7531a9ebea61ae5a5d350bd137a6318753110befafec9bb

SHA512
09c9d63072eee929410a06dbf08e2497753fc7d602d1de2eef7fab290af776f8012244f1e9522cf3ea627b80e5b30aadfac2fb8bbc591acb83e89f149783342e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
255e5dec498829d4edc8a52f0786be64

SHA1
2c0c4b0de2e95a46091eba5e4e9da11c00971a84

SHA256
df17498ac2ab085695195aabbbfc602e6034b884fdd824ff1bb032289b993a74

SHA512
c99127f612b8e8ee173eb6f345936085446213ab09c0d6e7e6d58256359757f8b94e802c70e2e7ea886aeb2807cce86ac19cbd11256979efe15ee9f14362b3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
01e29f0f4ba1d35f29eb07834929da90

SHA1
0a3a0a26d1f584d75af37744452d9528c5572cb9

SHA256
850a0545c2bbe98891357de38895d7cf30153844b6c3c82b6da7779794382529

SHA512
08dcaddcec5071ef5a72133140cf7ecbdf7e3405032b6cc5d47824f628f4b2a7519b1220da1cd93e7d7a457f3cd14fba8dfeb72017632b8df272e8b93cf568b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d4e31407f3fb97cbdaf8845c036cf77b

SHA1
69c564a121e5d85aafb3de06e707efa96ad546b5

SHA256
176f2c8e9bf6d32963bc6772133e8530c0b524f009eaf498e43ba99134df933f

SHA512
fc5bcc1f6795c23e6f04b1a42fc0be417f7b7883860e824d94193b9b043158d430a7bdbcb74d94c11ce1d69295a430fbc7590295e4cfb983425ef06b20090920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0cc556ac6b6d006990c56211371206da

SHA1
0acdb8861e08dae5bf25c5e14315d1de2363c846

SHA256
f4889c5e9f2947835e8d29d99b6e1fb15db8ff37aebe4cd086e04799eadab1de

SHA512
caddabfc296ce7e7b1c3d7309cb4f06a67168057beaa0c711182cfa75babe50a186f403ad544b60fc9e778cc306681ef6bc6ee90f456d0872379b259dbaf65b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
afd56f6fca7a3ac19611f21c90586257

SHA1
bebf04000d11cbff0ff6553c69959ea250a337d4

SHA256
f78ea9262c59f735f837773777cb608ddcb1a276fd09092dcd62f8902c840eba

SHA512
05049b504c574570b0f56ad520372916ce200a992577be71d629134bdcc619f9c2dd1c7f6d19c4952c690eaeda001ba49cf094a330bd5336c8cd65afe2b607b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37ccdd48ca0b6b99e592cd63164bdcfd

SHA1
042dbb2065b1d07c08c9044f0d1ff1ec5ccddc4e

SHA256
e9c8de9b6a52970b22e4aa3db18728b00beb3a7155ccc751fb06cb46e6f5f827

SHA512
faefe0534135466dbde6dceac9ec956bf726d2018845f3ee3025ef6c2eb66380afe9ee57674924647c6ef237a1c659e8451c5e0714020fc77dbf8236083c40f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0c777873b91eeadf75681e783a8bfc64

SHA1
0ad9fc9b4bba8fbf83f7326b4da999856b2d2836

SHA256
a87554a9bf226d018b9925f1e7019a0aae67a29954be744d2e578552ce02e5a6

SHA512
1ab8313a32a4a12efccad170138c0e9b5c6ad7e5dbfe0992936f1dfe1287ed7a5947ffafd4b2144d8e0f742ecd07ec49a90f785c0a6b15263ae0a70e39813386

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
16e600f3b1ea0f3072f3a0b20439751e

SHA1
e2fcdf05b9f998dbdb61df7add0571af31ba23f4

SHA256
0243fd65b711b73d4f74039138ae8ff82b83d613d0effb465103f2b9c9679d5f

SHA512
eff0362044c106effb3c36bd8d9f66fbd4e3bce261c20c694a77243e7f430afdc37d45bf25cf22f099c90e4c50374d728838dcd97a48fc6b95c2dcb404a8f370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
462bd964efe3aa42d26963a4e4a0e888

SHA1
15de73f4ae8591877baea5c044de0c2436634e82

SHA256
57d2d4446801ad57705686a7687c93942cb509dd9e3a3a9fce84cfcc76cd0546

SHA512
e21d090e78b78b08476d01eb163325eb536c62671d07067bb8c5131919c9691f5bcd5c0954f475ac0781387d2c16bb33470b305c968911583e508bb7fd775124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0708b2893a37bdf7447c268b0ea6b10b

SHA1
538b3a039e92907d97f7ed0f0946a003e8a64507

SHA256
474fcc8098732662b7703c4c0b4afa4972c610a507da5667d20cfc106f1516e0

SHA512
29d8667c3a8bb67416458f8e3e808f26dd95f12be4d5d6659b90eb97ef4ab5776c0eb493b9d59c44b6bce6e30a8c2e2bb196cb7b013a42d7fe52fabc085cd72e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c520.TMP

Filesize
1KB

MD5
b0657a92629bc60f45f39e490544990c

SHA1
20293346a7f1c4bd4d28b3538eb2e56ca305bdcf

SHA256
67d7dc181caf05d11bb24e9b447c1070dcfbe18971270ba139398266b7df4922

SHA512
170d71b55a60fc16c6345a1a29fbcfec31e21de9f5d2d56ed71764aec018adc3a2b8d1ac6dbf4d7911d30ff3822f8a1a37d3e9fcb989f8dcbe4f3cb9b3826f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
70f335de5ab4937b76b1f6ecd3455ffc

SHA1
d60e60963e42a5923a0c5f29c5f07dc4ef276657

SHA256
aa038e3bd3da79e3dc28856f89a1da36d514adbc1f8413d563042211d511851f

SHA512
c8ada1fa3482d2ffa77810c60430a25a89efbc9eebd19833fdfa3961451f912032834e09014501b11b9b291271aa9e35d9621055ff12357d431b8414c314cb53

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_2584_RXAMQZYHALGBDKBO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit