006430128d78e015e7ac9f8fffdb41e4bc6d7bbb7dff92f1a3b41e620278c1fa

Analysis

max time kernel
521s
max time network
557s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
16/05/2024, 09:52

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

Go To Bed.exe
Size

651KB
MD5

ae57aed92e768b5c003c05e4b31ae901
SHA1

d24e80657f5d0cb2d6ace60659fa4e9ab812f6dd
SHA256

006430128d78e015e7ac9f8fffdb41e4bc6d7bbb7dff92f1a3b41e620278c1fa
SHA512

b9736d6e4b22fdeabc87d9f0a16bdcc580d6de92fde54c40e5c3015e4c77f2b4c5754df54bfb3dd932d7f12aa9d326bd71518f148cae2b827d1131c7b270feb3
SSDEEP

6144:w/7FG9mpcJ/OD8zehVB+JyYlCRse2Sfyu:w/744aOD8SQA2Tu

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation	MEMZ (1).exe

Executes dropped EXE 7 IoCs

pid	Process
1288	MEMZ (1).exe
4088	MEMZ (1).exe
3964	MEMZ (1).exe
4448	MEMZ (1).exe
2792	MEMZ (1).exe
2232	MEMZ (1).exe
3808	MEMZ (1).exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
421	raw.githubusercontent.com
422	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ (1).exe

Drops file in Windows directory 23 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\2290032291.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\1601268389\715946058.pri	taskmgr.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133603268148736202"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$blogger	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5ce152c777a7da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "64"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 40fda6fc77a7da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\NextUpdateDate = "422634964"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 06158aca77a7da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 504ab05777a7da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total\ = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 30de796777a7da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BingPageData\RulesFileNextUpdateDate = "422015506"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\NumberOfSubdomains = "1"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.google.com	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "132"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3088	chrome.exe
3088	chrome.exe
5948	chrome.exe
5948	chrome.exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
3964	MEMZ (1).exe
3964	MEMZ (1).exe
4448	MEMZ (1).exe
4448	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
3964	MEMZ (1).exe
3964	MEMZ (1).exe
2232	MEMZ (1).exe
2232	MEMZ (1).exe
2792	MEMZ (1).exe
2792	MEMZ (1).exe
4448	MEMZ (1).exe
4448	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
3964	MEMZ (1).exe
3964	MEMZ (1).exe
2232	MEMZ (1).exe
2232	MEMZ (1).exe
2792	MEMZ (1).exe
2792	MEMZ (1).exe
4448	MEMZ (1).exe
4448	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
3964	MEMZ (1).exe
3964	MEMZ (1).exe
2232	MEMZ (1).exe
2232	MEMZ (1).exe
2792	MEMZ (1).exe
2792	MEMZ (1).exe
4448	MEMZ (1).exe
4448	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
3964	MEMZ (1).exe
3964	MEMZ (1).exe
2232	MEMZ (1).exe
2232	MEMZ (1).exe
2792	MEMZ (1).exe
2792	MEMZ (1).exe
4448	MEMZ (1).exe
4448	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
3964	MEMZ (1).exe
3964	MEMZ (1).exe
2232	MEMZ (1).exe
2232	MEMZ (1).exe
2792	MEMZ (1).exe
2792	MEMZ (1).exe
4448	MEMZ (1).exe
4448	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5412	taskmgr.exe

Suspicious behavior: MapViewOfSection 42 IoCs

pid	Process
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 34 IoCs

pid	Process
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe
Token: SeShutdownPrivilege	3088	chrome.exe
Token: SeCreatePagefilePrivilege	3088	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
3088	chrome.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe
5412	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
3088	chrome.exe
1700	MicrosoftEdge.exe
4780	MicrosoftEdgeCP.exe
1104	MicrosoftEdgeCP.exe
4780	MicrosoftEdgeCP.exe
372	MicrosoftEdge.exe
6696	MicrosoftEdgeCP.exe
6696	MicrosoftEdgeCP.exe
7980	MicrosoftEdgeCP.exe
3808	MEMZ (1).exe
3808	MEMZ (1).exe
3808	MEMZ (1).exe
3808	MEMZ (1).exe
5488	MicrosoftEdge.exe
11040	MicrosoftEdgeCP.exe
11040	MicrosoftEdgeCP.exe
3808	MEMZ (1).exe
3808	MEMZ (1).exe
3456	wordpad.exe
3456	wordpad.exe
3456	wordpad.exe
3456	wordpad.exe
3456	wordpad.exe
3808	MEMZ (1).exe
2792	MEMZ (1).exe
3964	MEMZ (1).exe
4448	MEMZ (1).exe
2232	MEMZ (1).exe
4088	MEMZ (1).exe
4088	MEMZ (1).exe
4448	MEMZ (1).exe
3964	MEMZ (1).exe
2232	MEMZ (1).exe
2792	MEMZ (1).exe
2792	MEMZ (1).exe
2232	MEMZ (1).exe
4448	MEMZ (1).exe
3964	MEMZ (1).exe
4088	MEMZ (1).exe
4448	MEMZ (1).exe
4088	MEMZ (1).exe
2232	MEMZ (1).exe
3964	MEMZ (1).exe
2792	MEMZ (1).exe
2232	MEMZ (1).exe
2792	MEMZ (1).exe
3964	MEMZ (1).exe
4448	MEMZ (1).exe
4088	MEMZ (1).exe
4448	MEMZ (1).exe
3964	MEMZ (1).exe
2792	MEMZ (1).exe
2232	MEMZ (1).exe
4088	MEMZ (1).exe
2792	MEMZ (1).exe
4088	MEMZ (1).exe
4448	MEMZ (1).exe
3964	MEMZ (1).exe
2232	MEMZ (1).exe
2232	MEMZ (1).exe
4448	MEMZ (1).exe
2792	MEMZ (1).exe
3964	MEMZ (1).exe
4088	MEMZ (1).exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3088 wrote to memory of 4252	3088	chrome.exe	74
PID 3088 wrote to memory of 4252	3088	chrome.exe	74
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 2208	3088	chrome.exe	76
PID 3088 wrote to memory of 3264	3088	chrome.exe	77
PID 3088 wrote to memory of 3264	3088	chrome.exe	77
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78
PID 3088 wrote to memory of 4556	3088	chrome.exe	78

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\Go To Bed.exe
"C:\Users\Admin\AppData\Local\Temp\Go To Bed.exe"
1⤵
PID:4268

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffeb07e9758,0x7ffeb07e9768,0x7ffeb07e9778
  2⤵
  PID:4252
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:2
  2⤵
  PID:2208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1844 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2112 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:4556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2944 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2952 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4480 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:1000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4680 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:3124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4772 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:1464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4836 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:356
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4880 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:2992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5312 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:3728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5248 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:1272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5392 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=3832 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=2192 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:1848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=4876 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5700 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:1844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5588 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:2016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5752 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:4304
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:1944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5728 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:1916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5696 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:3440
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5936 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=6348 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5892 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:2452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6232 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:2204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6484 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=7008 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4776
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6456 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:3384
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=3956 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6768 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:2792
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5940 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=2672 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=5480 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=3076 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6604 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6552 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=5688 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:6108
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=6132 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=3776 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:5452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6932 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:5432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=4704 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6888 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5440 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:4704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7048 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7020 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3192 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:5236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7108 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:3576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6888 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:1652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:3188
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6320 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3204 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6368 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:5980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5172 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:3092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3132 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:1400
- C:\Users\Admin\Downloads\MEMZ (1).exe
  "C:\Users\Admin\Downloads\MEMZ (1).exe"
  2⤵
  - Executes dropped EXE
  PID:1288
- - C:\Users\Admin\Downloads\MEMZ (1).exe
    "C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4088
- - C:\Users\Admin\Downloads\MEMZ (1).exe
    "C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3964
- - C:\Users\Admin\Downloads\MEMZ (1).exe
    "C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4448
- - C:\Users\Admin\Downloads\MEMZ (1).exe
    "C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2792
- - C:\Users\Admin\Downloads\MEMZ (1).exe
    "C:\Users\Admin\Downloads\MEMZ (1).exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2232
- - C:\Users\Admin\Downloads\MEMZ (1).exe
    "C:\Users\Admin\Downloads\MEMZ (1).exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    PID:3808
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:3240
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:4248
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:8084
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:6644
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:756
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3456
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:10768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7516 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:1020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=7068 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:3744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --mojo-platform-channel-handle=2276 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --mojo-platform-channel-handle=6116 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7468 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:896
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=media.mojom.CdmServiceBroker --lang=en-US --service-sandbox-type=cdm --mojo-platform-channel-handle=5124 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:8
  2⤵
  PID:1392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --mojo-platform-channel-handle=7376 --field-trial-handle=1848,i,17129836923643708333,4928598446416498754,131072 /prefetch:1
  2⤵
  PID:4400

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:3100

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x408
1⤵
PID:2288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1700

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4580

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4780

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1104

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6128

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4272

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:372

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:6524

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:6696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6864

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:7980

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:7300

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:7444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5500

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2756

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:7136

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5488

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:1392

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:11040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:11120

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:9400

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:10840

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
PID:676

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506

Filesize
68KB

MD5
29f65ba8e88c063813cc50a4ea544e93

SHA1
05a7040d5c127e68c25d81cc51271ffb8bef3568

SHA256
1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184

SHA512
e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\80f16a7c-8f20-4a83-8e82-2f6ae197ebc1.tmp

Filesize
275KB

MD5
d8030ea7f84884067df0b488da91332a

SHA1
2b131a57ee70f1ab901d5e3cb54dc084a4dfef6a

SHA256
c13b6597bc6d2dab85183994357faf103e85898fedf015aad210ad1f81a20025

SHA512
ff5d94fb82ef8b0859ae90cc8e2086d82f377dd14956ad85935d65ea8810c02af2221d242175d874125b5f8e7eaa57c1be22bbbc48f157dc4878308bcb2bbb2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
69KB

MD5
805d4fdfc3d3e5ddd5391b8f361fa519

SHA1
5425f05d27964bc57cd879e16914bce5053ec743

SHA256
3924dabf7b129ad34cdd665768bff84c6ffa449b942cab5df2e30b0ea9efb659

SHA512
7a64df530a77faf100ba32d9cf82ca5d57f6f11f40a1e6688d695d3b726b807b6f7e34853fb2b7ecb30c137465618f09077031f42b24eb80ee90ab5c3a0bd8ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
23KB

MD5
af1aafb469311ee04f601d10caf3f066

SHA1
67ed9f4c5de1530147f354516ebb1ebd649cf00f

SHA256
7908b50f8e637c9b2c4644c2d6c9ac953baeafb4e029e68c04ec11c25bbaf810

SHA512
b82fdb3f570e2751c9418b239471d7493740d5a04ea8eb0c19969e5e584aca5c807c9400a1ca9e780302ef9f23de25a16a431fc40784f6549500c13c3153c237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000057

Filesize
85KB

MD5
008d0ae10f41631bb124d78799baf5bb

SHA1
cd5956db2574b3e718d8e87f3e4af79e2a3b5e0b

SHA256
a0aee1664677fce87357ff299c236f12803be313c1838a312d779ccf1ce0e590

SHA512
e4c1c5a8d88b6e0caa60b3c6ce02c05b0b2653c478a788d9d6c330d34439a5f91acecd67dc6baa4f40cf8f4cf21a684a13162562df8e2406cd06ac3145c6216e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000a8

Filesize
46KB

MD5
f0d81b309d4441d6dc22bdcb9e9e7d01

SHA1
77e7510fd01735991f8eb242a8a20acf5c7326d6

SHA256
90b890766ed0dfc173b119f625e4bde7785d509a76d27354148bf0a80a09889c

SHA512
79d3758017eb11ff478e0c258405aeb66eeef77b6041689708667948c85c1ff27688491eb8fd7efba3e5d392e299c055b3ae54fd212a0f5caaca3d91c425829e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000aa

Filesize
796KB

MD5
4519631388f92d71f67093bacff1dd35

SHA1
021a5a025dde022771995fd6b328af451340e68d

SHA256
f41a9c7401f3227e0d5b9ee08ace82d4522c247b1994a10788c5350c8adf8269

SHA512
dc0279b40524d4e89e5715e3ec44cc8cc86ef8aff8a0dd401df8366203abda1743d65185780bf3f7c7d540006fe73ba31be7a859d66ff1d31b88cf67144e4e4c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000ad

Filesize
32KB

MD5
38288a369294784a5369e7abf03a04e3

SHA1
b078a4e77e8f92ef8ebd52ad508258314dc46359

SHA256
ab2fca2ed379d5f710c7a741b41aa0657ad41d53f70d2e1741417b22e4ba516b

SHA512
169fc48ad74690dacff887171eb5e5db9b1c51e8bcdb57352803da80643a3ccbab55069060f6628298f134714d107122cee9e66f34c276a7eccab33d3036faca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000af

Filesize
19KB

MD5
fd7b364eb1ee091ba7b6be6f443d9383

SHA1
5a56ee272aea7bbb2da8fbe225ad57916ae3fdcd

SHA256
4d2e29c047e2ae40ad1cc38c6f28044f7c5a30fd81d743ee55fa8a254817f217

SHA512
e9f29da4ad3ad5fe5a75a1b68ef88052be88ea2af6d6718963ece06e67cc9ddc6545a89c83c7178e8d9a80650fab4266e3d460ecc631a42d9bd64db600bce6f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b0

Filesize
19KB

MD5
97f199034162b1283dbbbfb994def15a

SHA1
539f1d9814baa54fd3425ec0139f3cfa932301ab

SHA256
3cc79470f85abf02f16c22e1ab349ea126a5d6d1a2da8d302155e0dbc26f0d7e

SHA512
ba709e9f101f44349e356d0d2c126a7eb07b6400d4c2ed5710caa4dbeb5fb33788b162f3b96d6ec2e1957d14229ff17af3be8606740998bc4ab82f153bfadf2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000b1

Filesize
16KB

MD5
ac6eecc5bb03f3bd2acad2646ab1055e

SHA1
e6cd1fed2664146a0f076be78683c3691e199ace

SHA256
dd0fdd787168a693e480a3ea6b29f101fab556f365e452a1dca932019c916a94

SHA512
4a2f2cc0672df547dbe44e2f661efbcc4815472a346f52f8d34bf16b9dc781bba79b428d1141f2f4eb19409946f35df56b196e29164ac83f839a6eb8a803dfa3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000df

Filesize
325KB

MD5
6ad382c1c569fbaea0027917e9295d66

SHA1
2d2c01c62fe9dcbf25c4339daa6b9d9981f2c020

SHA256
c6cec718cdfa2edfa7023c142403ff3ca0f028c46403ee49b046f327ba0fa8d0

SHA512
c3f9f92c26ee4e8cfb0d17a1e1312c137ba6b9bcac65ca5e0f8ea222570f818bf9044f535141ef9f798f20a2800c93107c8abadcf7eb57d70069f4d7ded167e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_0000e0

Filesize
140KB

MD5
47f5b6368c594f51630907876f0627de

SHA1
248a41e58bf6c73b632d8d6bacab290ff56a0f0b

SHA256
bc9487b0060710ea9feda9871fd52f86d37f5b3d16369ca7b2692cebe512d70a

SHA512
116cb24e70c451f49f08de3b596ba07c6cdbb1d4beae7041b244a9462469b8af8e90c5a5019a9d43cc56252a30d1e8b54ff8bae2e8536cd5cf9d007ddabb96fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
8137f588fef3bd10c1edb3754131596c

SHA1
ee602763078239843c36410d2344be4cd4c86b6c

SHA256
74eff2909589e7a8c2dc09dc9c3547309756d345089376041ed3fce58ef15e02

SHA512
9472048e730b5f996062810f506acbdf4af401e42c865e436f26d257787a1500250abf64fca64babd899dc171b3ebd09d9b08fdcb2163d31cb264fd292d20abb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
a5dcf94c1d550910f8b3cbd50115fc73

SHA1
850c3b1b06fe0818f9631c04266e0026ef828974

SHA256
3cd050feb4da62035cc40b74f11e6046fb175e12e676a0aad6b44c68c1647e63

SHA512
15d8e182c32e5497e682423a4d2b8ca3418480d2daf2c0c08faa1e1c1427c3df14dcf4e0966c993b4bbc9605cfb57d78c54d1bbed5f6ec574631bfa88229f70d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
d4c9fc9d0eaf0861712026e1a3046603

SHA1
af5bebb97b35258a1069dc1e96deab0c77f31067

SHA256
5c6309c3cb19fad252933abc28620bc5cdd5cc891ee5d7ec65221de89cf2844c

SHA512
b61c8734fd5314abf0ec1c65f1888b0499322a5eef77b9e6037ff95bdc0418321a7d2beb3711f3dfd444b45e5fc90bb7b388b9640ad96020e8aeddaf40e33447

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_best.aliexpress.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
13KB

MD5
a29975e5ed10a13b61329145805b3f97

SHA1
b04fe397c12d6e92efd49067a8030fbf8b357c6f

SHA256
643f13eae245dfd5b0995cff77b957eff2571d5e0144096c0adfde489e1389d6

SHA512
197e5b812846da9d9f595a151b5700017d993b527ec8b8d085e7441803069c69366f0746838fa9779850b3ec850a007527a8c92d8d73787a364218b7d4c4b9e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
ac9bf225c71c2a9ed2aa9373913241c8

SHA1
8b7e02e6bd7b35f53715986c874fccf029ed4c92

SHA256
c6fabc84634bded7d46f8afdaa1e26366abbd4b309126896ef6d894999fcb72d

SHA512
a7c6eb59b106212893993a465cb93e795e578df532fdfdfab848dc204ebb2b5321cc7900175745f1d72c76070a17a267ac409545c117cd773611105b2b738c53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
793289486a3317812e802b7b8b50fb9c

SHA1
bad220ae470ff11965fedc21c3781898d249f5d5

SHA256
f596ecb9883797e285f398a35b17e519ffd634919c948912f2a9d018cd696a81

SHA512
c3fb9b1b053855f6b7e6dcd70bc71e6e42cf523f0ff7cd503c77c25143ff6e845304d4e43b0f1949c5988acd218b841ddf06d730316c14040383e53c9d398fd9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b982c2c8ef3aa18695354ebde5b8d2ff

SHA1
394d2ab2bf51aec09a63cde6416b28e873290251

SHA256
6ef439d5247b899d8b6b65a9f8c9637ca962d91d8e45bb9350f6f590388c19fc

SHA512
a19fd12184ea48a9c15cc2f3c023033798fa62b43154eb08461905eaa077cf26e6b3c60807d6a87bbaeea4270a42a5234918c7b4d6603edf16726554150723c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
707B

MD5
443771ffb1fdc3722436508bd54b2827

SHA1
60ef68be3db2ca43b2779a1dd53cb178784259d5

SHA256
0d280bb2cf4876c869a8b10839b3d83f43b05add02b98ac0ddae8818d901f7e7

SHA512
e3b945c980b13896c3cd6521ad0d3d17bde12433b100fb6eb3d312936742624d14ac83340387ac1ddf029e27b50e153420f096ac9359780f761587924903f0ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
2876b0028798015aa78552ca79bb782f

SHA1
baf1f257564e4ea277d450e030f145cbe26193ad

SHA256
3566072b20345c97cde4e5c6723275c5a4f09b2eb991634d6a85322778a756be

SHA512
d5bd703417d684a987f3c0c48a03908baeb10722d7b44c82a21860a3cce0b42412f1b82066aa1db7521b139262590f94653068e5d7cfe900cca4750bc9e6908d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
5efffd6f112c9dc51cb5fcab7f33cc3b

SHA1
a25597dfa2478f61b83c323aa4f2dc96f0211d28

SHA256
64ea316b5513ad9b3f3eedee8a4c769576c933f878cb3c59d0d5ee22b090507a

SHA512
f8bad18ccf789051e272eb90d6ed83b5522e2c7e73e2700c58398a964fe6641047b315eb350a111ef48ef53bf5b4123956d2eee822d4d2b6230f8b4bcf799f27

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
d7300dedbe4df3e83e32ad79757ccb0f

SHA1
867f1949d8e403112f794a1ea9e408b10e6b2617

SHA256
3bf6f4ed008d6f359ba14713e1dadb51fc6fe20662b12bad535bbb60107d767d

SHA512
7ad9fffe727cd84afdbc378bd32d068aea8caa1ab0cd27f304fbbc05914e6d06b5fe53265b83e5afc24553f82883a3c13ccd1fe690933d29b5c92ba178bd1bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
3275756e0d5f90f3bbb5977589889358

SHA1
7e934654c2ef212b936baf4c7f651efab224ecc9

SHA256
2ec75c00354164c72f87cfc611cc1b0415dc0746a625770932cb6a0099938b80

SHA512
a6df98595a02401e9ebe219db69b5c4854eba2e83f9bb08f8288cd50cbf6fdfb9a9d0063de5e842be00dfda1551a5e818256460323b236525d5beab3e7a141a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
4646b0cead11f1fc5645358bf1ff5c58

SHA1
2f0855412a118f631cdc5ef49eff6123c52c5df1

SHA256
6f66853fb1258cd55d57c976f62db9329c51fccdedd4ca0c441ac8ba791331de

SHA512
2475b1f99aab66d1f741df27787c946484767a8b4819410412ff2614d473524bab9f4cffae76b72278292e3a8ad01ef0f7dd812d068b1000954f2fba35930018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
0ea577de907bd276500872e28ec794bb

SHA1
a880045ec51dc3d0096824c770e2a3cdd8a3de45

SHA256
d489309e1595b1e4c828e9e72d1d972c6a7ea4c86a3a615595cae902d2068b2e

SHA512
451e2f886893900edea97d6cb06200c79e01ac49a26240323dda45d3fec7d0e29e5be957b8fee80551aab488163724c9eef8f6488159fac900a419a3346fa601

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
12389c1f3bf4350db0d450af62654b7d

SHA1
ecbe61f0a90a252298561482a24e8a49eae3fabd

SHA256
ac349d71a2dc445b33e1119de7eaa434d18232f9118c0c9c86ee75025670d5ca

SHA512
e45db96db955c3fc577508a0a50c2aef85ca12c38388922fbbd090126d6de692a780e647fbafb7f41eba12f4ea208efd71f27ffe22515b2dd16d4c79df3698cb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
54d379ee774bf5d0db8b21a0a8b822ba

SHA1
adf8f63803296212c5d52c5368dc465ff0ee554e

SHA256
e42ef156df8fdb7ae36903da1e0fbf5c3a981c5b67ab53c75b58dfcd023f9c32

SHA512
d61c5ecae9f3f9c277a9aca2bd8d88ae4f88d191a6c1d5af33b681738d3e1863a733c6e75581c39155d2aab62428047299c5eac47b6b21833c4675eb4355244b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
03796df40291ad7e85d4929cbe2302e1

SHA1
e564d9a73c2d39646291589cfcd2e3f10df8b39f

SHA256
81fd18df2387b786c3ebfea440a5b6cff3d900ccaf3c6e829d533a8239801843

SHA512
6fb9e2ac31836061462d052044160b8f60061191475c73a9de13aad4b80af1bcc21622bd610dfcd4b26bdd6bdadb381a4bdf2097b04d8b08abfb3bf6e673d330

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
40f354ca9cc569dbb0f02fdc1ec195fe

SHA1
91b324663a0e7228095a128a601de295eddfe789

SHA256
978d6237d86cd222e9426231a446cd2ecac34d4b8e9ba2bfdfb488d3562880f3

SHA512
4a23f7e7c573adb7ca8b8712008e5c80ffb9bebfac96c18ba09a93fa93c5f0acd2a6267cd62797f4554bada5660c4d9ac3039126d2fcb49417d955db847598a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
44b97b8ae40e35b50540a224f26ea98c

SHA1
54fdffe5b1a464a0041dabdf3db6dbb55d82edb2

SHA256
f511f032722a501d4d58c436ac077cbbfb5d9d8f5b8c1d6ddccd466bf9ca483b

SHA512
46c040912c6b478de807bdbba79d203ef95b57f74541d23d32e19aff2977299a1965a2e229b6da02236b56b3c72931154f8224a3b5595af21a8d54cd4b893152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
bb04ab1a7da89912da24d1ef4f483f5c

SHA1
422eb70f1c84bf3cf6f62f6c19b0aff9e8499399

SHA256
616824aaaeb7b7c0be9166643db07bad6a2cc6e02b1612cadc1914ca29f7b497

SHA512
7de95af42ba43ff0ce070982e990530f3ded3526ce56209b3a56ea56da82fb1a705bdf1819540eda2d7c321fb443dd7ac640251f2a235135ce3d0819e9ce87ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
600c6e5fd7e97ef866caea633c378821

SHA1
1b6186524c6b76e18474f40670468c5fa3c53ee6

SHA256
49826a8ad9dcee1b1bc2dfa5e85a6774f0267fb2752380c0eefc9e6d84c3d3f9

SHA512
dd30ba038d6f8ac35d682528a973702e1373038d0c7416f03dde316700d94188381b8d559e55c91dc51f223d67d163d55280de56a5a062c644af14667922b1e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
a0f6d424fe0c5f8447b0017e62f478c5

SHA1
b29e890fc5553c6c46c31f88065e27c0e77ac987

SHA256
8e0c414f1b6c437f4acbcac114ef040444043662cc70e8719bb25caa705d2a0b

SHA512
a50ec0abdf3a4e04a8c5ccb4737b29aa672d08761ff12d251dc6534ca8af26f410744df415155c89c857d6f66dc544b2793cf312a2825d2c6fb598b3c4d08881

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
779f4c225f1519b782cf9f910e95940e

SHA1
ce2603401278cf1e7b7ee33f88b5ed8e1651aa71

SHA256
69713c412ba3f31f3e9a27f4a3c7197dc6dcef6a8ed9f56c705e9b5acbaa0e7a

SHA512
cbf033bdc3c04b03cbfb11a44a4acb80c92c50533ab3af6fbff01d95e641509153b33d7b1340255de8c51692f0ca7c2b74290f32e7b261c51118fd47999092d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
bec89a1b47af866bad40310e36b2121d

SHA1
7d3ea8941145d16aa4d0e89d16bc5e2d540690ef

SHA256
73930e1212c4a6eb256cf0fac3bd498f89775b00ff9df1ec05c0f9e53624e5b1

SHA512
cfeefe4ba408025ce0dfad37e6bc5899f2fa321fe16b318b36102fb27b1349b2cc5090f8103cccd2786a5e706bb7cdbb46bac9d1c9b710642e71d740e34c3a29

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
53d7c2715d019ce6b3331d8a12b656a9

SHA1
72e0a70c31f4a7ed812ee0e263086483165b36ee

SHA256
37c723749df9833d22ba5173b4be8f75ac319cfbe7c12b15b072e751301fdf95

SHA512
2d683b17b62ff2e1ecece0762f401fc8b7651543c51741b0346a3fe399130ac9de1afd630d6ea0d118bc73cd391f9be5560485f4e5618e95705a2ce37e04d9c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a21eea99178e4c7f8fa320d2e2b29775

SHA1
cf543f530798040ad7cb3e325673b11957cdb1a9

SHA256
0ad9441cd6f7449ad63293324e2a6a6cf71ce7023fae1b2e98e9fae6801b07a4

SHA512
c3f30389e217682969c3081f0a35b90878e9443a97b5085696c18dc0c37419cff428b8b711bd368087cdba46bda83a2738ce09a2668c988e8a2d06e5df81311c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b31ff08bfeffce1fc1dacf350188ca8

SHA1
ac3803c0feff25b011dfd1d75bd4b1b06dddc1dc

SHA256
f8dfbb4ea1d1107f44fbd66a11acbd2ad6f6e0d0dd64d4c12cd4e07e5e4367a7

SHA512
b4c2bb6d7715c0547597c7c3b6eee1c1d14ce918edc2919a954bc25f67962df2033e16b51dd0c709dbc35a7a9ea5182268606c441cab3f0d1ed9be4d079a61fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
12KB

MD5
42f87af1500a70bc3e681e824a190dc6

SHA1
44c8c4f42422001dc68472416573baeefa30f55e

SHA256
7865f1c1814c47dc086f611568996a7f054c1ab5dbd4f82958cc01d14fd69330

SHA512
3494eb40b81a75510b58ba8681ec8842ccac32628b4ac0ca0f0103548390fd1ddb1f695d2d60761b8f6bc39a434fb60e0b22a3a05773ac1eaa575377428e6cdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0fad7490-a022-4a23-a945-8adeadc46eb3\index-dir\the-real-index

Filesize
2KB

MD5
66ba4c129e88cc3d702a486fa71c8d18

SHA1
eaf5329795cc303e9aa5f0750f495b0e3321deac

SHA256
52158d891fdc8c3bf6628f6d572c8c6bc723499d7ecda533e28f462396c2280d

SHA512
d03f979404ed4db2f7e165c2d291c06cafeb31867c25d3c975b7e5c2620404320c72b798efae1a5f29b9bddf03ad94597994c2c8952edf714fae31b8e09ef3c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0fad7490-a022-4a23-a945-8adeadc46eb3\index-dir\the-real-index

Filesize
2KB

MD5
011c8b87c8ce5e2d1f23eaca76c8171f

SHA1
582d89c3ea8521f95823080537d0413f883f0733

SHA256
a144d581fb448ce45908dcd02795f4874df4456588fbada1176d30eb4f16ba5e

SHA512
dacdeab75ed7979802b314754ecd4b61acd90d042740133a9ab90de125dd404af8f990ca95184f69b0715df9ace4ed48516a13478fa6e3d84bfa0758cd515873

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\0fad7490-a022-4a23-a945-8adeadc46eb3\index-dir\the-real-index~RFe596836.TMP

Filesize
48B

MD5
0f3895fb7d59d16ff8cf21644a4e3a6c

SHA1
211e3c3a3ac661cdc9ff2dd316e575bf9af28636

SHA256
efa50166a16b333cb422090890150330f1860b3fd99ffd8eaff354472edc4dab

SHA512
73c5f74c325c44399a479628d6ea350c5519b778b656dd05549ed2105ac0bda7ed0a0cca59b08c92db3b69dc4d567d66378acb86329b920efe2b4f93e09140f4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\30ae302e-488a-4410-ae92-83a27cf755df\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
4ec763f4d8686c846f1b54482b01e651

SHA1
02fa89fcff388e8a2c45df6ea256dcf481c3166e

SHA256
91e649e2317bdc7a1797e600fd6d1f51024b43c442118c23b5e0b002aaa60d7e

SHA512
a95bcec210b5530aff7b68f4108d57e0e2f9fcc44f9a4bfbc6ba78b1846a84f37f2bfde4dc0d15522bd7721d8eaed406dd482eb6313ed4c681704e64ecb400dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
119B

MD5
27626834531cdee3417454182f65673b

SHA1
40c36e95afec29cfac4882b30a8ce91624432ac1

SHA256
b01b1de04ca094617775f17ff0cbee3e7ec2e828578044f743f20586bb9d0903

SHA512
fb34eafd2b588533a35a8d9f31de98a36a19e81730944885d99642fd25a97949873746c5c7ac1abd6faa12ee5b8da1dc16534431c399dd07b5946d730886d15c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
57615f3e49d9e530d49c735b67be6815

SHA1
e68a36231f8c981ed882240856b35018e6a8ef4a

SHA256
1063cae9f56cf85b24dd94fed0c48235e76aff4ada761496f5a1fd4652a601a0

SHA512
cb3ddf3c5e2ea150d872a37022ca6fc5bed247b4e5a6b55f9897dbe7919fae6ed179449ec57b70e2c93087d5c58b238b5f4aca84e335001be85810fc5852236e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
698f3263b8518f120f8a2ee8911ffbcb

SHA1
9d27a183871081744912a07089a4e3e0bd65f0bb

SHA256
773249e0fcf7a953a2ddca6b62b4a69dba826c2e84dbbfa082a12c5fef32b085

SHA512
7d5a76625efbb65edf8b35ade72a660bbe750ef2574eaa42561de7262d350afb124b96c8b609d9e4bdef8cb53b9a0a2bcd41b079fd16e900885e319b60b5cb24

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
114B

MD5
bd5dbc5660d3ef1610efce4e00991543

SHA1
89d21680ca0cf1e03e16a3ef5ab4d5ebc8a1873c

SHA256
a7d9b1d49d0ce3923dea9362038dc9711c2ce5c272ff2b279375be839b271ad2

SHA512
381589811fb02a32884c88000b881a8112a3dcca4cd005d384b556ad3492152dd238bef3e2e3f152e899f89991f1e68a64c77a21517c4835db8c846b80926b59

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
178B

MD5
ef0cb7b66fe3d42c790cc96d3ce451f3

SHA1
1afd27950ad591e1ce181d975a971a020204ddc0

SHA256
c43cf76ee7af1022d1f33d62c8c1d42dd6aaa6587444bd20635561ed98f1c670

SHA512
4ac5a7ac7df267894d935b99936d5158e47574ceee2d2ba75b2b35d07e35595243d9cfe725bcf8bd3a3245b16a5fb313c59159e2cfb267b7e4a7a25d291e3fa1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe58920a.TMP

Filesize
120B

MD5
2aec73c52d7e8081edc5e13f3e28d3a9

SHA1
b6ec168638e284b395b17064862ef608f2ac91c2

SHA256
270f516197e03e53ae8337e82d355a452e98be67372afec783262aab6fe0d450

SHA512
87f54048e7554b65965614a5c9c34cd066b261af22828423bdda7bd37e8ecc42226365bede25a76e8f9bb28bd63bf46ccf2475c133e124dd0aeeb7cc7c4c79a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
264B

MD5
f551147f85da797278df0409b6adb587

SHA1
e11aeefbbfa4426e397f40ccc3325ccccbabf39b

SHA256
0f7acde8ee3610df8976ab98979b12868e79f91bb8979901a271a23144491eed

SHA512
27b3ffc481a3a171c2e4256b1236377762d2b62efbfe62f666ef7844f3400938b06a85ec656c17d7a0e17ebf516819b4c35ffd277eec2476d49b428b2bf16ccd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
a36f9db92a41069ba5245fea2490c57e

SHA1
e114e49a4c25049670dcf28d0fdcddc630fced43

SHA256
e170ab30f8dc9b4c93cbb9937da330a36c764ebbe20701a408ad631e7b119217

SHA512
a833c8f1d93eeb643867655255ec0bb21b287feed4116839c782ab77014ba5cb83a684ccee30f43740500c24ae37755f2501466c898a072ee60f4453c1ec89e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
288B

MD5
25608bc6f8623f1b8c585948a27a0a7a

SHA1
b9b40361424e94977835478d8d97269897c50db9

SHA256
bd482d75061fd97038284cdfd1ac65fdcbe7ded9a97cfd5d7e1fbb5ca18c3ed5

SHA512
780618eb4b7e0e893328d1f01c33d07b6a4de2452ee52eafb9f3144107609f3164d90a0e892c2c71766ec64e20e68f118034db061fb95ba395cc378950c3cde6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
312B

MD5
c93b3c48e80e8c2d0f403eadf9204ae8

SHA1
8812f7b9a7eada9b4928648336951ae8a28099d3

SHA256
863b4a3d75d8f570ea133d42cfa3124f019d7654792529ac9cfc45a685065083

SHA512
71265a3bd65abf60a71ac7e5006b1a79e3713f3e9f189d7b8455ac3567bd594d5ff81c3df7c345ea98b2363f50ac6a5297e90c6d7c06c3c83a9bc901ba2be8e4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58aaa3.TMP

Filesize
48B

MD5
808bc2431f4c0df9b6fd2d0a88f48c2b

SHA1
efa22b8b896f5892673ea995849b127602e6fdab

SHA256
b61dc919acb235ac512dbf9903e5433e136a5287f7a698026f9b16ff6d8b3a24

SHA512
31e38d1325529570a586a8cfced3268f6002b11b0772db91d1ad964f7fb6afa3bd0aabade8e7ce88d5f6a73ac5744d98c42353712b439824265abe330f20f36b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Manifest Resources\agimnkijcaahngcdmfeangaknmldooml\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
7f57c509f12aaae2c269646db7fde6e8

SHA1
969d8c0e3d9140f843f36ccf2974b112ad7afc07

SHA256
1d5c9f67fe93f9fcc1a1b61ebc35bda8f98f1261e5005ae37af71f42aab1d90f

SHA512
3503a0f4939bed9e1fd5e086b17d6de1063220dffdab2d2373aa9582a2454a9d8f18c1be74442f4e597bdba796d2d69220bd9e6be632a15367225b804187ea18

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir3088_456559004\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
12a429f9782bcff446dc1089b68d44ee

SHA1
e41e5a1a4f2950a7f2da8be77ca26a66da7093b9

SHA256
e1d7407b07c40b5436d78db1077a16fbf75d49e32f3cbd01187b5eaaa10f1e37

SHA512
1da99c5278a589972a1d711d694890f4fd4ec4e56f83781ab9dee91ba99530a7f90d969588fa24dce24b094a28bdecbea80328cee862031a8b289f3e4f38ce7a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
6ec572200f105d38a36cc52a0f7d206a

SHA1
ef8a5243ea987fae901344d55b30d8d61280d5a8

SHA256
36da4596c06cee4b1a687bf18ec2cf81b9fdba88cc52b3f6c0bb30410bce6604

SHA512
5f1a210fe130ec6b7f714ae06a4144250318ad1e3e6afcb9ed13a46734880d32ac78d636fd809f9c283d0a7b2ab96508c35a5c53660b4eeca81f8f5036ba64e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
46c0eb31669acc92ee5c63053545d4da

SHA1
080f79c1d1dc36619dbaf68317a943302619a0c9

SHA256
48625bc8ac4e6034e15a48ed57798f39e0621029aa59188267548a35d9e7dfd0

SHA512
a49f1952c51c0d5f68b09b967088d4eafaf1ec4b4450637b4002fbedd6bf4e36e851c4ae4f18bd83a49b6a6be4a711e161d4e23304f765cfb89d9d9252fddcec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
87236e767d128795baced553b431dab2

SHA1
fa25269d934fa80347f10b013976636e1421c2a9

SHA256
680b3659477a04d83783f6c88b8fbeef9d8b5657e41797a75bae8b9bdc575dc0

SHA512
c594e265ebc36b707b23b10cce48bb91acde3e5e230ad9c9150389acb41a2aa7e9321c2f37b22450818db7358bca16a792804dc64bf1a20bd6c7c89c3c919a0f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
ca3233d6c2819e688deb4e70a5b8310c

SHA1
6b563f56452425170a42fe0e83550536e5d330fa

SHA256
7e287a19ec6467d49c3859f1dbeb5fae2207d51179c874e3d14511eee5da9e34

SHA512
969ecdd6f0f62861d636c57c6f280de88458674e14ade4c1fcb4c552fe90f9611c9795817b0ee62339db0598e1c8aa76c78d795910303b126b25e93b8b0b2511

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
25443214052452f34a3435a792a166d5

SHA1
f7e955202c882de49c544840c9cbf6ba5f4cc90c

SHA256
1e6e30e07c4a239b8fb5b3c68025a4f9401741e42bd51facb80797c521688096

SHA512
608f3380bd51d3447b18e2943d17d024367530fad2018201f5ecaf389dbf382b7b93509e681f9f0ba01f9b11face78866471b0d3c7020bc9e585c104d0af68a5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
fb20ada1a86be553ee50da7f62efd546

SHA1
c5a90279b03d7334f5a2ed8bdc84d7516ddddd18

SHA256
64400ddd530dea1944cb9408e1ac590a1017a5b38184cf2c40f0676493cfe5a7

SHA512
eab2f1bdbbc2c17ec451d0a43a9ece956118f46dfe7d17eb1b74b321a0596e57246e5c24b1346ea27f01436fa7a0f1c560634f1c608543483793c3543de841d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
e05fc0e752a93ec98d4df3f8fa8b1b67

SHA1
4255feba87d85f10c9bf98d872950f2669f0acd5

SHA256
5e72882f243d5ee649be28e9b845dfcea7d907faf65072f7a483b3d05fe3a15c

SHA512
cae1bf1da9716d48710e54e40d8c7356a87b693eecc13b15bcec8357e0e6c4eeb3e0b817f302596aad6ae7bda257a1d88fa8a355933e28e779d60a5a65419126

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
275KB

MD5
186aa2c9b560b5803f8a2d8dfdefa32c

SHA1
c48a54004c4d85a9943b1e04f17c60ecce90faf3

SHA256
b665b13bb47dc2f96b927d475c61b7a9ee1e88b48d7a1d3cca4c6272359a1875

SHA512
58c7e7c06ba86e0e8457947bf8b5f62a16a721a3ab29ccf8f76d5d2fa6ccb39acdd5af9d4c002e71465c4024fbe19804489e53e4bd7c4cad1859108d9b7d0930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
122KB

MD5
f2d76bed6fc6e9c114d246e0a5443183

SHA1
ae8f228ecd08f07102437042cc3ac415e66b946a

SHA256
e7bdc921f8ee838a57038b58968837b4172d22d601ce66867ad409aef0fd9f5a

SHA512
e926747905b8e98fc4f139b9b0db2a21f53ca05fb728abc0759cf396463bcad79f2e1cd8c99a8d42ee971c97c4572dde594812c2ed70bfddd37bd8238238ca05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
104KB

MD5
6dc88eecb4580c1760f591053a241d1f

SHA1
b9e0d9bbec961c2b2f83d5e8116bcae4f86b3816

SHA256
29396915972fb7b1621551183c49e556fb5bea8cb535b9f9939cd16bd582fae2

SHA512
7b6d94e54ec70e241365fadc8dddabdb4e8de74733a78330e08a06523abf0e3bcacd119ecfe6a3488a3664cf20d4eab684cc257cfdc549a89c72e15ca83d9529

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
106KB

MD5
885ea8abcc926a1f76e52575ad9acb46

SHA1
de6a9bf6173c1fe1693a18f1159fd006bcc8efad

SHA256
2128c802ce92db4aa640549c7908c1427fd0b3f2aa09c76d82ab21cd02a3f05c

SHA512
2a7ac07da02c7a48e3194dbeb6099fa7ae3eabb5eb2ab7bfefab80483cf6ec1ed3d6769d3d072170c4ec427d88e8ba7ec2e2b31ee89095d87ffe4bdadc8a2704

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
120KB

MD5
5e11f1fd46c23f5307c27ec7ddb456cd

SHA1
c9a4554d972e4091cde6f7994edd73144478be0a

SHA256
5025c9cc6c56d4a5043157172934d0fd8ba2d4c9ae77b000b66a9fd8cca307f1

SHA512
64ac1b2ff883ec9c0ef1f5a587671d8b9eccd892c89b0254493351cd973a87076f056c5fbe4bc613cad8abe6bd35dd02c7b1b93288b1ef5495e037e95532aa74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
116KB

MD5
5dff88c53b10a1c598de2ab5edcf7005

SHA1
adf729815ac14aca8430a56b36f3c3c1fe3fc72f

SHA256
e533a5039bedf4a1985893b80dc25a9697df0fbe1a794f2b69299bf5cb4dd5aa

SHA512
0787cdcc063c9a975163939087f5d8b81e89678d374e15e01cc7a4fe32f406462badc281ba849dda23b7b2df27a9b12a0d9276c9e0a7361c3ee6c52d1efaa1ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58d29d.TMP

Filesize
97KB

MD5
ec9c3e596b09446b585dee7e8dd8781c

SHA1
abd4588e3ba5f817eb93055af807559688789865

SHA256
e791618a7908af3f58a93153a9e1903e0e566c452e40fd42a7d8af23f0e93c5f

SHA512
2c3d74eeda2691622a760a003c4aef5de2bbd8472ff02dbdf6fbd4d255cd85806240b694cf9ada125833df7a9cb65ad7be995a46ed2cc1ee3b87dcdd621a5571

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QP17WMB6\anchor[1].htm

Filesize
46KB

MD5
d9b424554e0c0e5c735d89dfc5fa8ff6

SHA1
06f417767076c1e79d330e480d9159de4a8ce6a4

SHA256
990b77071841ddfd956ee34fd3c5572c103444238b85751628d6a159204d7924

SHA512
a41c0bb3c3fdfe16f665bba3483ee5d6213a18ff48610cd96a69f1a31a257fa348f94d308d330b875741913d55dbc8ba949189f6b9c490e545259a4b4d32eb46

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QP17WMB6\api[1].js

Filesize
850B

MD5
cc9da74bc51547f7da14aea584e7bd4e

SHA1
cb70339c904703d3a88777889e63b867a04ab2d1

SHA256
9d640e16608a79d4f95372f1dd9c1edf1322993b6f0d6ec224ff0f01d2053d64

SHA512
ed0db4f2338a41dafa1fca57c08706f5fd9a201495a05c5d5970a47f85e2214497deca3000cfde78f74a97a3a831c3fde934a141cee3dac4b18952e8d53f1389

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QP17WMB6\bframe[1].htm

Filesize
7KB

MD5
dff956d1ac655736444c47346486f86d

SHA1
cbd2d31fc38c67c9c457885ffb8d2aee2482d520

SHA256
9ea713194a7f7deb22c040b4762f68a8d8910ef6df505ba19e218c01d868a859

SHA512
390565b24aa5bacc2cc5e6632bb71e76a9abe4f0ca9a777a5b2dd60ea57f0608920e0caabf12d31b0385ca480b1757fdad2ac8a75566687079aecbc1954a439c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QP17WMB6\recaptcha__en[1].js

Filesize
502KB

MD5
add520996e437bff5d081315da187fbf

SHA1
2e489fe16f3712bf36df00b03a8a5af8fa8d4b42

SHA256
922b951591d52d44aa7015ebc95cab08192aa435b64f9016673ac5da1124a8b4

SHA512
2220fa232537d339784d7cd999b1f617100acdea7184073e6a64ea4e55db629f85bfa70ffda1dc2fd32bdc254f5856eeeb87d969476a2e36b5973d2f0eb86497

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QP17WMB6\webworker[2].js

Filesize
102B

MD5
88f0c38a7e2040f9de4edcadf67abd93

SHA1
0fac6e63c661377c3a229dc53dadb04d96f1140a

SHA256
732c8f6da5ca71626a4d4e2d7cd0ebe8e6b4453e70208fb1fef7ec2dd8fa84a6

SHA512
2eed92c0e4e526864467361741192781c2f48a2cd5a1e21acb84ce1ccf223bc882faaae9bb1ceb5a8bc2f1beed0be3016d90d4f7192877fe483dd1ad7c6b199e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WHTG44OZ\5bba3-e5711[1].woff2

Filesize
12KB

MD5
e571167fbcce8d5081bce96a09930063

SHA1
e12420f5e4da3ccdc75a58ce744e7d5a0c6cf79e

SHA256
98be19bc78b5bc5d419e4fa6ea055ebd4671a963e2cc644aeed4362f15d14c31

SHA512
2a7e28d5e1cc8fcb4089f51a012ba801038c1e115102f68405c730f58b490f3c9fc352ba533e0bf062f965b5fb44239b1b8ba914863a72c68aeeb27101c31881

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\WMVQ8NTB\styles__ltr[1].css

Filesize
55KB

MD5
2c00b9f417b688224937053cd0c284a5

SHA1
17b4c18ebc129055dd25f214c3f11e03e9df2d82

SHA256
1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed

SHA512
8dc644d4c8e6da600c751975ac4a9e620e26179167a4021ddb1da81b452ecf420e459dd1c23d1f2e177685b4e1006dbc5c8736024c447d0ff65f75838a785f57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\CO7SNSDR\roblox.en.softonic[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\11294CNY\c6a73-91dde[1].png

Filesize
1KB

MD5
91dde5a34a64a36d8de82112d86249b7

SHA1
a62281335242dee49863f3d2ab7bdce82453dd32

SHA256
673b00e2d93145a1a38ba186d0d5035f3539c0a91b83518624501acb5d41d229

SHA512
3efd740b9c2d05c3ebbd51c000c3271a2f634d39e1bca60871fc31fd49b702e57395d8dd32792786813c9c254152524c692a026d5dc82c8a17a896aa69f12751

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\11294CNY\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P3VDVJ51\b80692[1].ico

Filesize
1KB

MD5
ac0cd867e03ed914827807d4715bdfe7

SHA1
4051a8c23756c10d9cc00fcde6f7215c780fdf6f

SHA256
b50546da121186fbffd2aec430249cb21c7c2e2c85e561a393a9df9abfc4477c

SHA512
fa11d1d76c39719c218b4ffa34de8dd44d398bdcbb236a666f0be6eeee96bcbe4da9ac65a89441ad284c0de21788c135dc4fd21f6f82c7039f00c8a7c705c8e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P3VDVJ51\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
aec59787e4c85e40abd8896e45035785

SHA1
f2d87c80ffe462edb40eb940ffdce6d9f930cd26

SHA256
5b45f447e35adc886efe9878ace6293d26009d165d8aa69e5361889940a245f6

SHA512
e974142014a5fca628b5f5603bf13b3fea9503fa38769752faf4caff3061a4935ac9ea16cd6a25d24caf3564325e6b6096a71db426e3739fade8e598cffbae21

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF1A7FEB8C059F7B29.TMP

Filesize
40KB

MD5
23ea6e068cfe6d12496471fb42628a22

SHA1
42855c1770a7ce2549d3a80831d574a54a0cadbd

SHA256
6c75a4c4a748c1e6c91e1479dd30c337151211876319f78f792da4a6e2c7a554

SHA512
aa9dc377b7712ff4cfcd12dabf90bcff7ae2475690c6aed1643e54ab4d5839c13df035e2dc90c210c0270d5addbc745dc69f81ec4db556432015e71f957292f8

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
4adaa99562853f35c0258657db840db8

SHA1
98df7d1462c1c9aa4cbc270e95a24bd2db16ee08

SHA256
37a0772bfb96daea0afeac14ee55eb8bb188f7a1ed6c8206f380165524cc8ed9

SHA512
832592253c7462556d6dc5dfcc6dd322a0be3664d3c13ce93d3dde4b92335dfaa7759b02be36fd77c22baea7d74fd413a37b458a50704a8d66346590cf4d4853

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
9eb28aed2c095c37672e118e2d48a82c

SHA1
9ca482a6975e17bdacedbd41097906526f18121e

SHA256
933c199a1c662595bc52b240164f9fb392ed204a88cba3ad567f00dd068eb47c

SHA512
b8b4ee04cc5c30fb6029b2af2b1474112d0a6ea897b70cd370716871f0925174b5151c3aa886588cacd1ee30c3433bedc62a3c87dfb98dbd5829538ba7b5d13a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
8aedefb22d2ff12d18e6dbac7602cfb3

SHA1
ca3f453167f09233b2fe36e4e407d4db4e1b8d08

SHA256
93faee3567709c32fcf0cbc9a8f77f8e5bdef141dcb68d6800ad17f3ff8146f0

SHA512
c4af4e760623ea3efad3272d61608a01d3762cbc6d1178b625bc4e97535684cc52d40e905b0c6a3ae226b3db16c002f4dad1ed03e5ecdc603c216f9358aa54dd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
6KB

MD5
b994ee39a4bee34fbeafe64798e9a500

SHA1
13bb472edf779853e14a38e768f22bf0c2259378

SHA256
fff3f2218214b7bc60b8e75c9c73d43ebd587d007d49313e64e9cdfe880cbc1a

SHA512
e3682d10ee182c22bcec708ea8753dd4bff028c55caaeef7ea76a366d762def054320d50446a6165cb015a427a426720c2dba83b07e035db80e0743fd4512f3a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
8KB

MD5
d55d82b6b3c1eaad23faf4ec16334552

SHA1
fc6c0aabd0395785f8f9fabfa05c0d1254869c8f

SHA256
2c9906a2baacd026f0ff7fa4891f14910ea1338762c353a846e0a72e31d1a8e3

SHA512
733b6c76175bfece100bb04b9995ea2deda5d4f044dbeda34d53cdf017253bb48dc23d5214a1fb45b3458611056c6b524f8fcf0164a5e41802a79f78b4e75a4d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
10KB

MD5
45b5796bb5f48799ed8193cc51b8f6bd

SHA1
537b327629c3166bd888c96efa44ed43b774e137

SHA256
85600bac361a902fb8b9a307aae0fc739e9010b83cea5b50ae7d0d6fbf5580d8

SHA512
2cb108d0dc8a945a659196d8eeabc07e00d0160f98fba9457243deaa1bf9d13c3e33dded95f880a9825f62d3201ab64964f20d7c985c37d24dc4b928fd4c6488

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\5d696d521de238c3.customDestinations-ms

Filesize
9KB

MD5
ce5c54d2caa1a49f7f4a7d45520c54fe

SHA1
d88b36c386a176228bbe6f7b246e0885c4619594

SHA256
6bd05a265f3ad62e8d6332d7101727441d97982a46cd7c378254dc7781397ba7

SHA512
6fc905d4e4a78ec0b1d6973175345842e35a44ae7171cd934285976e43c36bd1109e32cd4e490c17a8fc6b9c6f3ae18d7a8e2653e0239a5a4fbbfaa4cd95ff0e

Download Submit
C:\Users\Admin\Downloads\MEMZ (1).exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
256KB

MD5
1ca1d73fcaeede7428cfcc3223f61689

SHA1
45535e07710ec1e2e92e80f79fe16fcd3fbd62d9

SHA256
52e87ebf157cfc5a81f5161998add91abee0df24a58705fd21866bd5315071c5

SHA512
2004f6f8232ac9575dd61cda14422995b4ff23084e946cb60093407b55099b85174829b83290137681782c587a4fd9004f63890d3e6d168a9f774a05f0a3fe29

Download Submit
memory/1104-2303-0x000002B0C7310000-0x000002B0C7410000-memory.dmp

Filesize
1024KB

Download
memory/1700-2327-0x0000026D00F60000-0x0000026D00F61000-memory.dmp

Filesize
4KB

Download
memory/1700-2326-0x0000026D00F50000-0x0000026D00F51000-memory.dmp

Filesize
4KB

Download
memory/1700-2288-0x0000026D759B0000-0x0000026D759B2000-memory.dmp

Filesize
8KB

Download
memory/1700-2253-0x0000026D78520000-0x0000026D78530000-memory.dmp

Filesize
64KB

Download
memory/1700-2269-0x0000026D78620000-0x0000026D78630000-memory.dmp

Filesize
64KB

Download
memory/6128-2314-0x00000227E2A00000-0x00000227E2B00000-memory.dmp

Filesize
1024KB

Download
memory/6128-2614-0x00000227E22C0000-0x00000227E22D0000-memory.dmp

Filesize
64KB

Download
memory/6128-2616-0x00000227E22C0000-0x00000227E22D0000-memory.dmp

Filesize
64KB

Download
memory/6128-2610-0x00000227E22C0000-0x00000227E22D0000-memory.dmp

Filesize
64KB

Download
memory/6128-2612-0x00000227E22C0000-0x00000227E22D0000-memory.dmp

Filesize
64KB

Download
memory/6128-2611-0x00000227E22C0000-0x00000227E22D0000-memory.dmp

Filesize
64KB

Download
memory/6128-2605-0x00000227E22C0000-0x00000227E22D0000-memory.dmp

Filesize
64KB

Download
memory/6128-2468-0x00000227F4890000-0x00000227F4892000-memory.dmp

Filesize
8KB

Download
memory/6128-2405-0x00000227F4C00000-0x00000227F4D00000-memory.dmp

Filesize
1024KB

Download
memory/6128-2403-0x00000227F4650000-0x00000227F4652000-memory.dmp

Filesize
8KB

Download
memory/6128-2318-0x00000227F3170000-0x00000227F3172000-memory.dmp

Filesize
8KB

Download
memory/6128-2320-0x00000227F3190000-0x00000227F3192000-memory.dmp

Filesize
8KB

Download
memory/6128-2322-0x00000227F31B0000-0x00000227F31B2000-memory.dmp

Filesize
8KB

Download
memory/6128-2315-0x00000227E2A00000-0x00000227E2B00000-memory.dmp

Filesize
1024KB

Download
memory/6128-2312-0x00000227E2300000-0x00000227E2302000-memory.dmp

Filesize
8KB

Download
memory/6128-2310-0x00000227E22E0000-0x00000227E22E2000-memory.dmp

Filesize
8KB

Download
memory/6128-2307-0x00000227E22B0000-0x00000227E22B2000-memory.dmp

Filesize
8KB

Download