hxxps://fastupload[.]io/df56806fb68c97a0

Analysis

max time kernel
187s
max time network
189s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
23-05-2024 21:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://fastupload.io/df56806fb68c97a0

Score

9^/10

evasion

Malware Config

Signatures

Looks for VirtualBox drivers on disk 2 TTPs 3 IoCs

evasion

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\Windows\System32\drivers\VBoxSF.sys	Kizune Free 3.2.exe
File opened (read-only)	C:\Windows\System32\drivers\VBoxMouse.sys	Kizune Free 3.2.exe
File opened (read-only)	C:\Windows\System32\drivers\VBoxGuest.sys	Kizune Free 3.2.exe

Looks for VirtualBox executables on disk 2 TTPs 2 IoCs

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\Windows\System32\vboxservice.exe	Kizune Free 3.2.exe
File opened (read-only)	C:\Windows\System32\VBoxControl.exe	Kizune Free 3.2.exe

Looks for VMWare drivers on disk 2 TTPs 2 IoCs

evasion

File and Directory Discovery

T1083

Virtualization/Sandbox Evasion

T1497

description	ioc	Process
File opened (read-only)	C:\Windows\System32\drivers\vmmouse.sys	Kizune Free 3.2.exe
File opened (read-only)	C:\Windows\System32\drivers\vmusbmouse.sys	Kizune Free 3.2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
836	discord.com
838	discord.com

Suspicious use of NtSetInformationThreadHideFromDebugger 2 IoCs

pid	Process
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Kills process with taskkill 27 IoCs

evasion

pid	Process
3652	taskkill.exe
6952	taskkill.exe
6588	taskkill.exe
4772	taskkill.exe
7976	taskkill.exe
5552	taskkill.exe
6332	taskkill.exe
7896	taskkill.exe
2856	taskkill.exe
1240	taskkill.exe
1128	taskkill.exe
7828	taskkill.exe
7636	taskkill.exe
1652	taskkill.exe
5004	taskkill.exe
6740	taskkill.exe
6540	taskkill.exe
2632	taskkill.exe
1192	taskkill.exe
4112	taskkill.exe
956	taskkill.exe
4396	taskkill.exe
5132	taskkill.exe
6188	taskkill.exe
6364	taskkill.exe
1040	taskkill.exe
4716	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133609727824165192"	chrome.exe

Modifies registry class 11 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297\URL Protocol	Kizune Free 3.2.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297\DefaultIcon	Kizune Free 3.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297\DefaultIcon\ = "C:\\Users\\Admin\\Desktop\\Test1\\New folder (2)\\Kizune Free 3.2.exe"	Kizune Free 3.2.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297\shell\open\command	Kizune Free 3.2.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297\shell	Kizune Free 3.2.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297\ = "URL:Run game 1233290144363319297 protocol"	Kizune Free 3.2.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297\shell\open\command\ = "C:\\Users\\Admin\\Desktop\\Test1\\New folder (2)\\Kizune Free 3.2.exe"	Kizune Free 3.2.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{0B06DA78-5459-43C2-B2F7-A690B1F413F4}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297	Kizune Free 3.2.exe
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\discord-1233290144363319297\shell\open	Kizune Free 3.2.exe

Runs net.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
5872	chrome.exe
5872	chrome.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
7908	msedge.exe
7908	msedge.exe
3676	msedge.exe
3676	msedge.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
4000	msedge.exe
4000	msedge.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe
5228	Kizune Free 3.2.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5228	Kizune Free 3.2.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe
Token: SeShutdownPrivilege	1456	chrome.exe
Token: SeCreatePagefilePrivilege	1456	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
1456	chrome.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
3676	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe
6560	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5228	Kizune Free 3.2.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1456 wrote to memory of 552	1456	chrome.exe	84
PID 1456 wrote to memory of 552	1456	chrome.exe	84
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 2876	1456	chrome.exe	85
PID 1456 wrote to memory of 4040	1456	chrome.exe	86
PID 1456 wrote to memory of 4040	1456	chrome.exe	86
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87
PID 1456 wrote to memory of 3692	1456	chrome.exe	87

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://fastupload.io/df56806fb68c97a0
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1456
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff4673ab58,0x7fff4673ab68,0x7fff4673ab78
  2⤵
  PID:552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1248 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:8
  2⤵
  PID:4040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2120 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:8
  2⤵
  PID:3692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2092 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:4940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4272 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:3244
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4376 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:1372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4728 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:3536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4980 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5108 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5260 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5468 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5612 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5952 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=5956 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:5588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=6428 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6264 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:5760
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=6704 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6880 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=7048 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=7228 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=7384 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:5476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=7568 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=7748 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=8068 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=8256 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=8404 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6236
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=8612 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=8080 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=8228 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=8872 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6560
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=9164 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=9008 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=9320 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --mojo-platform-channel-handle=9468 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6592
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --mojo-platform-channel-handle=9316 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=9868 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=10012 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --mojo-platform-channel-handle=10172 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=10196 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=10212 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=10228 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=10024 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=5396 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7704
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --mojo-platform-channel-handle=5960 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=6092 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=10348 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --mojo-platform-channel-handle=6112 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --mojo-platform-channel-handle=5448 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7772
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --mojo-platform-channel-handle=9296 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --mojo-platform-channel-handle=11108 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --mojo-platform-channel-handle=11296 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --mojo-platform-channel-handle=11544 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --mojo-platform-channel-handle=6464 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:8092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=12096 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:8
  2⤵
  PID:7556
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --mojo-platform-channel-handle=7844 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:7576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=11984 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:8
  2⤵
  PID:5924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --mojo-platform-channel-handle=9580 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:1
  2⤵
  PID:6148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2696 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:8
  2⤵
  PID:7256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:8
  2⤵
  PID:6800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1020 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:8
  2⤵
  PID:6936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4484 --field-trial-handle=1232,i,17880376497391630267,15382822883054190754,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5872

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4780

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7260

C:\Users\Admin\Desktop\Test1\New folder (2)\Kizune Free 3.2.exe
"C:\Users\Admin\Desktop\Test1\New folder (2)\Kizune Free 3.2.exe"
1⤵
- Looks for VirtualBox drivers on disk
- Looks for VirtualBox executables on disk
- Looks for VMWare drivers on disk
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5228
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C start https://discord.gg/AHtrEmd5
  2⤵
  PID:8176
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/AHtrEmd5
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:3676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff372e46f8,0x7fff372e4708,0x7fff372e4718
      4⤵
      PID:5148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1984,2387713700451425149,11135140304204749000,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1996 /prefetch:2
      4⤵
      PID:7864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1984,2387713700451425149,11135140304204749000,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:7908
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1984,2387713700451425149,11135140304204749000,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3108 /prefetch:8
      4⤵
      PID:5460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2387713700451425149,11135140304204749000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
      4⤵
      PID:1368
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2387713700451425149,11135140304204749000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
      4⤵
      PID:8164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1984,2387713700451425149,11135140304204749000,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
      4⤵
      PID:6384
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1984,2387713700451425149,11135140304204749000,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3956 /prefetch:8
      4⤵
      PID:5016
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1984,2387713700451425149,11135140304204749000,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4060 /prefetch:8
      4⤵
      Modifies registry class
      Suspicious behavior: EnumeratesProcesses
      PID:4000
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C start https://web1s.io/note/7G4T8StdSR
  2⤵
  PID:6460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://web1s.io/note/7G4T8StdSR
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:6560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff372e46f8,0x7fff372e4708,0x7fff372e4718
      4⤵
      PID:6668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
      4⤵
      PID:7248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
      4⤵
      PID:5340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
      4⤵
      PID:4236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
      4⤵
      PID:6904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
      4⤵
      PID:6712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4456 /prefetch:1
      4⤵
      PID:6496
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
      4⤵
      PID:4816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
      4⤵
      PID:5568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
      4⤵
      PID:7576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
      4⤵
      PID:4808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
      4⤵
      PID:804
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
      4⤵
      PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
      4⤵
      PID:3516
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,14512608281071330994,6138868039854074047,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6504 /prefetch:8
      4⤵
      PID:408
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM adb.exe
  2⤵
  PID:7448
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM adb.exe
    3⤵
    - Kills process with taskkill
    PID:2632
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM adb1.exe
  2⤵
  PID:6976
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM adb1.exe
    3⤵
    - Kills process with taskkill
    PID:5004
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM adb2.exe
  2⤵
  PID:6256
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM adb2.exe
    3⤵
    - Kills process with taskkill
    PID:6332
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM DNS.exe
  2⤵
  PID:6340
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM DNS.exe
    3⤵
    - Kills process with taskkill
    PID:6364
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM Synaptics.exe
  2⤵
  PID:4704
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM Synaptics.exe
    3⤵
    - Kills process with taskkill
    PID:6740
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im dnf.exe
  2⤵
  PID:4092
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im dnf.exe
    3⤵
    - Kills process with taskkill
    PID:1192
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im tensafe_1.exe
  2⤵
  PID:1884
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im tensafe_1.exe
    3⤵
    - Kills process with taskkill
    PID:7896
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im tensafe_2.exe
  2⤵
  PID:6060
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im tensafe_2.exe
    3⤵
    - Kills process with taskkill
    PID:3652
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im tencentdl.exe
  2⤵
  PID:4700
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im tencentdl.exe
    3⤵
    - Kills process with taskkill
    PID:7828
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im conime.exe
  2⤵
  PID:1012
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im conime.exe
    3⤵
    - Kills process with taskkill
    PID:6952
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im QQDL.EXE
  2⤵
  PID:3376
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im QQDL.EXE
    3⤵
    - Kills process with taskkill
    PID:7636
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im qqlogin.exe
  2⤵
  PID:8012
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im qqlogin.exe
    3⤵
    - Kills process with taskkill
    PID:6588
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im dnfchina.exe
  2⤵
  PID:3532
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im dnfchina.exe
    3⤵
    - Kills process with taskkill
    PID:4772
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im dnfchinatest.exe
  2⤵
  PID:7068
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im dnfchinatest.exe
    3⤵
    - Kills process with taskkill
    PID:7976
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /f /im txplatform.exe
  2⤵
  PID:4488
- - C:\Windows\system32\taskkill.exe
    TaskKill /f /im txplatform.exe
    3⤵
    - Kills process with taskkill
    PID:5132
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM Auxillary.exe
  2⤵
  PID:5724
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM Auxillary.exe
    3⤵
    - Kills process with taskkill
    PID:5552
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM TP3Helper.exe
  2⤵
  PID:5480
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM TP3Helper.exe
    3⤵
    - Kills process with taskkill
    PID:6188
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM tp3helper.dat
  2⤵
  PID:7048
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM tp3helper.dat
    3⤵
    - Kills process with taskkill
    PID:1652
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM aow_exe.exe
  2⤵
  PID:5748
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM aow_exe.exe
    3⤵
    - Kills process with taskkill
    PID:1240
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM QMEmulatorService.exe
  2⤵
  PID:2424
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM QMEmulatorService.exe
    3⤵
    - Kills process with taskkill
    PID:6540
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /IM RuntimeBroker.exe
  2⤵
  PID:2492
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /IM RuntimeBroker.exe
    3⤵
    - Kills process with taskkill
    PID:1128
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /im GameLoader.exe
  2⤵
  PID:1768
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /im GameLoader.exe
    3⤵
    - Kills process with taskkill
    PID:956
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /im TBSWebRenderer.exe
  2⤵
  PID:3832
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /im TBSWebRenderer.exe
    3⤵
    - Kills process with taskkill
    PID:2856
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /im AppMarket.exe
  2⤵
  PID:7696
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /im AppMarket.exe
    3⤵
    - Kills process with taskkill
    PID:4112
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /im AndroidEmulator.exe
  2⤵
  PID:4748
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /im AndroidEmulator.exe
    3⤵
    - Kills process with taskkill
    PID:4396
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /im AndroidEmulatorEn.exe
  2⤵
  PID:4956
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /im AndroidEmulatorEn.exe
    3⤵
    - Kills process with taskkill
    PID:4716
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C TaskKill /F /im AndroidEmulatorEx.exe
  2⤵
  PID:388
- - C:\Windows\system32\taskkill.exe
    TaskKill /F /im AndroidEmulatorEx.exe
    3⤵
    - Kills process with taskkill
    PID:1040
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C net stop QMEmulatorService
  2⤵
  PID:1984
- - C:\Windows\system32\net.exe
    net stop QMEmulatorService
    3⤵
    PID:5112
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop QMEmulatorService
      4⤵
      PID:2700
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C net stop aow_drv
  2⤵
  PID:1488
- - C:\Windows\system32\net.exe
    net stop aow_drv
    3⤵
    PID:3220
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop aow_drv
      4⤵
      PID:1448
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C net stop Tensafe
  2⤵
  PID:1020
- - C:\Windows\system32\net.exe
    net stop Tensafe
    3⤵
    PID:1888
  - - C:\Windows\system32\net1.exe
      C:\Windows\system32\net1 stop Tensafe
      4⤵
      PID:2448
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /C del C:\aow_drv.log
  2⤵
  PID:7140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6900

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

File and Directory Discovery

T1083

Query Registry

T1012

System Information Discovery

T1082

Virtualization/Sandbox Evasion

T1497

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\2f4d21d7-0d97-494f-a26e-7bcb62d35222.tmp

Filesize
130KB

MD5
e93f828848f403a5240623b158442779

SHA1
81003e2bfe3fe6dddce4d5e7aa3cc57b42c018b3

SHA256
c5edbe1d5831d62f967ba15813e84a0d7d0249704892635e5c8cc477d9c1b7cf

SHA512
62fd9cedb8cb0df1465b61dc13c36fb0466b65dde516983020a066cdd7f85c8cfb0532cfc88e0ff02df702b306a49429e0a08bb71f26cb63fe148efbd3c9f91a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\1416564e-3568-4881-89ce-130b6e9b41e2.tmp

Filesize
7KB

MD5
f6ce3f359e39d07795b59f9f1b7a4815

SHA1
96495bdc891359aaab482e2ce3bb3a20a52dc988

SHA256
1c686cbe451adde6c5cc7ed29ad55b528e980628e7465cba46936503e7070a73

SHA512
c71ecc6e8deb9aebc5a273028ec5022b6b0ba108f65ee1f42bdfb1d6635f0b818a56d8cfd866794aa273408963c296e28cc98889fdd495be86f0b64cf524723f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000026

Filesize
29KB

MD5
d453eca18d366c4054d2efd57717cf9d

SHA1
c7b0dfc73bb89d8f0a94e2cde0eeba2b5e07d5c4

SHA256
be8f4fac2d40747a0adaecc6f1befe81b254a2b12bf25ce01d7194b374a457fc

SHA512
a6f770c9e4058e8c17f3f72a245f76075441e07507ef05d455108e1768ca2a93f851b92335b33c1de61cf941cf135b0be4698d3d551b54132b2d5c882fd34835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002a

Filesize
54KB

MD5
806d1273f2a7702b8be593e82a71ee39

SHA1
189c8aac0f5c610949d81cc1f6e9ab72d47d36f4

SHA256
9e064a173bbfa4092fea520c8f39cba4767336400388792d52ea2d2084020b39

SHA512
14605c165d26e1a58dfb23aa1c59455e235d0d59b0cd3b8be2157962e364c4211e296c203ba19ac520df62b86f3a6c2822d828bf9dde090b8888dd43aa74a548

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002c

Filesize
28KB

MD5
2e023a843ea2f5b2040177e389a852f9

SHA1
71d94ce3f9164ceab5bf7236ef71d527ddcee100

SHA256
63cde3a79566b37a672fde354b720d899536ab8269d7afb2ae2fe60179509e0b

SHA512
e7667a4d46a41332aba1ea4d5867143ac6d43be54532ff009a8a7d8bdc8e284488657619fed6db9f9c03b15e955eab53066350114f1db0b34be830d3fd4e3786

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\61fcfbba12296d9b_0

Filesize
231B

MD5
b3033c4137b94180fe04f798ab648632

SHA1
5621cfbeb04082c6018ab773eb9dec0d13fef81f

SHA256
a1a0565464725535eaf4a1ad4d4ed7cb01d6f3569d7f4da9b6228bc173043629

SHA512
1d797e71a9353337021ff582e9dfaa51efd2ad5c5bc590a8c7b88dbd7a12ce6ff53dd7ce2b28e01353d6c15e26228d44ff193fc81a41aa4c077ef74071550260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
ccac22d03e7f0edb6d511633dba9e805

SHA1
942570e404cc038f4ef0f55973c0f57449565065

SHA256
dd12fa159abb83bdcd74968dd781341ff8852dba6e0024ebcc1037c930ea79a7

SHA512
40d6b6dc2d9ac6f666bf9884af9721e14d0e728dfc9a3e284281bd2e564ec6e1896e4c91fcfe7c4f8df9366109ece545ac9c6e649bfc4104018bafcd8e8ea969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_sync.a-mo.net_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
5356a38a5cc56922773e54361f7cb4db

SHA1
f76459a14fe1c996e83b689081d5f569c2288a19

SHA256
bb428292b6bba0d70230b4cb2e0e60fbe99e975dae0f806d1ee209ac5fe07dfd

SHA512
6f67507a2db67a97671e8d3a8caa9394d8018268c91aee8d2667bfb97c6d79452faf959112e54289aa196051b7695935c15910da6d4dfd3a1b8cf72071ea7f1c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
285a363c6ff73cb565b213e9971b69e1

SHA1
d3355e0b0145ed06e2c81160cf785343ae22450e

SHA256
c266311242fc66ed371a6e657edd02cf295c651252e14ce78187ef575971bd6a

SHA512
e4c29bce112c4de9844cdef9f440d27afd4c359b83e26d5f0fe86ab4d14e922ae81cf14d2948f188125d881cb4f0307c83611a3cc51af3f628e6c65cd91e75a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
4843cb2215a59a19cecd917577f65c8c

SHA1
43af3f1f803a45c3939f3bb617dc70bec9406f65

SHA256
7569a0cca7dda79a94f2d3d7cfa5b2e0f03fed9a9685620c07833b96b7d5b03c

SHA512
dd72a20bafdd095cf01b1967555d3fca0bc891f8a05a1a73696ac5fd5e6b3c85f64531022fa8e74faf87589f51d3e31ebb6e8c3f4f84c3dafacfb21ab1145ff3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
7KB

MD5
9318b26c0e705585bba9de80e43ed39b

SHA1
9aa3b870d710694dcc076406003307c7e774a401

SHA256
5d12768ffcd71550709b50da66c71815e6f0a6d689ceb3d90cbcd2607f4d349a

SHA512
a1beb205adb5ff230c7ecb80df7342a0945816cf5c8b02ad311c04af0c265a32c0ad1dfee61cb98fab37126f738e7118139b04809e6e50c5942cdb583e670eeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
84c7bab39694be1b86d5f06c805463ef

SHA1
7848d3368a8c0739b5c4e1b5252573e82cd1868d

SHA256
df98e391ea6bf3f7f602f89ab139bd202b23c6c880904671ba035c7ab9973de1

SHA512
14f5e831b0e682dea67b9a4b4bcd997053124383a9dbecc41e9fafa3fb8259494aa03b7d4b398b8f98634658da52807624b690628a185632a32b17dd9086405b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
4127f06010a1c665f7e5b654bbd597c5

SHA1
a7e7100344015a4a6f1149beabbe771f4d6e4db2

SHA256
53919180fb9580c721488b366ca75f78ae1853f29feab337ca63b120725c1635

SHA512
1b62a7dde53a5a8a41af9af6dd2b49c7c2e015497bab49491c309a2051c473237123072eab4385b600ff3dae2097dca43e24c0be84838e886b6d95005fea0b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
eef83b93fc145345105f5bcd2ac45f12

SHA1
31567d2470fa4dd9ddb7f56d3cc8712d2fc1823b

SHA256
46ad666e97f68b94c38ff9e6e6e84b89efed08c76a72e5a8815237a4d317618c

SHA512
9d2cb781bd90ef83a9abb6ccae0cdcfc2f578561654e47cb9d21fe3fb8a3493dbef0f220b4f43254676cb04abc866946f8891ddf8113eb606dca1e55004ed109

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
7002332c2f5c6108153fd6c955a818e3

SHA1
6938130162bff3988a7d1e94384d19c389388f9c

SHA256
ab36ed52af326916e1f84408a9c28a97ccd8d584f2a036984e9704156ff66e22

SHA512
6324ac2cd848f3506823d6c09b1a9de8aa367768ae01d722745f924142b99d1ed466695f823d37763aed86050fbc5aaaaa8220b25969bd9e00e3e35740ca774d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8e1fe9e31e0c2372113fc2dbbeecb57b

SHA1
42bbbd37b17a390d19a48ceac3c35d32d260c098

SHA256
c40529136df5bfe0ab42cea7b247e7a9247e205514c7ffefdbb7853397bf1c52

SHA512
a251893b17c97ce7836899dea51587a3f5cc965779f40f92c81b81d92d5dc391e956ca5ecaee5d52a3c344ba652b4543735dd1db23adcaf90821d907e245da14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
1a8b982fcc395490d43bd4e64366e657

SHA1
dd080e8f8edf09406b346102a29b54184588dd95

SHA256
14e9e314a17268affd9374e47e75bc99c1b118c5e66e3c9ec6145eec3e6fa77c

SHA512
ecbca3a3f7c06a3fe540643a9b63436203963242fefa6cf1ea9c88aeb3ac5500b271b55fb361b1539b0f3084f0ca2336e22d6b539df5868cdb8eb3db8cc6dc54

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
130KB

MD5
9ddb96ab70b6dbb9e56f65e2becc049b

SHA1
71bc7540aed2e66585e175e7d785ff098d0b8a2f

SHA256
e044a5c5494785141f93e47c9889eb0258ada033cc33aa6565ca2045adc16bfb

SHA512
4cb482633651419a4e1472938897f3a4fe8b1e2a3acf164a723682b18a98b9761f10dfa4397b549e0e719fb7e991ce074c77399f12542d0ad223c1631c5e2260

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
101KB

MD5
ee78cb6a1dd93aa8e202f75d16b7ee2c

SHA1
6cccb73169223d3d7a42b8ce7d44b86a5825d040

SHA256
eac26f20338a11bdcd86cae0be1cbe1549acf70b1846dec0b44e139f25b75421

SHA512
c72228aed163b19155be356955c88f609b2a4738d66ae53054e13d3084e1a191a45a85b4f319ef85ca65b4f5d0fa4c516318ad14ac0898970ff3e8f905826d87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
6c8860be22ab1e29a23f77ee2cc7e425

SHA1
17fb6efe0772eb076a8a346b610796f3e3bef53d

SHA256
b5fcce2e906c6a9bb64e5f306f14b4df1fdc5eb797525e6c929549a92a74cd1f

SHA512
1a43539f802f60bfd3bff4cacaece831d9c6565fa83100505e918004a315ac7f3e9d186e731251e632ee874eaead0e1463281645c7a6aeee028406bb8498365c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe584590.TMP

Filesize
96KB

MD5
80398a478a03526f276a7296f21f0693

SHA1
7731f023df2382d85c0926e14aafda874488b826

SHA256
4a87f2573fb75e961c210f50ed7a91f0b267d219bd3e62aa01331dd8fe6da099

SHA512
2a41f18e0afe2a1b40a76212eb7206f3c93275239fe348ecace78e4848318c636a645b65bf82c0aa7479e9254c6c88b3d427c4211f30e3c727797f3a66d5f312

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
12c92749060bfc58d5b7893e4223e3ba

SHA1
8a62dc781c62af40a4a88bd6323b76fc3b1ac0a0

SHA256
5f93435296b8ebcebc25c0ec58d6a5fd0b0829886ae6a4c02d191e7d6e00379d

SHA512
6218c0aa19c87a958a8106db56669bcd66850a54001f0eb1a80bb61234e59dec991c19f8fa34f53f100742e96c37abb9d87d1210ed4aac3283278a92fc31fcab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4ae558d9a60b658bbaca0fea1f96e6ed

SHA1
fc97b01845924cc27c43d658e6f068a1ef17bb31

SHA256
f76c65d0fb316e5e0245e4a320a352e85cb97ec168e742e6f95bf7b70cc89a83

SHA512
450f406c52a3088e59923fc717222891a7f257b5b5864b4811de23e8ab7b06f9155111662052d5c4a92884a71b6043805190af2e1d1b3572e8507b4ba5851f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f345a055b63637a2070e5d80f4558d10

SHA1
ca4d09a1090cf4abe52cbde996f0849113d0a82d

SHA256
184d496618ca7cbc36a786ea6bd50eff2f4f7ba1fb18104540ec892665fc311e

SHA512
13c8b5cd04aa8fe3ab7d8a85cf77b53e8a2b4f290d2011f4f5b6633bdc10c6c8c1b7ebbc5db49988786f6aa812e5eb95c7fa167d7342b99e04ec9285384cf270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
18KB

MD5
18535bc66a0d495bde5e0a95835e5863

SHA1
7b129fb2c468e0f92781bfd1239ba57eeb0bb66a

SHA256
dfb65cff86acd6d8af7d415e96548fc743beabdba97b1079ac9679993fe09edd

SHA512
4cb964f1772a5cc1884d634b896eee5b3c15c64fff93da487698f114d0073c5cd417819f8dcb1c572ec5ccdaa034f221e36271f072ffeda37e77988c4426b8b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
816B

MD5
11923f16a065b1baf0f2a832042ed8da

SHA1
b45b54ccba4b2533b103dea2336d0043aa2bab50

SHA256
a365422c50f54f4a3a6070241ffc54103eb8091888cbf95e17f0b8f63aba038a

SHA512
80da6559e748a2506c8b5b9dd2e19e695aea4f2158ef31a318b7c0668837d2b86a4047eb2961b7e1793f3b842483a753f19995f23fa56983205b4a3bcbd866d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fafc53f805f7a5ae009e009860ec267b

SHA1
baef00a4ab345f616af7c5ef57a038688e2b6281

SHA256
e2914c0981a015381bcb0e88627e680847261ff486e9e48fa323f2b69b2e3ad1

SHA512
e60f70aea42e96d2ae3846100dbbf3e3259be079e9ddaa2429165dd96c8977b53576f9a95967605c722f6f70b5a310c2910dae5da205f9d5521df57c415c3545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a3497a8a31c1bf7b4bb42ebfbf017df7

SHA1
83ff6749e44260d0cfad940d9f90cec14c18b2f6

SHA256
b5ae8c45fa2ea6c86fba0a7b2d176e53b90e9bd4b67b638f07fa7e197ff070b5

SHA512
d896727c38686c1cd4de53587d217f377ed2d1863eaa649d476d8826e42a50beb77286e05870685f2443e0a2068365584c5de793dca840317437f23200c7de97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
247B

MD5
94bd83393ee4e3c749f28c3414160cbc

SHA1
68effb04ecc392f2ae4ad7bdc1e99b9116da474c

SHA256
e1dbf44fca250f32925910fcd7f59276e46d0d916eff30fdf9f85ef91bcd3d4b

SHA512
203109a405cd685a195e6cdae5d0a624abcd6c6a9333b88f312e50f96bafa03057366bd78bf62df8784ec97f14677d56f8b78b472000044618a784bcf7af3e8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22214322fcb17a45ae00d9a6b3bc1e14

SHA1
f27c0fe9f16b61f44fbb6bd1f33964bf98ce0f47

SHA256
946f84ed9849ffec88a5615a98dd1c830f03c8f251a21216c43557c0f7ea6634

SHA512
5e04273e1d7dae0baac7bad613526456baf08bf76170d8f76dff4277fa509e5039170dc294453c9049b33d87c8d3d1c35ee7fd93688029da708be69c0ccb6e6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0062724d178ff2c5c8f110b62dd58e69

SHA1
b09fdb1fac54c3827ffa7b8fedc1d8be82ebba82

SHA256
0d0aa08328ac3804e16c5189a63bc173b52067eb905552f2cc07dcb9bef2ff33

SHA512
083f77603b4ef3ba4ea960efd3b7b5b4802c00ed5a876727e7c5a582f7057ae1c32b32baf88664c880e02db5355a3314a4b93174d0a1b660dc025aed901f0c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
bb5eac2794193124450d7b4fe94ec77a

SHA1
8e53e71c0df9a335fe4fd158243182415f58a7bc

SHA256
cc60adc44b6db052fedaab47c80ffe523c43d6c11c6afa39615f804d7233a9e8

SHA512
7ca224e0585faf9c4ae0d208df8076e084161d36997e8b01b3689a85e821f096587c981683024baeec1d6affc9251886bf69f8d9a550e61334636aa279dc1899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbc4c56d82d4a1cf14166cea1085352f

SHA1
8636e6feb82333dc8d64e227d0b378a8550caee2

SHA256
f6682fa4ed79204aea5b43e3c17fb849ce4f50250efd682159c84903b4c5affa

SHA512
e1890cf8f28c409f99d2d09168659a2eae3272cd4f7381ad35ad766d59663d6fa8e2e7479f7f5743a1bfaa876128b4bd33c6b77ab3a1f4a7a86620d7c7531a48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d5c354dad82334527e1d000f17aa443a

SHA1
c96fbf78eae3a18d4b34010ea020cfc38f808d57

SHA256
5541097e46d282aed6aba0d560146cc19c05f53e36921f77459230d5cf37122b

SHA512
166c90474b140bdb2b16833c74622a72b3a637c29c807f24165c6fb16d85faa1a929bd19a8154d481891d30102cdb252f2d39c0eb96f75ab22ac989c05f1c91b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
f23e0f55a3489ee7f7383429c36f2d23

SHA1
ac427f070af4cc135abce4ebf719278aac41b4b6

SHA256
09394cd2867a6e703f3b16b0d25bfa9c08734b33304dbe983b6021714d8eda35

SHA512
9728df51fbf2becb705400faa98098b89c7ca8190d8bffa1c5b14aaffbf65ffd7e03b5f1978005411726c6dc63e6727bba1048ada5d4d2c2bfaf34e9b8db2f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b518eb7c-e6b0-4f7a-845e-401f8552a352.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
92be4db1f392ef403e0fce957ad0ef4a

SHA1
10ba044d77b058de79e3d9a7168f850b2499a3f7

SHA256
2fa26fed08dbe6324abce660bfbb6c7ccc8ccbda59408cc2db7159b26a64c54f

SHA512
1984efc5089959bd1080fc636d43413b45ac7268c937008e4712e2e667fe4642b5be8ac2b83034f3751b53b590a7a468eb39abd3d2566152790b8795d1d5217d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
baaba630f7c1d9768facced2a01eafb9

SHA1
5689e333cb4e0680643ed98e4d6c85bf6bcc8be7

SHA256
1191be26459a9acddaf1f2bf687326c51032bc5c51e5d2b56d6e8160f31f231d

SHA512
0c24dee9b36009a62e7cc7a05efb7a252090a543222238425526f8c14a6d3f7ac3ff1e47951a30c06abdde76697c76408e4c0f772c07a0a5c2826f1d8648e943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8a91f8ca28d3489edcf34708f4447df4

SHA1
bef9d43bed528cdff00c1f039ddb1ca9942c3b2e

SHA256
0f23dfd77c39fe889c8596d7b6f2acf316af3390af6a47b2ba172ad7274ec540

SHA512
cda894e631879e4d177c6227e3adc1e5c9da267990cc555e14c4f315ec9ee10795abd736aef39a8d717e9190df895c0c518816787d98e6000922573dbf29fc6f

Download Submit
memory/5228-843-0x00007FFF552A0000-0x00007FFF552A2000-memory.dmp

Filesize
8KB

Download
memory/5228-842-0x00007FFF55290000-0x00007FFF55292000-memory.dmp

Filesize
8KB

Download
memory/5228-841-0x00007FFF55500000-0x00007FFF55502000-memory.dmp

Filesize
8KB

Download
memory/5228-846-0x00007FF7F5D50000-0x00007FF7F6D50000-memory.dmp

Filesize
16.0MB

Download
memory/5228-844-0x00007FFF53350000-0x00007FFF53352000-memory.dmp

Filesize
8KB

Download
memory/5228-840-0x00007FFF554F0000-0x00007FFF554F2000-memory.dmp

Filesize
8KB

Download
memory/5228-839-0x00007FFF554E0000-0x00007FFF554E2000-memory.dmp

Filesize
8KB

Download
memory/5228-845-0x00007FFF53360000-0x00007FFF53362000-memory.dmp

Filesize
8KB

Download
memory/5228-838-0x00007FFF554D0000-0x00007FFF554D2000-memory.dmp

Filesize
8KB

Download