Analysis

  • max time kernel
    150s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240611-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
  • submitted
    15-06-2024 08:56

General

  • Target

    https://turbowarp.org

Score
8/10

Malware Config

Signatures

  • Downloads MZ/PE file
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 7 IoCs
  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Enumerates system info in registry 2 TTPs 9 IoCs
  • Modifies data under HKEY_USERS 3 IoCs
  • Modifies registry class 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 62 IoCs
  • Suspicious use of SendNotifyMessage 48 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://turbowarp.org
    1⤵
      PID:3696
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4064,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:1
      1⤵
        PID:512
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=3852,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:1
        1⤵
          PID:2180
        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=3384,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5332 /prefetch:1
          1⤵
            PID:3636
          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5396,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5500 /prefetch:8
            1⤵
              PID:4940
            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5356,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=5644 /prefetch:8
              1⤵
                PID:2612
              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5980,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6032 /prefetch:8
                1⤵
                  PID:4484
                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6036,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6184 /prefetch:8
                  1⤵
                    PID:2308
                  • C:\Windows\system32\AUDIODG.EXE
                    C:\Windows\system32\AUDIODG.EXE 0x378 0x3a4
                    1⤵
                      PID:3640
                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6156,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=4272 /prefetch:1
                      1⤵
                        PID:2664
                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6800,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6720 /prefetch:8
                        1⤵
                          PID:4148
                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=3856,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6872 /prefetch:1
                          1⤵
                            PID:2376
                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6900,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6932 /prefetch:1
                            1⤵
                              PID:5108
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=7060,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6604 /prefetch:8
                              1⤵
                              • Modifies registry class
                              PID:4952
                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=7080,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=6672 /prefetch:1
                              1⤵
                                PID:2916
                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=7200,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7224 /prefetch:1
                                1⤵
                                  PID:2960
                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7108,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7252 /prefetch:1
                                  1⤵
                                    PID:1052
                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=en-US --service-sandbox-type=collections --field-trial-handle=7480,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7492 /prefetch:8
                                    1⤵
                                      PID:388
                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7388,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7468 /prefetch:1
                                      1⤵
                                        PID:4612
                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=en-US --service-sandbox-type=service --field-trial-handle=7804,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7820 /prefetch:8
                                        1⤵
                                          PID:1844
                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --field-trial-handle=8020,i,11069752405888604640,8928124405695604965,262144 --variations-seed-version --mojo-platform-channel-handle=7956 /prefetch:8
                                          1⤵
                                            PID:4448
                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
                                            1⤵
                                            • Enumerates system info in registry
                                            • Modifies data under HKEY_USERS
                                            • Modifies registry class
                                            • Suspicious behavior: EnumeratesProcesses
                                            • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                            • Suspicious use of WriteProcessMemory
                                            PID:4792
                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x260,0x7ff95ed54ef8,0x7ff95ed54f04,0x7ff95ed54f10
                                              2⤵
                                                PID:3536
                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=3200,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=3196 /prefetch:2
                                                2⤵
                                                  PID:4992
                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1964,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=3388 /prefetch:3
                                                  2⤵
                                                    PID:2248
                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2288,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=3644 /prefetch:8
                                                    2⤵
                                                      PID:824
                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=3328,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=4536 /prefetch:8
                                                      2⤵
                                                        PID:232
                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=3328,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=4536 /prefetch:8
                                                        2⤵
                                                          PID:3244
                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4212,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=4784 /prefetch:1
                                                          2⤵
                                                            PID:1856
                                                          • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                            "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5096,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5144 /prefetch:8
                                                            2⤵
                                                              PID:2952
                                                            • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                              "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4596,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5184 /prefetch:8
                                                              2⤵
                                                                PID:1128
                                                              • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5568,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5584 /prefetch:1
                                                                2⤵
                                                                  PID:5208
                                                                • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5560,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:1
                                                                  2⤵
                                                                    PID:5216
                                                                  • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5600,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5840 /prefetch:1
                                                                    2⤵
                                                                      PID:5224
                                                                    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4764,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5108 /prefetch:8
                                                                      2⤵
                                                                        PID:5536
                                                                      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=4784,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=5484 /prefetch:8
                                                                        2⤵
                                                                          PID:5544
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4888,i,1811923708392294953,10813327340655211156,262144 --variations-seed-version --mojo-platform-channel-handle=3156 /prefetch:8
                                                                          2⤵
                                                                            PID:5664
                                                                        • C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
                                                                          "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
                                                                          1⤵
                                                                            PID:800
                                                                          • C:\Windows\System32\rundll32.exe
                                                                            C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
                                                                            1⤵
                                                                              PID:2620
                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                              1⤵
                                                                              • Enumerates system info in registry
                                                                              • Modifies data under HKEY_USERS
                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                              • Suspicious use of AdjustPrivilegeToken
                                                                              • Suspicious use of FindShellTrayWindow
                                                                              • Suspicious use of SendNotifyMessage
                                                                              PID:3600
                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff977acab58,0x7ff977acab68,0x7ff977acab78
                                                                                2⤵
                                                                                  PID:60
                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:2
                                                                                  2⤵
                                                                                    PID:1116
                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                    2⤵
                                                                                      PID:4400
                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2304 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                      2⤵
                                                                                        PID:3492
                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3140 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:1
                                                                                        2⤵
                                                                                          PID:540
                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3020 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:1
                                                                                          2⤵
                                                                                            PID:4404
                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4424 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:1
                                                                                            2⤵
                                                                                              PID:4732
                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4580 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                              2⤵
                                                                                                PID:452
                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4400 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                2⤵
                                                                                                  PID:4512
                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4948 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                  2⤵
                                                                                                    PID:4596
                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5076 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                    2⤵
                                                                                                      PID:1824
                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4668 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                      2⤵
                                                                                                        PID:4784
                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4748 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:1
                                                                                                        2⤵
                                                                                                          PID:5432
                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=4676 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:1
                                                                                                          2⤵
                                                                                                            PID:5780
                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4520 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:1
                                                                                                            2⤵
                                                                                                              PID:5196
                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4472 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:1
                                                                                                              2⤵
                                                                                                                PID:5928
                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                                2⤵
                                                                                                                  PID:3692
                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                                  2⤵
                                                                                                                    PID:3136
                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5344 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                                    2⤵
                                                                                                                      PID:2664
                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5592 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                                      2⤵
                                                                                                                        PID:5968
                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5300 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                                        2⤵
                                                                                                                          PID:2692
                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4564 --field-trial-handle=1956,i,18078100761355403690,15358961208258356964,131072 /prefetch:8
                                                                                                                          2⤵
                                                                                                                            PID:3288
                                                                                                                        • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                                                          "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                                                          1⤵
                                                                                                                            PID:3424
                                                                                                                          • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                            "C:\Users\Admin\Downloads\MEMZ.exe"
                                                                                                                            1⤵
                                                                                                                            • Checks computer location settings
                                                                                                                            • Executes dropped EXE
                                                                                                                            PID:5808
                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:3564
                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:4340
                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:5100
                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:4688
                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                              "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
                                                                                                                              2⤵
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Suspicious behavior: EnumeratesProcesses
                                                                                                                              PID:4072
                                                                                                                            • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                              "C:\Users\Admin\Downloads\MEMZ.exe" /main
                                                                                                                              2⤵
                                                                                                                              • Checks computer location settings
                                                                                                                              • Executes dropped EXE
                                                                                                                              • Writes to the Master Boot Record (MBR)
                                                                                                                              PID:6004
                                                                                                                              • C:\Windows\SysWOW64\notepad.exe
                                                                                                                                "C:\Windows\System32\notepad.exe" \note.txt
                                                                                                                                3⤵
                                                                                                                                  PID:220
                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                                                                                                              1⤵
                                                                                                                              • Enumerates system info in registry
                                                                                                                              • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
                                                                                                                              • Suspicious use of FindShellTrayWindow
                                                                                                                              • Suspicious use of SendNotifyMessage
                                                                                                                              PID:5104
                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff977acab58,0x7ff977acab68,0x7ff977acab78
                                                                                                                                2⤵
                                                                                                                                  PID:408
                                                                                                                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1748 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:2
                                                                                                                                  2⤵
                                                                                                                                    PID:5360
                                                                                                                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1880 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:8
                                                                                                                                    2⤵
                                                                                                                                      PID:1856
                                                                                                                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2264 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:8
                                                                                                                                      2⤵
                                                                                                                                        PID:1880
                                                                                                                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3048 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:1
                                                                                                                                        2⤵
                                                                                                                                          PID:5528
                                                                                                                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:1
                                                                                                                                          2⤵
                                                                                                                                            PID:4592
                                                                                                                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4352 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:1
                                                                                                                                            2⤵
                                                                                                                                              PID:3252
                                                                                                                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4544 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:8
                                                                                                                                              2⤵
                                                                                                                                                PID:3876
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4672 --field-trial-handle=2028,i,2115762891261559945,3873903069713092962,131072 /prefetch:8
                                                                                                                                                2⤵
                                                                                                                                                  PID:5856
                                                                                                                                              • C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
                                                                                                                                                "C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
                                                                                                                                                1⤵
                                                                                                                                                  PID:4088

                                                                                                                                                Network

                                                                                                                                                MITRE ATT&CK Matrix ATT&CK v13

                                                                                                                                                Persistence

                                                                                                                                                Pre-OS Boot

                                                                                                                                                1
                                                                                                                                                T1542

                                                                                                                                                Bootkit

                                                                                                                                                1
                                                                                                                                                T1542.003

                                                                                                                                                Defense Evasion

                                                                                                                                                Pre-OS Boot

                                                                                                                                                1
                                                                                                                                                T1542

                                                                                                                                                Bootkit

                                                                                                                                                1
                                                                                                                                                T1542.003

                                                                                                                                                Discovery

                                                                                                                                                Query Registry

                                                                                                                                                2
                                                                                                                                                T1012

                                                                                                                                                System Information Discovery

                                                                                                                                                3
                                                                                                                                                T1082

                                                                                                                                                Command and Control

                                                                                                                                                Web Service

                                                                                                                                                1
                                                                                                                                                T1102

                                                                                                                                                Replay Monitor

                                                                                                                                                Loading Replay Monitor...

                                                                                                                                                Downloads

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
                                                                                                                                                  Filesize

                                                                                                                                                  40B

                                                                                                                                                  MD5

                                                                                                                                                  64d7569e7e9cd59b61724e5ca8024d2b

                                                                                                                                                  SHA1

                                                                                                                                                  7e567c8f3a278f528fd7d85d462cce4e56bb8e79

                                                                                                                                                  SHA256

                                                                                                                                                  8adde9c0e5b89d0b9041d73f1c9ef531e668cdc1d020e7625e45f7063569ab1c

                                                                                                                                                  SHA512

                                                                                                                                                  b4425d6dea07aaa95039db3491ace66ff0e4e64232309b2c7dfe29200823454c3f91391db09b01b83edeb298dd3a9ff1dd0198c13230763553160e5a2607efb2

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\12acd505-def7-43a6-bd16-956a3417648e.tmp
                                                                                                                                                  Filesize

                                                                                                                                                  1B

                                                                                                                                                  MD5

                                                                                                                                                  5058f1af8388633f609cadb75a75dc9d

                                                                                                                                                  SHA1

                                                                                                                                                  3a52ce780950d4d969792a2559cd519d7ee8c727

                                                                                                                                                  SHA256

                                                                                                                                                  cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

                                                                                                                                                  SHA512

                                                                                                                                                  0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0
                                                                                                                                                  Filesize

                                                                                                                                                  44KB

                                                                                                                                                  MD5

                                                                                                                                                  f9b284fd2d587bd15e3bbd8f5ea95cef

                                                                                                                                                  SHA1

                                                                                                                                                  e471e5a7d116184b4971e6c42b3aa924d7a3fc85

                                                                                                                                                  SHA256

                                                                                                                                                  c7480683c6542f6a406500334ce3ba16644139a29c9db26afdcff14522906002

                                                                                                                                                  SHA512

                                                                                                                                                  c7a340f0618f1049e38af5cba2039c766edef4a5972a59aebf2177d3d66b24dd8c2572523fb334d54091a167863492317a339b5756286e3a91b678957d891fda

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1
                                                                                                                                                  Filesize

                                                                                                                                                  264KB

                                                                                                                                                  MD5

                                                                                                                                                  3c9eb2abc59562777e053713fac6b6f4

                                                                                                                                                  SHA1

                                                                                                                                                  41fd043bfdd10923a44c694e580d0eae50e0b209

                                                                                                                                                  SHA256

                                                                                                                                                  e7e3bba86bb285ecba5d4cae38d52ac292487f2394dcf3604d38dd7fa86c9440

                                                                                                                                                  SHA512

                                                                                                                                                  1aab5b9609c3b5147a1d6bc2cfd1890d7ee5d0c4d574b548049c289ed29454d9db9d10bdbb21bae57067a7307c74d704cebde49005671e77ac4871b074966edf

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2
                                                                                                                                                  Filesize

                                                                                                                                                  1.0MB

                                                                                                                                                  MD5

                                                                                                                                                  612f1bcd644a1598f44b16bc7a2b4dd4

                                                                                                                                                  SHA1

                                                                                                                                                  f1278195f546e3caa02e34a741e0d28d04b395c8

                                                                                                                                                  SHA256

                                                                                                                                                  459649d29b55e17c2f332bb24426407179def30d593d013aa77f34ca6a0b2b48

                                                                                                                                                  SHA512

                                                                                                                                                  4568ae221c84b6af4f3f55d1fd2f81fdc8bae538d9d5171aa6c959ed5051b4fd3c21944c77db0c03504db0b25c05d7da0193bd38659d1d201076f07293a64f29

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3
                                                                                                                                                  Filesize

                                                                                                                                                  4.0MB

                                                                                                                                                  MD5

                                                                                                                                                  1c9218c432058c256fa08c1b025ffb39

                                                                                                                                                  SHA1

                                                                                                                                                  3900c49048d26aff0db8ab4f7df5aa1fbd501350

                                                                                                                                                  SHA256

                                                                                                                                                  2d6b068c1980aecbc11f6025e2acfe0407ae88fe53032d1b0fc3669080f1c195

                                                                                                                                                  SHA512

                                                                                                                                                  98f3de9b571de451fcafa0fb4d77d40516f39a8d8854048e5f9d6af1dd26d94cfe2ff2213a14a90f40c1600132d6da8d65c1aed3a301f8336b8924d80e967cb1

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
                                                                                                                                                  Filesize

                                                                                                                                                  34KB

                                                                                                                                                  MD5

                                                                                                                                                  4be1e3ddf50f2689343be4678e824989

                                                                                                                                                  SHA1

                                                                                                                                                  5bf898eb7d402d5e25a6d126c845906b6afb918f

                                                                                                                                                  SHA256

                                                                                                                                                  bf9ee4d1875ce58454160246d5c74c1ac064a7da41ecedbbcc121f3caa963e97

                                                                                                                                                  SHA512

                                                                                                                                                  e8d7686fb54d0ef4e6081383a3fe6ba026be88684dac9418a4549267dd382f09e29c8c4c5ba2a6282e850b545e7e857f0c4cc0d7ce0d5e700d79875a0c5f3fe3

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006
                                                                                                                                                  Filesize

                                                                                                                                                  65KB

                                                                                                                                                  MD5

                                                                                                                                                  a52fc2e39001aa4ae74c3f8e6501ad51

                                                                                                                                                  SHA1

                                                                                                                                                  68c5cc872b5c873b85b472ee81f61812d5adaa0b

                                                                                                                                                  SHA256

                                                                                                                                                  8ff6f8494a64f2af01e5c03460d13c3fd50318acc003282f994d43fc17d6052b

                                                                                                                                                  SHA512

                                                                                                                                                  dfbe8646a6db853a68a7e1ecb13c603d246c5086f4b2ab15c052ec081a38e2c0265f1cb113b3329f4ae42771c3300db39f60484f651b472d809fa96a24b1046b

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007
                                                                                                                                                  Filesize

                                                                                                                                                  134KB

                                                                                                                                                  MD5

                                                                                                                                                  387ed93f42803b1ec6697e3b57fbcef0

                                                                                                                                                  SHA1

                                                                                                                                                  2ea8a5bfbf99144bd0ebaebe60ac35406a8b613e

                                                                                                                                                  SHA256

                                                                                                                                                  982aac952e2c938bd55550d0409ece5f4430d38f370161d8318678fa25316587

                                                                                                                                                  SHA512

                                                                                                                                                  7c90f69a53e49bad03c4cefd9868b4c4ba145e5738218e8c445ff6ae5347153e3a2f2b918cbe184b0366afd53b984634d2894fea6f31a4603e58ccb6bfa5c625

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008
                                                                                                                                                  Filesize

                                                                                                                                                  91KB

                                                                                                                                                  MD5

                                                                                                                                                  bb738ce85941bd77a72cdba423f8a240

                                                                                                                                                  SHA1

                                                                                                                                                  2005093fe8c394d9e18d954e0c9dddb974991378

                                                                                                                                                  SHA256

                                                                                                                                                  7ecaa1b1ee68a78e8ec1d0fad57cf18d2edf4b9b149aa6fc8272585a8364c69c

                                                                                                                                                  SHA512

                                                                                                                                                  9ee323cd3b91e197a26dde4e40f1f9b8df91af8ae3b38e749bc58277e23bd5f0bf4119297febddb7e829d6cfc6f936afdc680c43ed50b5f018dbf633beb68eb5

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009
                                                                                                                                                  Filesize

                                                                                                                                                  24KB

                                                                                                                                                  MD5

                                                                                                                                                  87c2b09a983584b04a63f3ff44064d64

                                                                                                                                                  SHA1

                                                                                                                                                  8796d5ef1ad1196309ef582cecef3ab95db27043

                                                                                                                                                  SHA256

                                                                                                                                                  d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

                                                                                                                                                  SHA512

                                                                                                                                                  df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a
                                                                                                                                                  Filesize

                                                                                                                                                  104KB

                                                                                                                                                  MD5

                                                                                                                                                  a208ef431109f211b3785db791af5de5

                                                                                                                                                  SHA1

                                                                                                                                                  693f78f8d336ffccf1424001c5295585257f1e58

                                                                                                                                                  SHA256

                                                                                                                                                  c1f0e3d84b0261d2253819800d33f9dd50d678ef634f542f6ea155b52ccbd956

                                                                                                                                                  SHA512

                                                                                                                                                  6e49111428e62c4eeae943a5087f33d44b8d0b85562c1f5b89e76caa06de4c9edd7a1fccbe07a960ece256f8a015f9a13d825978c96a902d3e3d4c56465041de

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b
                                                                                                                                                  Filesize

                                                                                                                                                  68KB

                                                                                                                                                  MD5

                                                                                                                                                  f0c27286e196d0cb18681b58dfda5b37

                                                                                                                                                  SHA1

                                                                                                                                                  9539ba7e5e8f9cc453327ca251fe59be35edc20b

                                                                                                                                                  SHA256

                                                                                                                                                  7a6878398886e4c70cf3e9cec688dc852a1f1465feb9f461ff1f238b608d0127

                                                                                                                                                  SHA512

                                                                                                                                                  336333d29cd4f885e7758de9094b2defb8c9e1eb917cb55ff8c4627b903efb6a0b31dcda6005939ef2a604d014fe6c2acda7c8c802907e219739cf6dab96475b

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c
                                                                                                                                                  Filesize

                                                                                                                                                  327KB

                                                                                                                                                  MD5

                                                                                                                                                  dd242f4737b2737ecad98bc2028b544a

                                                                                                                                                  SHA1

                                                                                                                                                  065a4e6f50f16e5986df7f582d4839e59c4338a4

                                                                                                                                                  SHA256

                                                                                                                                                  cc8950f8d690094464d97041d919cab9ec3af790437c6e3febb754e245171cd6

                                                                                                                                                  SHA512

                                                                                                                                                  b393c7f0da53d9ae875743cb564b223b2031767844db1de296b6e652492bc29f8e19bae002b66e987c00b11009ac7df0bff7a36d661f7846e8bd8c9a0957a272

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
                                                                                                                                                  Filesize

                                                                                                                                                  2KB

                                                                                                                                                  MD5

                                                                                                                                                  8b28833cbdaf0f98f862f4b8d5ce49a8

                                                                                                                                                  SHA1

                                                                                                                                                  8455fa9c5811b9a518ef701a675f5c8534210097

                                                                                                                                                  SHA256

                                                                                                                                                  bd8f2e849dfd96980deb580ffd43391fc56af9e7f2e3ed7a33968bab82e7592b

                                                                                                                                                  SHA512

                                                                                                                                                  5ef871d64612ef0815e9a9f1fa3e292a3975b391c2edde63aa5bcb3afc0e42d3ec4cfb8e6010d34617ed2c1da241985e76425c96c4e2aca18cf92e29fbbbea76

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons
                                                                                                                                                  Filesize

                                                                                                                                                  24KB

                                                                                                                                                  MD5

                                                                                                                                                  017cbe0e09c46bb07b57591142294363

                                                                                                                                                  SHA1

                                                                                                                                                  4d1ff1c969edddd8f88f4763e2702863afc60657

                                                                                                                                                  SHA256

                                                                                                                                                  fa3a410a2e224425d62e1679193b727810ad0f294b3b2d3d3bf0a66455b9d9a8

                                                                                                                                                  SHA512

                                                                                                                                                  a40aaf21023e14332a675fc76ad6da6cd8a0db16a20fcc14d490c476436201aecffd41dc0d6310715180d46909300664bb4775a20ad04fcedf42ca408491f4b1

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
                                                                                                                                                  Filesize

                                                                                                                                                  264KB

                                                                                                                                                  MD5

                                                                                                                                                  c662023dfba6b83b349fa7b78f6a4abc

                                                                                                                                                  SHA1

                                                                                                                                                  73248a5c4b66a7571941f9eb2146829943d2e315

                                                                                                                                                  SHA256

                                                                                                                                                  ff4c63925b2723d8dc7072920178c5b82eb5a22c76a96895a222cb88205dcaa9

                                                                                                                                                  SHA512

                                                                                                                                                  c5a448256b34386590f191371dcb0a1076b7334cf8d4ab75cdbc42948dcfcf89f2cce9b354edb96eb607621975b973eda861ee6fbf4b1de8c38022936ffba966

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History
                                                                                                                                                  Filesize

                                                                                                                                                  152KB

                                                                                                                                                  MD5

                                                                                                                                                  85f00729e8237114696abc10d4b2586e

                                                                                                                                                  SHA1

                                                                                                                                                  a7d29f295ccdcf919affa1d2d87044bc0ad3c3d8

                                                                                                                                                  SHA256

                                                                                                                                                  98d8ea4aeaf019faca7686ae340ff1f0c4e8c7e77d09441e877ca01b6892570b

                                                                                                                                                  SHA512

                                                                                                                                                  0de0fc4aecb438e18f1d5d17024d23425a91398aa8dd61411009c5d81c27b842b1974aeaf66ea52982e0de2eadd7653a3d8589279e92fd83cd0e50b1cd024085

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\15b4dd57-d142-470a-b006-63dde4897c43.tmp
                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  842ca873de2061d9553887bc374e7e00

                                                                                                                                                  SHA1

                                                                                                                                                  9a089ab76b0be41017ff143430acb89a0f1ed86e

                                                                                                                                                  SHA256

                                                                                                                                                  d24be3bcd27aea6323f067153cdc5a1694b2339b33b4dbd3cd96f45b8dd45311

                                                                                                                                                  SHA512

                                                                                                                                                  50fccd3387886cd8534d80fab2ff5b52482508a55da2168d83d1cd3932a37a468882046d7e18402111fdbf5cdf74587f6519ca66a60410d9f1805fb5486f35c6

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                                  Filesize

                                                                                                                                                  3KB

                                                                                                                                                  MD5

                                                                                                                                                  f2fcf83ed55fa7540654e6061ab5dc94

                                                                                                                                                  SHA1

                                                                                                                                                  32414edd58a5517a10faf966cf9c603cf655f1df

                                                                                                                                                  SHA256

                                                                                                                                                  e199bd076a65ba9861e5b9006ea36647496ac5d2deafbcac3f3db77dd8ad9b4c

                                                                                                                                                  SHA512

                                                                                                                                                  f03b280ab3e8e9830a9995970f3eb2c3238ceace4817c8a488f28008fdccbac913b56984062290ed7f6b647ec47c06d3dab41cc750b6a4dc10248fad36669ff3

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
                                                                                                                                                  Filesize

                                                                                                                                                  3KB

                                                                                                                                                  MD5

                                                                                                                                                  4d1c25bce504e8fa3a94bad4ce997188

                                                                                                                                                  SHA1

                                                                                                                                                  45773c84c9d378ac44c6ffb143510da90c2e5313

                                                                                                                                                  SHA256

                                                                                                                                                  0a2250328fed774ddcb728bf163712e43115f5b760dd8b0c4242da64935431e3

                                                                                                                                                  SHA512

                                                                                                                                                  3662749a4bd74a0e18bb0ffd263c0f7a0ca79113084e9b03e06f6393bd20deb29d4b11cce878b663e4f6c424e2c5c5f47d969d459e096c0ab09c7ce45aa90926

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                  Filesize

                                                                                                                                                  524B

                                                                                                                                                  MD5

                                                                                                                                                  428e1d9f93e4e6681a9d67e18dcac978

                                                                                                                                                  SHA1

                                                                                                                                                  d6a830f56d1c3b8d3962da007e2f6ff377dca290

                                                                                                                                                  SHA256

                                                                                                                                                  2dd51945dfa6539978ca773749f3ab8c90ca09c1d683ab544d1f04c60dc58946

                                                                                                                                                  SHA512

                                                                                                                                                  4d8e09beed399674cf1175aab573b3a401c1bb620809ffbe881d316416a061d1822cebbada40600dd95be7bcc9a6c14e587822ddc7a4f4937f8928d7e634cfc6

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                  Filesize

                                                                                                                                                  524B

                                                                                                                                                  MD5

                                                                                                                                                  a0b4f571d143f0d054f1472c9c1f485f

                                                                                                                                                  SHA1

                                                                                                                                                  ff7f18fc3c1386d6a64e6ecfc4db99fe5d23b5ae

                                                                                                                                                  SHA256

                                                                                                                                                  3598c89997770f601de5e955d87139c63b82349779166192e4e62bd0cc83af31

                                                                                                                                                  SHA512

                                                                                                                                                  487b75af9ab0b3d0660c478fc3b1d1498290212dad28851263770b673f2440b702e263d6011c2096e2779454452bfe7ed32dd6f535c8c69e2410bdab3d6870c9

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  18e1ee8e30faa2d2b5863cd02e12aae2

                                                                                                                                                  SHA1

                                                                                                                                                  5fd5c22b412fb9fddbba5d8f95aab10c623750f8

                                                                                                                                                  SHA256

                                                                                                                                                  3870f37bb6b9022b9b1e1a9c45c78397b086f91fe194dee34ea170b3e4b7d37a

                                                                                                                                                  SHA512

                                                                                                                                                  6d241b7897caa92d7e95f08495c5b2caf603cbecbd52ea5ca0528bf7defd315aa87232c80fd9fd5f7aa3d23f3134585d3c0f85c5ef2be28eb7b7c42dc45bf354

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
                                                                                                                                                  Filesize

                                                                                                                                                  1KB

                                                                                                                                                  MD5

                                                                                                                                                  3c960b6539087b83fe4cb7a056e44c3e

                                                                                                                                                  SHA1

                                                                                                                                                  d4572feb9b7e8c8c24b2f63574d960545f4a33b5

                                                                                                                                                  SHA256

                                                                                                                                                  3ba7ddfd13f32b5c3e387e95cb7216589045cfde440aa0e346a190ed53e4ff02

                                                                                                                                                  SHA512

                                                                                                                                                  1fcf89f1e6e8c8131cb67a3234a837c406a69f649c59ba6ef644c7fee16d91fc071ae3d450c85376408dec024ffd458c29f1ad058e0339dcfbe5629d963ee9e6

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  b798734fc95a566288f37635d03a1924

                                                                                                                                                  SHA1

                                                                                                                                                  aff89e920116ecdcf2a4d68a43a6cfb2c5b3682f

                                                                                                                                                  SHA256

                                                                                                                                                  f2665fd229c829845dc312cdcc9bcfc75d085a652b424dd4cd89804495639a77

                                                                                                                                                  SHA512

                                                                                                                                                  56ecdbfce19cf624766297f072c90b8c465383110df30271abe2cea15c8a469182f8f46c53800268014b630302c9747b5228d08d3aec39b34a2d49ab0be09bee

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  38cf0085fc755a566b1609d1706d0d4b

                                                                                                                                                  SHA1

                                                                                                                                                  9886ab30ab0b5055a8bb3e6d8117784585893143

                                                                                                                                                  SHA256

                                                                                                                                                  9ae5859a736a2f3198d281c3f684feb3a67e39346b4584c4688122804878faee

                                                                                                                                                  SHA512

                                                                                                                                                  ae51e0a6b5719e56fa49253acb9d13322db90e3856ccc0417aaf0aef2571a9fd1c37f9308dddbb371f02bf8cf225546894a737e3b9525264879a5e760d1df7cc

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  7691bf5f878acb9d37c28880b260122f

                                                                                                                                                  SHA1

                                                                                                                                                  547bb8d1281a11247e3992f6018def0ffa536202

                                                                                                                                                  SHA256

                                                                                                                                                  1b8cf62c13adad600ee3cdaa219e3bfb277eebb5b3e1bf464cd91032ec695f53

                                                                                                                                                  SHA512

                                                                                                                                                  728c4daaa16d6657c8aa61bd80ca77f56eaf774404c2d60d58b427dbebce5e0a7e69c32160841f8feafef2e421cac8162cea80da4e36c7bb7fcc1ff334da0ab1

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                  Filesize

                                                                                                                                                  7KB

                                                                                                                                                  MD5

                                                                                                                                                  77853a52767c043fba5da7efb34acdb1

                                                                                                                                                  SHA1

                                                                                                                                                  ba443da5acac68fafed4385b5435a33408ac35c8

                                                                                                                                                  SHA256

                                                                                                                                                  829a2dd329c576a7227f422bd53d6d82fec93b5919d62b7253e95c690f4c9070

                                                                                                                                                  SHA512

                                                                                                                                                  4e5d8f90b8a8cf4a0456a7c26843af1f5f175ea6578a6bf14c32375f1903f6a85facec088451ae977d8a882d428b0136ca8145dfa07bed4b5beb155e66d87584

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
                                                                                                                                                  Filesize

                                                                                                                                                  6KB

                                                                                                                                                  MD5

                                                                                                                                                  d35b3117ef5554bd1756fcd93279613a

                                                                                                                                                  SHA1

                                                                                                                                                  8e07e598d1db5150a9edf869f7ecbe9b100b8c59

                                                                                                                                                  SHA256

                                                                                                                                                  b9d64ccbb4be9a5b0f966368adcef26881064dda6baae927439798f7464243b8

                                                                                                                                                  SHA512

                                                                                                                                                  96e07681a35f05883d0da55b133875cfcd2ef4b0cdf69aa02752cca609383cea1f1f9c46fa24c1c1d660c2c0fabfb878823da66d57bf206db7c1bb8fba5bb13d

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
                                                                                                                                                  Filesize

                                                                                                                                                  16KB

                                                                                                                                                  MD5

                                                                                                                                                  e3b6bf33c76ff6a3d97530740cd2ab55

                                                                                                                                                  SHA1

                                                                                                                                                  7be23d533d04fff41dab8b03fe333c37d5b36be0

                                                                                                                                                  SHA256

                                                                                                                                                  150c0e23f7d3e6c632fe9c5fa5c38d410d42b89234c1f165f89991e3fc35fd3c

                                                                                                                                                  SHA512

                                                                                                                                                  6bdb65a01eec22700b1b83fdfa347d7c521d3d6c88abdfff7fdd1feca677c8e79f35eb17a0ce10d7d340d31492a5f79e197b526d2f7d42333219c8a226c7372e

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG
                                                                                                                                                  Filesize

                                                                                                                                                  324B

                                                                                                                                                  MD5

                                                                                                                                                  0e56a115eb931a803f4be3d36f13672c

                                                                                                                                                  SHA1

                                                                                                                                                  5a1ff3f9606be496239d50fbf6e4c2ae6978e0eb

                                                                                                                                                  SHA256

                                                                                                                                                  8ba6257330b6f767a5aaaea11ca9de941057b196a816eecc82f03cd56abac2e4

                                                                                                                                                  SHA512

                                                                                                                                                  092eadbf5a17e57885ddc84d0c2fdca822f92d2052d1951607f508e08bc466f430b10b7d22a2858cb4d17b06a9a52d5119e4fc6eeb816c486268f52b621a0fbc

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version
                                                                                                                                                  Filesize

                                                                                                                                                  14B

                                                                                                                                                  MD5

                                                                                                                                                  009b9a2ee7afbf6dd0b9617fc8f8ecba

                                                                                                                                                  SHA1

                                                                                                                                                  c97ed0652e731fc412e3b7bdfca2994b7cc206a7

                                                                                                                                                  SHA256

                                                                                                                                                  de607a2c68f52e15a104ead9ecbaa3e6862fdb11eac080e408ba4d69f1f7a915

                                                                                                                                                  SHA512

                                                                                                                                                  6161dd952ae140a8fb8aa5e33f06bc65fdc15ce3fbfe4c576dc2668c86bce4a1d5c1112caee014e5efa3698547faad3bc80ec253eedb43148e36e1a02ce89910

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                  Filesize

                                                                                                                                                  276KB

                                                                                                                                                  MD5

                                                                                                                                                  fc41c2682d7217df58a65aa236031a0f

                                                                                                                                                  SHA1

                                                                                                                                                  8c094c2731482dddb689ec4f74083ebaf8a0a692

                                                                                                                                                  SHA256

                                                                                                                                                  869ed8cfe5ce2698eba9edb2bce0e6de22ad75d0bc4bbcbafeef9a9866cc5c9a

                                                                                                                                                  SHA512

                                                                                                                                                  ed93384730786a434109c28f9d94ce1bae5daee5cf7470ad8ef6dd837b4a5dd9303f1809e3a02d9368cb94a2d09e9723508c92911e748281ba0d86b0c889c43e

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                  Filesize

                                                                                                                                                  276KB

                                                                                                                                                  MD5

                                                                                                                                                  bc88b0226b864cf1f0c88771bf2436e0

                                                                                                                                                  SHA1

                                                                                                                                                  235487173bca71df5d8148523be1a07e90b1b0e0

                                                                                                                                                  SHA256

                                                                                                                                                  c72ecda624c15b4c8db125655c67780228e8eb4b372cd7ab1f7383e2e410abf6

                                                                                                                                                  SHA512

                                                                                                                                                  21ef5acb5d23b3894f56503c9c1bb33b5eb12b8090573d880f98627cf38920c333de1200e106cdd4540bdf7a971ce57c209dbebf8959a022c678b81cd4340954

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
                                                                                                                                                  Filesize

                                                                                                                                                  141KB

                                                                                                                                                  MD5

                                                                                                                                                  78fbf4a681db98efe4dc0455cda03761

                                                                                                                                                  SHA1

                                                                                                                                                  287546175935b2bfe67c742adf280b5da2859b78

                                                                                                                                                  SHA256

                                                                                                                                                  3ba99ae61b4f06e1e91d623ce31d8570ef88e6c6b280c4fc91feda9feac316db

                                                                                                                                                  SHA512

                                                                                                                                                  3f72e017a2968ca9c2d66ac5d37e500e4c5e7c81af15acd1b920cddbc68df3ce26830baf4ffc58ce65a4058a6a5d524cc3fa6a9dbbbeedfd1f8ada135fea2dae

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
                                                                                                                                                  Filesize

                                                                                                                                                  264KB

                                                                                                                                                  MD5

                                                                                                                                                  bea29fdcdfc28e50ff3332ff430173ca

                                                                                                                                                  SHA1

                                                                                                                                                  094af7fb566393d68845b1dc638b9f100d11703b

                                                                                                                                                  SHA256

                                                                                                                                                  120c1b9e904b9fa92bf095fc046e1aa849b0146c4be6ce49d5b7e5462718425b

                                                                                                                                                  SHA512

                                                                                                                                                  5666e93dff50f6043728112e32ceaa70132fb31d0d343e2f08a780c06f1c313ed99b09f20defdf49e5ae672d80545e74b2479fb5c62d264714a281cfda86e2f8

                                                                                                                                                • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations
                                                                                                                                                  Filesize

                                                                                                                                                  85B

                                                                                                                                                  MD5

                                                                                                                                                  bc6142469cd7dadf107be9ad87ea4753

                                                                                                                                                  SHA1

                                                                                                                                                  72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

                                                                                                                                                  SHA256

                                                                                                                                                  b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

                                                                                                                                                  SHA512

                                                                                                                                                  47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json
                                                                                                                                                  Filesize

                                                                                                                                                  2B

                                                                                                                                                  MD5

                                                                                                                                                  99914b932bd37a50b983c5e7c90ae93b

                                                                                                                                                  SHA1

                                                                                                                                                  bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

                                                                                                                                                  SHA256

                                                                                                                                                  44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

                                                                                                                                                  SHA512

                                                                                                                                                  27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\80502ab4-b042-4850-89c2-08f9d0575178.tmp
                                                                                                                                                  Filesize

                                                                                                                                                  211B

                                                                                                                                                  MD5

                                                                                                                                                  2edbd484491cdb551181ebf990765541

                                                                                                                                                  SHA1

                                                                                                                                                  fcfaac4db2b271ce55e1cd56d8a9d18cf26fbd18

                                                                                                                                                  SHA256

                                                                                                                                                  94cad322d2bd07e116e616cc624361974640c0e07dc61eeea2ea19090adf881e

                                                                                                                                                  SHA512

                                                                                                                                                  e0636b37cc645aec760d3922be9809a3057486895739c365af14333254de796bba68b027845089d365ae67347904015ab1c32411e775c680e2933a7b71c2b749

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State
                                                                                                                                                  Filesize

                                                                                                                                                  3KB

                                                                                                                                                  MD5

                                                                                                                                                  b16746f80ab9d606e8c4714030830255

                                                                                                                                                  SHA1

                                                                                                                                                  66ead14e069795cf816d3d4dc1c0e73020bfce87

                                                                                                                                                  SHA256

                                                                                                                                                  326403ad88f6eff9b2a1e5bcb9789812f82c7abcb9718f39f040b271c374d2f5

                                                                                                                                                  SHA512

                                                                                                                                                  439ba630e7fbf7fe1bbaab1f2f4f0ce1e8ccd55675274cea8846c7e167043bc7dd23dddc3780d165f6f0ad138676ca8f802014dd9843a128e92a8daaffe3ec61

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports
                                                                                                                                                  Filesize

                                                                                                                                                  2B

                                                                                                                                                  MD5

                                                                                                                                                  d751713988987e9331980363e24189ce

                                                                                                                                                  SHA1

                                                                                                                                                  97d170e1550eee4afc0af065b78cda302a97674c

                                                                                                                                                  SHA256

                                                                                                                                                  4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                                                                                                                  SHA512

                                                                                                                                                  b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
                                                                                                                                                  Filesize

                                                                                                                                                  13KB

                                                                                                                                                  MD5

                                                                                                                                                  7df69059ad7ecd30603cc79d88d8fb45

                                                                                                                                                  SHA1

                                                                                                                                                  ac9fc869214e08560988167d3045dd7b55d8f42b

                                                                                                                                                  SHA256

                                                                                                                                                  0f91681071f3a2b93ba7539701851383e9e7186ba69eded5f0770dfdbf3f08da

                                                                                                                                                  SHA512

                                                                                                                                                  0c0178f947d553e0f7a3c310380ff2039f13ac5897c5610d4f95ac118cc4fa121626f3ffdc9bb9469bd69c73291c234124589091071a2f9de6b602dcae046399

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                  Filesize

                                                                                                                                                  84KB

                                                                                                                                                  MD5

                                                                                                                                                  be43f8fc39c2d190259e1de0d25315ec

                                                                                                                                                  SHA1

                                                                                                                                                  173cd4b5a84cc6ec59ac621abdcb7b4f27b9ce08

                                                                                                                                                  SHA256

                                                                                                                                                  a6f516df7ff7bb59d929687dd1899ed55f021f104da22603bd317f9d3d23348e

                                                                                                                                                  SHA512

                                                                                                                                                  6b3f8bd3dbc8b4194682492402beec9fcdc26a94742ed0c0ea3b4d45f70a5c6f51dfda1b504fe338ca80f7108f26ef93383c64e543003348e95142589fc7535c

                                                                                                                                                • C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
                                                                                                                                                  Filesize

                                                                                                                                                  84KB

                                                                                                                                                  MD5

                                                                                                                                                  fe2f94ccae76dc46862feb3a084cc564

                                                                                                                                                  SHA1

                                                                                                                                                  f178b203b8ca3f2d2f6f704ad0dc97fd1661455c

                                                                                                                                                  SHA256

                                                                                                                                                  f28013684ce7be638167ad1bd73817d7fe3ad6cfd733e5f8b993bb458b313c20

                                                                                                                                                  SHA512

                                                                                                                                                  ed5520cbd3684eb965b7ba68863d0908420d11163805169773261a4141eaff1a49686580e9b238c69c60e340a808df1e8ae78aa591b7b2e462fed7eff932c638

                                                                                                                                                • C:\Users\Admin\Downloads\MEMZ.exe
                                                                                                                                                  Filesize

                                                                                                                                                  16KB

                                                                                                                                                  MD5

                                                                                                                                                  1d5ad9c8d3fee874d0feb8bfac220a11

                                                                                                                                                  SHA1

                                                                                                                                                  ca6d3f7e6c784155f664a9179ca64e4034df9595

                                                                                                                                                  SHA256

                                                                                                                                                  3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

                                                                                                                                                  SHA512

                                                                                                                                                  c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

                                                                                                                                                • C:\note.txt
                                                                                                                                                  Filesize

                                                                                                                                                  218B

                                                                                                                                                  MD5

                                                                                                                                                  afa6955439b8d516721231029fb9ca1b

                                                                                                                                                  SHA1

                                                                                                                                                  087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

                                                                                                                                                  SHA256

                                                                                                                                                  8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

                                                                                                                                                  SHA512

                                                                                                                                                  5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

                                                                                                                                                • \??\pipe\crashpad_4792_PGDWERZTVDAANZHW
                                                                                                                                                  MD5

                                                                                                                                                  d41d8cd98f00b204e9800998ecf8427e

                                                                                                                                                  SHA1

                                                                                                                                                  da39a3ee5e6b4b0d3255bfef95601890afd80709

                                                                                                                                                  SHA256

                                                                                                                                                  e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

                                                                                                                                                  SHA512

                                                                                                                                                  cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e