d6b0ca2f4a532ec6368c0b39ec78c9d38083f35aeff418b8d91de654d2454d63

Analysis

max time kernel
1687s
max time network
1698s
platform
windows10-2004_x64
resource
win10v2004-20240704-fr
resource tags

arch:x64arch:x86image:win10v2004-20240704-frlocale:fr-fros:windows10-2004-x64systemwindows
submitted
09/07/2024, 13:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

PUBG-MOBILE-VK-MaxMiraConfigs(1).anom
Size

5KB
MD5

e253825522646c3b6662f20f073380b7
SHA1

169ef32fe74647d118f3e16cdf6a1b96d18684c5
SHA256

d6b0ca2f4a532ec6368c0b39ec78c9d38083f35aeff418b8d91de654d2454d63
SHA512

0f288a6f3d098f8512f71d005881b022907c60589b9568b8021595c63f8e9953ba2abadff278957fb67f62965b9eee134898a93aef1346122ece533c74f34c8f
SSDEEP

96:+m2psULaFKDejduA8KA7dIsOSxxe5oX2+AZNKgzPVOq1eWkQME0BGpUv:+JeULeKDKhGZlxxeeX2vZzP91eWXMEF8

Score

8^/10

discovery persistence privilege_escalation

Malware Config

Signatures

Downloads MZ/PE file
Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015

Executes dropped EXE 1 IoCs

pid	Process
5804	7z2407-x64.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\7-Zip\Lang\az.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\is.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ko.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\he.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-tw.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\de.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\et.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\va.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\zh-cn.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.dll	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.chm	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\History.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ky.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\en.ttt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lv.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mng2.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hu.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\readme.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7zG.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ba.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\cs.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\el.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\descript.ion	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\co.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\af.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ja.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ka.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\lij.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\hi.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\io.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ku.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nb.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ug.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Uninstall.exe	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\License.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7-zip.dll.tmp	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\mk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sr-spc.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tg.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\fur.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ms.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\nl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pa-in.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ru.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\si.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kab.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\uk.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\br.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\kaa.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pt.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\sv.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\pl.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\ro.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\th.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\Lang\tr.txt	7z2407-x64.exe
File opened for modification	C:\Program Files\7-Zip\7z.sfx	7z2407-x64.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	explorer.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	explorer.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133650072577431360"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a000000a000000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 010000000200000000000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\ = "7-Zip Shell Extension"	7z2407-x64.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32	7z2407-x64.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\MRUListEx = 00000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661257284-3186977026-4220467887-1000\{91442134-9E5E-40C9-8AE0-A80D0EAC32BC}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "48"	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}	7z2407-x64.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{23170F69-40C1-278A-1000-000100020000}\InprocServer32\ThreadingModel = "Apartment"	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616193"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000010000000200000000000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\7-Zip	7z2407-x64.exe
Key created	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-661257284-3186977026-4220467887-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\3\0\0 = 1e00718000000000000000000000e4c006bb93d2754f8a90cb05b6477eee0000	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3640	explorer.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
4512	chrome.exe
4512	chrome.exe
3572	msedge.exe
3572	msedge.exe
5728	chrome.exe
5728	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
2488	msedge.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe
Token: SeShutdownPrivilege	4512	chrome.exe
Token: SeCreatePagefilePrivilege	4512	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
3640	explorer.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious use of SendNotifyMessage 50 IoCs

pid	Process
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
4512	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe
5076	chrome.exe

Suspicious use of SetWindowsHookEx 14 IoCs

pid	Process
1972	OpenWith.exe
2316	winrar-x64-701.exe
2316	winrar-x64-701.exe
2316	winrar-x64-701.exe
2596	winrar-x64-701.exe
2596	winrar-x64-701.exe
2596	winrar-x64-701.exe
4608	chrome.exe
5836	chrome.exe
5124	chrome.exe
2240	chrome.exe
3576	winrar-x64-701.exe
3576	winrar-x64-701.exe
3576	winrar-x64-701.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2488 wrote to memory of 1972	2488	msedge.exe	131
PID 2488 wrote to memory of 1972	2488	msedge.exe	131
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4428	2488	msedge.exe	132
PID 2488 wrote to memory of 4036	2488	msedge.exe	133
PID 2488 wrote to memory of 4036	2488	msedge.exe	133
PID 2488 wrote to memory of 4412	2488	msedge.exe	134
PID 2488 wrote to memory of 4412	2488	msedge.exe	134
PID 2488 wrote to memory of 4412	2488	msedge.exe	134
PID 2488 wrote to memory of 4412	2488	msedge.exe	134
PID 2488 wrote to memory of 4412	2488	msedge.exe	134
PID 2488 wrote to memory of 4412	2488	msedge.exe	134
PID 2488 wrote to memory of 4412	2488	msedge.exe	134
PID 2488 wrote to memory of 4412	2488	msedge.exe	134
PID 2488 wrote to memory of 4412	2488	msedge.exe	134

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\PUBG-MOBILE-VK-MaxMiraConfigs(1).anom
1⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\CompareUnprotect.mht
1⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4100,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=4748 /prefetch:1
1⤵
PID:336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --field-trial-handle=4156,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:1
1⤵
PID:4032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=5368,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=5380 /prefetch:1
1⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=fr --service-sandbox-type=asset_store_service --field-trial-handle=5532,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=5572 /prefetch:8
1⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=fr --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5528,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=5620 /prefetch:8
1⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6084,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:1
1⤵
PID:3820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=fr --service-sandbox-type=service --field-trial-handle=6424,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=6456 /prefetch:8
1⤵
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --field-trial-handle=6080,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=6572 /prefetch:1
1⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=fr --service-sandbox-type=service --field-trial-handle=5260,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=4680 /prefetch:8
1⤵
PID:3628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=24 --field-trial-handle=6760,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=3816 /prefetch:1
1⤵
PID:3000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=fr --service-sandbox-type=audio --field-trial-handle=6640,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=6840 /prefetch:8
1⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=fr --service-sandbox-type=none --field-trial-handle=6644,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=6632 /prefetch:8
1⤵
- Modifies registry class
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6932,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7064 /prefetch:1
1⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=6836,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=6812 /prefetch:1
1⤵
PID:3880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=29 --field-trial-handle=7092,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7076 /prefetch:1
1⤵
PID:1852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=30 --field-trial-handle=7232,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7428 /prefetch:1
1⤵
PID:2712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=3820,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7104 /prefetch:1
1⤵
PID:3004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=fr --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7204,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7400 /prefetch:8
1⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --lang=fr --service-sandbox-type=collections --field-trial-handle=7616,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7664 /prefetch:8
1⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=7648,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7692 /prefetch:1
1⤵
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.FileUtilService --lang=fr --service-sandbox-type=service --field-trial-handle=7120,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7500 /prefetch:8
1⤵
PID:3528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=fr --service-sandbox-type=none --field-trial-handle=7132,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7636 /prefetch:8
1⤵
PID:3192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=37 --field-trial-handle=7992,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=6056 /prefetch:1
1⤵
PID:3956

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=7996,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7664 /prefetch:1
1⤵
PID:5048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=8052,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=7972 /prefetch:1
1⤵
PID:4836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=7940,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=6156 /prefetch:1
1⤵
PID:988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=fr --service-sandbox-type=icon_reader --field-trial-handle=8232,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=8228 /prefetch:8
1⤵
PID:1108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=fr --service-sandbox-type=none --field-trial-handle=8524,i,2056521171712536171,17714126493858089522,262144 --variations-seed-version --mojo-platform-channel-handle=8568 /prefetch:8
1⤵
PID:4788

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of WriteProcessMemory
PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=126.0.6478.127 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=126.0.2592.87 --initial-client-data=0x238,0x23c,0x240,0x234,0x25c,0x7ffba1d90148,0x7ffba1d90154,0x7ffba1d90160
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2352,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=2348 /prefetch:2
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=fr --service-sandbox-type=none --field-trial-handle=1852,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=2444 /prefetch:3
  2⤵
  PID:4036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=fr --service-sandbox-type=service --field-trial-handle=2288,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:4412
- C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=fr --service-sandbox-type=none --field-trial-handle=3712,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:3652
- C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=fr --service-sandbox-type=none --field-trial-handle=3712,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4720,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=fr --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=4832,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=5132 /prefetch:8
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=fr --service-sandbox-type=asset_store_service --field-trial-handle=5104,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=5156 /prefetch:8
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=5536,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:3428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=5572,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=fr --js-flags=--ms-user-locale=fr_FR --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5788,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=5816 /prefetch:1
  2⤵
  PID:2108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=fr --service-sandbox-type=none --field-trial-handle=5484,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:1128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=fr --service-sandbox-type=none --field-trial-handle=5972,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=5968 /prefetch:8
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=fr --service-sandbox-type=service --field-trial-handle=3576,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=6036 /prefetch:8
  2⤵
  PID:1228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5300,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=4492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=fr --service-sandbox-type=asset_store_service --field-trial-handle=4264,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=4448 /prefetch:8
  2⤵
  PID:3724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=fr --service-sandbox-type=asset_store_service --field-trial-handle=2976,i,13055392033247124180,4829021026978746285,262144 --variations-seed-version --mojo-platform-channel-handle=3952 /prefetch:8
  2⤵
  PID:1756

C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\126.0.2592.87\elevation_service.exe"
1⤵
PID:4332

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\108676596f954514870f5fde35bf5a7d /t 4400 /p 2316
1⤵
PID:5060

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2324

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:2596

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffba721ab58,0x7ffba721ab68,0x7ffba721ab78
  2⤵
  PID:3608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1736 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:2
  2⤵
  PID:648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2008 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:4268
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2296 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:1132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3096 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3988 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4696 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:2828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4864 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:632
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4556 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:4564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5052 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4428 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:1564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3112 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:4992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=4760 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:3088
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3240 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:1524
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3364 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:4608
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=4492 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=5160 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5344 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5636 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5652 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --mojo-platform-channel-handle=5820 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --mojo-platform-channel-handle=5944 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --mojo-platform-channel-handle=5972 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --mojo-platform-channel-handle=6256 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --mojo-platform-channel-handle=6456 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --mojo-platform-channel-handle=6628 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5488
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --mojo-platform-channel-handle=6800 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5564
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --mojo-platform-channel-handle=6972 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --mojo-platform-channel-handle=7020 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --mojo-platform-channel-handle=6652 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --mojo-platform-channel-handle=5620 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:6136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --mojo-platform-channel-handle=7048 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5836
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6244 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:5228
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --mojo-platform-channel-handle=6788 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --mojo-platform-channel-handle=5356 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:720
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4744 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5728
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --mojo-platform-channel-handle=7280 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --mojo-platform-channel-handle=4600 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --mojo-platform-channel-handle=6608 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5420
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --mojo-platform-channel-handle=7180 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5412
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --mojo-platform-channel-handle=7408 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6412 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  PID:2808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --mojo-platform-channel-handle=7780 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --mojo-platform-channel-handle=5748 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:1
  2⤵
  PID:4812
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7608 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:5124
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7552 --field-trial-handle=1992,i,6349293003529104318,11191451951149238060,131072 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2240

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1564

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\2703af6845e34fdd82a338d263c50b21 /t 1560 /p 2596
1⤵
PID:3168

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3576

C:\Windows\system32\control.exe
"C:\Windows\system32\control.exe" SYSTEM
1⤵
- Modifies registry class
PID:5968

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5976

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of FindShellTrayWindow
PID:3640

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5076
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffba721ab58,0x7ffba721ab68,0x7ffba721ab78
  2⤵
  PID:5416
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1692 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:2
  2⤵
  PID:2980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:4064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2244 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:5392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3024 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3056 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:1
  2⤵
  PID:6056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4040 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4700 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:4104
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4836 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:3424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4996 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:1676
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:1880
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff6d01eae48,0x7ff6d01eae58,0x7ff6d01eae68
    3⤵
    PID:5708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4996 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:1
  2⤵
  PID:2600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4252 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4824 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:1
  2⤵
  PID:5768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4812 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:1512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3120 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4224 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:1648
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4460 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:6000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5292 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:4504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5268 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5300 --field-trial-handle=1928,i,12193575580662328028,15993485810488709693,131072 /prefetch:8
  2⤵
  PID:5364
- C:\Users\Admin\Downloads\7z2407-x64.exe
  "C:\Users\Admin\Downloads\7z2407-x64.exe"
  2⤵
  - Executes dropped EXE
  - Drops file in Program Files directory
  - Modifies registry class
  PID:5804

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1936

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
b7089367d7ffb46b620bd06870570784

SHA1
3c8e1cad14d6941b6681db01d934e23dbf7ea5e8

SHA256
3af517631c429107fe2419dc3e41ca858afcb9a812aa2d6f2a3f64fb889fc335

SHA512
603893f1480d93bae5ba928498d98df28782edf6790b68ed17fddc82cf4db49f04cba43c9fefecc45458c64475fa46ff171e41082c76f5e0dd1088d174bba8bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\4c50837e-62b2-42ba-bc68-8350a7f05444.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
211KB

MD5
151fb811968eaf8efb840908b89dc9d4

SHA1
7ec811009fd9b0e6d92d12d78b002275f2f1bee1

SHA256
043fd8558e4a5a60aaccd2f0377f77a544e3e375242e9d7200dc6e51f94103ed

SHA512
83aface0ab01da52fd077f747c9d5916e3c06b0ea5c551d7d316707ec3e8f3f986ce1c82e6f2136e48c6511a83cb0ac67ff6dc8f0e440ac72fc6854086a87674

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
69KB

MD5
3ffeac044eab9d0ff13aacc548e1efbe

SHA1
43baf7b0341dff17c7dc45fa940f52c32775625a

SHA256
cfeb358ae428dbc685dc7b2dd44685d0f55d2cc31e03c8d988832dbc8a30d476

SHA512
6b2e7f12baec62224243e61a460adc4b55090aa0c4e7e3ecdee53d7803471b80a3ebb395bc2529958b0e074e6e77cb2a4114d886aebc3d71baeba130afb2824b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
24KB

MD5
299ca9ea3943cf1b445a594d37eb544c

SHA1
3f47e5f651cfe4cfd6a121935ee3479e9bbe40ec

SHA256
a5530a56265611adb7e0161eaf8ec59914e19e853c14d55650f9cdc3f77ac9f5

SHA512
2bfc02a9a17a3cda23c6863aa722580cf2f8c5979a56fb28b74d90394fdc4705832e1c0e7f4af656f001f2ee0a2193f0f1a0387ed6bbfd8c33877beef31f0434

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
23KB

MD5
3abb16405f081d9bd0e4e9bd8982ccfe

SHA1
b89ffbdc9f1f5c1916444bc730a30aec0714bb5c

SHA256
896c96bffaa50fee414fa8d3a5e039538de1b888e6209d211f1f4bc09a7f2eb1

SHA512
4e9a039f3e7be7763b5a0dfb73a024b1472fabebc20f7b5b9437b360ea851ba85f657e8054577913cab9d15e13c455f3cedacd5739c4403d8d411f3f2686bde2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001c

Filesize
52KB

MD5
1b514e1dab2432486496d4e85fb392d2

SHA1
941b1546c338dfeba152edb323be977321c09635

SHA256
6ad3d17c2135168a2ee88bac8491ee465ff90ed78a6a3538ce646c0a873e3982

SHA512
9997be4b1a2cd8ac401fc324442bcf81df726895e957c3d1caede35831fc3123d490e5b8789bdf6b626db633cf118a93069e3122ab9ede136453548bedc142d6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
19KB

MD5
9dbec782554ff613b549c2b667c67857

SHA1
d81fac1044c42656a7df3f46c43b33e3c9ae72c9

SHA256
8aa672a751be805b7accfa6c6be9281948137b970985057f1c8dc78ae264b1a0

SHA512
ba33a2f9bee5cb7d3f196563e58184bd0c4a52eb92e7b0afd359c4f1358bd2bb07845fd6ab28d41c4ae7c0d5e931afe95cb30f8a80daee4e97990aa9f609e193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000039

Filesize
27KB

MD5
70dc4f19424ed6d1eb3edf2e3acffdfe

SHA1
f5e03c8717997457ab5875098caf342e959c52fb

SHA256
4f0529047afe2ad52d6b531440745c009727a374b0302784e5993ad85b3030c5

SHA512
92d0562b604a951bcfcea32569343eeee2c400149faa84375b8eab5f4432bf97bb833b5f9c7c287b1f8f1a330bda52cc9a5868cd35a56789beb7ffc1e9cf7580

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
63KB

MD5
1f63b30eb1f4d138e7bbe4cf01349aa4

SHA1
7c34b0c2fc6f949551b9fa58c99d035d6e6a6002

SHA256
36da78f31189b81a9edf717d77fbbe93faec80b01b7d14d43972cd3a3e71e1c3

SHA512
d5f91ec7fa94eb7f62f1721c058566e4eefb620777dd2d94ed908f8e2ef3b0437c44972fa193924363d0869854395f0e5de6bc694b33b7e5ab6f51b666e5b872

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003d

Filesize
40KB

MD5
dc618e061d68cfabe140b8be708ecd63

SHA1
7f80fde042b5cf118546da35cbdf17ddc3d6cc46

SHA256
c514b3244a116be900dc4aee0007634771898b955af033687c2d6f2273ecbe3b

SHA512
2e41eeb182bbeec6eadacd33732e6da6a015aabe00142adfe3ff6a5be6b0cce6e68da78db6c6bb9b112c65bf935a8ebe645f341a3bd5f05716add5dde63c2275

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
102KB

MD5
5efec0b6d79485191d088bf526b25655

SHA1
62c095627a7a5b348aae26ea46e4a6c20dde400d

SHA256
c7053687f5916d2420a01a5f32b2e5107733fffc0f96784ddf0aeee4d225cff3

SHA512
41e543a8dbb6d147b310c2e104b60901349353bdec14262bbf15a02a64c2a79ff7d0473f424d9bb17d18fb936d0facf5b7126b0fc710d1438e4b8c2cb89b0067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00007b

Filesize
33KB

MD5
1aca735014a6bb648f468ee476680d5b

SHA1
6d28e3ae6e42784769199948211e3aa0806fa62c

SHA256
e563f60814c73c0f4261067bd14c15f2c7f72ed2906670ed4076ebe0d6e9244a

SHA512
808aa9af5a3164f31466af4bac25c8a8c3f19910579cf176033359500c8e26f0a96cdc68ccf8808b65937dc87c121238c1c1b0be296d4306d5d197a1e4c38e86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008e

Filesize
47KB

MD5
127b7a9f7009939d0ae5dd1a48386985

SHA1
f9e981f2fbc6df7e304803153fb6fe40f0dcb6ac

SHA256
9d8e3219c036313e8b27ecb7b91befc49de6a32352a5349656945a7525a89962

SHA512
b1a442d78f6adc7a67f8ee299d46817309798ff2a38a66af2ff03eaa276b3a7967fde34e801dc8488ed75b3110fd01b3a9763f792ce75e21fae190d4779c1287

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00008f

Filesize
19KB

MD5
241379a911bde1dff4e08f2cb521e220

SHA1
d296b9bff172a84febde0d306294d6ce0c63ca1d

SHA256
b0bc11054a6e14544e3ef33a7492f9cd7be99cdf8dd7bf10c6d73f188436e653

SHA512
fe5f999d90254bd50284a349c3a5c9dfc28edb95ffa724f18d28f5a5758df3dea2d596c4e5ea22fa02b26723edcdf7c55057a2e35aa1d347efe7a258a6b761ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000092

Filesize
32KB

MD5
cd3756106418d9e83a2baff9904ba221

SHA1
4c2ed1c1ebe119027db0fbaf7a64b408f1779b4a

SHA256
57ec0895e1bcaf08c769e2d6872f3f3657972f87fac081063445213dae4541ee

SHA512
5bf43ccaaf99505f7e8ecf2eda18efe260125accbc12f655601e2acabd822513e153f4b81cbf03a65d13572f11e9f13fd471006a0ce8f2665e8a594ff2d769dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\02e8be5b68012c3e_0

Filesize
32KB

MD5
8b8e1ac367a2ee24d901b40f4db97f62

SHA1
8de33667165fa60902091673ec5f572a1ca63c94

SHA256
19eb6565d056d2a0d69f4f0e99520926e190418ed3eb5e629d18bcd64d3069e6

SHA512
ff979f16404e31ea9c568e177df59f0c7faa84e0c9b03a83b3d4a2684227427ea9c9bda647638b6232095108ab5ed2ed2feeefb288f52b5b933b45ac55a5b156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0c460ffda7eef4ed_0

Filesize
303B

MD5
e6fa46e360e2b0c5ebe6235d16f18f28

SHA1
8f2e5353d356a45ada6a995f149a26edeef058ac

SHA256
9682687ace3425ee599bd80eaf67dccadcf054bfbace6b5c1d73cbe87272ce8f

SHA512
0719211417f775d1b95e13e73c8c54a323ac63b782b946de820c7981a0e803690f811e197cacff6eeaa39871c8ae27bc0ddc3987da8d8fa15c9e2fd54a12dbc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\0df9c1e8ae4a2203_0

Filesize
292B

MD5
0e5138dc14fdcacc9be961814dc4d526

SHA1
3124470feac6f90f5240c098cb69bd0f4ce9ff94

SHA256
8b051ed0d3081e1d1f4865b942f106b71fada38e19fe96389d4716e61b7f197e

SHA512
a24720d53039d318b52cd34fbe9c9db76094f232005994f81250cd9624e8852db024c918ec5c49c343c31b1dc6edc81af5e2379d7dc22a822f7286b8b0c1b3b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\1b6ef33685ff1acb_0

Filesize
3KB

MD5
bc7e0917344054d13c1e0bd02366d3ba

SHA1
bdb6eddfccccd9e6184ceecb592c5fac5244cc7c

SHA256
7886bfbdfbf974d3b872e781d500e13352393757b119871da0841a38df85d166

SHA512
285bc2bc6fd6892e6aeb1d011d11e8aad78e974a45c89c11f0de4c5f4adc65b5dbe7d81f958f638e26a865f1bf567978253fd7724a0bf76fde6f1f25ac1f9245

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\34069ca7d3842490_0

Filesize
287B

MD5
d001fd9a411a8808160a753ab8c1ed6e

SHA1
717dbf594be83559795b1916661b8c8588bd9abc

SHA256
4c157d260f5dbf59af06fa104f4f2b0f7182addd2c343182e2cd1db0e927b921

SHA512
4ca14433b6e7c110083f4e4d6bc83551c5836487b471488de2e66344f9c6da6f565772bfb573d2c3fb1b7e8166e7cc04d0184c65462f2a9a498084b8bfcfdb13

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\75c484037073c3fa_0

Filesize
32KB

MD5
00257395d17df4a5f01170e39a38b2fc

SHA1
28f81f13cb705033158c74059242b97986d62513

SHA256
f85ab9ccf025ac7965d0cc244703cb7bcafb2d434165264a89ad32728b27608c

SHA512
ed9d843783c6a878f99c5cedcb295de118db5bb6f2405fd1e6d7477962067b5a7d88775c768c25a7a08830f3fab7c45d3ee71ff87bdc5e112a5406ceffb5a27f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\bdbe3c2d106a6e21_0

Filesize
53KB

MD5
6039df96d2cc64cd0bedfa6a5faf91ed

SHA1
9e72c283c96583d0255c2df96998aabaec0680b8

SHA256
9c281fa9a445214eb13cdc029f14fb1daadc17bca2b46ace75996d3df2cb321b

SHA512
673984375b5b0178efff4f541bfad400253ae38fe11cb95f5f650c2615edb3654f3376d22eb0031888d75426e233a1fb2c609c53eb00d76ecb8413acb699ad37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\f3c9a1f869f20aa0_0

Filesize
3KB

MD5
4a203b06db5b1c84c1d2e6fbfaa89b3f

SHA1
29e1aa435a082b60a6d322a26adf75aa3a8d9f29

SHA256
e5ee7bb38d1f48c01e5266a9cebd7f604ecbce19f74d4d5f10aed9d8a1dacb27

SHA512
66366a2cbf902068bc4c8b65d4574ded5e0c9757b6ce8a492949def7b6e857184a10badd08b37a35f578994311368f244d5a1d54aa71d74a433beb0b268d153a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
ef6f7f16d0d296d0db7056a2e58fb171

SHA1
f0a07d277a8d86bb145826b5ed81df24b55b68b2

SHA256
4979dabdcdb4fb422ffa99a9bd2340a76fc3c36ca6f03edaa91f62572e8888fd

SHA512
03589d542b206df59aed5f82795109a9dd4579445861eaea0f6569947fa85fc404b480c9c7d474c4464d8f2b3eded176cd4c6931fe0dc4ebd80f541549855b40

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
081c5a3286a6cb492ef6454bd639902f

SHA1
852ca2d3ccc220201341b204975ef1ed6d71c937

SHA256
b683b99ca082ce280a32bd8db905a9b4fce9b20b4919307eca443a7df72587e3

SHA512
7be99dbf0e7ae9da76d154e4e1931be91bab54729f8f3a6a52ba9546f2ab91c79a9d23a3a39b3cf5022c1373f1d2f11ce2e8e451dd71dc0bdb89978b39aa5ad6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
3ba319d4c7d5a4750109220a7c30e4d6

SHA1
606fd2c5456732e6b8965aa1b066d7cd378bb894

SHA256
03de4784ca54f3f8a8ff8a870ce7692f345ad00080c4f0f18dc509d2a1d32b11

SHA512
e3baa1072ec9f10dff8f589dbfb5b88f01b0051c7f69add44da45c49b02071a395d260720ac323470a3b3c7418db8b15939a0708003192d20256b225068fe237

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
aa5d03156e610928f00c951f4553f108

SHA1
ae60a9d92369240932b0d2a2f679d4e7eafdf03f

SHA256
6a63013e309e63cd28b18fc2d39d4cd73ad2b2fcc4cb1cc1e077084d94bda208

SHA512
8f2a3c452d78e11851f15f33fd89a3ded025231568b7dafdc0dc7119a01c68d0ff13af94b4c6b09de370782a43e6991d20c0fdc78e70c7ab09f376274521f041

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
1bf7a7df10e76507460855009961dcea

SHA1
4b572db0f5efbdf8791bd057cdd5b12555bbfd68

SHA256
3a5d06c9920b415e0064520a799e57f26cf6f0139862e3d1444f86f21e03bdf4

SHA512
5e66cae85d8cf6e2835a54393c3cb9e0b441dd9078997cf20cf96b9d8255694ccc3bd819f27699f5e05b8daf5c452ce9932964e05dccbc27d706c60510e521ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8a23cb7696fac19dbed92c60500264eb

SHA1
81c5036ea28e4625ace1c1569b9f4048e4583479

SHA256
4e786ac9e1171c8102f22662c88f48fab7bcb90c2a88d09c95bb8dceaf29d563

SHA512
762aaa42a9a412954c1ae7d14523c520b484253aff2fcf375d5def31cdfd51f5f4a88a105d699ee5cc6dee59324d8b38013cf0d60ae0a84d4eef5774ef0442c8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
82b736906a3d63ed703c82f43e327656

SHA1
2a83719bd8f723787e1ed086d86e4be0ebb478bb

SHA256
a20339bd4598de3cc1cafbc9f57026f03a5fe1e333f2045b6ead38604fcd5b91

SHA512
a7871ad27de4f4fb708956234f9ed13db21c0c0401e720c4aa17d2b6e4b7fb0b619e4fb054bef785763d392de05c1abf4f2071d337fbcb7251b21abcadb8b5c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
4bcf756ea3a3dbbb8cf2a4e6d78620b0

SHA1
5000e14e034a56af81af724b3b38b1a2d8c11085

SHA256
ead97e34d1dcfda44b7fd78e31fa7a66183bde7f143ae5c65bef9c5a1f1db6f4

SHA512
0d98b58d008a959b8461d492033ca7cf9e88df6dc7727dcbd302ace67f18d989667fe1caf183eab02ecc62efe452781bbd6f60a75d9ef54bb33f8775fbcc2e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
4b43aae4246b39bcb740f4dbe5f6cd91

SHA1
597cb184c93adecdb98c905d7325ea95fa070908

SHA256
00133cf325c2d236c7924d34c045317bd45ebda3fec1a9eb81ef7d8932e696c2

SHA512
26bdf5604590dd2ef95a769d2f7b0af89869fbf5ab6b4bf335675ac5e905e3db3884f23b786abaa1badd93a89b1013731c25880335811747a2ae77b818bbf03b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
18KB

MD5
99292731e85549d391ce0e04b1c48b58

SHA1
c6586fba747d5e8a442c1297df7eab3637bbb261

SHA256
34cc7c8574e8c681ff2d1684115966845888cb9c25b6af807b0b6e6361ffed8e

SHA512
9c52cde5fb944417e3b301c30f4ac0eecabddd4932cf138442203f67690a1a52691de8950e041a8076f22bf66021fd180e458fbbd96017972d7c50048f18908a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
cc7cdbb2d2006d53628f217e0a1136c0

SHA1
d4b773da6dc7de6a69b85b2877cb030e76be0ceb

SHA256
c6cf887cf073e65155e7ad4d4714fb196b89938cae6c86d92ef5f4cf5ea832e8

SHA512
ac000a9f1b8b37424467bfd4f88ac86f07529bfa346017cc28a180e313e55e73134de06bc088a37d0f3bfeef37155fbb2d2e72651e48bb418d19e5040148bea3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
21KB

MD5
eb8835d7dcfc97431bbe8cfff9a3fbd4

SHA1
71e7b54fdfa06dfae5830f297f430d96a92dc824

SHA256
0d19d7048f55b4b47dfa1facb036215e68902c812343a538b884634e904a7beb

SHA512
55b33e2d00ee6ac4da10a76ba6fdfb01f6a3165cb68128f9895d688d2fbc75ca92fd1fb6e70c43d66a3e3a5cf8bbc334ed0f6dbff8200bf1a1ef5492d3a0f8fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
e5435acbf5ca405a8eceb38a5154cf42

SHA1
48724018e3d75996f0ec51851ee7ded205061adf

SHA256
e5d8932588a32dc202c10eb38aa9a8984f6774bf98d2d79853f232795d33b3eb

SHA512
7b6d809a91489daee70a8c208c5bb6a92c727fad1eb32f665debfcfc70b71e6b088d7ec6288ba1a1afc4e7ac6d8ebc224a7ce36a75ab24720ce5885d44b84f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
20KB

MD5
2af40ae893630d5e5c26cbd890877924

SHA1
8f00e2c2a4d98849a141c57c5f33bcce24b737f5

SHA256
e88bfd5138ab2389b885e3aa4f343d3bc8d9807b01b25607c6e9805ceee2755f

SHA512
21875c2768a09a6e72d0150485905685aa58b1bf6b70392cc7595fb4e68afe948abaf0c30f5c1f0c7085eb47ee0d3e7dae98f117a8a807979efcc10a5fed22c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
22KB

MD5
ef3a2d4ef273776ad3cf4659e8f857f5

SHA1
dc348086680a6e49f22247f6818e94e2c35048a8

SHA256
46e4abe40b3b0d3977772da2b66cedd4649cb97c1f31edf8871ae65f86383068

SHA512
3b5c93a3f9a5400549c9adb00f2af867b45c3b68e3aecb0fd3bb11b431bf9c14a772c956b937c80ac97cda76bb742bec7c9bf8db40f23ad6516996ebdd9894b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
792168b445df3e2afe9a6f59082d99cd

SHA1
04607030b9f09609a11f69c52c47bf78226254bd

SHA256
608e5dbb7eda61330646ea304d96549458b9d240d660506ba7010578504294d2

SHA512
639aee9c34c45a0b046f19dedef3e5c6028ee8c30efe73b61edcb5a5153b06aa431f1691cb46de6f4aa67628fcb0cfdbb35d56f74b27edab4efe82ad9a26056f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c6dc11a3500a859de8d2203356bc6005

SHA1
9c3973d2c664f2485affd4bd29b33410f14736de

SHA256
73781bf79ecafba9a8477ba8340279beee07a1dee96bc3835be915b271659a3f

SHA512
a9bf4804c57f4881e2c9fb85f2ddcfdec99a20301c6dd85d109233537b62e3610068922a8fe20879d641cc8c8ee44da64f007f38057ef5438105d6d508f40135

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
cb851df1a11159ab821ba4d172d20154

SHA1
06abbcdcd2d4e58a77492e167f084dad47f1a31c

SHA256
6f4951ee2f38328e412778afcfe384a9db7f709d15339c937e1f53b45faac35e

SHA512
8dc06286779fc8f4751e2ad586aafffebd26e6489a6e07b41f535d05e0474ca7411168bf0a2df116f19982d2211f57858e351ba7c04229f1a35fd42bcb57449f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
5ae51bc26a864dc0ab0be659c797e79e

SHA1
66e4c8789b685c0bece9bd07066f63f431e5ca91

SHA256
3ff8d55085c2d53b73f56e08112bbf873d3c3f3365cbcecad95a6f10cd838270

SHA512
7b49256faca05dc78ab8acb67216dceacf8a3921d27981bc054b01e906e7fee9698d847a2ac0177f6d192fa362d986456d5dacbd2c9cf07408fa4ad27c57aeb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
521B

MD5
4b800a32bf14c7dd6067a65dbc2604e5

SHA1
f7b532ead0dc147058d4db39fca6bf7da6d6f8e6

SHA256
ef59ec41b20a677f658febc2219c3f60eddbe0f41cd2db95c1b7ed41e0d81cf2

SHA512
48eada347ee5ec0e55c3750a17d224b270b88799d64214cd336f53a755650539f6f552ad54abfd2a666f5c845c6106a659c93dd2cfdfe7037345009bc4a53592

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
0260868d03bd6f448c61a9034b913422

SHA1
a4e90937d54a110a55838c67760741308df73514

SHA256
ce8e74106f72f553c163e3a3cabaf11e2fc5f522be7c36f49930e7cd401743c1

SHA512
0613f5cfe993a8441b8f864c340d48e26318bf0211ff7d9998780798dc4f94ba6c9da5516c69b79f8864d9e2776ec89291b75be97d22dd2d6de7a54819cff131

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
4KB

MD5
f08e22be31c330ee0e5ba9b53e6b0f78

SHA1
11b3b0a5456cac8ec1576228e8e30f6e7ef4d382

SHA256
68e95c179671ae290e0f87169efb8f5093ca5d55aa93826f5d349fd02a13cbeb

SHA512
7f0bdf54fd90cfee8036d002cb113e83a6619aa78490f86ac210ed4e71a200ceda77f3ed902c9da0a88c87e16b4873b7af9df0793b9e32182f6e9312d291d474

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
75ab060f8070b1a57a3e090fc0452e6e

SHA1
92fd0bf8881c1195cf6f0ebd900becdc8c5a5427

SHA256
afdc9b3d8538d01a68968477f27ddfe1ce16241cf64385657bf93d140fb12f62

SHA512
0f25349acd44bb2f6b1ba8b49d878d5382e7508039fcb429718fb7ce8f95d6214c347a7ce6011d673a8b9a6c2deb667709b1066ba29b5b4917f8f75b0ebab4a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
867618afc7d73262b242e5de8a63f48e

SHA1
1c1ee9c183a8943c3bc5e09cae0f96d1e9f65781

SHA256
15e66707361c9fef94ef7c31bfcf365ff6abbfa942a727da2495ac8e41c72d1e

SHA512
1ac9530fddf4ad3ab6985436afb9dc44c3b90d205e025454b86d5e221326e5ce706d0913de9c24b54657f1b77998bb07244cf4a4c9284f2286fb0be39bf71bc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
6KB

MD5
93a313e8451ba3896b8513f285bc4362

SHA1
1de0788042100b586b9ffb0c99b7aa5ab4df6795

SHA256
d83daa53607dc34d6add69bd1ac5e4691a4ad64fdefa2a637533d5f44b71ac5a

SHA512
76ac6027c8c95b470b4324d299f32b9c4b99b9cae66ee1f1278961857c4a03460cb13d1b1019d7abfddaa61bc3be2a275bb2d04f6d665d15f883178fda11c770

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
6ae4cf25323027474b4b76720d8e402e

SHA1
34acdeb34824a8e94ee5ff210d28a6a0ea895b1a

SHA256
5273447c037268cef497e938e3e16d29b388ee9481ace6c4e7bb80355ffc1ceb

SHA512
de66ae8320a4bc3c7fed58ae0d5f7953fff7e3c8743000b0c83d95aee335ac5d32a15cc872805b534b4a4dad50a3c23c3459813d8f0d31bf6672df61e02486ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
b0211f7d69d8aeb80028e86cb2d5007a

SHA1
e59a3d072dc794b001eeda30ad21570a3e495673

SHA256
27325cde5dd491b26552d49c943332ee04507a799349d358195b97bd1b7cbbca

SHA512
9a0fe5db5d6eb769acc4db76dee187eede507497f5075c25d95ac21c748c28510502f2e63a95a8519ff5e8d9605e15f67f0120548605410c0b5f8bcd80eff401

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
5KB

MD5
d341993259b4c80385e62c4a23f22953

SHA1
d7448671bfcd52090a04126aee95d5ad2d33a590

SHA256
7170e6a67ebc09529f772fa1037e3c22b4740306dd2a59fb97287e37b7e5945e

SHA512
c3973d30235698bbe66232ea5a1bea07ec32661a921ad335c66643518cd8e4b7ca93220c5772461ec2464f08c6031cec7935b431f18d7c1f37f94002c6995d09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8e504d9bc25968e3ab9c972801e0adc4

SHA1
0e480bdc00c233d42429b94075294722c804d27a

SHA256
54b8095a42434e98fda343640a372b54a2e0097c7faa3f9a99b9ff1d02c40f95

SHA512
7feb223352c8a5a653458253cae497521fc36197c5ed4fc863ab2aa7cab296e5cf7676c74d4408b2258c67b1d08345787f35535b9eedee2f1b15d7e32c6ae1e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
03c6135194ea19da6934d2037f3c77e4

SHA1
bda04a2683a9ca34f990a90c2c173a056ea52e6b

SHA256
bd2a3e1fe84d03227702c2f2688b97ef4e1cfb9923412b33e105c2cf7e1e65e4

SHA512
03486dff438cf20cb1cc6103b04ec8a85ea3c9da3021e14a12ef580d12c5a7602bfb99d6012beefaa88c71c75cfa4d67fb5c5e4bf8a3c59a541be708ccfa15af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
3638c0e7ba9786ba97fb32e05d783a40

SHA1
a40667f19f95a392da414582467bcf997e7c6a4a

SHA256
04df8b994115cc449a958169e935d04a2b1fe858aa6ad53c4e481e21e87016be

SHA512
8f0e3809eadb51236251fa058190918da8b580229686e436652e3c400deb56362ec3e762b8b8cd8e18d078c6857749caff3ae70afdc5b01b93865c1b2ac71cd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
c9b050a9930d94a3dbcb6aac27c9b346

SHA1
e8eaaa547a29165906db03ac28178e69ecfc5589

SHA256
ec994cd6d597b164b63e71206360923d1e0b97265553cc8718e5c17271cd8223

SHA512
287c033b528312a57ccd02e0f2cc4ec7408471b02e17e2357ea637a52b8997a84aeb3c4084dcdf565afa92edf174420f4ff274099bb316767ee6b6f5f95c2316

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
580180a173a8be67a81f69ec7c87a02e

SHA1
39671d2f852bba9069caec32826a5ad82adaff66

SHA256
de107a91734bb914defaa2d41a54748a821f407d6e5b94c9724714e57df63e22

SHA512
77e3931edce36f4f8849f5ccd98597535e6b27b758aa47da2084c81416aa90825719d078cf02bdf16b1c74ad7f160239c155a4dbbd1ccbf7153348dec01e7b5d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
6a5af6e318216a91450a8bcbea4153e6

SHA1
8949f6e9a4e8f5295db3001b16e4679e63963930

SHA256
eabbcd8d6913aadd62415a91ec17819158a072e9db7da3ea03527274fe5e5156

SHA512
8c95dd07e9c3ed82c4e7b6cd4600ecd83a98a830562659e7cb169fd3f7d81de5236f979d32111ded28977ac16fff20c48f908b6c57a41a85b976043291962f75

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
22dcd5b9aab00835dbc3091da9d71797

SHA1
29e064bed73cf8a7fcfba26688164022c67eb3d6

SHA256
e7067eb241a94f9489475653079fb2f18d757814c15e81c6b375a110004a0028

SHA512
0cbf2b41e3f820d4ae61ff4a6d5641342c6cd01602900794f77c72aae3e1bd96ea7b3a152b2611a1c8f1833d5c7c6f5db3085ca620cc3a295a2160c8169b6970

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
cc4d82a142b49be54e5fdafd3937be43

SHA1
60543d3bec027555882b070c3c055ac7165e2bc5

SHA256
fdf78ac2b98c5a5a5d4c376307c231fb84fe2f8e759be691af45aaaee7e3d930

SHA512
63d5ecf8bd23172bd4b3aa19de1f2f0ed0a424d4d3ab565932536d8a5b136f52ac4c7d5362a5312bb1f0bda61171d0930e096aa32358ae4c02621e4149c2cf1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c1e0f23053db913f8499df8c8379eb71

SHA1
beedfde3da03e8f2110eb50aff0b4950aa4e617c

SHA256
afaed5899d704f4bd5577fd1d733991427810f6728576b16b8481563d5f6f81e

SHA512
2a6edf1766f63933c24bfdbe3bfd97bd60c09ded631f13768692e19a3ac63293e883b0fb195e424d8b3ce5ed8ce767ac4c57709a1c652bfaba4f27413399b4a9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
150621d43fefa32385985ddbc893d0e5

SHA1
557b98b52dac1539544e0ced54fc0167b0fc4b88

SHA256
b3d4f2ff146bc0703eb6993d678f07539a9e5afd57944ccd29b3a53a29ac2ab2

SHA512
ea9b5dbf622a7661369b448b4c544841be54adc696b991fe51c68bd779623e1be0fd9b5ff4a989bfdb4350854b598690063f68b6ebab0b9502b2c6a0501c5a37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
7fa380795713dc39046abb85629999be

SHA1
7722bd03481fba145e0d991745b6a239cea2bd0a

SHA256
f064d64c0b4f732bf88098ef3e90eee321089b6c5df2cb381f552ed113507562

SHA512
acc9f15fabfe112b1830b564392045b1ab7409c21649f60bd0a3fc962946c6b3a7f4acc6c46d46d99751f2d34b115f2bed3f1c3446a004f924807abec585acc0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
c996a5d037715034522f71971f39f1f1

SHA1
a67f880ede83978825f3ab4b2e8af629fb56dcbb

SHA256
5d801dcf70d4ace74505cd8682d7c35cd56492604dac41738e6114e8aebdc0ba

SHA512
2c222291ad0d3c808deb825df528b1a957f10756e521be2566cf9e3735ce8661029cccd1726898e98e9d8a2236ed1c36e0ca5334e859039faff0b540989a70f3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
6b43e7e623921605f9da06cc992c9193

SHA1
fe5952d4c1c96997917f423125d0536bfa888c21

SHA256
a003e3c90baec0bfed4e506fecae7bd290e441dd84fc59c444860f6487e68554

SHA512
95ca7585abce398b8e9d9506ef2e1890cf8ef5cf45100184fc8d371dfc9cf6ec432be6ef17a6ed9eec41e6f162ec5ba2f3bd7df9b6d702090150527bfa9b49b8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
94275bde03760c160b707ba8806ef545

SHA1
aad8d87b0796de7baca00ab000b2b12a26427859

SHA256
c58cb79fa4a9ade48ed821dd9f98957b0adfda7c2d267e3d07951c2d371aa968

SHA512
2aabd49bc9f0ed3a5c690773f48a92dbbbd60264090a0db2fe0f166f8c20c767a74d1e1d7cc6a46c34cfbd1587ddb565e791d494cd0d2ca375ab8cc11cd8f930

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
3dfea0da7c177634b49a200a214b3c39

SHA1
a4555e62255c584c3f9cf462a637121d787419cb

SHA256
568db9b03ba0ce46491843e5272750894d675a8a25883f6809c1037a3033da45

SHA512
f822ee6a7d7227ee847ff0edd61f22324f494597cad03540af2ebb65e0707349d65f2235148191ed4e7eb6dec8e1fe7153139bad226f4979c13b820308757906

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
066678f8fe244df411b0fe9f4d601f0d

SHA1
117b852560203bd12b4393e7ad2a9d864e274433

SHA256
670e34a65e84f4ad8c054ef43558f3e23572e191bb2d86b2ae8506e6a3a60ca3

SHA512
a8f572d37b40895a12d28e8420faf22a78fc6acd8f944ce24b5d1a5e488c4ec0aec05b917675d1c2639e78c7f9d0b1cd629f7bb04010fe33acecb447c4e04829

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5d07f2.TMP

Filesize
120B

MD5
75907ff6480173c977f6c016f1ea0093

SHA1
0891ccaa7fe6ac146f9f302b3107f41423d1740c

SHA256
ed6ddc66d3c619e2b48648430adf9c296dc3532b9727d070d22ef28635e32944

SHA512
e90831974afa2ddaef469620f18e2c6f604f9addc33eb90f12318c6572cf0cf9a8268d28526e07c7e2f4a72bef6d36a5237edfc01695f66511919916312e243c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
d5d455dc984fb3dfcc29024143a393bc

SHA1
c2684816ffa26dfb0cd32b07e48e1d9d5860fe2e

SHA256
3524f2df5a8d1cfcfeb9a4e8dec4b629f961cc451f43fb3c974e0249d37b7b94

SHA512
46fe72af0da7e6d3d79ea1eba231b6ae5cc1581d644c7126f554f0f3f422b0705b3954fdc5dd9d29431cdda32ce4a8be1fd86879a22a4f19fc1da47c2737df43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
efc6c41c03aff8bd4d9689b7ea793278

SHA1
0c34efbd0c2d7401b933bc90a6b3e96b9018d8aa

SHA256
2dbe10472f0b079c261684f8db474c28df166ce02d1e345301a02011ea20a0a2

SHA512
1533910c8abda81bdbbdf79e9028c0e3f1b4cbe3b2d23dcce6055d417d24573550ebc9cd0752a6fa4734e0789a4c9bb88fd1b93f3ebb1382b802e541d3ee5b86

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
5e62fb0b37b05a4b3613d323e386475b

SHA1
01316fcd2be4ecb91d8f20b211adbc71642d5e18

SHA256
4a729ca7eb42c1c435be78def3d9c09f0d75f7471a91e4aea5738313e78e1ffb

SHA512
6c03d01670a19231539d5bb31243638057f325f100eabe6a2b046b673c45b049724bd5e3a1303994cea0c027047e4e0f4681fadfb474494db6d188e09543f053

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
5de5575728761523c3ce5109616b0954

SHA1
bcdcc737bedbf02daae126c161abb37fdbaa3aac

SHA256
c6d9a96b139400a2855043e7cbe21ffdb7af5b9040f8314aeda8a2fb52099813

SHA512
d9165d8e1647a882a52f6d6185ffb4d7bef4ec258b089458ac042c26e3b4eb7c5e678ee4c0e18eabbae969ad6928ad7cd544cca1a43972734512f4b92c3f7b92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
143KB

MD5
e3669323dacc321044cc0d5b66a49b53

SHA1
46f0479dd4aba763fc02c97057e454e2271d5514

SHA256
72e8d771114f6db1b4a6d32df545c8d498bd211d853484fb636ac717000cb1d7

SHA512
0031743e73c90fd382d71593ec5c5e35b960edd8002c0938b5638c3bf14fc0c7f28261ba9247a12e71ba12ab7722e547c38d4eb16f92418afa749173b7b84bd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
284KB

MD5
7fa8f61748ef800287dd6e1e65210923

SHA1
da7c6bab398172f754ca08c3bd366f1521222273

SHA256
23c2e347908347cae48801232e02060906b0a12edeb824be04a8dc1f6d091616

SHA512
f654eb01655ad1d2702915e9d4a9d4a9eaa5b8f5e6c646a2ec98b33dc083566978bec8bc9ed74bd29bb88a65f7d1e8bd42fa713432e3ed0a3222ed0798624d61

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
95KB

MD5
7cddef4556a85c0416f0ff855e1fea91

SHA1
504e1989463ad116783a7986cee07dbb22ab46a2

SHA256
104f773c3d1c2df8bf118c209a10be7208973513c0cd85d5133c9db89be942d3

SHA512
e61854f42f8af5cb90e0c17871cab07728942a44ed266ff172d09e694510b3a75064b395ed4d30a4302655f7376507135e0cf8c80e2f3bd8eb3baaa3126dd6c2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
92KB

MD5
4e89d1d32be5e9864e1b86536b306325

SHA1
2f42282157b8c3cf7faa629d8c2f32ac3bdf765a

SHA256
c79a9554623e42c8a0dbc51adcaa4b2f09d181ad952ec78b8e747d7a1a656734

SHA512
375a606d20cf0b701b5f579e150e8eab377df4e25bc5c9d67deb4216c79fc91f6cc92c977fd1c67f48de0ddd2a816a23007d0ee3ac198c91d50ca680408b0c09

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
98KB

MD5
a7a823c5a4da4fd57d3e5b268ede9c4f

SHA1
85859002e37239d83a8d56e644975e52d068005e

SHA256
c41b05839950af39ca8f2c6d618a6e761aa0c07f2b245e50b9bc5c03b620aa76

SHA512
debdcbdca7de85341ce4e4c5edfc0aebfbad8a002235af6a9ec7e39bc559f629ad08f91ced1e325f8e3fb9a7c5f580b6d9abe019d049ce3901ddd6534550392c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
94KB

MD5
18c93ef28084e319981fe9693689571d

SHA1
26a5cef3330a024f8ac6d3efd6aea014540a09f6

SHA256
12913286801d7618f0727a5291f652029c50c24d8219c250437f7dd7dd11d35f

SHA512
bf00d1e95f61e62df62b5305e3c9d7d8ad106bd316fb3467f30a6a53bad0ed40587a0dbe35a324e2005a695a4c6c24caa72e525830d9e873e65352a2024dfeb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
4ae95248312081b7a93f7f4556aff882

SHA1
79e6baf9190b3005d75bdca128bd16b31bd436f8

SHA256
7b339e011db43fb100d0decaf616b5439292748770e009be951fc9ef091dbc59

SHA512
0f25ceab702c289ff46fb9b448ac1fcf23a204cfd740e390a719899bf257cf19846972e15a19a494e4665622a2dbcaeff57dda430ad02c8e9845cc3de308d3bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5d5b61.TMP

Filesize
90KB

MD5
c90b94c42fd156e24c8926022a515ba3

SHA1
62f06ed90dcac7d6219a250527e7bd17e2bf2a31

SHA256
424a10d714b35583634d047c29b3eea5fd5261f5cf8edba1bb208619d391595f

SHA512
f5894ffa4e1f609d4d123bbbd39e8f801dd282251c548760c8a116934fa86412344f0421796c32a91f11184ea7312b829bb0ae1268ed1ca756355906ac1a5009

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Asset Store\assets.db\LOG.old

Filesize
331B

MD5
0bf7409c755822c2dd99dae608374a74

SHA1
b156e9abc7988011e80645ca3fc6c3bab98a5741

SHA256
bde6d36cf18d7195ce75956f50e5510c6d8b99efa4bd3afba50746c5e517f4cb

SHA512
005ac6eb6c7fc8ccac1d491662470c14ab6110a91012e3d925b10cf2b77d7bb483f01389198c8d464e462666a345b3a72c19691dfb5bceba98cb581c4e0285b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
211B

MD5
c6c10dc2bc615ea02bddf61d1a4cc35d

SHA1
9a23c6c125a845b89350f91d94a12b1b8a6274de

SHA256
5d8520095867b58757ad4c0d567c8d906857d8345af5e5c90027d6871fed6e8a

SHA512
fc8567e2fc9b478bc6ad24b3967c6a3295237170bbc0debd3296d49336b25ba46ca3f39d88a124a05b52b143b4a5fcd113535ef479d3dc12a3899a912a1fee24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c4548250fc4bff956447657ec785d260

SHA1
182aaa5859cc6a1c8d1a8f1761cc8780b5ab2913

SHA256
82b85168895e0f3aa3dd2444d5c56a8233d6c7392af88fe0b39e4f8009f01b71

SHA512
2d9a5f9dd75020cb9f08c1b6a288a582d1a444de863c9fc409b65b4aecd7971eaaa80dbd24d6d54a7f5e7542607ae3ca391e93f2a8a6f1e4b8de68d6afdcab7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
95KB

MD5
10c7954f9a2678bc767f632075b5e219

SHA1
60f800581f9d1ace43134e2db2898fb12690bb75

SHA256
81d77a4c5ba9ea7582ee2d19c63cbe595f31f41fdce087a1b10c875e95d57d0d

SHA512
64f9cd82c19f7082bde184573da6c9dd460947a3cd65dd02a23f12ea8f45a5f1eec36edf1fe79af76abc3a4a6c5fe0047604542e8fd4d316465123508ee35d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
95KB

MD5
e40709b28afc9dc2b679ef204769104f

SHA1
bf04a5813095e335f2bf771b818627198ddca949

SHA256
53b96bd326bf749581455f9c17a3347a1ec93a1d095a9fc19391d4d049262bf9

SHA512
a6e6c823c279dd879c7bc7205e419d5dec87ee18bf6023ca4d52313e54b46c9f695926bb9d7f32a396be094207de83997043800869e3adafb1a427917249fb7e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 390289.crdownload

Filesize
1.5MB

MD5
f1320bd826092e99fcec85cc96a29791

SHA1
c0fa3b83cf9f9ec5e584fbca4a0afa9a9faa13ed

SHA256
ad12cec3a3957ff73a689e0d65a05b6328c80fd76336a1b1a6285335f8dab1ba

SHA512
c6ba7770de0302dd90b04393a47dd7d80a0de26fab0bc11e147bf356e3e54ec69ba78e3df05f4f8718ba08ccaefbd6ea0409857973af3b6b57d271762685823a

Download Submit