d0019364aa3673c7d62a615e41f98c0585b72808fe9e32714a73b33c52b5bdb8

Resubmissions

24-09-2024 22:54

240924-2vmjwstbja 10

24-09-2024 22:40

240924-2lz4masfmc 8

24-09-2024 22:31

240924-2ffg2asdkd 8

Analysis

max time kernel
549s
max time network
549s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
24-09-2024 22:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fortnite-skin-changer-lobby.html
Size

10KB
MD5

e0884d5afacda7ac5d4dde84e12bdc5a
SHA1

198d0bd0c6a64f6045a12dca89140cb972bebbe0
SHA256

d0019364aa3673c7d62a615e41f98c0585b72808fe9e32714a73b33c52b5bdb8
SHA512

865fb35d877f5d21b111815387f67a8e9dbd4e5423347954bae4c34422f0f6ac500480b102d2f90a37b3977689819d0f9a9947d9da912b29fae50d828930a155
SSDEEP

192:zyHGqcEY1f+qL4lyVWdhQ82h83FEL1Q1Oso9X0F6YEUB2oKS19:wRcpf+NEknQBOTdEYz

Score

8^/10

bootkit discovery execution persistence

Malware Config

Signatures

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Run Powershell to modify Windows Defender settings to add exclusions for file extensions, paths, and processes.

execution

PowerShell

T1059.001

pid	Process
3576	powershell.exe

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 9 IoCs

pid	Process
4540	ProSwapperLobby.exe
4956	MEMZ.exe
684	MEMZ.exe
752	MEMZ.exe
3508	MEMZ.exe
1944	MEMZ.exe
1376	MEMZ.exe
3556	MEMZ.exe
768	pclient.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
424	raw.githubusercontent.com
425	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5020	4540	WerFault.exe	132

System Location Discovery: System Language Discovery 1 TTPs 17 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	powershell.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	GalaxySwapperV2.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ProSwapperLobby.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	javaw.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 23 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe

Enumerates system info in registry 2 TTPs 21 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133716907032051918"	chrome.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{29BC4AD3-CBFA-43F0-A6A2-D8C034AA4FDF}	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-4182098368-2521458979-3782681353-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{FDA2413D-5B21-4D43-A210-7879AEE04DA5}	msedge.exe

Runs regedit.exe 1 IoCs

pid	Process
6512	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4324	msedge.exe
4324	msedge.exe
2976	msedge.exe
2976	msedge.exe
4024	chrome.exe
4024	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
4392	chrome.exe
684	MEMZ.exe
684	MEMZ.exe
752	MEMZ.exe
752	MEMZ.exe
752	MEMZ.exe
684	MEMZ.exe
752	MEMZ.exe
684	MEMZ.exe
752	MEMZ.exe
752	MEMZ.exe
684	MEMZ.exe
684	MEMZ.exe
3508	MEMZ.exe
3508	MEMZ.exe
684	MEMZ.exe
684	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe
1944	MEMZ.exe
752	MEMZ.exe
752	MEMZ.exe
1944	MEMZ.exe
1944	MEMZ.exe
1944	MEMZ.exe
752	MEMZ.exe
752	MEMZ.exe
1376	MEMZ.exe
684	MEMZ.exe
1376	MEMZ.exe
684	MEMZ.exe
3508	MEMZ.exe
3508	MEMZ.exe
3508	MEMZ.exe
3508	MEMZ.exe
684	MEMZ.exe
684	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe
752	MEMZ.exe
1944	MEMZ.exe
752	MEMZ.exe
1944	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe
684	MEMZ.exe
684	MEMZ.exe
3508	MEMZ.exe
3508	MEMZ.exe
3508	MEMZ.exe
3508	MEMZ.exe
684	MEMZ.exe
684	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
6780	mmc.exe
6512	regedit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe
6056	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
3500	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe
5588	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe
Token: SeShutdownPrivilege	4024	chrome.exe
Token: SeCreatePagefilePrivilege	4024	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
2976	msedge.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
4024	chrome.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe
1216	msedge.exe

Suspicious use of SetWindowsHookEx 20 IoCs

pid	Process
5712	wordpad.exe
5712	wordpad.exe
5712	wordpad.exe
5712	wordpad.exe
5712	wordpad.exe
5272	GalaxySwapperV2.exe
3968	javaw.exe
3968	javaw.exe
3968	javaw.exe
6760	mmc.exe
6780	mmc.exe
6780	mmc.exe
3556	MEMZ.exe
3556	MEMZ.exe
3556	MEMZ.exe
3556	MEMZ.exe
3556	MEMZ.exe
3556	MEMZ.exe
3556	MEMZ.exe
3556	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2976 wrote to memory of 516	2976	msedge.exe	82
PID 2976 wrote to memory of 516	2976	msedge.exe	82
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 2276	2976	msedge.exe	83
PID 2976 wrote to memory of 4324	2976	msedge.exe	84
PID 2976 wrote to memory of 4324	2976	msedge.exe	84
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85
PID 2976 wrote to memory of 4164	2976	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\fortnite-skin-changer-lobby.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
  2⤵
  PID:516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,9724434632855281494,5676144893038675197,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2176 /prefetch:2
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,9724434632855281494,5676144893038675197,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,9724434632855281494,5676144893038675197,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9724434632855281494,5676144893038675197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9724434632855281494,5676144893038675197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:1452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9724434632855281494,5676144893038675197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9724434632855281494,5676144893038675197,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:60
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,9724434632855281494,5676144893038675197,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
  2⤵
  PID:1572

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4172

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2776

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4024
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffa154dcc40,0x7ffa154dcc4c,0x7ffa154dcc58
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1896,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1892 /prefetch:2
  2⤵
  PID:1644
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2184,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2248 /prefetch:3
  2⤵
  PID:4876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2260,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2492 /prefetch:8
  2⤵
  PID:3452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3300,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:1324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4572,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4040 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4704,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4820
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4744 /prefetch:8
  2⤵
  PID:600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4888,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5000 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:856
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6ef014698,0x7ff6ef0146a4,0x7ff6ef0146b0
    3⤵
    - Drops file in Program Files directory
    PID:4444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4792,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3760 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4864,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=3592,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3552 /prefetch:1
  2⤵
  PID:3464
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=240,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:1212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5356,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5328 /prefetch:8
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5464,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5472 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5616,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4672
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5632,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5540 /prefetch:8
  2⤵
  PID:4196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5500,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:3344
- C:\Users\Admin\Downloads\ProSwapperLobby.exe
  "C:\Users\Admin\Downloads\ProSwapperLobby.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4540
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 4540 -s 9756
    3⤵
    - Program crash
    PID:5020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --field-trial-handle=5744,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --field-trial-handle=3184,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5052 /prefetch:1
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6228,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6224 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6024,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5956 /prefetch:8
  2⤵
  PID:3324
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --field-trial-handle=6344,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5948 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --field-trial-handle=5732,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:2496
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --field-trial-handle=6268,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:4340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --field-trial-handle=6116,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=6416,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1184 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --field-trial-handle=6032,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6372 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --field-trial-handle=6468,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6476 /prefetch:1
  2⤵
  PID:4944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6612,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6616,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6648 /prefetch:8
  2⤵
  PID:3400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --field-trial-handle=4120,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6872 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --field-trial-handle=3372,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:2860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6916,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5988 /prefetch:8
  2⤵
  PID:872
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6212,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:1748
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4956
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:684
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:752
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3508
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1944
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1376
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:3556
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:4652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:1216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:1764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2232 /prefetch:2
        5⤵
        
        PID:3360
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2300 /prefetch:3
        5⤵
        
        PID:1184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
        5⤵
        
        PID:5020
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
        5⤵
        
        PID:5152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
        5⤵
        
        PID:5160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4940 /prefetch:1
        5⤵
        
        PID:5640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
        5⤵
        
        PID:5688
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
        5⤵
        
        PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
        5⤵
        
        PID:5444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
        5⤵
        
        PID:5160
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
        5⤵
        
        PID:5792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
        5⤵
        
        PID:5300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,5400659640579653337,10531014303904217034,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
        5⤵
        
        PID:5320
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5712
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:5768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:6056
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:5928
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,6016055359359078066,9035095009168454425,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
        5⤵
        
        PID:4532
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,6016055359359078066,9035095009168454425,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
        5⤵
        
        PID:1748
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,6016055359359078066,9035095009168454425,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3024 /prefetch:8
        5⤵
        
        PID:1040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6016055359359078066,9035095009168454425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
        5⤵
        
        PID:3496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6016055359359078066,9035095009168454425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
        5⤵
        
        PID:5364
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6016055359359078066,9035095009168454425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
        5⤵
        
        PID:440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,6016055359359078066,9035095009168454425,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
        5⤵
        
        PID:4828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:3500
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:5444
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2252,584418309373724553,12991909253431688949,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2264 /prefetch:2
        5⤵
        
        PID:4684
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2252,584418309373724553,12991909253431688949,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2328 /prefetch:3
        5⤵
        
        PID:3344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2252,584418309373724553,12991909253431688949,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
        5⤵
        
        PID:6112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,584418309373724553,12991909253431688949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
        5⤵
        
        PID:5232
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,584418309373724553,12991909253431688949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
        5⤵
        
        PID:5156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,584418309373724553,12991909253431688949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
        5⤵
        
        PID:5544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2252,584418309373724553,12991909253431688949,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:1
        5⤵
        
        PID:5896
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:6760
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of SetWindowsHookEx
        
        PID:6780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5588
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:3680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
        5⤵
        
        PID:5132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
        5⤵
        
        PID:5648
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
        5⤵
        
        PID:2644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
        5⤵
        
        PID:6352
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
        5⤵
        
        PID:3344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
        5⤵
        
        PID:6836
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5100 /prefetch:1
        5⤵
        
        PID:6848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
        5⤵
        
        PID:4544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5320 /prefetch:8
        5⤵
        
        PID:1144
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5584 /prefetch:1
        5⤵
        
        PID:5536
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
        5⤵
        
        PID:7004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3112 /prefetch:1
        5⤵
        
        PID:2796
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
        5⤵
        
        PID:5076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3772 /prefetch:1
        5⤵
        
        PID:6192
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
        5⤵
        
        PID:6852
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
        5⤵
        
        PID:7152
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
        5⤵
        
        PID:2468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
        5⤵
        
        PID:6936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
        5⤵
        
        PID:6752
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
        5⤵
        
        PID:6760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6112 /prefetch:1
        5⤵
        
        PID:6440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6308 /prefetch:8
        5⤵
        
        PID:6084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=6080 /prefetch:8
        5⤵
        Modifies registry class
        
        PID:5964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
        5⤵
        
        PID:5300
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2660 /prefetch:1
        5⤵
        
        PID:6468
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
        5⤵
        
        PID:6092
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:1
        5⤵
        
        PID:5592
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
        5⤵
        
        PID:6436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2596 /prefetch:1
        5⤵
        
        PID:3620
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
        5⤵
        
        PID:6200
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
        5⤵
        
        PID:716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6640 /prefetch:1
        5⤵
        
        PID:5972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6016 /prefetch:1
        5⤵
        
        PID:6700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5900 /prefetch:1
        5⤵
        
        PID:7068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
        5⤵
        
        PID:6604
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4240 /prefetch:1
        5⤵
        
        PID:5448
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7196 /prefetch:1
        5⤵
        
        PID:716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7280 /prefetch:1
        5⤵
        
        PID:5780
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6560 /prefetch:2
        5⤵
        
        PID:5412
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7516 /prefetch:1
        5⤵
        
        PID:5060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
        5⤵
        
        PID:5668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6680 /prefetch:1
        5⤵
        
        PID:4800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7660 /prefetch:1
        5⤵
        
        PID:5396
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7616 /prefetch:1
        5⤵
        
        PID:5140
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7636 /prefetch:1
        5⤵
        
        PID:644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,7747845796439828595,9871133232525821094,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
        5⤵
        
        PID:6788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:4384
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:7012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      PID:6316
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:4892
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      Suspicious behavior: GetForegroundWindowSpam
      PID:6512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
      4⤵
      PID:5960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:6756
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
      4⤵
      PID:4524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:3400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=minecraft+hax+download+no+virus
      4⤵
      PID:3404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:7096
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Checks SCSI registry key(s)
      PID:5808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:7080
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:5992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:5996
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:5984
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      Enumerates system info in registry
      PID:5672
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:5404
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
        5⤵
        
        PID:6656
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 /prefetch:3
        5⤵
        
        PID:5440
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
        5⤵
        
        PID:6612
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
        5⤵
        
        PID:7024
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
        5⤵
        
        PID:7124
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
        5⤵
        
        PID:4336
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
        5⤵
        
        PID:5876
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
        5⤵
        
        PID:5816
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5484 /prefetch:8
        5⤵
        
        PID:5052
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
        5⤵
        
        PID:4044
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5800 /prefetch:1
        5⤵
        
        PID:3344
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:1
        5⤵
        
        PID:2984
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
        5⤵
        
        PID:4676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3624 /prefetch:1
        5⤵
        
        PID:3724
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,8178819975893418440,6791084349136337793,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
        5⤵
        
        PID:4260
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pcoptimizerpro.com/
      4⤵
      PID:4772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
        5⤵
        
        PID:3368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --field-trial-handle=6216,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6120 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --field-trial-handle=6748,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:180
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5020,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6456 /prefetch:8
  2⤵
  PID:3732
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=6680,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=6684 /prefetch:8
  2⤵
  PID:1040
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6648,i,10504158818234298661,754076474833163252,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3528 /prefetch:8
  2⤵
  PID:5776

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:920

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4484

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x150 0x3cc
1⤵
PID:1416

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4540 -ip 4540
1⤵
PID:4036

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5204

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3664

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5664

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2676

C:\Users\Admin\Documents\Galaxy Swapper\Galaxy Swapper\GalaxySwapperV2.exe
"C:\Users\Admin\Documents\Galaxy Swapper\Galaxy Swapper\GalaxySwapperV2.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:5272
- C:\Users\Admin\Documents\Galaxy Swapper\Galaxy Swapper\jre\bin\javaw.exe
  "C:\Users\Admin\Documents\Galaxy Swapper\Galaxy Swapper\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "C:\Users\Admin\Documents\Galaxy Swapper\Galaxy Swapper\GalaxySwapperV2.exe" org.develnext.jphp.ext.javafx.FXLauncher
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:3968
- - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
    C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -inputformat none -outputformat none -NoProfile -ExecutionPolicy Bypass -Command "Add-MpPreference -ExclusionPath 'C:\Users\Admin\AppData\Local\Temp'"
    3⤵
    - Command and Scripting Interpreter: PowerShell
    - System Location Discovery: System Language Discovery
    PID:3576
- - C:\Windows\SysWOW64\explorer.exe
    explorer C:\Users\Admin\AppData\Local\Temp\pclient.exe
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1092

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{75dff2b7-6936-4c06-a8bb-676a7b00b24b} -Embedding
1⤵
PID:1812
- C:\Users\Admin\AppData\Local\Temp\pclient.exe
  "C:\Users\Admin\AppData\Local\Temp\pclient.exe"
  2⤵
  - Executes dropped EXE
  PID:768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6612

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultee999177h5e88h40e2h8bc5hbbc32ea57863
1⤵
PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa23db46f8,0x7ffa23db4708,0x7ffa23db4718
  2⤵
  PID:6932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,12585335087344582222,3890749167047344508,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,12585335087344582222,3890749167047344508,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  PID:6260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6388

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
fa74d2b2b2c97ef28478d72bb2669587

SHA1
c0efd0320aef79115a66ee13fab162f053cf334a

SHA256
552d01e05ffb0839d96d9bb5b4916161225e15c883521d1a9e10d931a9f8dd51

SHA512
a38c3155e49947401f2dccea985b17a3d6525ff56af4ceaf79ec3160f449b1ff6d6db5a7a5c64a44e84829d05685c9215f86a5056762451334ad5be7a4495c06

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
922e341d8cb061f86f3bc1a03ec7869d

SHA1
cf92d9b3314bfe9217d87ad2f8833b2548ceb888

SHA256
01fee7fa0ede21af7f2701d67fb04a1560aca462a361c28f079991aa30e43278

SHA512
5c84c1be209b127601683b3c850918b54d90c8d7f870d462218bbaea01cfebe1c4dcb17d6f8cf5ad5f2038ff88d3adcc1d35bdae4ac9d2979cbcc79515d56e7e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
24KB

MD5
87c2b09a983584b04a63f3ff44064d64

SHA1
8796d5ef1ad1196309ef582cecef3ab95db27043

SHA256
d4a4a801c412a8324a19f21511a7880815b373628e66016bc1785a5a85e0afb0

SHA512
df1f0d6f5f53306887b0b16364651bda9cdc28b8ea74b2d46b2530c6772a724422b33bbdcd7c33d724d2fd4a973e1e9dbc4b654c9c53981386c341620c337067

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
70KB

MD5
6b603a34833edb999c1f682da05c9466

SHA1
266122d675e11535395b0b7e6fc3aa45421c0c07

SHA256
f50ab742bf11752281947f5a759989179e9bddc34e8281e660f9f4b16e1a41e1

SHA512
2ee31de634289f8f3a5508ff275a8f9e34276e52edc3a81e60c14592998298be3d7baa31d60358ce01219b65485115892003ca80fedeee4e1659fc5ff2f439f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
413KB

MD5
80871b4ca63b9c155604725f3bc2414e

SHA1
c2a1f00916e7a82a521ef9d533edbf20b500d8ea

SHA256
c552367788c9bf9f7667e16c3ced50f8eace5fdeeba507ee855fe4ce4b23463c

SHA512
880a2708d78f958f519bbbca52b78be4fe85504d9b94774b04b01de70566219f1f34cd6e0cbe066208655c449dea5cd43bc28661f69e72ef7f9f5dc6da2e9850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003b

Filesize
47KB

MD5
d68e16f4b1c4ac2ba25a3832816a9a73

SHA1
483d682342aea24ed78443e09a4f9e1e4e7bee3a

SHA256
7a3b1646e73713640dabfc22a14a07dc2f0e3eedce783f1312552286104fed77

SHA512
67810d66daec6198445c431bf0b7eb1b78e8a3f92fd303ce342e6d7efe59c061283dbf7d7281fbc11416097022d365698b1f0cbef22672d09d0bc736a3535e70

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003c

Filesize
20KB

MD5
2db93ab019f51386ddad790bb7cc3aa3

SHA1
e238d718d1aa5dd1dc7c090f64ec9cf35a5f01fc

SHA256
ff6b44413cd4aaf91f7cd49976e0fe8b468047b35a0bdf0b0ff7bbd9837c5029

SHA512
e6aea0f6ac99027a238b922f7df06b652ddc3cd7df91c7c04857a9b31b910adaaa6078bfdfd189122d804e42ec996e3757c33e6a1caeddd5f043467dce46f110

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003e

Filesize
605KB

MD5
4dee9994f5847adf284d8727c6109b61

SHA1
b6a2cec46baf82da9c8ac7c8ffec6f75dfdb7e7c

SHA256
e81ca154c634f1d8e56580995718ec7c34fc4b45b61c36805ea347040d124e64

SHA512
96b56c04b315927ebf5c0d780ca6d94ec0a8e8544cf9c01f74540e22e9ede882b00c2d73de6b04c6c2ee7233524688c8fa19c3caccc9a55d8073aaf110607fd3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00003f

Filesize
32KB

MD5
673269c477f35966b5031f665816d043

SHA1
d082b1a27742e92a108112c2473a43e73cf5618f

SHA256
42008d6a28b6ea01964980c7691aebb91b93cbb5f8ae8b2668c94d1483a225ad

SHA512
423c2dccf173a1a193138f776befda7b708f5fbd0b4fd09bd278954fcd87d2510d73ec6f5bd0a3133e9e8f946c256ed26040125694c1db6d7d57cb4cae5af4ff

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
2KB

MD5
cee364b037245af6252f89a2a27d41b2

SHA1
20bd67e38ce0ea7b1bd372b63dcfe368adc97fa9

SHA256
32cda0236d70c21fbf4ec278a4e58e1a4fe04dbc75b1988ecc424016f06bf0ab

SHA512
572fb1fafe1d46be54c0fa8d1020c1c66bba1f20df8dba38e8129fe81d4ec78770bc918e7f67dab4486b4b224fe77aeeafb169b4297d4d015df7ba7c1526f1d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
dc50d98ec4ed895ec306ef14d9e5a23a

SHA1
d95e37690ce2f7f6e6f0dd99917d2a70e43a79cf

SHA256
1afc534e373c95ca7731930b1adf6cb04a0999183e838a0b66889d8c8be3d7a6

SHA512
1e3c9e15a734ddb0c0bf98ec4c9d2d9a28565680d0fd79de360c09f2cc426b29bba6e7b5315fb3c4fd8de08e77286bd09d5d9c444e1928c2c80d6534809c4dda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
ffd695233ff4838bc045ef0a7a161894

SHA1
d7bc94166b7d7665d9d0a46fed494cba513b8978

SHA256
be5a8202965889c2a09a150770e3cece564201c5a39d09e44b9ed43fc54b53bd

SHA512
60cf635236a66f159e990181480c466360bee4319135da935b658b97c7e175c2fd288daba6446cea67b0d8b05273c02e48cb0c40c1c9ea4055d4872838fe35df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
12KB

MD5
ae176cf361c2362b2f0438ada0a3eb4c

SHA1
3f8ccbc8e2c73b3e495126a5573fad4cf440a1f6

SHA256
bdc6072cf8fc03648695bdedbbb9c0d59d2cf1e1cf5d34fe1b92efce0c44c794

SHA512
cc968ff7ce55f16fa6eba2af0883a75aa09192526be975075b9c32a9eb20f1452c256b218b897fe5d8349ea8ad32826596c220a9d04a5b5c8d7e137ac79d938d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
19KB

MD5
13769d0207d524ea6f8537685e415bd8

SHA1
5c5ef085857f70994f1bc2c2f0a5359437e70cf9

SHA256
c613bd50fb292c7782a711dd0bdc31d70386002b7ba9dd123c813e773deb2a66

SHA512
2de73c81fe6f701849a772c12483d8b4bc7a370b63ef88d1c3e2072bf9573497097310885d528767faaed371761b1d93eb89fdb9ac7600c495ebf9cc1025f6e1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
23KB

MD5
59879bdd2b92f588b869b1b058cbc7e4

SHA1
22441b3cde22dd42ca9f0d99348cacc93cfe7c0a

SHA256
a07a3757dc026bef45035499c9a95417cdb5106a55113653e43e913c562d0207

SHA512
dbf083e635bcdd4102aa2700796aab1fae64bc3d69650d27d9a351a8bd3c92c6d334416bd5c13d802e573df74ac486d2a4830f7778845a1873e48a11fc94f8c9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
af7f0fd2227e64a96dbde1ffa4879a7e

SHA1
4a53e0ffaf88e0555c6cfca85dd845ce74a56f80

SHA256
a4494d197b2d1629637f79513bf01a847da306a1992f03ec7d3317eed8f62b9e

SHA512
04b294cb362ac51345db27ec3afad68f70c433f2a52899645daed5fae7d913e0e93d6604b6bbc2908267e3b1a0eb12a4693f85b4023e48e94b856546810511f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
4b66c4013eccb9cb39bd2f78d3f10d01

SHA1
09475437e20359a31fa6022654e0811410bc92cf

SHA256
dce20f39d6a5a490cea7d37b0382b842aabfc304a51234b982ed7e6377873395

SHA512
b85336be7828596a2d1e2c8c1cbb425a8c909aa37aca2675ad6ea65f3f3a776f40d4e08306378dc79a2ad1017a301db1795546ef8cebcc65889231ed6a8a1513

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
56ebc92dc2973247dcfb9d0ce3cb4928

SHA1
222337247830832cc7cdb6f6bcd3ab86169614e0

SHA256
c1de2c104664d4f5779472b60e573940c357ebb7edb38a2aae22f50c94ac9fd3

SHA512
611bd2784b2b39c4e4134bd880e9d0d79ffd84ac89a3bc271f5f04bae9d798642ee16226bfc341d9147adf68d27384ed6f5f2d1d2b7d0fcbc626580474308545

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
19ba17874a6f321870b1d6f7d08303d5

SHA1
58ca4ac0ed8c8065c96b5c89f4c0e544536f4cb2

SHA256
bc08fdd4da2bd8c17a7ead8bfa6934374aacb186aa254295365ad9ecc4c0e23f

SHA512
4961301659184adfc8fb60703ba01e00c859cf23118b550351775d9366ce5f33a6275877e5a18db84ea77ad5485b518d165472cbc08f3184b6b49c58fbf975ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
8042dbfb4f803de1261b0673c492c8bc

SHA1
930dca810ee06cb5e8b109dd6ae479c553238ec2

SHA256
26ecfd7fba6726ffddbdd1fb9ae17ebca478e5fb9ef1170d6167880e2290154d

SHA512
662e909df041e0e77a88dcbd8dd92430f77f3bae9d762ffe8c35568608753e54117b64fd073b8d93ca2ccdadbea2bf025865b60b580690f2295dddab10a8f461

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
cafdcd35449ba0cb2399e1f80705d3d2

SHA1
7a44c31ae7a6db7fcc62fad94020544257cd6268

SHA256
3de3b1ca378a1f3d9715b98afc6535ef616eadf6158a517277e0ccb7b9eee801

SHA512
15fbac5e3650d55b3beef8ab642485ec7e8156b688f086edb04cbb6bb0ad0d67a0b4a847fc662f09ed48c0d9c84d7020df8e39bf062c393cc8cba7f7d7dc24ee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
3KB

MD5
d3cb9469d33a8897b16e2c8c827ffc9a

SHA1
7a2149353242aec9c09bd768a63cec57ef2fd0f2

SHA256
e3b1e3b60fcacdd16ff97d4c9bc0844c48f28ccc98bd1094cd28ec202a757e27

SHA512
0bf4b9545ef4013821c830808ef6c1c8ed281387f0598ef1634d25cd1f2f53cb8bfdbd4150d1c6945d02172aa7b899704c63292d2e9b96c882d94d0341b9e16e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
ca17e1dfb39f38f193a22e99b579c57f

SHA1
0296f86499d8e095105cf14ecb2e41b37365d6f4

SHA256
a02569dfa010e57d53e291be062ceac607062d40767f95d0e7407553c2185372

SHA512
0f021507befd3b2047a88930e3e63e6704014a77bb2811cc9b25a920ec9345892c9811a566e5cfb555166af2f46c873dc7f99dca59e6fb35b7f6fbdc2ed99125

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9324621334fe1c7fb7cc82f313ff3b1f

SHA1
3121e4c9f860132081a371853d001b2fff8d5cdf

SHA256
f90218be383e9cc0fa8e07db27b01d840fb9570d00c1cbc95a82611c171e4889

SHA512
f45dced7b82e378c4e2037a8b2f94ef4974ee9263779d43993952ebb22473aa9ce5c8207ba0ffc49812bfe8e181d0bdbaca18e823c52c561c11de1906c9ad45d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
803ad83af2d74b21ed5f4c2321e4818a

SHA1
42358a1e3c9834b06303af3ad49e4915696b113a

SHA256
df5eaa906e279c15f29ddfa04fdacd9f720aada96f5c29a7667b9fd6ca8c84c9

SHA512
d10d4ce72e8bfffe73c7517a905613ef0176d9c7091403da71067c9ff44fd9132a40afca1cef2ad0001db5232c66d2c4e49f84a591a49e42ac2772aa8b6eaf3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
cae68f6b1c06170c5430dbf8584a7a5b

SHA1
0d623a52731babcc5e5b18da5ceefddff6d8f610

SHA256
7aa30a2128423621c56a52da9b424ea892c8e5137290887e6b742aa140a15b70

SHA512
d62c1b40469130d4f4b745e4330141201ee657b53669f56946f6ed0da46b66a15d064e1097de03a2cd191336d8e5a7c1bffa899afa7272cf3bd1efeaf7b95e0a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
8ed9e3db376f2fee94c68585931619c4

SHA1
4dfdc147dd5ea31ad061d3a5be3ca0efc54e6325

SHA256
6cf362af872c281ba93b07688a70c5ee25cc7ee6368154cc8011940155537c54

SHA512
51a1394728ee1df327274c5bba07d4cdf80703b608427a04cdefc9b76e7bc1d2797f6edf8082e6541831e0d7ada67c60b867c1edb4b1f6ff454cbf8d7a922d96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4d492deca6a38818c626c530e1abe56c

SHA1
c616e8c34ee2119de976fa2a9aa4927e8cc38321

SHA256
c14630fdbdd9604d065a09701c224fe84c4600f00a957910dbfc0e521da6f943

SHA512
5f7e07895b304306afd340721e40750bad56c7e6c7ae0c1654c2a22e70e36923c27ae8636f2fd3dcfd41c68f8111725f6aa83a3d791e57c32b19e778b695f80e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
82a08792b2d1a4031d1da70566fbfa06

SHA1
b87bcf735c809e93d302476e5206aefb34553f7c

SHA256
de7feeec0da1f37523118028402e66b72b58f37e378d4fa93b4149043a8c6fef

SHA512
aea830738c5376dcc64c0ac3fc832b4110f3935949eb4f3c47e1c5f78df79ff12ea7311235e3a50e0db0b063691de06b8902ee394c9f8e6f0c6a34bcaacbf219

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
5735d7cb453723f2cdae13ae1993e915

SHA1
0626edce27fb1eb6d8e90ed919bcc4d59d482a9a

SHA256
1e886cc9dbb4eb86a67ee431cc7c91a988d3bd207871fc13abb9305e1218338f

SHA512
3bace967ac36bf600132413fbcf6e9f6bf704697d1f812bbf552991570dd443882cfef52661410996133cf31b38f44bcfbc88ad66582ba0e3cea854fbc3e450b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
9a0d59a7b7735770392725c545a0d2b1

SHA1
dbf1c3855a348036e5eb562340f4865390934283

SHA256
337327171ad2550f96d481df74431c7e0a1e08b428df35c643150ac11ed59218

SHA512
79d19c13473ba69c5ba34a05f12c1ef15fb102ed51ebdbdcc9b2fee114a1974b541424d020aea2eb30fd41dfdb99a2444e8ab9baf664b55d90937ec5a95aeb17

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
73b417a31fa4e60bb63a6e3980d1ec6c

SHA1
2782acb3a337fa2472d1027dfac41b564a114257

SHA256
704e325696e825a3306af42ac9832ab4e6db22fbe0d4a5e836b43443f0912edb

SHA512
f9969a40ae5a1377a5735c160985f7f13de4e6144bad0057b5725961404785c4bf7278247d212d8070e48a7cb4178e1d6e14ccd0df7d2290ce2b729453ce7916

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
99c0f30532188ddf15d66ed99b250b41

SHA1
ebd7254a4bb77435d12b759d93e02ac4a769ce4f

SHA256
bdd2613667457f00fd32b4504bbb58e9f5718da4037bc8e94904808f86980771

SHA512
7eaa048b398a3ab47252025e6eccdb49bd0b1ce76103165b92947d1caf0953ff55d9cf7f35a63fcb80bd927dc9a7873c1b015e116f3a76d852b8d1c4d25a6390

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2b143050f4c53be0553f80c94e520a99

SHA1
f37fed2ffc486d75599bba3ad7fddfddbbb94887

SHA256
0801c17ab985d768d547ab19a4ecd7cbff082bcf4b5bf7486695a76bf41ab512

SHA512
39b9ff3399bc798f54092a71ed8d1cbbcdb6aee533180d5ed41e83d34369dcded1e0ad6a45d50a59c26b3feee2ee4b0dfdfffe06ed635f1c5cdc9e0e8b42376b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
3a05cc86ff356bac9f11eeff09dff3ba

SHA1
70bcb8d20b55faa075e9ad066e01dfd92bed51f2

SHA256
6bb18bf681f106ace822f8cfca773dbb8b5d188b65aa7afd07a628a88b4bbc49

SHA512
f535bca98633fb8f8da90fe803a6ddbf827a139dca42709466dbd0bf0f1126cc52c23a3b028f5f6c4496507579e0e14cecd7534ef048d52a63308f40f6f6b5fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
d815cf54da05bc7c5460fa002b580e0b

SHA1
022bff59d7f6d90996053914261c68ecb4bb9292

SHA256
89d8db4a074b67dd5a6cb92cb7a40c6ad72b747e9651039f3b48c497c94a8384

SHA512
3a5d1f5f9a116c092bc3afe107998594aa8c333f0b73b92513c28438a2eed0ac71111acad4fe80b4e83b3cdc87f1862e9dec7877c465b3783e71df6b12937bae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2dd3ea17e9a6fb404e8b597bc0421b8a

SHA1
857d9efc74fc88a6ec20c7d5cd0bb8768b2e1400

SHA256
dd2e44d7b7b12a9f89b6d755c683ad9c822bbc3d834c454032adbd196fe2f4ea

SHA512
68ef1eda7bec6a855166f6ce81d050e919b6fe278a3a1a138d35fa32cd2f1c9f0e692f96830a690aebb47152dd55799d1f45650b13ffb4f7c9817e590e63516b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7eeeee8871e06e1a2e7020a2f4c333fb

SHA1
ec70ceeba55065a050fed6b0edcdcc53925ecb2f

SHA256
da85e28c45db1885559d4872bf08eef6af96527f8a254daf61c384488679bc62

SHA512
bc397fc8087bfa840a89e72433c8de2c4338388369beb063ae73fc75b7c0d5d4e7bb81e6a4ddf6da4f9b570a4e1cf388db53e773505b63a3c952f506e3c8eab0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
c11680a5739ee7b1a93bb271ba34b5fa

SHA1
1a82acc904108ffbac2287d65d9fda2295504fee

SHA256
5a3cbc716dff70cd0f6475da1ac104a6f5f6fab356e481a895aa118f3637c3ce

SHA512
9dba4f77a48ffdf3b2f55e4e8948f91214bb34a229851732b45c24a0dc9bc02ae06de66eb6902219c5c8ba8bb3004ca84a6d64dc564194f08c9ed6cda304324a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
6724928ef9ff62bafdf5d025d89f7b47

SHA1
ef994db2b460ca76648d6b3f552b3aa603036427

SHA256
100ffdfcacf3d82a52476e4b79c92e4b6ebfaabc6811b982399c57d4e8bc65fd

SHA512
beee766f501465b6dcad15c224b81e597490715fe0c425a941e8da28982556306e02c283a22e4fd714750b9d850b2a9ba7f532be1a14df601ad15543c8d498ac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
0fb27e712f58be57f5aef724d185777b

SHA1
40551acc406b77bbdcefc6e4abfcc80087f4a8db

SHA256
266448b2dcd1d6e3847244eaff0248c0ff3181926ce85add4190765697b16368

SHA512
de1986944fc0444d61350307fa6dc02640ca12d2ebf666efb965eea1c270316715da6f480362a1dfee2a28895effe4757ce05fd7c1df70ab1a12e9d5f4dded01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
8cf2ecaf61241d298c9bb5fff448a90d

SHA1
2e7937f7674da1bdfca945b4e78f4de45150463a

SHA256
ae6bd30168591fbbb58643383783ccb6f2c63501b135b53893288fa1517a2c13

SHA512
e172184ebae48e538e0c0e65bf3a37c2b1905001afbb71a394a1b3f8043801a993219d40424541c1fb9de21ec0d861ccf586c069476ab7a0f1e4dec203e162ce

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
817fb91b6b1ba00c61c6241cfd6e9bc2

SHA1
d247bd2b2c556482ee8ad7fb5b58b705cc0cdc14

SHA256
754e6215fb393a665522037ab0e6b0a95b01c020a13289b6b3bc1dada154760a

SHA512
a83abb2a72e87bd154c24db10003bde88dd7265f9fe59092c34f3173dc05a56f43ffea6c7a1684f71fbfe81bd78d3a17d05803b9cfc7db84dfb2d6c8e8debddb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
844da4c2a2e85718c112a3a1f2bc717b

SHA1
58840030f4e36134f6d9ceed6bac0ba9eb00dc03

SHA256
d5e3133915e9283f551a2c4b6ed34e70196e9bc5065dca667d1fc3e1f30f931e

SHA512
fecc658a2be21bd7e0d029ea2b527aecbda539d21dea344a491ac302777740f2ee0df391bd742204660a77860e025eeb090d733be955f5491ef923f7a220f152

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
be28239116556a7f601a95c1e9e14224

SHA1
df0e8b5d104fa9a6a11c7bbd1126425f06b6a08b

SHA256
a0fb8696231ce188372e68fb9d85534450c45ac123857bea0460811dec080bca

SHA512
5a7419ff16c68bc17f1e618b3dabb35185f8a968623af86f41c7f9f9d1c226794a56392e7e0c9e0a37f4d817e7a47199df42ea326340c8a94f8685d237d81d2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2f038345c6bbf64d22133d1fecb3b014

SHA1
d8d95e0ad3d720eecffc1de01198db4607cb0683

SHA256
0979424de9469777e0b6033f351f68694b194f8c92cf80f0a043333c37a914ba

SHA512
2b87902182144b0d3a65af545e353b89ccaa60f62781834eaefe0c4024518465dbbd8e0dc410af7a4ebe9a06971de06f266ac185b4c2ef2094bec1cbb24ac004

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8c24d020d0fe220a56ef187b62804219

SHA1
31cbb40699148b621d5f3c21ac7db2d4c35d7376

SHA256
4c6e74187e6b8fe4b579cae460e1a6defb768d767714f5f422a4c21a7b69e2e7

SHA512
449702138e62e8b1d8ffe1596baba0a4d4e0fb6f6b6e05084db0f9e1514cc9543b89acb097c25779dbf691e76b56282e04e6dd761b5187bac43fee1fbd14fa0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a21bf3eb8b2e789689ca332813643e70

SHA1
c787000a7f110d833f7808e456132923a91e5eb0

SHA256
04571f0b0f1c66ac5dddd785b7b16e617565a75d1d8db171c776d33f29e7e8f1

SHA512
800d9ac3d0220413b5b62cde19f7d2f83720bada6a309be471a8ad7445a6a496f869eb51513772d21b2626247293ff15c70eb858d0243d6481b388f6c8156f9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
b617177b950d77bacc06baead1068344

SHA1
34fe9e74c7feaf4d64be1a6d57312b49e199f15b

SHA256
68922a623852d78429bc79c46111a03061f65cc03c42d16ea00b96edb4140783

SHA512
0e2375c637bbdc6fd1f7993d8336cf40d867d7789e17f9fa9e72f62423a4aebb7caafc0696c1e6a00e241ab1be06199b9490e3c4b071a28bea5d51b550265581

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
8052b40d1644f6e264824ba002621f93

SHA1
4e22d03fa7f4a48ce6d288e911074a3a74280ce6

SHA256
b8d0ac90dc53c3dcf0e2dde60619d78e06fa7707a4645023babaf6b181de0008

SHA512
7c14929e112fab101cd74182eba0f87cdab710a40ad0fa80d3ba6f31878270ada4835518c0a408547bdb480afc609611806c6973e336073817263f6c8fa85fc2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
627c04081593a47db057094c577c92a4

SHA1
4e252fc9b40bdcd3c5e2a0948e6ac7605380ed35

SHA256
1d3516297a412e196e956bf6439772c22bdf3718af76360371feb0a5983aadf1

SHA512
c9e429e8298385bd8b4dc5d8e7dccf7dd31306a00e63131cc5ad6fa1a04911d69cc9538804cf345b4d8f40834fa7407d21f9cb6c109414aff5c19f428e882018

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
a175c3b3e8ec27e31b8703d7c89c46e6

SHA1
77c24720de36cabada5b0ccc60921550dfdab637

SHA256
006c7fc028910d37dc1191c748149ddfbceaeef97def7c5a8ca349a805778809

SHA512
4beb900a4ebc861ecda3cabe9a7c1414b407d714fd0bf0d80392b3ea4df0798df2facdea70333e1abf6e1d403ae6f563326abfe90ad9bf142ae2dd38e4dfde73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
2b8d514af328df0636617e0a4814f00e

SHA1
576226865d02adab42e40fe23f98df025d5015d2

SHA256
f925d4c9421e018a477a55ea8ac505120e836fe7927ca4aa2de0d6081d62ecb0

SHA512
62e5f2d6dd14ab7aa0c3d1cde6db6ccdc951d8d07e00f054b2be512ece3558223da3fa0527dc6eed0def928e19d549d1496f35ed930df675a8b39f290da70460

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
d7152abd5e81a1df3eb24fd64adf2f54

SHA1
cc2265973c8fd3d5d06bcd5f333dccbcc99f76c5

SHA256
7a8454ed60e21ef0bf650e984084c456b43ae3e8ae24b03ca46e5a089e4a4357

SHA512
39e285bb6714ef88ddea5f4aeec9a0bbf19ab51aba46a1b3c061f6b3c3a4c723b40279eef10f4b44e4c1ab2585a80acc70fa297198075308deb83b100538b438

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
f88777af03ec93c0b8f4c42c181759ff

SHA1
4f7444c50aebf55b0d5824c96485c22c409d3ba9

SHA256
86513493b3c72068a1c9d61039077e69bcee1e2d875a43b6fa853a6d14af1114

SHA512
43f26bb200a2a8db6eaa0579e8fc9809c3635abbb1fa6a842c9e71f94076b5312fc88e03cb3a2c858d4098895b15d4ab1cc1e535171a0e9b87a5373fddeea3bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
13KB

MD5
5a3d5a2ef822183c8d6187db79fbd850

SHA1
4b29e6dc3a58b1882373cfbb6f9976a706385606

SHA256
61a99a299491d08d19254c96fa8d75eba44f669b1bbc18631fdaca517cfdf0df

SHA512
df5025e9129c8bfdf8d2233ec44b0919a317258d1b56a0c8c7dccd59e8432bb09947ef09e699874a5b9056ab9cefa65b4c577e3d9dda29e46e979666b9e3a322

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
57012ebb6257bd249f73881e07a27629

SHA1
55b2f6494cca22caed8cb088a69e49348f17027d

SHA256
bef5985b853cde7ee725033b8023bac2767d1e0bafb1d2ca6b21a29c7d410fcd

SHA512
74e9224964222894264c73b8cefb67e080adcd02d32d1352de94604dead8c21c4b386f9cdad3ae01e5aa6fbca40c7b5f65950b15284efee3ab450ea8fcdc67d1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
85450d6677e711e4689852f65a5be5f2

SHA1
1b6ba34f5cadf3b6f97b31c44ac1dcf53a1800ff

SHA256
781907b4b37b4e233b1b93e6bad7264769874cccff2d8a08bdf9b04d68a32a0f

SHA512
190c2fdb21d791c1bcd9bb4da7af422110043b198355698f9aa3958e4a652032143c0330e8e411385ad77275261d74d817e7544f641eadc0ba0213855966c922

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
7f6a500c2c41c5b0e6873ae42da0339a

SHA1
b935a51bd25391c0b9cefcf00f7b5894d5d8a79e

SHA256
aafa9307ae9fe5e7694c056f74cd6bb50830936c074dce9cbe261c841d941053

SHA512
e383bbd354425debb4a3e7424d9c19cbe49cfe6c814510e7b5b056b7c369dccd43e338d251fa10b92f257d1616c704f5a9bf3378b0fdae4aaf9e078d9c700c50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
12KB

MD5
230b9323dc233614b5b1b4493d9d15b2

SHA1
2721bcdaf42972ce71a76a5a7292328a51c6bb23

SHA256
cb2a116b95e2935a76b69e3607fa7b0f6e97a7e51725df424c92d9b76b016a09

SHA512
ad5b282ca19d22ed8b09c360a92eb2e79e0d2a6f6ed8e34a3842b8b01861ab147fda494d48d6ba1eb6e7d4b17d78957ed58d7e08deb739ff0b34e41cb19de913

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
957e39d29715e7909a2053b5b1c0c453

SHA1
5b9ee3d01bb4e6abce95a3e7bc5cecc0a0b329d7

SHA256
63579057d3a6c839af3afb1d6cff19e12d7a43ea6321cfc5f4466d00de29ad15

SHA512
6d6af6152b83815b390c25a8677e4a4a5b1c62ab692271672cf9e827f31db09b1bad1b80e7f3a9f1c1f2695d1aa890c38a88740bbc8e7c5fb37f79c0b1ff7b35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e1798f57-dcde-4321-86a8-85da689e55e5\index-dir\the-real-index

Filesize
624B

MD5
cb316631395c91d0ec92ec22aef1c98b

SHA1
80deabe77efc4161a4f00e2dd61948ea07d58fbf

SHA256
a7cbfef0e743c19c7f0e449db4c20e67fd0cb483ba8902264f8e683a964fecf7

SHA512
1664e7694b7ebd0aaa2af4a0392245efb73e3a47cd65b9751fa6547cc5ccae2ccead84b9c1171e68959f8090433d34984379f6e1bc7419bc47082a196d611097

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e1798f57-dcde-4321-86a8-85da689e55e5\index-dir\the-real-index~RFe58aec9.TMP

Filesize
48B

MD5
e6106f239b6206383134aa3e3df6a712

SHA1
8497df3f9248f136a55e9965907875ca3ca40042

SHA256
62f29b2148985f701b5dbf68af3e443f40138c08f25468acb2397e6e5bae5eeb

SHA512
a65247f5dbbea383d474ed805a20de85897fe56afc884308cbcaf93fbf018a312e9d582991f91e9502bfcecd91fcfce835838d8cd690a0210336d76a5b716723

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb4d4930-c49d-41d2-b76d-f1fd8f83de35\index-dir\the-real-index

Filesize
2KB

MD5
5a013a0ef4a5b2de851ecbf3664f47f4

SHA1
2a25dd3f1494ca784bf2b5c1fc6245f61ecab2fd

SHA256
f1fdd0972dfe77d552746c3887b71d209e4645058d608071a0f2717440e33815

SHA512
e2743b3e09f4fb512dc92649559ab694a26693e57cdc24aef23575a7f2dadaa73107cf2e7daabd062804dc446489f7c1f587e832506fb3b26a37da8537fe84ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\eb4d4930-c49d-41d2-b76d-f1fd8f83de35\index-dir\the-real-index~RFe58a851.TMP

Filesize
48B

MD5
baa85bc0db022e8d9bc5883fa580d943

SHA1
c551b20e4277bef1324efb253056e464d37f3ccd

SHA256
ec65ea94041c97f934ba61f744ea6f775796cbe66c3687eb718107163a7f5932

SHA512
018edd81dc6b1cba06fe1d646a6f97151ac6ec50eb50eb85bf2e0148b1ba3d4f11b5ced8ac76e0b4822500b1c29707adb1e9b9b8b3bf34cd9ec03658d7315614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
176B

MD5
899b49be14a675492da99ce6063e2ddf

SHA1
65686b1b64b165ccae4beb43132688765f8bad3e

SHA256
25e8e4ec6b561e09abbf1480e8a9a85aaf8738f62831bb63b484c0e72e4a4b93

SHA512
df2e1bd9048e8de5a672385ea35c5ecb745f65f45d82e281023ffcea120953a561ebaee941deb41e5c7f2b43ce581dc3588646584a512a2177718609f0312200

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
185B

MD5
7b5aa8fbe6df9ea3c83477c0e8099670

SHA1
8352ed85eb7e1bfda38a6f638814c180cf27b6fa

SHA256
e7fc688b5c7afb00551e020d37bad328deb2636124ee1070504328ac81fab882

SHA512
e14cc7f66cf9dc87fee5b62f2466814324b832105fd40fad0f20d73554bcb2c6ba564ac4356adb2a5af55714d452653cb679a184a1c5c8332ec5802507972b74

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
112B

MD5
b3c81a83ebf1592c4774735b6b77b318

SHA1
6968eade3abf24813e7a564045d2b5a9fb08f1fc

SHA256
1a1b5b8115f024a150838639edf5034417303d3728cb1c42e96776b8028ac24d

SHA512
8c4d6ddf78987a67a550b21986730b274ffaacd02bdc0fdb42b8f57232801aa505b14b273402bc4f240c7ee9d5495af81fb7745e3a4c478bc497b33e7fb54b91

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
183B

MD5
f1a48306c99301b3be6d06e772462ffd

SHA1
1ccb26a49274f8b6673556e070bde3940e0b8ba4

SHA256
a793b07ddd53f9c6af3d2333ee60ca11ee43f5812c9a15358cd0b1cc67647d84

SHA512
4d2d6c5179c69750e84218e86b3aa5671f38ab05532aa45c6a315778bb05ba80501da6eaf07d8403008c0f1bc6d645d9929de084e3d5e24dc00f682b22058ba9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe585426.TMP

Filesize
119B

MD5
08e22cd31017c9f0840d42443aaf85de

SHA1
817be0dc860827f17c929c51bcb8e6b9eca8b0ff

SHA256
228a1371be245870513ed0d13add61dca346ef073dc13193aaeeea48a18d5958

SHA512
e99cc0660cfa6454e153afb5ac1f643950598b613443698a94b89b0ddf29b2b94fe1e533bac4ec0c995be731969e347da4f1fbe4ef82e621ee36b747d8f87bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
fd3255c8c2c9b9d6b630a4244a152c07

SHA1
696e0864546d349d0c26e0d593ead949c03a72da

SHA256
3e6bdff1d69fea4f43ec1acba77676341873275324305f158211e6f771478450

SHA512
c33820c8c645a0e1b71cd93bcd536314991b6c3fdca35970b3cec8147c08cf17e6fcbd02b8a9b6046e4d8da3f156e5f5df83a830d5511a18cd0489353c33442d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4024_435205412\Icons Monochrome\16.png

Filesize
214B

MD5
1b3a4d1adc56ac66cd8b46c98f33e41b

SHA1
de87dc114f12e1865922f89ebc127966b0b9a1b7

SHA256
0fb35eacb91ab06f09431370f330ba290725119417f166facaf5f134499978bd

SHA512
ce89a67b088bae8dcd763f9a9b3655ed90485b24646d93de44533744dfcf947c96571e252d1ad80bdec1530ff2b72b012e8fff7178f1b4e957090f0f4c959e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4024_697051094\Shortcuts Menu Icons\Monochrome\0\512.png

Filesize
2KB

MD5
206fd9669027c437a36fbf7d73657db7

SHA1
8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

SHA256
0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

SHA512
2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4024_697051094\Shortcuts Menu Icons\Monochrome\1\512.png

Filesize
10KB

MD5
529a0ad2f85dff6370e98e206ecb6ef9

SHA1
7a4ff97f02962afeca94f1815168f41ba54b0691

SHA256
31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

SHA512
d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
140B

MD5
af6512126fab6175652e93ed6cec7e87

SHA1
4b8a420bfed6b06e28c1ad59f9e30b8ba6f4afc2

SHA256
9d3a2b957afe707f8c2bbf5b922b77b6ccc6451e0d4a5a572bf82fb8d56e4b0e

SHA512
ebb87bec8509b3ce9a794ad9fef68ff478d1d4aac87e269a5c24ce5cb98f93db3caac90458d814e2a21cb3186e40ed6f93d1e7b325bfcc73a42f34241a26636a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt

Filesize
76B

MD5
46cb7641be727eb4f17aff2342ae9017

SHA1
683a8d93c63cfa0ccbf444a20b42ae06e2c4b54d

SHA256
944fff1dd6764143550534f747243ef7d84fdac0642c94135ab40f584520f63e

SHA512
dc1b5f363e90abff5c1663a82764296922c842820d2819805e87da6da1081f1b5f2d8debc83ac34a26ce289b7b22588b022433686b19b039074ae184968b9fda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\CacheStorage\index.txt~RFe593167.TMP

Filesize
140B

MD5
ae4f4d9eb64cf0e2b7416d004787b9d5

SHA1
794f6d0856eeb9ab01b76e833ee250273942a233

SHA256
7bd8962e9ac471aa471b98c529e8fe9ce8881d594ffbc6714d06ec9107148aaa

SHA512
e82d92dd6ec9bf79329bd4ec3c3d5ac8a404e313db1cb708855d36cc31659f2f5b38e296c7db22bafe64a55f909bf7462390ad45919f490cb70138cf0d348df6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\3\IndexedDB\indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\44e95d30-169c-4626-af9d-c5208cadc750\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt

Filesize
80B

MD5
fd309e128b007178f3215c1548188aa1

SHA1
5d9361ee9e6beb160158e8bd840610385a967986

SHA256
8968bd8663534c021325700ccea43d6258a50e66d743a0f90965d0a85859aeb5

SHA512
29b5b46771e0396e13282aa1204e4ca8b794ecb04884bbb1e4818f2e521cbf3ec3c444849b993ec489904d70638be193887b42269319f559394af9bd18610879

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\4\CacheStorage\index.txt~RFe593ca2.TMP

Filesize
144B

MD5
44e5077b6a0e8ead2ac57372292f1cef

SHA1
e8b564157c59979ec295c5fd9e90400565ee5810

SHA256
0c591213773a2a244dc4f175329c6f5adcae6675a145141bb1f9ef40f4172fba

SHA512
3453245991077400889545812d43867aafe0cdbcc3c198bed2e921e47b11dfa659554fa53d2e5e729dd1bd8582d67d87b8c329a88c29a88ab540e4f446a5309a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
6a1b7858bb05d68e45e115517a1e00f5

SHA1
6aabf042e67a9f3b564ab16bb2f3a67b60fc6f4c

SHA256
92a25379b5d504189cbcb640b0731fdd9341e5d835cc52171b969b4c2280678d

SHA512
8866790bdebd3db1359f5f75eded76a0b6b8d30402333ea1062b6a602075b69a3df7aacaabd369399b0b3f000fea3827b6e7b79a48596f58567f83acb81ce295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
5a94f94b98790de51f95836a6936a757

SHA1
23b31e7274ee1e5b9ae964003c67e0eb0f11657d

SHA256
9697b0dbabab8dbd9f02f42274aacc45e31f0a20cdd98f35d6d655f7c360e7ed

SHA512
08f7bf662054df7d7b0c77b924056504c0522e275a9818420bc5bb94c789e4c715db74d3ee00f71dd538a6e050d436c0d4707f5dc9635c669db94b6e1d969465

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
ef7d1c51a11b4413cc3e999075082a15

SHA1
46a358059c6e4dbf4e2f93f96e3e2415c80bcd55

SHA256
bf922b200983621a94be2119b22c79968ad2c52f1060d9ed3f163ea0e228a8a3

SHA512
ce810872c0646483cb8957a676745d96525862ecafd69a689a0bf6c959cef876114bf949ed5ada151a72113899ee17318432870e0e00fd7bfb0a22e8cfdad5a6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
4ff4b4ea6c679542cdf07f0adf8aa706

SHA1
e4108310b597240ac4c52b30a2429e7f840e2ba5

SHA256
66ed3ab03adcc6dc017906b4797d777c3f04cf1bb75d394b7b3ca5b9714f6c0f

SHA512
637a29728193a8ab7d742a4c8a327ea7e1d9b4370e4872766278db1b24766043ad682cc4631ab199bd3ea9bb49c715abd7d4474a37630b20ec74d765dcbe0f2e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
757aeaba89034abe58ce7003a35cf898

SHA1
4c53be7d3dc9d9433630a523eded50a02b406c28

SHA256
7268832337403f7527e2cc6a3eefe81d8803fca867d640c5d6275a294f82882b

SHA512
66b62a67fa9496f0437c189ee67298ab07b89e2c5a33042262d1d8bd0627d3a0880148fda5628b9ea2234bad2e07997430757104232973e712920c0c89517b52

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
6aab2a0bb928008a73fca2701242976a

SHA1
dfd6f1692f6a430d00222bc8f4e195e9908d4f33

SHA256
61740a7cef1ec077a84f89dd6dc0aa4ae74f7512579d9d7cd0446968f12cad90

SHA512
3a0372cf0d02d1e71a8fd1f6210272503b48adacfa2e71f2848851853a68f5df732842d3627f2ee378cd52b1614b5f83b5594925060ec025b0ec142e25560af4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
a7b2bfe65c36a4fde87dfeafb5baf45f

SHA1
83e470e1e30a04e7bb8877cfeb5e73a374435675

SHA256
498b3dcec91ed6a8e0f130b241af9e413baad8aa09ecfd0983d08a055bdb32d3

SHA512
88aca8928113f612755637a45dbaec401bc0efcf97058c8e3af5dcfce5e5a2dcc6a3ec922d8c8f114fa0e71f42a895beb26cb889a0f7943e035f7276d28a21e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
212KB

MD5
e373dad3fe17f3ebf62997678ce263dc

SHA1
0b8b120aad150a9b0fe4c7b17e59251f0daa71d9

SHA256
aba42931c7fca9a5618836577a3f41a065a6a60bd987b4a02c96dc6913516308

SHA512
fe4c4cf31d47e6f3dedcef02613bc18792352d5f543f616493b2643e34956e1ecb631a875ccd8249ae765fb984c421e45c5c69ea43bed684f55536e572a5a4c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1e186e53-89a5-4821-82e2-4876f7709808.tmp

Filesize
10KB

MD5
da4716f2e9e02d96ad7f7565ab138ad4

SHA1
4e9d55b41b120fdacd252b0cf583f1628df4b7b8

SHA256
ae3281b50086a4a7ae8f455293558c1a210ce3f962d1e9b88c04d5c3493c761a

SHA512
86b49a19c25fe278065c047781019626315aff75edec0768f15afabecb08b019c7fb5102ca02818afedad0ed8f98c140ffec2aa65c2b424b327c00390273b53b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3275b79e8797a6cfe50c388b3db6faf1

SHA1
dcb04fed985c02893d5f19cfdd6ad4eee58f84e0

SHA256
337f1ea425c4f124eaef20cb9bf3d04657b0153ce1f6719557fdf60926e53135

SHA512
26489a45a909cd1791053a922e2212b9d475c22635d118bba47a8e42b824bbb4b693306a6436f63fe8b6ec85f143f15eaa0a2427ee9534b49e1e00f0c0b702e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
31d9f16f84dab4cbc0db6b2c3339028c

SHA1
c06f136434affe4becf173ae187cd031ef42e307

SHA256
f84ef10c06c0d9545bf8b3616d9ea09f69f191174a2df99d13403701cd96f5af

SHA512
09552c68d3e9b6d6074375b3360e48634be3c88af737f375d420db2c09b1c760777e37166ed0ee4fa21252297dc4ee8e8cbbb56a87ec16dc91e9d1774fa2bbf5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c145eda456b3b9a7ba1d6340faa01a74

SHA1
9860d2dfe30cfffdf761cd36f2cfcbef14613739

SHA256
36287a0cd949ed5da4bf31d0cf04e9aa601eda47f4a8a61a42829b304aaa0490

SHA512
2c4df365a920116f37b3e777c0cba03cca738e5ef994607ab77fb9c31d06c8f8221b387f9eabad71c90460641417069f238a6d75b8eb7fe1217de3cdd0329c77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f04b6c5d471090a9661ba70906a6147e

SHA1
fb783dbb07d53db3d95ba379b74ebca6da706220

SHA256
ebc4c0e8e3c065057fd04df82af805bab9025f62fc701b992fea6c11083e74aa

SHA512
de5983de93979b4ea479bea015e50c752a6959d3d5cb563b21afb87a6e61c0c4ec808e22cb27a26f3c06f626cb3eadfc3204357ec92255b5b72f609914a6e421

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
690ca5b4ed1f92aa101041eb9a401256

SHA1
18aea05ae9fcbd7c636ed8143b87417710f99de1

SHA256
34bedd99d91b01c18b440a63e0866649106540ff3bd3cb8f68fd5bb199884e42

SHA512
019d726c0be85d751959c8c80f2bd6ad7c61fbe55bcfbbd0390ff354e552aff745d99b4f020d36a70f23c29ec1eec01728f6f57ca92fd445cf60e428d02802b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
64b01055ff4f0a64f9490c55ad716f45

SHA1
4d766aef1d1f5fb0059b63af76d8d8d42f8a89f7

SHA256
cd5346a6a845fd45d95c569469dd56c861a3219ae0c25a9e9c705e859e410a67

SHA512
6b4082a00cca55944e408bab213a7ed501f6fb6ffa0d52efed724f76445e23e14fe3b11d6b978209b6ae7daefb91daab351d4e0ac0308b199523b20735e55136

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
212KB

MD5
08ec57068db9971e917b9046f90d0e49

SHA1
28b80d73a861f88735d89e301fa98f2ae502e94b

SHA256
7a68efe41e5d8408eed6e9d91a7b7b965a3062e4e28eeffeefb8cdba6391f4d1

SHA512
b154142173145122bc49ddd7f9530149100f6f3c5fd2f2e7503b13f7b160147b8b876344f6faae5e8616208c51311633df4c578802ac5d34c005bb154e9057cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
70KB

MD5
4308671e9d218f479c8810d2c04ea6c6

SHA1
dd3686818bc62f93c6ab0190ed611031f97fdfcf

SHA256
5addbdd4fe74ff8afc4ca92f35eb60778af623e4f8b5911323ab58a9beed6a9a

SHA512
5936b6465140968acb7ad7f7486c50980081482766002c35d493f0bdd1cc648712eebf30225b6b7e29f6f3123458451d71e62d9328f7e0d9889028bff66e2ad2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
41KB

MD5
3fa3fda65e1e29312e0a0eb8a939d0e8

SHA1
8d98d28790074ad68d2715d0c323e985b9f3240e

SHA256
ee5d25df51e5903841b499f56845b2860e848f9551bb1e9499d71b2719312c1b

SHA512
4e63a0659d891b55952b427444c243cb2cb6339de91e60eb133ca783499261e333eaf3d04fb24886c718b1a15b79e52f50ef9e3920d6cfa0b9e6185693372cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
1.2MB

MD5
cb518908d592d6eb6e2f103d96851de0

SHA1
69fdea6b0b99d5af966a76b542cfcb2ad2b68a08

SHA256
38d0230d427946b2db194d3ef03f39b829d562b44e9c2559e7cfe7d739f1c041

SHA512
9c320c0d207d90d893c567fad79d78f45ca82f479813970c5ed272f2d8a826f870a094c6625b6b0b3e02bd2e6ebf81f3a02e5f69b0cb272fac2141ba2db0e510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
f65442defe765da30f0526163678c1b5

SHA1
4bd695a34b42392e4a69975d9eec98a05092e6fa

SHA256
9684eeff271743a992274f4332adbaa75a84b4535ae6110866ee2c62b814c68e

SHA512
84c09e9c161c669ee2861bcee1533cf38e27e3a2f7cec7cf0f4fbbeba218926e12adc2c8d8f78b78c55cc98f7a9335eb70a409fa4c8e38c39e0913ab4f251ba7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
5624df49a6f35e5d63cc9690bcb0d888

SHA1
5807ac6364984dd78947e4a03e29abd08cf32f2b

SHA256
6300adee7d8fe78947db43664236b02b774346998cb509f488a228c6e4da7353

SHA512
70878b4541020ebccafab04aa9d172505c71455b3329909f6414b00fdfff4b2ce4dde5cf7f89eff84f73179811b79198f6988900cf7eca9e74ef9698d431e6c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
1c8d4c1ea344479572c8abc810b3a838

SHA1
94d58c0cdd8e0baf3cca65eec765e23e75c21ce0

SHA256
eab736364c8ed1d920d1477f9f3622e33a972ce8a47ff0aaf6553fd62607b601

SHA512
76e63b86ada6914cb6b7bdf1ddfca2a20a2ea4a16873fb1d0e4abd99581d6d868203edb7d265a88a0355b528155c27f306afcaad28e788719bb44aa7ecc79e52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
89325580bd2a25839cc5cddb4b8aa227

SHA1
b8d43aac2a6007bc85f1246a16ff8eb6a7b1bc8e

SHA256
579fc92b77787897a19d730819f5a582785b792d979f735fa4f498191245ebfc

SHA512
a535657086c741efdeb286473709f30a66e6b79ba5e548c43a222f19486d6daba176fb1bfcd3718d15844dae47dc8041084b9961d3be8026363a4da6371c2e5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
4fc675f83de3645cd985aada10ebf73b

SHA1
5713025a13d92885b5ca9aed2197a2f013eb1feb

SHA256
ce1f47fa287ca90d146541aea0a91bbc2d3e690855d2d837c2dfa54c37785247

SHA512
87bd5e8120a7659e606d842c2b84c176953530ed163b7d0d7765e60016fb6b12e2e5bdedb996dcc77d425387f6f03b75c86accbc7184618e6d5f80195942e3b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
5150f75453408a79e924fde4907c2931

SHA1
a246792bbeaf5b6c51e21116782b4968b707c508

SHA256
af43f5928de9eb7ea5efb3b2d8b2a82b2b0b925e8f3483f611ca10e3b0d45a35

SHA512
54c9d342cd9623a256a427b453c007553d900b92eac0ce1b29b3ba8506b9686be425153744518ba1e4502959e98f546069577ba236b016979a7e438467b7df81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e713e9f43b8f9a9fe155461fb94e22d3

SHA1
d8cc78befb7a94e47f340816b6b86c7543d7902d

SHA256
412deff7e48e8569cc3fd896ff51bcf6dfe117460f6638f0c77b0fc950df8406

SHA512
a54d17c9c884464c5853ef0f4ff9308614a2e40848aeb01b9f604f43017c8c5d9d7e4fb04cf0b0f686f8dec751e488df06eae417f3205e57c9bea98c23175728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
74303eb9af1b392799c2a00a8cc9d587

SHA1
21d505b4950262efbbeccc563f8058adab877fdd

SHA256
80da4c770adf56da0aa6d58c330ffca78535e047ae9cd52e9c47cbb2e6fb11e6

SHA512
2c1f0e679a66bb2b7be9f8598e368e3b058209fe058829af390daeddc16f6836238dcac4e205c10c7954412bc0e445e83f2567b59c891d1b3af44f34b2edd3b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
500B

MD5
6665eb5c6ac8bd8027eb3075adc79a2c

SHA1
2f67cf2c51212f1da0e73a824a792a4684eefe6e

SHA256
9f8a88473f90a585cbe6884d5b189661aa54eb34aafe4ab4d614571c0d359f6b

SHA512
ad7bd6882c79413bac80f4152de3ce15630fe8c97d1933f36e0eb3abef56a18863e022e790d8736a42ebf52e4daf0f81551b81e4921f1af5f23f4152c86a8744

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
58ba8ede5ae6e9ed672ae5273ef8ef31

SHA1
1e87a96101c20a4611f84f61bc634a283d1b0625

SHA256
67eaabb02985faf2a99480f57b3b95f19e2828445f194800bb4f64b863066dec

SHA512
98d61e4225456be879fce7ebd25abb16f80faa9bc5f82f5e3f9c92afdac084d8da09bf4b0c07d8b58cef10d1c0ba202421e8132dba22c6334b2e60810f2f712b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
273fc5cfe0afd3e964e56c87b6a8f225

SHA1
c6746435f1d2ae296fa0e43327a813ef2e5e11fc

SHA256
daafc53db5f031cc32cdb884243c92a7a00161dcf72136eeceecc6def8f478f6

SHA512
32ee066282865dc4e8d3d95c5f156744ae36e799beced997e982732464e15b80a91fea1970127c374dadbb981b00e26f207399c4a707d8192f451d4c07cd1aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
874b06268d61e9dc6a7dc16bcd498810

SHA1
22b9bd003af32e4235c24eef21f65a6d406835a7

SHA256
73d2af5e19751fefdb1a384b15d95f452789db602de030f921fe451d7dc6d836

SHA512
1b0c55b1a15e4126c2b24abce6209bd8a041bd41d8d4a4e2aaaa369fda8dfd72fb0b1ba49c82598a629aea313c17c4a36af66b9247b2fa27c104811eb1ea7fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
0cf943c6632d3630cf691c875a2f8b2a

SHA1
fffe13a7f536df511a55fe457a7f17efa72adfe7

SHA256
054c24cc431a08d4b07bf0eeae679a914a6e517b8c43efed100c6bcc0c3cf0de

SHA512
81a6b6277ef13895d051e93f1606b48e248cc204c1d62a538fcebd42dbe4da58dbe341553c10d4831114b348185b30755faeddc3c31deb790130d4626ec0ac38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
3cc1915c17fc9d6fe64026dbcef19775

SHA1
bd03fcaf6584ede4a8d6eb2c32c91aecf07a5130

SHA256
f995b420f0204ee2a0a807e3463e516bd11f703e2679c47ba18b04cff4e2f01d

SHA512
ea9467442d0e56d509f3e0c125f231759ca44d1e693633ef9215c2ec76b73b840ee9e297d664914e6f3f1d5779f0b4fc314aaead2e25e035d1237fc7e6e2afd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
321ee1ff8a7d956c59e963bcc1dafefd

SHA1
6f31ef26b1b35b127875ae5c8aef14cd88739242

SHA256
070702ff539cfd1aa28ddcc007158ecfbc2561896a26bda33fd342dee24ac181

SHA512
954bee402840127de1aa59974cb4c4ff4bfcf71d18ea5069767361a25478ba9e788d4a1d0a6d5505e4a911b5487bb617584cb08431e92276de7ae29035929e6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
dcc3ef91128a49ea800696ba7abd307c

SHA1
31f378eaebcb5fe2bcc33211bd9d907668dd03cd

SHA256
2c6454ffc9868ef8b30537f52460b9eaaba2faebfaaf73913160d7623b8393f6

SHA512
a3d14e2424aea180a6b871b947a8387e6c0ee11a6cba5648dcb58cdadc457a97ad876e0091d63b065911bd30d988f1cbab72ee5f0ecff6abf4510f0cee522d70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
341a76115a6996afb66a7271c36a7d70

SHA1
ded0fc3f2ce341cdd5d6d277832a40a843293481

SHA256
f8b6183f404b18e1863c1e0319998334d1fa6dffd31794c697286cc751bfbf1f

SHA512
3b016b77daa82393b8d495d6b5320868582a08bd2a519b9b0846e679c9e9e86a78e7387fe1a53a04b2d364b5ee5615fdf6e802d9a331163f68e67fc68bdba392

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
220db543e76c091e63307145c86c87b2

SHA1
32854f4981c31b082bff81a00c5d347bc5a822df

SHA256
1aa4f563e87d7920f0ac1a7139e84074fce15de447b827d93d62d5f515c2a52d

SHA512
a9ae2a2cc3479591448522b9bc7e3465d544a6f7ae894452fbfa75a79bce9ee883cbd6883607c7f7e713c171397ff94dc5bfce9886b37037ee2349e42a60cfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1c6584d804ca27c5734689e4141a3a86

SHA1
716948b14a058f121bd30e66fd79f368cd721962

SHA256
d9e2453ed5e3804d504e05c5d3611a86b8433919484988bd234f41a5618c9993

SHA512
14b44e78b9207d9cafac70e15e20b6dec52ba36bcd07596b2b9d7664858272319ba28759603fd5430d2176f40634d1ed7655bb015cd89fedbabd8df843da10f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5072cb3cf06f9287d1e8e7a284efaa29

SHA1
52e2b00834e6eee798882f3004fe1be4f1c12707

SHA256
02b220728619169647b787021d20bd577a509c74affa1dcbe1e0e1c6bee3eb83

SHA512
e6c2377e6266de562f43523f275ffbf9a3a31c08955757edfc857e239e7e3755466fc8179856e0cbfac172bb4eb2bb068cf4d23e90855ca06b663b23ab8551d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a2c435a52b1cf3b3ea9d8cec74d33eba

SHA1
bd38795976c9444dee519d2503e9b7f8c91668f5

SHA256
c895495ac6f271be3e28df5239131975cc1c6f1c33add64cec6acba7f4f557cf

SHA512
e235c9bbd2c804532ce8c818662936c078c2be90fd6a4a9b3b35d743a04b83bd979dd66e9c145c12a462e8619acdae47b36668046acbe167825d1fed5e815bd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
49a72419e735833ee59eac8445292922

SHA1
04ff67f586340a81f301920e3cc0b15b0620cc00

SHA256
fb37859f1a422e30d7cc7b3fb8e1d7517027fd7a6fcd74201dd2de935e13455e

SHA512
87ed347e9d2062fe70d65bdff6d7bcc6c953d987f01fd88c83e11cb4062c2509e6404d4062bd0c2859fb18b02630a01b0b078edceda66c6cd358d656145b3de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f69230ae98b25162765bb447fa182eb2

SHA1
313c709b24e61e85871008bd66e95c514fdb78f8

SHA256
9b78d9810ebbede75b257d0eefef395f1ab7dfb3985be14edfddd0252c7a34df

SHA512
ca79dfbbe289c165dd5ee2a5cd3efa2a71f6d7f826312be4d57562e62debeadbb7f51cb51d2c2e1626ab391d4c4904a574b5ac66a4d94a1f83ac44b3da7946dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
da80a08c0f756519f4c0cad0535774af

SHA1
3956de357686fe23d668f7086338a391a3a71f2f

SHA256
fe8098be3bd4a23ac63e2aca24cd7e122e2b93962732354997a2748c5ab53598

SHA512
df9a6a21ecda8f5285d4178b7422766c92dba1cf33fdd42886728ea2e0a4314a7e915723251e4ed44a615b8af22a24f9a3226060b3c09268ef81e1e43f1ec68b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b8db4e0cfff0ad52eeaa4f5f4199488f

SHA1
d72c8172253988a65d94b1063795500af1ac3e31

SHA256
5f3b1992bdf3b9ec5b3a75bd525c199cec47c92eabae9d7ad682bedaf4c4e3fe

SHA512
b5177c2c4d4d2513a9c947c1ede21f43525e67b5bd42738d13f3b705e0bab0772aa23c4bbcb8d5b0dbc7707b4d14f340aadcddcf03e7532ff3cbd9b433d3435c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
e61b9c560ded589753e28cec562abf14

SHA1
3568249e1d14f16657ab3904bc520134c8e3090d

SHA256
c966afc334561adc511ac957b2944b28c948a76d8e73a3ae4ae4b8efce2e1184

SHA512
599002aed600bbd1f74ca44975967b620b2b47931fb072518c4109ba73dc721db67b132ae5fae1428a9882196713d9f5a6fc6614c159b8212df2c4b88562ca36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a2a7db259193297d8fc85a2cd458ec5b

SHA1
a9479d9ea352beac4e7b7075160f18128c28db3b

SHA256
80c9ccca49db24595639ca016790b02052f15bf92ebe0786af33a0bf47ca123b

SHA512
841bb404eab829a58b8034a117f0811a3c12b77f216934c8676a27f46123f9abb83119fc2824a8ad2f7d05775a0350d0cd33bf198b2579c00ee51c392bc20685

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
180e9755f2b759971b8c2d7c4ebeeb5b

SHA1
790992143bd402e3fdd6819e64326ff40364baba

SHA256
a04790d596a23de9aba68440fba80f4742e77babb3e4b6efb98830834ca655c7

SHA512
e17315d56aee1cc1545c93d3fc9db1e5d75cd029b09580812a9e7481464d789eb7f8dd528e8d59f477a8011e0c4be31c17743126c09f3af4f940f148e2a6e4ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3c1d97b85353089d4b598dc572df3e52

SHA1
f3b79c19f9d2e6f6d593dde56d966a8217c55cda

SHA256
cd1e62b81f30ecc225bd91b7c6d162000df9a1308c862244189c7005f76e0804

SHA512
259ee1537b6b4e9e4a5bca4321c70912cfc9f0cfab0aba5da100ddaf1dacf38f545c0cf6abeaf7dc36b407d5b05b780c110a716cb92d0690f8f5c04402d4734c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d16d3bb900a9392ec02f2c3df0fa5c6c

SHA1
e699b83bf8d70d849cce45d1df598e2958bd8c73

SHA256
4b6cb51f47acfadcc6e0273f877acd83047b6c2d783a0c01977813d6e68d2bf3

SHA512
1adc56a7e28f912fd5d307cea533ad8213aff9b96259f75c8a416a986143c3a8d405f76cff3de5d42c983d6127c10d287b4ee8d5e1ac809c4f38c5582c814817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
b374cd328f4d037c01d956b614578fc9

SHA1
adb260936df2975f070145e48fb82aa6bd06201f

SHA256
6305b70316d620e1b5a0bdf549461ec5437cbd8638ca2b52e49e2c45fec3e5a0

SHA512
7451f568a2aa53bc645abffc28ff5f52f2a2cb59ab0a3957e80612f08515910581582a435e789bd71354b0fa9723b571c27001cbadfd03218ba2685bf1f223ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ce861e38e1fd138dd33451adae51e778

SHA1
2acc23e901a2d50e59bae6950295210e34891f8a

SHA256
a4555a1f7bf5b65290e08ff75bb2318cdf5c4a66b39018a4903827faca2f0565

SHA512
8f479b63d90ec4171e2b0e1882ee4e2a2dc0e63379c9a7af3ad517e97672f71e0661fb7a5d2bb7c498e793ce90876ff18a76443ceb42e8835d4833bf28a94fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
bedc65b87d8a779053b30182d3014beb

SHA1
0989a58f9373e2564bc7fcf8ad6410f3a468b17a

SHA256
28b54a20faac5698b0582226b0a02f4613e2e7e0151c36c9dd9673882d614836

SHA512
7b3e5b8df477ab752d62c0aec40c9d7762c1661faf105cd2863f256d9a02a8a3156453282aa66e77bab10694bd9c64db334de03cb0fb2e489ed62640c1d30a4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
13080adff9ddf33cb64232ab0f26dbd3

SHA1
664ce3becd6ba9f7071913c00d046a72ef7e19fd

SHA256
ab20fbb697ce0310f1362905920964d64b691368a4baba8f53418764ab33edda

SHA512
30c9ae711e89a5d900632bcc1b5c43e9ce2b65e0a567e90d79438df4758e307f93fc99189728bddb8080a0c82fe45fadda8061f2ec3dc2386f6b23a76c283485

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
dcb8c0129b60926542033d708198d8b2

SHA1
8827828f7b43319737030cb9ae55a0fe5dc5a7f8

SHA256
fd445f8b5f520d3318a7d411f2bd09727ea534a2997df8d8112d9abc6b3670c6

SHA512
d1125221a2f6fc5d781583348b0ae7be55579a26ed4f303f49aa08718ba738c55efa0f34e69c1f4551880e3cccf1f1ac1df195ff10051eaad23406e678f3b5a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1450fc20dbadda56d27063d25076555f

SHA1
d65ef3aa7c459424050fc87c5d5173952b01d298

SHA256
e94f794899dbb2039d7e086d4586974573e0cce57871ed7fcb6d5695d1efc69d

SHA512
0ad16430b400318c77fac817e5b86b12f573e8189ae0ae4c9b5c5ae82dba0b0c9a9c4044fd510ed476e31fbf5e821b1744a7f36320ce885197a4f18a95c13d59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
067250596dce4661e44e449ebef86e6c

SHA1
d0c34047fcb742d600d4a646c34cb33e8c1677e9

SHA256
2981f0bf022d41ec6c9ed5163a5dd2f1294815a7cd882f0f2c3a879ad1a3337a

SHA512
c06446ce3a68298e556d1ca8053984b9674af0c71eed1747671c59e1887d1c93043cc7680c7d33991d3e33354c482a2a58dae925779dd637cbc01d65b40010f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
807500f1376eb058ce55a56654f114ef

SHA1
d08180dff446ad42f032c956fb99a4e2c120773b

SHA256
bfb0d6ea702c5967e3e81c30c4b71bb13afb2c99a87203d596ab78c9249747bd

SHA512
faa898aa8bc5eb5b4d814a40cad1069b271a6eaf185e1087246698e2188f48034f736729b46559b46d945c4afcc5f46f9222df55c1f8427e7accf6874050d277

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e26e19f3b1c7e58594ce9081621ab3c9

SHA1
c26f63cc39708f258dc9ed9bbe1ae66bfb24414c

SHA256
58fa654dcac2a14850c0f360f1ae813d9ab9de469bc7b8ed86922fb571ce5540

SHA512
707cad07de1e38bebf5f14d57ec2ab78db4e2d4a3504a9b73590ae155161c8305b9f1b3a7159c134e081b66e505252228fd563fcd97bbbfa893ca065de063608

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f7e186db191de2f21b11f9ea9047126f

SHA1
c94c80b8ef5ca665b8d8dea9d198ce67dd2c1d9b

SHA256
d149395b74d726791282bea1ac46347e586683ebabf607120c48b58e585fe622

SHA512
5cd74a552b092fdd2171643d1f8c2803eed3694d9e35795b0a17d8b7e2dfef920df5e185fe8b9ba71cdd3d7369c9a9279670fe8369c21b5d9119bed6a8b5226f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\a8b1287d-12f6-4cfe-b805-37a6d8987106.tmp

Filesize
7KB

MD5
43acbf678e607380fa445ddcb61cdb2c

SHA1
aa3439c2129a42cbb1a4b984e4bfe2c83b7745a0

SHA256
aa163809a7ad988f0bfe1b331c4ec239dc0ec14c6e63f813b1597b94c8dcbaf8

SHA512
a1102aae82bd796cce79a94bd119730d19926c3d9bfd28efbb5890834425e10656446cda80167c159343201d7823f970e308791d1ddbf38e7610c84c73366923

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\f693d498-0137-4599-b67f-a6c5583f5c2e.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
10776515f20d886923f898576660132a

SHA1
4b5d7ab144574d98adada7a9f787b45ae10b1231

SHA256
6e685198d5b6d19a6d10518e522a0ac5ff95bc37e0a20b624beb2e075f9b3c5d

SHA512
a62039480c9698a74f127fc15488b00c42825d6d6a43a7ad4edead6ff671a07d045402791d5be87dcfa2adae1aa4bbf4c0b7ec1b0025eef354fb1a79712262b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
5df27c042f635b726b33263f19129e87

SHA1
a46d83a7bbe0684ab4798679904881aa3c58896f

SHA256
51641f907e9feafdbd9231c1c826c3c89d6a4a4e77e46808f0219dde1c0e734c

SHA512
156d8fd039251ae4acca7a43b2420bd9a04953e68c5b30cc32cb09271b8305662fa1bde0fc796d0ffcc57b321f2f1ea6745a57d5ac0c6a0346b0cfe3eda1b3b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7018f9d9b6b44bd671d830d9ef1ed62c

SHA1
4e1754d3e0be80c86bfa65914fd2b2e140f12514

SHA256
5358acd42d190822c69cd8df9e6073a0b8f5d3da92299244d9397dc2e4392441

SHA512
6b7a46e9a7b8e6b8ce00cbe7781357838188f98803d05f333791a841d02a89050a8b9cb43cf8dcf83a6f425d7254cbf7d2b9d8bda8e3b2e46ac77a0e65eda39d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
8b5799062193e3ab1c49b0377587f475

SHA1
b3139b4657440ee68bd8cc98b5a1949170c8546b

SHA256
94d598691871f7558ed4970952fc70dd521eb61b6e64ea0d2efd45fba2641592

SHA512
73eacad4759b05812703aa4b3a6645aa72155f528e83716e567f10988274185771c94abb71d905ed06563d801a570e58bbd54731cd8bb53e5a57d73029156e24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
75960577e7d5ff5d582be1d614264b52

SHA1
036374852d69062bfba80166ebf88bd36c8c5c91

SHA256
214ab9c429f9553206b4530ec6fdfee14512c4b1e1dd0391ef0909be172b41f7

SHA512
a50467eb3a539a7437e9bf6c7da57f5f464309da077ad3f4d5a523c05f9bd0b0e8b96a045965f80b5ec1c035b076d93c4412201ddff64b7067659b02e46e5a16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
21956a194a378826b44c79bf85abe240

SHA1
207477c08b3cf00b495c3e85adc901d26e16d55d

SHA256
42fc4194e0fecdec543149cf2a1aa30d87dcff5627e642bf2ed57f366bb8640b

SHA512
b5de79a8f02391d0269867aaaba0cdc00b5602fa8c168d0f4d00e013de00c688cbedf41ad93d6def6f6d42cab1078b61de63d0c401b46cd386a1550732ebdfaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
08ebd8155408e02eb9501c259cf87509

SHA1
de75bee76985c2e439bc3d68a45d4c84a9ecb6f9

SHA256
f392845e7ec6cc08844413784cc0b4f1572111c5c17c7f4b6fd2a0bdcbbe46db

SHA512
245bd554c2f3b9608af41703008a3ffc2044bb47790131dd65fa106ea66de16f244f108d359b5d9ecc1ff57da510c62d582bd8e6aed252f25b7cbfd46a803ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6c27d9d50ab978a58f03518d18849e91

SHA1
37e42fe01d0ec1f6e739be02937ff827fe172ceb

SHA256
c97d1633cc5f3a93a119a48660c00d77ec2587165632f16b103ce96c0916838a

SHA512
5aca57a66e43ad0c869c0ae95e8b4378af5255122ae65b662190d399c65a48bd2c1a5b254a4f39b3196be91756de898099e9a396016f369f8c2f91e31be66ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6e2be5afa12351f8c837652ee32a04a9

SHA1
627dceff9d89a7af17a9ebb837922c531341aae1

SHA256
631bacf4e8cfc948835524f685e14c46864c2db2d2a62dfc69796e586c4959d8

SHA512
f4d48693fcca35741bc1989ae632853029ce2235e38cf028f19c171cb6a16e6899c79af0bc59e6a5002287b87dd6fc3a47d7c260d324aab28f55a454dd888a55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f69745117ea85d428a057cdb5f08f2bb

SHA1
85660b27a6c4721bb4eee163fbf366f45e94f492

SHA256
7256f13157ec5fa6d96e8f2b0770f5dac22319728613290ce615d7a34292a03a

SHA512
66b49882c857b2d1cd2cdd9f8256cfc2186cd22db562bbfb34439b61db929a7619bc9fed3f4b3809c39c926d65545613cfe592a4607ae452218cbc5ce02e14e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
377e8310a7db6e9495a9c90179566512

SHA1
25e532bc1f303c73faf4c5a646cc0ede42c40392

SHA256
006a952269e23458969fdf2f88547f6beb7813424bd2f4eeff9f0a641038cc7d

SHA512
fa78e06fb88f2c2ce65be87173d06a42405c7959c297631a43dd1bef87213a19d07b9e2d55d244d0cbadd7bdb4e88f63b7a51c4ea6894101872ce1f42a9f2b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb057429df6920c571ca427493f9aa1d

SHA1
6ad6c93a0a904c09e586b9aef448aa06d6b26410

SHA256
6d3d3aa746579d0496b87e55c51ec6ede7edd31b29796d5abb3f912bb183d9ca

SHA512
8e2651f88b492657abac31db090d6a26d2245103391cc92419e51d84cc0a524437014f3512608222589a920d97b6ea2331632475f48d536347c3efcf6fb7ffc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
28eb79ea17915d195a3fcf842ddf23f8

SHA1
4cd21218440b1c7ab7e49befea96a803f130f5e9

SHA256
fc929bebc9cf78a955ae7fd747992c47218ff81d80573be5c970f9b8ee7780d9

SHA512
61db550c0e9db3488b7d414d88e507b0c553e746c1770f1eca96842e19c34a38d3a84a5102ba0ea0e5834d6994229454bc8595fbecb11f7c6654ade34c1845de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ikx3ye1c.ndv.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\ProSwapperLobby.exe

Filesize
32.9MB

MD5
09157150a45ddf1b85948e6436dca970

SHA1
56436d5da5bfd8e1011ea5fd547e411cc8f6d546

SHA256
2cbd137d9a7899b6de7107264bc3fef1d9aead3545b9ea9c3d8cccacad20575e

SHA512
b4029d17c96726e9caa63ad77e7267a717e2a93b23376c2f43efd92d09b455b905493cda45c6e50c1e0903212f6e24ce4ff55c3b4e4da9c3d42e81d42d233721

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/3576-2169-0x0000000007D00000-0x0000000007D0A000-memory.dmp

Filesize
40KB

Download
memory/3576-2171-0x0000000007E80000-0x0000000007E91000-memory.dmp

Filesize
68KB

Download
memory/3576-2154-0x0000000006F10000-0x0000000006F42000-memory.dmp

Filesize
200KB

Download
memory/3576-2155-0x000000006CA90000-0x000000006CADC000-memory.dmp

Filesize
304KB

Download
memory/3576-2146-0x00000000062C0000-0x0000000006614000-memory.dmp

Filesize
3.3MB

Download
memory/3576-2136-0x00000000032F0000-0x0000000003326000-memory.dmp

Filesize
216KB

Download
memory/3576-2165-0x0000000006EF0000-0x0000000006F0E000-memory.dmp

Filesize
120KB

Download
memory/3576-2137-0x0000000005AB0000-0x00000000060D8000-memory.dmp

Filesize
6.2MB

Download
memory/3576-2175-0x0000000007FA0000-0x0000000007FA8000-memory.dmp

Filesize
32KB

Download
memory/3576-2138-0x0000000005910000-0x0000000005932000-memory.dmp

Filesize
136KB

Download
memory/3576-2174-0x0000000007FB0000-0x0000000007FCA000-memory.dmp

Filesize
104KB

Download
memory/3576-2140-0x0000000006150000-0x00000000061B6000-memory.dmp

Filesize
408KB

Download
memory/3576-2173-0x0000000007EC0000-0x0000000007ED4000-memory.dmp

Filesize
80KB

Download
memory/3576-2166-0x0000000007B10000-0x0000000007BB3000-memory.dmp

Filesize
652KB

Download
memory/3576-2168-0x0000000007C80000-0x0000000007C9A000-memory.dmp

Filesize
104KB

Download
memory/3576-2139-0x00000000060E0000-0x0000000006146000-memory.dmp

Filesize
408KB

Download
memory/3576-2172-0x0000000007EB0000-0x0000000007EBE000-memory.dmp

Filesize
56KB

Download
memory/3576-2167-0x00000000082C0000-0x000000000893A000-memory.dmp

Filesize
6.5MB

Download
memory/3576-2152-0x0000000006980000-0x00000000069CC000-memory.dmp

Filesize
304KB

Download
memory/3576-2151-0x0000000006960000-0x000000000697E000-memory.dmp

Filesize
120KB

Download
memory/3576-2170-0x0000000007EF0000-0x0000000007F86000-memory.dmp

Filesize
600KB

Download
memory/3968-2180-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2124-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2049-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2214-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2113-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2122-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2079-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2121-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2054-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2325-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2346-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2011-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2198-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2331-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/3968-2196-0x0000000002850000-0x0000000002851000-memory.dmp

Filesize
4KB

Download
memory/4540-856-0x0000000007CA0000-0x0000000008244000-memory.dmp

Filesize
5.6MB

Download
memory/4540-857-0x00000000075B0000-0x0000000007642000-memory.dmp

Filesize
584KB

Download
memory/4540-855-0x0000000000AA0000-0x0000000002B9A000-memory.dmp

Filesize
33.0MB

Download
memory/5272-1980-0x0000000000400000-0x0000000000456000-memory.dmp

Filesize
344KB

Download