df069d61a48578ec720196c7d17f60872aa8988430c13965b9b95c4b8ea748be

Resubmissions

02-10-2024 04:34

241002-e7engsxdrq 1

01-10-2024 14:58

241001-sb9qmsvglr 10

Analysis

max time kernel
1195s
max time network
1202s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
01-10-2024 14:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jk.txt
Size

4.8MB
MD5

7740e3d8ec8596c000c8aa454b189f70
SHA1

226341f5cc2fdd1d3c9077df74b3b75b578e14b2
SHA256

df069d61a48578ec720196c7d17f60872aa8988430c13965b9b95c4b8ea748be
SHA512

7000e1640907f38339ec54401f3435e6647df57deea7795664df8121e8212451713c3ac7b20bfc3ef3ac10606c376e56355d93e313ea2a5f104a2b37bc737627
SSDEEP

98304:pl2OfyzLdIvT/magEjgw9GE4tS1Duq/P5ksl+KuNFdo0LY8:MOvdgqjGVS1CqXJl+rtD

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe

Drops file in Windows directory 58 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File opened for modification	C:\Windows\INF\setupapi.dev.log	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 11 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe

Checks SCSI registry key(s) 3 TTPs 23 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe

Enumerates system info in registry 2 TTPs 18 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133722690226309467"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Version = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\NodeSlot = "1"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1092616257"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\LogicalViewMode = "3"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByDirection = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0000000001000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0 = 3a001f44471a0359723fa74489c55595fe6b30ee260001002600efbe10000000fd26f173d7e4da0199d37962e4e4da01701715f71414db0114000000	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupByKey:PID = "0"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\IconSize = "48"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Documents"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Mode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\GroupView = "0"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\0\NodeSlot = "2"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupView = "4294967295"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f50e04fd020ea3a6910a2d808002b30309d0000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = 00000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Mode = "4"	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\ComDlg\{CD0FC69B-71E2-46E5-9690-5BCD9F57AAB3}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\SniffedFolderType = "Downloads"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	chrome.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	chrome.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-945322488-2060912225-3527527000-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\2\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	chrome.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
4972	NOTEPAD.EXE

Runs regedit.exe 1 IoCs

pid	Process
2416	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4304	chrome.exe
4304	chrome.exe
5048	chrome.exe
5048	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
1552	chrome.exe
544	chrome.exe
544	chrome.exe
4816	chrome.exe
4816	chrome.exe
4304	MEMZ.exe
4304	MEMZ.exe
4304	MEMZ.exe
4304	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
4508	MEMZ.exe
2888	MEMZ.exe
4508	MEMZ.exe
4304	MEMZ.exe
4304	MEMZ.exe
212	MEMZ.exe
212	MEMZ.exe
212	MEMZ.exe
212	MEMZ.exe
4304	MEMZ.exe
4304	MEMZ.exe
4508	MEMZ.exe
2888	MEMZ.exe
4508	MEMZ.exe
2888	MEMZ.exe
2664	MEMZ.exe
2664	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
4508	MEMZ.exe
4304	MEMZ.exe
4508	MEMZ.exe
4304	MEMZ.exe
212	MEMZ.exe
212	MEMZ.exe
4304	MEMZ.exe
212	MEMZ.exe
4304	MEMZ.exe
212	MEMZ.exe
4508	MEMZ.exe
4508	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
2664	MEMZ.exe
2664	MEMZ.exe
2664	MEMZ.exe
2664	MEMZ.exe
2888	MEMZ.exe
2888	MEMZ.exe
4508	MEMZ.exe
4508	MEMZ.exe
212	MEMZ.exe
212	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3472	mmc.exe
2416	regedit.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
4816	chrome.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
1464	msedge.exe
1464	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe
Token: SeShutdownPrivilege	4476	chrome.exe
Token: SeCreatePagefilePrivilege	4476	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
4476	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
5048	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe
544	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

pid	Process
452	chrome.exe
3652	chrome.exe
2968	chrome.exe
3960	chrome.exe
5112	mmc.exe
3472	mmc.exe
3472	mmc.exe
2992	wordpad.exe
2992	wordpad.exe
2992	wordpad.exe
2992	wordpad.exe
2992	wordpad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4476 wrote to memory of 8	4476	chrome.exe	96
PID 4476 wrote to memory of 8	4476	chrome.exe	96
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 2100	4476	chrome.exe	97
PID 4476 wrote to memory of 4056	4476	chrome.exe	98
PID 4476 wrote to memory of 4056	4476	chrome.exe	98
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99
PID 4476 wrote to memory of 3052	4476	chrome.exe	99

C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE C:\Users\Admin\AppData\Local\Temp\jk.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:4972

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4476
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffcd370cc40,0x7ffcd370cc4c,0x7ffcd370cc58
  2⤵
  PID:8
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1984,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1908,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2288 /prefetch:3
  2⤵
  PID:4056
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2052,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2392 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3164,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3184 /prefetch:1
  2⤵
  PID:4428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3424,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4472,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3696 /prefetch:1
  2⤵
  PID:4396
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3896,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4700 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4692,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4844 /prefetch:8
  2⤵
  PID:828
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4928,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4916 /prefetch:8
  2⤵
  PID:864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4844,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4680 /prefetch:8
  2⤵
  PID:1724
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4736,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=3156,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  PID:4856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5272,i,4050094491192403882,9821851925263638460,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4304

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2140

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted -p -s NgcCtnrSvc
1⤵
PID:1324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x168
1⤵
PID:4336

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5048
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd370cc40,0x7ffcd370cc4c,0x7ffcd370cc58
  2⤵
  PID:2364
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2340,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=2336 /prefetch:2
  2⤵
  PID:940
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1732,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  PID:4452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1968,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=2484 /prefetch:8
  2⤵
  PID:1312
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3120,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3140 /prefetch:1
  2⤵
  PID:1800
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3148,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:3624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4548,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4556 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4728,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4508 /prefetch:8
  2⤵
  PID:3928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4716,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4696 /prefetch:8
  2⤵
  PID:528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4700,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=3404,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3208 /prefetch:8
  2⤵
  PID:3112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3132,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4464 /prefetch:8
  2⤵
  PID:880
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=4884,i,3489846431565504767,15500759368340766952,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3368 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd370cc40,0x7ffcd370cc4c,0x7ffcd370cc58
  2⤵
  PID:2960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1908,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=1904 /prefetch:2
  2⤵
  PID:5080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2152,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=2184 /prefetch:3
  2⤵
  PID:2100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2240,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=2396 /prefetch:8
  2⤵
  PID:3000
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3156 /prefetch:1
  2⤵
  PID:1920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3296,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3656,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4552 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=3724,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4672 /prefetch:8
  2⤵
  PID:4900
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4664,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4820 /prefetch:8
  2⤵
  PID:764
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4808,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4404 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:452
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4740,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4776 /prefetch:8
  2⤵
  PID:4544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4924,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4692 /prefetch:8
  2⤵
  PID:3196
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4544,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=4484,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:4280
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5312,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:2892
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=4876,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=5552,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3884
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5540,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5532,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=5468 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:2968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5788,i,9229168565033947370,15899116229400326746,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=5732 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:3960

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1316

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:2868

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffcd370cc40,0x7ffcd370cc4c,0x7ffcd370cc58
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2368,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=2364 /prefetch:2
  2⤵
  PID:1912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1912,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=2472 /prefetch:3
  2⤵
  PID:1068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=1972,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=2576 /prefetch:8
  2⤵
  PID:2492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3148,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3212 /prefetch:1
  2⤵
  PID:1164
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3140,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3272 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4552,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4564 /prefetch:1
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4732,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4740 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4848,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  PID:3952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4968,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4940 /prefetch:8
  2⤵
  PID:620
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:4832
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x268,0x26c,0x270,0x244,0x274,0x7ff73fee4698,0x7ff73fee46a4,0x7ff73fee46b0
    3⤵
    - Drops file in Program Files directory
    PID:3808
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5016,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4660 /prefetch:8
  2⤵
  PID:2664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=4760,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=4508,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5072,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:2784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --field-trial-handle=5464,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=5444 /prefetch:1
  2⤵
  PID:3084
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5468,i,5831062185218698900,4265876543499506261,262144 --variations-seed-version=20240930-180100.465000 --mojo-platform-channel-handle=5624 /prefetch:8
  2⤵
  PID:4188

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:180

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:1208
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4304
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2888
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:212
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:4508
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  PID:2664
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ-virus-main.zip\MEMZ-virus-main\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Modifies registry class
  PID:1980
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3896
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:5112
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Drops file in System32 directory
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of SetWindowsHookEx
      PID:3472
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2992
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:824
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffcddfc46f8,0x7ffcddfc4708,0x7ffcddfc4718
      4⤵
      PID:856
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
      4⤵
      PID:3900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
      4⤵
      PID:540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2716 /prefetch:8
      4⤵
      PID:4836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
      4⤵
      PID:3500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
      4⤵
      PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4364 /prefetch:1
      4⤵
      PID:3000
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
      4⤵
      PID:4876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
      4⤵
      PID:4544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5528 /prefetch:8
      4⤵
      PID:2188
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5252 /prefetch:1
      4⤵
      PID:1596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,9783233257098939120,11657934301008103624,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5524 /prefetch:1
      4⤵
      PID:2336
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Runs regedit.exe
    - Suspicious behavior: GetForegroundWindowSpam
    PID:2416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:1464
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffcddfc46f8,0x7ffcddfc4708,0x7ffcddfc4718
      4⤵
      PID:1848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,11497921285911513237,4508377823504920516,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
      4⤵
      PID:364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,11497921285911513237,4508377823504920516,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      PID:3900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,11497921285911513237,4508377823504920516,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
      4⤵
      PID:1652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11497921285911513237,4508377823504920516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
      4⤵
      PID:4544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11497921285911513237,4508377823504920516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
      4⤵
      PID:3296
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11497921285911513237,4508377823504920516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
      4⤵
      PID:4608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11497921285911513237,4508377823504920516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4092 /prefetch:1
      4⤵
      PID:2660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,11497921285911513237,4508377823504920516,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
      4⤵
      PID:2324

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
PID:4620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:3140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\New Text Document.txt
1⤵
PID:1032

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x168
1⤵
PID:4348

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2312

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\D3DSCache\e8010882af4f153f\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

Filesize
4B

MD5
f49655f856acb8884cc0ace29216f511

SHA1
cb0f1f87ec0455ec349aaa950c600475ac7b7b6b

SHA256
7852fce59c67ddf1d6b8b997eaa1adfac004a9f3a91c37295de9223674011fba

SHA512
599e93d25b174524495ed29653052b3590133096404873318f05fd68f4c9a5c9a3b30574551141fbb73d7329d6be342699a17f3ae84554bab784776dfda2d5f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

Filesize
40B

MD5
2c76afc5a2c5731743f37706c1fc87cf

SHA1
7e9b3c33b0e65d011882eae9d8224a3f2e30f7f6

SHA256
77fc781aa22f91c1beb606634a96088bfbbda95c1c2f08b679c281f2ffbb2dd6

SHA512
6cc81e2569857200dcd7f7c161536e9dd1fff4c9fb993fdc58c7f86b79b064713001de5d6af01136b4666439ce16532626559734549150408c8c101601ed8683

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\30e68ba4-646a-492b-bc2c-caaf127e9710.tmp

Filesize
10KB

MD5
3ae75f78bd7d208a6776aa7478e88d55

SHA1
de5aa5d62f1b2be1c7f87522ff4e9ad2388324f1

SHA256
9508f4ed07b3a7e59d8cc74520c1a79b5c55c666c4dbfbbc410e070b3bceb352

SHA512
61d64db91bff092cebcface8de504169171fba0aaa8b423f0f3c209b7ca748e78ac2b5f1d8cf8ac39570b3129fb572f1b1525ff6502a96fca996f8195af23612

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
ce91e2a34b8ea66f0130f692dd6132ec

SHA1
ad48fbc76d49a4c4d639d85d44daf18fb74699aa

SHA256
d41a732e49e32f9e30d5ee5d56e2467a1724301a3ab37edf60d89d1491808b19

SHA512
2056928e27e47794a0ab5bef00aab082846027771a25224c982700b1bc3b88c3fc2f0f09453419ae66c78d8cd80f960f2c99c84d03397b282dcf3215bd24122b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
60b4ee56f1f548b4b9cb86c5d3c7200f

SHA1
b4ed5a658706bc580df7eff724396fc2b536eea1

SHA256
1c5bab577f8f2d6cb4baeb30a3a9a7984d5915e797942f5bbc38c625fc7d8b01

SHA512
080a5b983e35474a4d202ad292b0fa1405a44fc569383d246b25ad03af25880a16824ea7941e3e7e043f65acf962aad28f2a649edb03be9f69779dfdd341e7b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
14074a0f9b419ac93afe69e9a88cb5c5

SHA1
5dca01d4dbcf064bba299f03b0e48c5870b76f1a

SHA256
c1971151a9f11e0146b2b9af6e4d51fc5c58b935a91496f4ead6e030c0bad599

SHA512
ce03d699dde171adbb83de589e190b7ab3a4d35ff25638f152a9c05f9f1a249d59edfe0f6e98bfb5b3a86c63d3aa0ce8d710a8ba8929952de123706a143fc795

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
0c91db6214f5ecf8315eb8602ae41c64

SHA1
16f959dc12b3c9852bc72fff9ee74c7d674d23e4

SHA256
435bd888d4776201552bdea304d975022cb88afcc14545003409a18ccd7f70f1

SHA512
47113c84479db4b6702bf71436502e3476855b7bcbba1d4ec6c3a1e33efde3a4b94d556d955bff29fb3e0f56eb2bf92cc6f6b04a69d19c5c37c867efe55e89e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
37174720af0b7750f79e16ec2f558112

SHA1
22cd8e59748e48f2e8e905e00a6d438be62c171c

SHA256
a77b6354dc5df28a40591550588da927c6f2c7f69d899b53bfef07045273eeae

SHA512
7b794fe7def3ca7cc807aa28d7b013cfe86f61b37ec48a14f6604a67b41581f684e94d1af40e0b22437ea1b42fea69d22de0724e42f76293e0880ac91726446d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
36KB

MD5
e70ee03eada6563d99dc6c8d5238f714

SHA1
2074efadce869c7c9ca45f0f566bfd1130efa599

SHA256
05ee31883e1b099ba33212adcd83bfa508fe5cd29ffe64015067e3aa229d98d2

SHA512
e090df209f14e36a8b3b5767beff9c25db6958a8c980aa3d66c8d4e613e5f51f93fd778a51ac67094d4a848253d5f604bcecda52e4eef23599eb92087a61847f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000002

Filesize
62KB

MD5
2aac5cbaa7a4fc1f63f5f98954f55411

SHA1
0ab98eed5bd9f21350cde548e21b0b4c5f784094

SHA256
6c18470d668759bf1108511cb6760880e41b7ea15c81631ece7521f321caf262

SHA512
f2c97d5b62bcfb4b65e084cfda67f1a5702581c7dbe7b2f58d1e4e52463eda11b23009fae92af41cf2ffe47d6bc9494068e78c2f98bf58ddadcf3984d1ffedf7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000003

Filesize
41KB

MD5
abda4d3a17526328b95aad4cfbf82980

SHA1
f0e1d7c57c6504d2712cec813bc6fd92446ec9e8

SHA256
ee22a58fa0825364628a7618894bcacb1df5a6a775cafcfb6dea146e56a7a476

SHA512
91769a876df0aea973129c758d9a36b319a9285374c95ea1b16e9712f9aa65a1be5acf996c8f53d8cae5faf68e4e5829cd379f523055f8bcfaa0deae0d729170

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
213KB

MD5
f942900ff0a10f251d338c612c456948

SHA1
4a283d3c8f3dc491e43c430d97c3489ee7a3d320

SHA256
38b76a54655aff71271a9ad376ac17f20187abd581bf5aced69ccde0fe6e2fd6

SHA512
9b393ce73598ed1997d28ceeddb23491a4d986c337984878ebb0ae06019e30ea77448d375d3d6563c774856d6bc98ee3ca0e0ba88ea5769a451a5e814f6ddb41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
41KB

MD5
0af350c480ab565287007d89ab48a899

SHA1
4bc2a2c1ed2f10d047429af7c9bcaab3a34f25bd

SHA256
030239207754b0195bad3b58d42e4bfed6df4aeaff730c3fbaeed92021ca4b85

SHA512
3586ded7ed16c12ba8201b1a215f818e0dcff598e012001a4765cd727587e5243c87c8e7afe84af623d34beeced1b536e1e1671cb3baf72175512a6800efdd6a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
42KB

MD5
612fc027a450442d5b50d5ab5325114a

SHA1
841ca1238a98ce6f18261f7a158c8868ec5047e5

SHA256
76f902074deb0e5677439dda3f0e8f252f76e4c8acf9da97d36dac09f9ec7060

SHA512
7ce53698ef8c853926a36487c1fe22af9568de2b021b2106f9fbbea3f43a5b232424dba7e43728ef65f236c981979871572c2644352211d95e9624bd3e41b1b0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000007

Filesize
41KB

MD5
1a147aeb4f913b7801df599797360571

SHA1
1a84a30841c4f8f938b95655fe441420bf509b20

SHA256
480f7a57e4d68ba57c823d99a217ef3779d0f73a98276808ff82cf8eb075b174

SHA512
14107cbb630cfc8bdfb64f1808e51b50f2b0bfa28124b8380b71d51c3b0bb9d65ed30ec48114575ea234532f80771a6a7a58c1a802d661c1a4951c2f100b5f8d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
38KB

MD5
3faa10e384b641a1a855fc53439b4baa

SHA1
6eff2efed79f1aebbdddcedef254f9519ad37b66

SHA256
de6b2fe8c81fa04d367bf17b3f96b2428000f2ff5bf9b0315c31eb2e32a63fa2

SHA512
0b6acd34102f2ae7580678415223f0efb2370fe56c6160d45b90683d775e4638e2e68ed182fcee942272c55a0d38977fe351730d8ca67ef3733455410f7fd178

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
31KB

MD5
cb2f6790f2f4abf308398e20a6553cac

SHA1
05b8592422eebe6ef84641960b8ed90451c5479c

SHA256
9f5adcb6d56f8d8dc1d3d3aed675af61024d40e858434ab078249f1a48d6702f

SHA512
a57ef5f64d1bf6b1b984786cf496fe77296c967ea221306193de18c2ca119b544c8cc6a06a147eda27cf722f83b4d1cca363aa4f248a8874b1c7547b128116dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
34KB

MD5
61b800cd442cfe1f5db18e94d3242d60

SHA1
ba43185b974623ccd1365caa3c841c9df1d1548f

SHA256
d8dc25cfb5cbd4db10b4a775178cbbdfe81f0d4748ee4de22d11e7caa8939838

SHA512
5ff7eec2c29c05b4fdd2000cfdada10c11ad4fa38ed7e6edb1201c244ed7f1bb30c8c1d68c05e034e8231996ee43b7e4ea4f8dd5e94ce1d24f81cf8a0188fed3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
20KB

MD5
389f114901145075c3050bf5e04c20fe

SHA1
a5a65770ff185d29ef2694cfe088d7c8168f9057

SHA256
5a5511b9033db8a34db4c6b1a1dbda80e9000fae5e4fc0ea3b47c0c5ef08744d

SHA512
df170a6bc131e877139efb27a344502a7830dc0cc0fe19c7ab0a08afa1d0fb69700c6b319e0d0c0956ad140ad5e9501d700661ed353bb2b7566ee5c19180bc26

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
57KB

MD5
ed22823de7c0140dd9f7c250fdce78c4

SHA1
72693490f68fd1b233df42cb91d8ce1613160b6c

SHA256
eed0945c15d2b6ee298f384046451005769e81b422f25f891f3adcdaa0be4235

SHA512
428a170bd2c9ab36ee805304d9bc47be4aca68475b499c56eb94e570b4e968055ac90c5f80062555594b3e77fdab9c701bc00b54497dcab4672a7a796454788d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
26KB

MD5
2284b77e56ce53ff63f249f33c6ae6b8

SHA1
34c5740e0b0a0952d938fc372060e3f7eb3168c6

SHA256
29f29ea685f1e099b960e5d959f0e5482d3ea1e56638e830c1dd1bb5c15752d0

SHA512
df3673b3d89184de1bff69a52b38b0fa343f977d4f64e255cc46234a62a7a5058c2525ddf113fe83780c5872bc44adf20e2af5e8ab340072e525d86cda088d23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000e

Filesize
49KB

MD5
bcc70fb80960b73a974b9139caa2f719

SHA1
4bef6a4f591c1f4ea1aaa22b39289e34f3102522

SHA256
35384d6ee86f9354ccfdd995fbe91b71c137f8786ef206706b469912f4906b14

SHA512
90027b3a41bba27756c4af13af3d61497f946711e801646a642ed43779a2f7a3976b18dd5791ccf6d802649f50b931b1dc805c9884ad43b8cb673001d54dcd36

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000f

Filesize
38KB

MD5
f2195fd722f8fb8ab696bd451dd4c742

SHA1
c6c1d565b7e835c35fc0414b2c3fcadf795a5fd0

SHA256
d323ba89b3c27ac95c12c92d8cbf5f7c3f6c058264758f9be9e2f36529951ad9

SHA512
c5b2bb6001248287db74e6b7c713d0faa3fee102b848ade0a525c0bd922642f19c3e685f347b5fa7defb6418c59815d2ac2901dd50fd062e06f2b1a5bc7145c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000010

Filesize
42KB

MD5
85be1d590c4c756e2129a46e6674da67

SHA1
40db350cd27e66ed8ae9deb84ae644ccb14ddcf5

SHA256
67eb3216b88c4a65f20aa1398f577ac1feed46e602b531486af9e88cf349ad60

SHA512
3da6883706ac53eacf5f56f6dfe60d83426c5120e3fe22ef796e923832b65d283505fefbaf0ae6b0eaa63ecb5145b27b384470bfb5cf715abe81ccd6acf3f5b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000011

Filesize
48KB

MD5
3214f6ac8339a9ba7b6e74b6c3764649

SHA1
636d8c70360a1adeb7ab34d2ff9cb4262f77bbc2

SHA256
977bd52fecd4cf2ddba6b7c9ad3096c3b479995610cf4722399d9bff5644ba3b

SHA512
9bb4ec55e2ee6aec7228be10e1fb2345b7ea9898a21b10d88e11da76293e4e7753b09a07252c5810b6ee39134bc873c06892b715742d62b900118bb8abc872d0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
56KB

MD5
fc9ad2ed552b42d072fe4ab9a75566aa

SHA1
fad473e9ec61b58a1286e5fac34099721cc67456

SHA256
110bc4009e2da00edd45f67a83530935d1cf4d7837bc6f6987c6a6ccecc51807

SHA512
40e53b1f4aa97bf1bd408731ab42a185208db82d8a18708d7e3fe66fc0912a7ad9f43d180ae1eab202cdc610a7d30bf162fd7602c4143a81b48b56d5fec3f0fc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000013

Filesize
59KB

MD5
ccec4606fcb02a4aeb90818c93ce9dfe

SHA1
ee6700ace5f6fed89bc76ef2bedc4ef87a273217

SHA256
120aab6a561da0985bbd63494f306626a51b50bb9cbdaa6fc4d6eccad1e3c863

SHA512
34f3d374420e2f75bfc0767eaff097ec89d0d7ceeb9e04c45abfe9e7698fb4340d73e56e3ac63f81855f2af5d34d5c04fccc0b4a1fc5dab9d697c722dbaef12e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
52KB

MD5
d74218098419c509bfbe13fe8c5520d1

SHA1
eb0f1e3b7462ab6202fea8733fb207503a33ad87

SHA256
70eb45e55d184aa7b3c3a47f9f47c09c54ddc585493d5d11e494dffcea3eda30

SHA512
2391315ce32e764aa4e1df7d1d57e280cb461a4c957b350516335c3ee1a51ae29720912bed981cb0bcf00ccb9f271dc47a548ff0b8f4cb1311ad8fa79d0f9b87

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
43KB

MD5
41904a830057d4e89749487d2ff63a29

SHA1
1929b28f21d4f75693c15dd73a9e302bbe8f52d9

SHA256
43e5949b0473527586eadf7cfb87835a04569477ce910084f295523d6c5871b3

SHA512
3075a77eba42dc10cddd552deb17f1d1b88944710378936e3f2b2933dc80efdad16e99731ec43168971f19e6d595b1969c72fafc07b29aa3f24d25d1a706d9f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
44KB

MD5
d030a18a90db9e73a04198d33deb3ae0

SHA1
9d189cb957eddb3281068ba7849168c9c7f80c9c

SHA256
cfb96ee0dac60555fa43d9a1aba289342a6b674808ddfd36c3bb46fd81f4d3c1

SHA512
8afa0132028cca41148849b39f7b4b935e624f416caf5c7cb6fdc9b735961f052db69b13b14778cb2649e1e693fb36d024f836110988a7f7bb2173b348d6f0e5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
41KB

MD5
faf125f555a95351f8d4b2abe4e5ee7b

SHA1
515b7d60900ae9f0f47ed9dda8246b086dc897b1

SHA256
4a38cb65da034017b759332fe67ad1b904002eddb749cd6ed493cc36fb16126a

SHA512
1672fa37c210608777e57a1dc44de6a088e163ed4fc9e270e5930f2d936a659a7057dc6217c0dbcf724fe96e59014aab50e466c06e4ba57fb8f134d247d6ee9f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
43KB

MD5
b35d678aebe4a2cc4b19374fc4c7c189

SHA1
08b7f8acf58dd90d393823d33cf48d2040e39440

SHA256
44f421a5f074eec62f3140abb59c59dcb69e70b078abdf59f64a4264a2a72c22

SHA512
57f225aafe5d0623edaeb24a03d032f73b64385254879c63572192624cfeb3ac1499fc2470eee85db1cab0d29145e8f15cd988c448ab2b25c8831cfa669f5168

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001f

Filesize
70KB

MD5
7098d408e81a251dcce5abe2a63567a1

SHA1
4a4d3d54ceed0ef0bed8bcdd9ddec4c56970337b

SHA256
fac2486e85830b56c69b708af77bccfdf8d3d9e28559c0e93a043da113b173f2

SHA512
1f0fdae28322404bda4d93769ba66a5c8c5df2e46bf3ef18dd706d5396589af10d07446804fe4a77442e374b56b7c1ea2749fe0400928407a5249bea13cf3faf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
f61a9b15702692fbddd4cc88a0cfb2ed

SHA1
8f3f2fe1d7fe6b999512ee5d726cc4da37c8e41b

SHA256
d89e983c46ee69165ba2a3e9d991a5f23c38f8aa2d1d5c759db66d478ab7652f

SHA512
bb5765f5c0db50a30fb03a2d03621b21343b22a96fee6739754544e790f3d3991daa2ec8cbc2de954a7d45c4159c2fefacc73be6ef66443b5183269a747f903c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
94d9efc2200b4a3f17e361c368069c70

SHA1
1407588ed50219b60f8cfc4dd8e843a1b00865db

SHA256
c39901b841e31bcb5802ca2ff98e417ac1a3681bc45615ad7a128c7ed725b8ac

SHA512
d7dcfe442196c37fdf0fbaa620babff0feafa199e6a77b8be210228ae42899b7db8c3e277ce839ab0164bd5f1e0b588e584942d8e549913824e39bf24dd38c15

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
96afc8e7ef501ef39b6c80da494d0dd4

SHA1
6931420b1dd096a7c064d7a4f7baeed3a0a65faa

SHA256
3d7e9aec3ec69125eb99c554e9f8ae7c0412864a8a5449805b3b449ea499757a

SHA512
136672f8dde4349672ff3211beb8d61c70fa600ed09fc267d2dd14b1f0deeecf457954c9276dd4aad31f63ea4203bd597e3d911977b8f5ba7b601345d2fa4539

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
98499b0e3710780aeefcb5d6cae2d558

SHA1
11d002df11b55cb855e0a8f4483392b1283d379f

SHA256
8b3d9bc4187b1a0b8a5133932b0b2f5e9ce631783190ce326320b80db1c8b6d8

SHA512
f3e0152e595e5a92e5f35095b6cd30b3309c66b788b7cce59e3c52cfab707b42a7ddda4f468bdfbc56cb57e7efe0492a26b7d4a57fe50fc45b83236e8034c451

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
cb646a0de5c675b8307db2285633c61b

SHA1
9613bfec1bf2540a70283ac721d3425c1b2a96e7

SHA256
ff6456b6a5bb6a268c1a5ed4ee3e9b1e8c687e67af5145f3c8fabf78751b265a

SHA512
39c6fef9bdd893cfdd624eff24bc98925e2d3f8b379158f608f2e62578558bc3988c791037a32e53dda894a1b7aac89546a084205b05ab0a745c2cfbff792efa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Favicons

Filesize
20KB

MD5
ad58ea34c2983e1d2462828421d2b388

SHA1
e93d02cdfe6b4a18b60f202fcc7da57367474f0b

SHA256
89127b2a61d71ab4068729e8c67757d64fa1efc8752849db8053d55b9cd594de

SHA512
81f4684b52b5aa16d0e6b48be6e801f68e5a64162b259e17fe5fc6f8b07ef82a45705065db74736e84d6db15e5b392927a08bd7998ddedaeff4361db66c9b99b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\History

Filesize
160KB

MD5
eecfa540d68041ac7354f1fe77d97cbe

SHA1
bb6a43ecfdc123d857c8413f6bb861babe7fe9a2

SHA256
991b146a3bac0e91e591174d67373d2ffce3ab5ef4d069a64f168729334530fb

SHA512
27961703d4c0d400ccca0731246bcc2255dd7cac19147f44df7016f0a180708de219c8af45b44f807689d7f03fae7fb17650559ab847f816ae35cb5111bd8507

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies

Filesize
20KB

MD5
d220d605beda0fd3e60cfbfb1b518d65

SHA1
748fafbfc6d6e2522ddc70aa7ab96ae86e376dcd

SHA256
08dd8d01b556d964930553343541fdc2a82ee849542b5658ebb71714696989dd

SHA512
478abfc9262765d0de1a4cdb51bf7657ec93c1dabb5048d2e9be437c44feda98a0b5b9a8ce8a972989a0987f4fa7112cc5becd326d2519d2916ab189980973bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
9a922c36f6fadca81e7836771a868f37

SHA1
7a1ecb062f85c7af457990e9a15b268b2006d6b4

SHA256
1f301bda6423bfe0b85e0fe466d648034ab63a51de0f23955575803b6864462d

SHA512
d25feadb3d6ac1d28dcdfb8e5646ee7e9b4b1c88ec85e6a54b61ec731ee3d1534504aa88e4e21f334f4e2dea3bb02e294cae8e9aa43df8ad5d11b305416c112f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b79b1933a7fce2d32d255532cc601c54

SHA1
01a41ed829fcdb0c7de2a40bbdcd41ebffff3ad3

SHA256
ad0e8f5b475b7d8c1db7cf456037c23f498e686be73a680ae964362bd30e6bcf

SHA512
da6023bc17e7d42a5ae457e0af5851078a202659bf6607b949e6a143de6e04c38ece54715a4ebab34262ec62efecc4dc31e09800a72c8406a56cb4c20a19d99f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
3932122ffb0e1c4ddd41fed5839fb3e5

SHA1
403400fbbc344543087264decb65b0eae3364196

SHA256
a7f29ab51334a7447ad4920e42474df10ba8a0d7f254cae244682b3a030223cd

SHA512
9d0c9362f9b43e1e81f9091b8d77c59bcf8b9c160a4da773d679c09249d69ffde3acc00dfdca2096f4f1e3081baf27e357b93450228dd6e624debe4f65fbb757

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
9KB

MD5
111dbd2f9f45a9aa3872563988aa4ec5

SHA1
1a6a14bc3f6118fa0ab53598ffbdbd9125e78029

SHA256
ce5f3b07830e156f72494956f45243ffa243e444d656e4e8e9c607022e2a99a3

SHA512
76514435461b9ef1449f7657f2ff5cfd0101dda9df1b199016c2ba019ed5e5b584d3335dc14956131ef8845e24187797b448be54f117f9e2cb21b8bbbaf16295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
b9581dae7c67b6acdde7b01c7a6709eb

SHA1
3fe0b147ac7d8ca0d337b21eb17a94b8eeb561b9

SHA256
814615990649f18a5b9f33e2d07d6135b4f1794ffc3787a1c24e3fdde5033f88

SHA512
e9d80ad55c3cb3e4ef1cacc1942f6a8436d9a105f948d1ed0944863be6d2c2a7d2d0760c2fa3278e24078d4142b27ae85bcac4c6512c934124c98c2fd2365ece

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
11c8a83b85334ac8a6cb58ce13cbae1d

SHA1
dbaf4187ec4ee4bbc3a5352a21f3f1646e0dccf9

SHA256
529429caa7134ebbdd1e850b911dcb946851fcb88933b1047d67c08f6b6787fc

SHA512
8ae2ba4e0de65c4142c3c8cf7fe97b6ae817ca3254a5cbe7e3492b47e7db2ad9223987f00819b8b111df3781d8c1f781cf028fbfc468f4f379bb192299b812ef

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
64597926e43b6ba8c385baf309e8566f

SHA1
cf9140a7650f033f95e9ff1760f6fdcea6810c47

SHA256
f460793e01b0623f54dd0ee145bad41264f2cebd43afed4fc8e3d0c32645c447

SHA512
65d789ffa9d80e0fa08359528847b99e01d4efbc5c4652b7adeb3a2827059572f55bbd9d6b48509fb55e1a274bb75b454a97f78e3d97c0d0b345f933e68e5b3b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL

Filesize
36KB

MD5
716a0c45a8e06dfdcf50a63eb39d5810

SHA1
a60a047d5435bc1149b2eb2c9a3bdeff9d1740a4

SHA256
7fbcdc0e2031013ce1f58dc2845f91e2ee7d9352c5721bace940e765eb748f27

SHA512
f6e699057f92d0d294516cb2d10f0eb344ce9f9e5f598df75916f1d1ede2f9516291af4c3796dbdeeeb55c2a85ae6cfb57c73b48143850087c875303750020b6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
b267c9e66ea049386759ecf84a58d456

SHA1
e94607f9b55d0d4b4a49aab1094a435fb58e30c1

SHA256
f21ef1786bc47d2aca1756d06f5205b11b143f90d7412240adf9422e4847d951

SHA512
265556c06fe646c0a1036f7643c22e2519dbb6fa20bf74b3b42912cc10e0c29a7f1401c1a2889dd727ed4d0c55a74e7da5c91fa0c3ca35cf7379e6f237fd0d04

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
ae20584060720b779b61ba7ac4a67f3b

SHA1
80a7ddf3f80e0b9a7a72a27c952e62880b0e304f

SHA256
1fc4bd5472035cd34eab47259e3e8678a437e97fc74ac1bf9c65d7b9493e45ab

SHA512
7e330e01df001b2c5615e374bd43b13742a2190c26f1ef4d3ce107f614df70fb3c0c6789d7b253bf1942a8a13915583cbfa3e07510cb8f0161cdc940e206f326

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d14aa9268b60b8110a6d23b5454dd01f

SHA1
b8f4a3b4a166e78c5bb9b47c449fd7a351aa12e2

SHA256
15b2f859e512d9f917b962e485f772300f543ced429c871390457df9009a4d31

SHA512
6c4f9a8fda34ff3ddaa83fc919bc00a5e11932ecac05ff6b2601d040d2c2198f3d4d07f9469efed077118d431c4e8ca79335dd588b676e6c5c933e632a4c5264

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
cac60f49680139e9ecf42bf84bd4e423

SHA1
644f5a3eaf88ddd0047fe5aa907d98f45fb8258f

SHA256
e16d1dccf7aeb2202ab7d61ffe7c711926f11eaa1a01963b8395425a97ffa37e

SHA512
588ec5cfe029fd2f820e31c6cc7c1c5849444148813402abef7fe72d3279a57a7d7e4728b39deffe0117c457d73480bc666ff8bcd7171af0fe37c3189540db50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
7f1a61b007329b6ec89f843816cdfed7

SHA1
dce381ccf4340ddcf22b2440cc1722062af3e29c

SHA256
213d08cb4c22e0b211db66b9f1edeb238604f454d3fdb9f1060d5a9e8ed60986

SHA512
8fb9d22351b65f5c948b8932bd26b8ad29962d6f350215946ef43002021d7625e827550cc3f8372b4bc405be3d2d3d6cb5f05e7ecc6a78988e3c3b41cd0593bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9253fb4c5b6d9eaa050f3850b2a7423a

SHA1
5352778e8f56e37c590692948e2823e9edceda01

SHA256
203b47fe3554bcd5672846ce692ec9b079ed38c89473b0dec4ee517dd4160df8

SHA512
2e6b76374e6f4b3480a3ba75907308b0f1c14d00e7be624eb492118d014f08539ffc8714d5a23e408a1aeed1acc288a036e6ed79b2881309147e6ba8097547af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
3a04e0dfa4af94e2a62bac564f502e3f

SHA1
321e8a44da259f00cdb889b482b70cf3dcce4e1c

SHA256
128399c2f2583db56164ed8c1f6922bc914b96bada8924e85f12b384d55f45a0

SHA512
b7d5f52e1bec46c6b21b7d4dcfcfb683d32e4960a6b957d7d83dd6360abc65d4e78479dc3b48f925c4741b69316c2843e600eb6e726379e025d43e6f7033a2e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c95b731e0f9ed83f296b62c35c920d40

SHA1
448d3d15b296304609a8004bf2e10d5d692747d0

SHA256
54df9a83864cfe9382be98a23d01c30958e938722b44961d586c6f0435d09a32

SHA512
6a831f511d31421ba893d1e8906457d02f498dd3b5d6d1bd0477c7f9573d5ff2985f276d5769f5b7050dfe18dff41eaa4fb2acf8b5e10083337b37252424a8df

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
560b79efbcba1cbc5745b15335924873

SHA1
5de06252ff5b2041ee7240fa92193ede8193f368

SHA256
14d63cec0452ff14bd1f7b5337e75282a41466f5f8b2cb21bae0e9a52fa00f1f

SHA512
1dae3673bf61d801b5f8664900b2bf5ba6a4dccda57f91ac6e5c6917fbb97fec53c72d412285dc08d9bb256c564afa40ae921859f44cb0e23aef8143cfe4189b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6de5129a66629bd5ddce351173f7e654

SHA1
bbe33406ac87f1f32ced10ac8e010f482c3fbf32

SHA256
25410f1d43c700f1c9f9ecd183f5c16101fcc7411449fcfd72ae539fe0869e88

SHA512
ba6b90082909863ba4a86167db00f2bb3200574b92782caa26cb68431624c415710036482c7b78be1fde34a875b1d8d7544754884ba2e5dccd310ca5a1e28188

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a465972c1ed5f5271ce68b8b4a7c1c30

SHA1
91c0953929e35fe96e2ac5dfb39133fa8f2fcca9

SHA256
6d7b7553ef3e43283fb0fe72101f1dd495f16ff3e3c9fd3d03e70b3efea7705a

SHA512
0303c7dfa5d61366d7a55762f120f5d014c9e61e4f4580af0fae48f7e51d9a356db1d4b369038b56fcf6607dc84a370f1451f643eb052115c0797eb2fca1c82a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
f6c5569229ab656d94f5b809fd04b250

SHA1
bc0a3cc06ed4c419fb62fdbc8d98b1a7ea4ae7c2

SHA256
30599b5ccbb8999aa5361fb6d9b2cce26f270b33f79801470c353e1f9c108a04

SHA512
9fafec2a6c2190f5dbfe88780cbbd363afd2fb0c51e6c2a70d717926a74653c9a2ce9dba55bbeb996cf476ca77541e0238e444b17569f6823f78fcf9cc822c4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c5b5f45211ee7f55dd6a80a3e4a6c6f6

SHA1
2b775495c2ba7431110d47f0d724d3d8c95d1073

SHA256
f914a0bffb807d1b5cbff81a16160cfb375f2ba1ee70cda3539e227e342b0fa3

SHA512
66b945d810894aba7e553621a2e9050a1fb030842ca18c5d00cfd243840e8f3f9427a53f0d441fdd80b6be6423488329cb9ed1e33293d86256981eb6aa8b070b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
600da5641e8cc627239568654314a849

SHA1
13da9754f3bf504fe9c13c644dc7ff5cb8e1544e

SHA256
b730b2ce846273c99cf3b633950ccb3a81b17e6ec6e47ced03d37232dc7db2e8

SHA512
e05bfdaa6c2819bf0389cd6702b97aef76c7167286c1110887fee5ad8a0c7988f66c59c4b2036d446cd90724d3e587a797657822c2311bab33687200bbb4f295

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
34d7b36abd86ceddfaca6eb1ec634634

SHA1
acbe2331566943bbc9d69aa5017d4152d78ad96f

SHA256
8adae52d4a68ca5b982ea9833c2489c2e868e08a25fba03e459057254cc36f48

SHA512
8d60e39523d6f657b6b87a415924fbe907009ced2f1b7185b6e79e80cc88e03f8980478f6a60d9fca1dd266e023b86ab76a42ea1f2aa250ec397d2f6ee87b13f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4cc9a2b28b1bc1707b9922fbb7ba1360

SHA1
3b497ad548d7fbccc978b82e6a256243f2d4f2a6

SHA256
c3f8ed493c0bf82470b8e90996164d2ec33b2cae3e3f5beb9cd46b2578c4d224

SHA512
3f32f63187a5a8c1610067e9863cde8ff2c0f9810e377705b4a82422022cbf17d4f2c8c2befe8120cf40110d7dd2a17e6b0fee9c11e8efba77999bc5f19e877f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
767b6710e6855923b472a1a23881d6af

SHA1
32ad7afbe1d08cedb963c44f7f8e3d371bccf724

SHA256
b08751f7fbe7a3e7d907e713535d0c3fda16209e4facdb2123eb7c8e15a5aa1f

SHA512
bf13afd0411914386a6aec70ee6377ce5e5b975ce4ac634c759f06024d0903746534ac6741fbe4bd585bb58aaf6f48cf490ec952563b5ee7c4498201956c521b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
4b6bc043620b17e33eb5277aaf548813

SHA1
5493725af0aac721bdb0b8a11160b56933a3566d

SHA256
c6f26811818ba0b85709d647b8c69953c95b15fc335ad0a6ec3fe32109369fce

SHA512
793a269dcfe8112314f5cd72fb4afd845d65a842791f67a2704a02da9a8df1648869237cb78917a8da79175876bf27409773d91aa51801cfe23eabf9aa84ad42

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
52d611998849a4a1f4803cb38feeea1a

SHA1
01ad4ae034183aa2555bb0ade097515a0a841eb9

SHA256
7dbce5564fe1b7cf2b0a26b00ff952ae1b9b4f3173ff90bfee80f95617229932

SHA512
e69bb08e058cbabaa1bc49e139651ce58cfcfc256a962269280aaccf797f8f1043ae209fe64531f6cbb0af8355f917fae7487d9a323aa74b2139e89401121745

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b4814769a7718d036589f86f21a576b4

SHA1
e4b6d26d2ee7ebc67c4539d946b6a4381a3f0650

SHA256
82ae5ebf5e35b4b7dfcc88fc40e7e30ccbdd0bee2f99ea8f4463a6cf344b01c6

SHA512
391a273596a53bdfb45478eeb502fcf8ef28bf67599cd0755a6159ab8f7ab5c03e6658eeb0f8881b27de57c24f201e6c4c364ace00afd591d66ec4eb62389243

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
86f8aee34b4d436110050ce2eb12c8a4

SHA1
03b501de9511f6fce429bb83f79e666f166ee231

SHA256
1e8d818a131a257e6995123ac3a64e19899de6f9b36d2970df2688b0b78c0a00

SHA512
f1255e2b3ad8ef79296bc7ba55a33f94f597cd2fe9c918c878d5492c6b9b4a00dd518a9562d9cbb50ac04438553654fecec5204dd1bd3a04a81381ff4f7d8dd5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ca8513787199155db04af9ed976cbe1

SHA1
48116c9440414519fea8b61fd296c40a7a08764a

SHA256
e5ab1a15a9484a3a821ef00bf77d78a5beb7af3360436b2fd5999c23525cb28a

SHA512
0768a0a4db64ec9e30ba4f8711bb2587cb01db49f2a5bb7171a3748ae0504d0c1e90af30f363789eef4e566097ea8d83b94061430b0292df9abbe1deb7fc76cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
131af7d546fbfaf91155315a4ec9331b

SHA1
cda66e101885e72584975b7b6c146f3435a06875

SHA256
cb676818e1bf7a7bd595c4229b26a4d746a7aebc1216176eb3ec3477fffc2907

SHA512
aae6f30cc39552eb8c1ed17459be042d05c75c49210e4ce3a73dbb9ab16afae418098884c4fc9506e08c9b7a34d3ceef6e7d4d82ad9db9ec8b317e5726782614

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fca8c5a9b39ce4004144129d6bafc161

SHA1
a0153bbd0b9f55ea9ff276183fb5a869770d6d8b

SHA256
ebc6e1b97a6772a85d0734ae5caf403eb92b23e9e5a817d0aec4aa972fb45604

SHA512
59fe946f1c1e8964dd04dd1b9bd9e2ce563182bb9c5bb10cd109b976b7c420e95a0123b097158891306d9e556409b677e6e5ba185f5c2305d149ee7998c49acb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
9e7918fb584676f2e623475b7f0ee2fc

SHA1
5dcd10e2e0f0e55b4b37f7f8f23227b78c8506f6

SHA256
994641a6e05f25c092572c9145edb3cda51d8c5a5caa2d69227355272de7afe1

SHA512
e58ac6cf3431019dce6ea2e961045796824d815f695fc2fa2f3e67f872cc75f3f3c8425c6c5eaf84ed939970db72c22de740c2a2bcefeb7b36c2dc3bddd92c1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
556fd0d1ad5604f899fcd536f4f42b28

SHA1
c8d71e029e9bb793ee64ded84da6f1a10aef38ef

SHA256
3e9bc5cf2ce691535375023cb113dd93301a190e71ffb5f203cbecabfec420a6

SHA512
7938383b4014f561ee43e9370d0ab571f145df98f6c68010dba79f6904c68cea2f8cca6ab3b26c261a526b6e767abae23fdede5b060d6250b60da639e6c55894

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a6a1b8d982210b70310b3d58f40a99b3

SHA1
e371acfceba8868c5a6abae585b5ae2cbd4ced16

SHA256
b250ace16ca55930cd3107d5868d8968e8ce396aa48901b6d8e3a72acbe5aca1

SHA512
a40c43a10fef51796e8ddc733fc3c60dc0bc01224d15a344ea0751a3487813b6c222bdebdaa159290b8101ea49319b367b501c07eddb421618fba29d90015268

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
5b81ffd0decf179fc361e64d2e6d4ab6

SHA1
8cec0e7933e5e86ca513a4a40ab0bf035920854b

SHA256
7c3a2d988eba4d1d2aa5a0f97c5587f1046dca5f06b18baa92d374891a8f80ca

SHA512
2f3896b1d4631579c606e8bd4568ea4bdb00dc430ac221e701af6c5552c85fc0739b1f6eaec90c99cf51ecd9c80c437e01998300fb22260b8d43ea99b6421bb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5b71f7088cd5201b106cc30753865f07

SHA1
3642bde0a24267f6d111b91e88f6ce6000125cc7

SHA256
e727f08be800a484d949b4a5f71d9cd4f6a19040853ff466be20cbc8b6866b89

SHA512
cab2cec4b24cf9f4f8f35f35c6e66e677bef94332d00a5175e7af8f90d2ad6926bd70a48ce6064cf9e853f99cf257c91de5864a6b653691733c76ff7a0995191

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
c1482e73b654b401a004e8a81ded312f

SHA1
062869457c4505f58fd3feb169d175e760e8ea30

SHA256
aab3f06e04581b06d8ac42c490b8fe11d6529e3d4dfaf4d16a5f7ebcaa560a62

SHA512
b2726d67907b4c9e864852e7e13f1fdea39155ec1a8cc60483e0b184f0b7e16207efa67d9fabe1109d6c17c882921d154518f7c4b91a01ca27bb9383cf722bed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e148e8b900ef8a3a58b0d09d87296d3d

SHA1
f6165bb7d6d81fdbc386af963ff8a8a832448c2c

SHA256
92e465f9b9cdeec03a379f3d636c29d0ec41d4f0c0d649fbabb7fce12a5fdfd9

SHA512
770e2c208ca05a599e0b19b8e04225abae3106d2dbffc3d131ae2cd2f49b027e164f07f834341e864c9231cbf49f34df30f97ecec903bd56af7aa2e152ed8450

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5a7fe79ba136d7bace891917416e7d6f

SHA1
185a03d663bcd5f362a45a8dcace3add421592fb

SHA256
b305ed910df7092765d65b5cb46136e8e9bfc2d0606b87f9de59fade75d296c5

SHA512
9c939a6a3ba040d05dad8c964c5754ade14db7b1c54d7afc21f6d434544d9b89573c79b0b1f78813e1f096e643df1568f796ab779125aea8b76259a228b8ba11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
11KB

MD5
817e8a518908fe95db81244f38dc1fe4

SHA1
338470c255cabff165a1f62847f9704f60b50cdf

SHA256
69fbede0b1c2cc5bdff3726c2b25ca9037ac0325c80ecf585c629e2c566df66a

SHA512
ac90f0c2ae1e0ab4925475a7407138b37150cd18d24cf1847bdceb0457356174df71b5b061da3dea7e233bf16f6225cc55d1229106b8868fac88543f04dd1b33

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
17a7c2240bb9633d157b1c3b36e719c9

SHA1
61709108e51e708a5501129afcab8965684e0e1f

SHA256
7898152b7e3e95f180ce78d83339196bb8f70e15861c7075e940a36ddcee9f6b

SHA512
0257532336affcf17a048f30c635319cd148f293b50a514bb0ef477f49a0bda976f171a2c841f27b58b2654253e400ff1644f362bcfb2f27ff8ac5923f0ead43

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\Database\LOG

Filesize
333B

MD5
b3cc54432641bcca0d54340738ef38fc

SHA1
816f1e38c334d963c3eddf68a88c63dd3bd2c69f

SHA256
3043973700aa13dc961955d657dec0757a218c01dc4adae7d7a872f84d4bd6c8

SHA512
7a345069b36ec22275743d132440243e844c943bed37e4f2caa55281923c5eadc17c7003c209593f37b9daea4433b77ee774f281e8b33c74a144750d48b8aa8b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG

Filesize
324B

MD5
1d2acaea7a85798e99701f29fb33f530

SHA1
2c0c114aaf16be9b85f4e074946736bc6edacd8c

SHA256
0aab29f9dc4a493051b80640dc1954167967ac3b00ef33d36232433ea213e491

SHA512
27c41f707df1e0617ba976f0052b185f34138c02ba6b72ae4a8fdc605f6efd51602879fb227a779a48b89da9f73fd3b0245b6bc26adf2de2083a91369f565902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Visited Links

Filesize
128KB

MD5
16bb829275fc68b545bcb1eaf0aada2d

SHA1
dd7f9df3b15cadf5d2fa6894127327da85cb5f2f

SHA256
9b4b0f6ffbdc80eff02b11e3cddd74ffd1d49ff5b9f9e0befcc57d7e0930b613

SHA512
23a5646e73a1d93b0f317ab207cac54a9c74f8cdfa106d930a32272dc0287cbd0e9b26bff5cf63143eca9e6813f5db4dc68de7f364558e127feb9727dda33c12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Data

Filesize
114KB

MD5
ada6f460c1091255eaa0da8fa31b46e9

SHA1
bcc215a739391fa9ea65484838ad400e74e67b4e

SHA256
7d06ee8c702172d41a9f7dd76d8acccd41833c510c76e1c38e8a37b714cf27e8

SHA512
49b75f99e438be9a105ab8ed836876b00249e9546bea95f08450fa563f1b46ec3d650b903b5fbfea23e4bc3bdf75506e17417010a1f333dff234cd9eb7e95128

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt

Filesize
76B

MD5
a7a2f6dbe4e14a9267f786d0d5e06097

SHA1
5513aebb0bda58551acacbfc338d903316851a7b

SHA256
dd9045ea2f3beaf0282320db70fdf395854071bf212ad747e8765837ec390cbc

SHA512
aa5d81e7ee3a646afec55aee5435dc84fe06d84d3e7e1c45c934f258292c0c4dc2f2853a13d2f2b37a98fe2f1dcc7639eacf51b09e7dcccb2e29c2cbd3ba1835

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\WebStorage\2\CacheStorage\index.txt~RFe679d8a.TMP

Filesize
140B

MD5
6ec8b9aa9e920f61d159593593cec931

SHA1
e201ebde7a8c6d5b572566f571c73db4c958bb9b

SHA256
bbc67b0157b9db95c06671ec759ef198f3e60220f5f5a3e0a230495192fc5dd4

SHA512
d0aeb70a09ccc26e6ed0560b84033f00ed943f0808a8d8ec1679e078163119d1daeb9c667d8e2a3c661b193642ca4a4df765436a6e6304b49d195e4d677c3d89

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\e17eabc4-576e-4cd5-8462-9c1a5ef94efc.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Last Version

Filesize
14B

MD5
ef48733031b712ca7027624fff3ab208

SHA1
da4f3812e6afc4b90d2185f4709dfbb6b47714fa

SHA256
c9ce8dbbe51a4131073db3d6ceef1e11eaca6308ad88a86125f221102d2cee99

SHA512
ce3a5a429e3796977a8019f47806b8c0671b597ead642fcbfbe3144e2b8112d35a9f2250896b7f215d237d0d19c5966caf3fe674165a6d50e14cb2b88c892029

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
1c873ae9791cd500d02be5d0482b97fa

SHA1
b445efc88ee452f7ba8977e981f9115267d85da1

SHA256
c32a82f746896ccc9e6cb63a3950dc5a96ae10b76cf61a24c36415a31ea0d751

SHA512
bde277f1c359674d0c63ba655be57f118648ec1729a320e6c5647c73639635ae9dfafa82e342bcde0a0bc59990d5f6a69dc671cea3dc1f15b0adf5283ab3ffdd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
0212cd59a23334c5a3fbef3ca0cdb400

SHA1
fb484fe6ef4d40f0958a26fa7cdf95aa6cd8731a

SHA256
f83785f325ee9081de52050402e47cb17fce5febd8b9d369f423bbc1f46de653

SHA512
b8f9fe0f73c81346441f8063c00a8bac12e30098e3f8f0a085fe7316dbeef5268e9ebee7fc30707c14f8f08a6176e6d11fcf1b0bd4b4b40204e70810da353495

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
0b0a67611ac5891c475bbe3fe3a62424

SHA1
24949eb8925124de226f99751117a254605db557

SHA256
d0fcc2118a8b9bb278c7578c88384443ca119330f1b5b45176fee9775c0a12d7

SHA512
ef09fa9101e8dfc073acad5ac723ce7651f491651530216f7563d9f8b8fd389839828092880f9d800993abbcf5f05e0958867a8c485331c555e41578760d9cb7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
32ca9270268e60e0787e2920970f3348

SHA1
c400d3831affe483591dc69c12189113e4d1e1f4

SHA256
e777c45aa0d315a8d070e5b8075e16a8d91c6360d66ab645def2514309171bef

SHA512
fa0d4a8324a0b1b200f9736e79b8f5a58dd6b03525f3d8ed2aa20e1626ae2288a613a3e86f3fc5066a19c76a2435576e8ff87cd6e96b8ca8bd8ea06b90557e32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
9bd1cc622e00c160a051d662de1edc60

SHA1
fdcfb73fb89a68220e32340bf5c2c0f3f4f9c93f

SHA256
f6c445265faa59ddcec4317741186f1a2f1312bd1dada6f399661e66f4b14aeb

SHA512
7ad9e89587c258b6609f62459e99483cc4188154d46a7adcdb38bfc7529d204930d0863f35d3da2a999ac9fc57352391a3ae85006e5ff56c53c31ac4ffa7efa8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
e61f3bd9eab3ba2633df4d9fe8ad076c

SHA1
bdbe545cbae3e28bce1e968e73bdddd0f41a1079

SHA256
3e2db122cd7f929d219950770c9f7043c2db97e8ab0c29d821dae7ddc6783256

SHA512
a2293cb20d8262f31a96f8d4574cc3b0384463266f8ec7370187c2627e8ba8d12962d6c04f39028bd5caf9c753710e0ee2f6b857b42312b578e3ec303b599773

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
3fc000de827b93059f0be905ae75e98a

SHA1
d179ac155799c96934a88f19e2a6e315c873e1e2

SHA256
603d18e84f65a0be93f847d0c1132c2c27ca6a779fee374a54c58653e098b07f

SHA512
cbc271a5da25ff850b94da7bb3f2f3543d897f66017090d570633426d73c9fc771576a75e616557588b0d5452ed0944911906c9045ac757c76caec55b6fefdda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
8569a94b3decde5c8b55404894985400

SHA1
e899e90ad08ebac7cbdfe15c553ae3558d6cddb9

SHA256
1a12f7d2a7e52c3134991da861922e9949f86710ffd081f5e4b45d10c86a2b75

SHA512
81b2d616390e1291134eac010cf078fb8d8a94ca8d48837f97be5de6fd89e7cd5857709d52c7d9f23cdd6e2cc9fb1032cf0de8581250d2aa92e19835883b970e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
210KB

MD5
8462afb13cec79370fd0d95172028899

SHA1
f103689c05d68fa8e18593f8bf0d55a5996249d5

SHA256
a5ab708f93d6ee6de676b67c91c376f27655cb3b2147676374706569650cf4b6

SHA512
e735db098fb35a6aaebd63eed6b9d835a5611f035eaae0fe492441e52805fb3d145f9d0b4cd1cbdf5996fbc2cd4fc0ff0c73c5b95c52f7cdd602d33f9772e8f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c9756a4417301a8293857ec07ad698d8

SHA1
0f78c91e8603a46a901fb6014d2d7d632cb77024

SHA256
18bb91927603eaa5ad8eb6fd5e128180ae4035bd9f158e44fbfcc4096bacd9ab

SHA512
7ec4697c5075ee3baf7fdf8b2fd35d50ce5f9b30060757bf3a9ea690a4bee4ab3437ddd3799fef3f5aebc1b5d36530a11b4ac52e908a088d5861780c2d8189b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Variations

Filesize
85B

MD5
bc6142469cd7dadf107be9ad87ea4753

SHA1
72a9aa05003fab742b0e4dc4c5d9eda6b9f7565c

SHA256
b26da4f8c7e283aa74386da0229d66af14a37986b8ca828e054fc932f68dd557

SHA512
47d1a67a16f5dc6d50556c5296e65918f0a2fcad0e8cee5795b100fe8cd89eaf5e1fd67691e8a57af3677883a5d8f104723b1901d11845b286474c8ac56f6182

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\segmentation_platform\ukm_db

Filesize
28KB

MD5
b6ff181ff868d2a77b08f6156f2bfbbf

SHA1
0c03494cd97c20a9734a17cf9b9949bf188cf77c

SHA256
7bcabee0e0a7510e922bed05e75516959ca9db8f7d1d7abdd6eb33ba28dbe0f7

SHA512
33fd8e7cf95503ddda56f027d9a7f409af21dba4f50a2049ce0d03e6260ce9b9ca26b1a22525f20543dcacc97f7033dfa5acc7dcda7a5e72178d5795c650db08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0446fcdd21b016db1f468971fb82a488

SHA1
726b91562bb75f80981f381e3c69d7d832c87c9d

SHA256
62c5dc18b25e758f3508582a7c58bb46b734a774d97fc0e8a20614235caa8222

SHA512
1df7c085042266959f1fe0aedc5f6d40ceba485b54159f51f0c38f17bb250b79ea941b735e1b6faf219f23fe8ab65ac4557f545519d52d5416b89ad0f9047a31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9b008261dda31857d68792b46af6dd6d

SHA1
e82dc88e2d1da2df7cb19d79a0346b9bb90d52b3

SHA256
9ac598d4f8170f7e475d84103aead9e3c23d5f2d292741a7f56a17bde8b6f7da

SHA512
78853091403a06beeec4998e2e3a4342111895ffd485f7f7cd367741a4883f7a25864cba00a6c86f27dc0c9ce9d04f08011ecc40c8ae9383d33274739ac39f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c528784aeedb5eb7ce0fed764cfbd2c

SHA1
6e1dfdaa9ecaf1ef285332677e7c2dbe45508acd

SHA256
4293a0702aac67d4d3ee0f3ae5c787f7fb66680b8d3af82a953c904a2379f89a

SHA512
755b2e2c3b973a898b506f8f97506eda139cad0e8b833a1dd21bc64de4b28bb6294fd3aeacc534ea36f4753a65135fb50ca348935b64f9b93f02a956d5376606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
fc08d94aee3198258b7facf52564ea5d

SHA1
e2e87c7535ba3003dea6763c87bd05f082514751

SHA256
48c9945282d6367925dcb8a593f484fc30da595afbf6dd29928032aac2a57803

SHA512
eb5fd3f22b99a85c2083c30b0aba0fbd93e5e7bd5791684e5a40b17cb243643890d115323cf5c740c3a35b27e5ddc20a17839b7a9aa40fa2cd7b00092c3ccfde

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
9b6abedf334c529c1956399110d3860f

SHA1
69a4c88b78b87169b49d879daca94f8c19fe7243

SHA256
305580fea4ca6fde5e352f303e7c512429ea9ec9f18b7376ff8dbcc2f7f86750

SHA512
d81c55b3aef53f5b1045b8673612d0cfb4850cb60d581747ce724dec952ae34f41ae394836f10c76f5ea0295dfbf605e3f0cbec08e0f18ac206a08090bad5b29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
083c324a4634d254a28feeaf4701aafd

SHA1
d7db52c59620a6e6ffe2ddf44e8e5514bc028119

SHA256
cfe5f3daba42cdfc7c79cb2e9f1b457ea64be7dd5502a3883b81485a9583b7aa

SHA512
07f50b2ff9a958ae90b7b8295249dc16cf25faa31506a87a88c1140034ca4899e83c91e4d49cc7303c3473e7a47720949ccb7c9866c10100b91fa3c46680a2a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
18a676892ee101edd16d396c2239951e

SHA1
a3de1dbb3e9e845918da57c489c6789044cf67b0

SHA256
400a403f9e43deaaafe55297ac39b00ba236a516b5c1fd542d8cb381f8b9d9c4

SHA512
fe3aeeb048a98e439ee852fc8e47cffe1d8fa4515c1c562941f268f4e437a820125be2d2a6f8b24718c69bda6395ceadf4788bb3aa78c12834f413932ce27cbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37f5f55346c819366bcb770d9d2a1498

SHA1
71e746d9ec9c6cace3e9880a5cf45b6c0aae27df

SHA256
9d79102702aa1d52b817eca5d418cc4a485a089745b475913b030ae5966b50b0

SHA512
0affee96101d0e6be9fdd72eaa1714dc22b222ebec53685b7cd91d657364d3f377b7293124edb3f797605223d4b12c8d112e9ed5d31466d53df87ca284f1eeb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
a2313ce320bd2114e13dce595b6b1fd8

SHA1
a144ae92e906be12bfbc04f9b9db7195700863fc

SHA256
0287e4701da9fe4a09063b6a6b9e5422ce2a69091ef129311861807e89d54d5c

SHA512
2ceb308125fcc650a4ffb75c7b11513737a4305d961d7c5812b9e898d7556ae396311e17d4b12c7c3373203dbd145ffa74f73a93bdc3cf68020a2f9c569c6ed3

Download Submit
C:\Users\Admin\Downloads\MEMZ-virus-main.zip

Filesize
8KB

MD5
a043dc5c624d091f7c2600dd18b300b7

SHA1
4682f79dabfc6da05441e2b6d820382ff02b4c58

SHA256
0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

SHA512
ee4f691a6c7b6c047bca49723b65e5980a8f83cbbc129ddfd578b855430b78acf3d0e461238739cd64c8a5c9071fe132c10da3ac28085fc978b6a19ee1ca3313

Download Submit
memory/4620-1453-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1457-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1459-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1460-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1461-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1462-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1463-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1458-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1451-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download
memory/4620-1452-0x0000018BE6590000-0x0000018BE6591000-memory.dmp

Filesize
4KB

Download