e802fd8a9566b25ff2063176d894efe655e47cb1c746417691083ba3d6e7d8ec

Resubmissions

07-11-2024 04:41

241107-fa9yssxrhj 10

07-11-2024 04:32

241107-e6a9nsvlat 8

Analysis

max time kernel
445s
max time network
435s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
07-11-2024 04:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Untitled.png
Size

50KB
MD5

8e9c71ce941f1912f41cfaede1db1e24
SHA1

db19ac45731476b950be59a11987a213b768ba50
SHA256

e802fd8a9566b25ff2063176d894efe655e47cb1c746417691083ba3d6e7d8ec
SHA512

07e558d3718ec969ed06ecd499f6ee70871493d5d747b7762c7ef9302ca5faea0bcf89c465b37da88b569369600c918c1ccc4984a82f2b178bbd8b7d88cb09c6
SSDEEP

1536:fTub1Va7luiGYNZ+Q3zTXMscxEI9StVzyZLRT6:r8LaJj2gzL7IMEY

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 9 IoCs

pid	Process
2744	LoveYou.exe
3444	LoveYou (1).exe
3708	MEMZ.exe
2212	MEMZ.exe
1412	MEMZ.exe
4644	MEMZ.exe
3432	MEMZ.exe
4468	MEMZ.exe
3988	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
147	raw.githubusercontent.com
148	raw.githubusercontent.com
149	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Crashpad\metadata	setup.exe
File opened for modification	C:\Program Files\Crashpad\settings.dat	setup.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 27 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mspaint.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LoveYou.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	LoveYou (1).exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	RdrCEF.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	AcroRd32.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 4 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133754276161228084"	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\apk_auto_file\shell\Read\command\ = "\"C:\\Program Files (x86)\\Adobe\\Acrobat Reader DC\\Reader\\AcroRd32.exe\" \"%1\""	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Rev = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\1\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\.apk\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\apk_auto_file\shell\Read	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\apk_auto_file\shell\Read\command	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3442511616-637977696-3186306149-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5544	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2448	chrome.exe
2212	MEMZ.exe
2212	MEMZ.exe
1412	MEMZ.exe
2212	MEMZ.exe
2212	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
2212	MEMZ.exe
2212	MEMZ.exe
1412	MEMZ.exe
4644	MEMZ.exe
4644	MEMZ.exe
4644	MEMZ.exe
4644	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
2212	MEMZ.exe
2212	MEMZ.exe
3432	MEMZ.exe
3432	MEMZ.exe
3432	MEMZ.exe
3432	MEMZ.exe
4468	MEMZ.exe
4468	MEMZ.exe
2212	MEMZ.exe
2212	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
4644	MEMZ.exe
4644	MEMZ.exe
4644	MEMZ.exe
4644	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
2212	MEMZ.exe
2212	MEMZ.exe
4468	MEMZ.exe
4468	MEMZ.exe
3432	MEMZ.exe
3432	MEMZ.exe
4468	MEMZ.exe
3432	MEMZ.exe
4468	MEMZ.exe
3432	MEMZ.exe
2212	MEMZ.exe
1412	MEMZ.exe
2212	MEMZ.exe
1412	MEMZ.exe
4644	MEMZ.exe
4644	MEMZ.exe
2212	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
2212	MEMZ.exe
3432	MEMZ.exe
4468	MEMZ.exe
3432	MEMZ.exe
4468	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4272	OpenWith.exe
208	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
5252	msedge.exe
5252	msedge.exe
5252	msedge.exe
5252	msedge.exe
5252	msedge.exe
5252	msedge.exe
5252	msedge.exe
5252	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe
4680	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe
Token: SeShutdownPrivilege	2924	chrome.exe
Token: SeCreatePagefilePrivilege	2924	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
2924	chrome.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
208	taskmgr.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe
3896	msedge.exe

Suspicious use of SetWindowsHookEx 51 IoCs

pid	Process
1660	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
4272	OpenWith.exe
860	AcroRd32.exe
860	AcroRd32.exe
860	AcroRd32.exe
860	AcroRd32.exe
860	AcroRd32.exe
832	AcroRd32.exe
832	AcroRd32.exe
832	AcroRd32.exe
832	AcroRd32.exe
5248	mspaint.exe
5248	mspaint.exe
5248	mspaint.exe
5248	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2924 wrote to memory of 1092	2924	chrome.exe	98
PID 2924 wrote to memory of 1092	2924	chrome.exe	98
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 4192	2924	chrome.exe	99
PID 2924 wrote to memory of 3372	2924	chrome.exe	100
PID 2924 wrote to memory of 3372	2924	chrome.exe	100
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101
PID 2924 wrote to memory of 2352	2924	chrome.exe	101

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\Untitled.png
1⤵
PID:4656

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffef0b8cc40,0x7ffef0b8cc4c,0x7ffef0b8cc58
  2⤵
  PID:1092
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1816,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1812 /prefetch:2
  2⤵
  PID:4192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2192,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2236,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2476 /prefetch:8
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3188,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3200 /prefetch:1
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3360,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3748,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3744 /prefetch:1
  2⤵
  PID:1988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4768,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4724 /prefetch:8
  2⤵
  PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4860,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4868 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5084,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4988 /prefetch:8
  2⤵
  PID:4700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4836,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:1016
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4840,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
  2⤵
  PID:3780
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4724,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5144 /prefetch:8
  2⤵
  PID:788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5168,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5100 /prefetch:8
  2⤵
  PID:3700
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4744,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4980 /prefetch:8
  2⤵
  PID:3468
- C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  - Drops file in Program Files directory
  PID:1064
- - C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Program Files\Crashpad" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x284,0x288,0x28c,0x260,0x290,0x7ff6f78b4698,0x7ff6f78b46a4,0x7ff6f78b46b0
    3⤵
    - Drops file in Program Files directory
    PID:4788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5004,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5112 /prefetch:2
  2⤵
  PID:3856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4904,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5360 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=4772,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:1260
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=5940,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5960 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5948,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5996 /prefetch:8
  2⤵
  PID:4368
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Mobile_Legends_Adventure.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:832
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4688
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=BD2B036510C2FB36311020E3CC2E0187 --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=BD2B036510C2FB36311020E3CC2E0187 --renderer-client-id=2 --mojo-platform-channel-handle=1724 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:4172
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=11780D996480CC96A493995B637A8664 --mojo-platform-channel-handle=1972 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4488
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=D9D3E478335D7AA013280E79E2482DFE --mojo-platform-channel-handle=2436 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4196
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A28C7AA9F89EE9FE2B0B028C86B03EBD --mojo-platform-channel-handle=2024 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:4556
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=FE5FE49FE7A8C7F8BFD2C7E00EBF1E53 --mojo-platform-channel-handle=1840 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2328
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6108,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6056 /prefetch:8
  2⤵
  PID:3920
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=6132,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6124 /prefetch:8
  2⤵
  PID:3028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5132,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3856 /prefetch:8
  2⤵
  PID:1284
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4452,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:4864
- C:\Users\Admin\Downloads\LoveYou.exe
  "C:\Users\Admin\Downloads\LoveYou.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5324,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3496 /prefetch:8
  2⤵
  PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4792,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5300 /prefetch:8
  2⤵
  PID:976
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5268,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3464 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4888,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5444 /prefetch:8
  2⤵
  PID:3964
- C:\Users\Admin\Downloads\LoveYou (1).exe
  "C:\Users\Admin\Downloads\LoveYou (1).exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5308,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5172 /prefetch:8
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5420,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4456 /prefetch:8
  2⤵
  PID:1692
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5448,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6112 /prefetch:8
  2⤵
  PID:4948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5456,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  PID:868
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=4816,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=6236 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=6468,i,13462008167500188973,9987692625551049439,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5284 /prefetch:8
  2⤵
  PID:4500
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3708
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2212
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1412
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4644
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3432
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4468
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    PID:3988
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:3944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:3896
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffeed1646f8,0x7ffeed164708,0x7ffeed164718
        5⤵
        
        PID:2504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
        5⤵
        
        PID:3708
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
        5⤵
        
        PID:3504
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
        5⤵
        
        PID:1676
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
        5⤵
        
        PID:736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
        5⤵
        
        PID:1176
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
        5⤵
        
        PID:5312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
        5⤵
        
        PID:5424
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
        5⤵
        
        PID:5760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2192,6690992571157405423,12220630730047755269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
        5⤵
        
        PID:5952
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5404
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:5252
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeed1646f8,0x7ffeed164708,0x7ffeed164718
        5⤵
        
        PID:5560
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2324 /prefetch:2
        5⤵
        
        PID:4856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2516 /prefetch:3
        5⤵
        
        PID:5968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3040 /prefetch:8
        5⤵
        
        PID:6000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
        5⤵
        
        PID:5328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
        5⤵
        
        PID:2076
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
        5⤵
        
        PID:2132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
        5⤵
        
        PID:5640
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
        5⤵
        
        PID:2900
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3620 /prefetch:8
        5⤵
        
        PID:5088
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
        5⤵
        
        PID:3736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
        5⤵
        
        PID:6060
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
        5⤵
        
        PID:5172
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2312,16696453837398588926,746094205032558270,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
        5⤵
        
        PID:5236
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:5248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      PID:4680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x94,0x128,0x7ffeed1646f8,0x7ffeed164708,0x7ffeed164718
        5⤵
        
        PID:6004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
        5⤵
        
        PID:5488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 /prefetch:3
        5⤵
        
        PID:6028
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3044 /prefetch:8
        5⤵
        
        PID:3624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
        5⤵
        
        PID:5312
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
        5⤵
        
        PID:2744
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
        5⤵
        
        PID:6096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
        5⤵
        
        PID:2616
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
        5⤵
        
        PID:5452
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3636 /prefetch:8
        5⤵
        
        PID:5576
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
        5⤵
        
        PID:4700
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
        5⤵
        
        PID:832
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4268 /prefetch:1
        5⤵
        
        PID:1016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
        5⤵
        
        PID:3016
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
        5⤵
        
        PID:3848
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,116955585623668940,13009742532808953819,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
        5⤵
        
        PID:956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
      4⤵
      PID:6132
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffeed1646f8,0x7ffeed164708,0x7ffeed164718
        5⤵
        
        PID:2528

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:3428

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:620

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1660

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4272
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe" "C:\Users\Admin\Downloads\Mobile_Legends_Adventure.apk"
  2⤵
  - System Location Discovery: System Language Discovery
  - Checks processor information in registry
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:860
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
    3⤵
    - System Location Discovery: System Language Discovery
    PID:2232
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=B23F887C9C2201F2B7793874A4393A4A --mojo-platform-channel-handle=1752 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:2448
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=9303734420B915CDA87708CAD585EFDA --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=9303734420B915CDA87708CAD585EFDA --renderer-client-id=2 --mojo-platform-channel-handle=1776 --allow-no-sandbox-job /prefetch:1
      4⤵
      System Location Discovery: System Language Discovery
      PID:3976
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=6BF214EEA51215E46973A3B33EEAE2DB --mojo-platform-channel-handle=2336 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:548
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=C901351DABCC29C6D12EABBB6AD025A7 --mojo-platform-channel-handle=1844 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:3536
  - - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
      "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=20441D9B53B87F4E4D615C80CDCCA2C4 --mojo-platform-channel-handle=2352 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
      4⤵
      System Location Discovery: System Language Discovery
      PID:1868

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:208

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:5544

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:5468

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:5648

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x308 0x4c4
1⤵
PID:5916

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Cache\data_1

Filesize
264KB

MD5
bf2fda3a655a91da7a2c066d4a51103f

SHA1
d1dc26934ffa486b4150ca68adc1837f0e15bc93

SHA256
575d495c071578f01726c2913fb5ec4c9764bb01f2ee28e9b20651d45e1fc545

SHA512
84047fddff8c77d4511d62c2dd466239b9466936b040c9df3fc9ba25293eabc72664356fd25a4fa2177431b464aa1d8249528e9b95ffe48186a15bd4f059a9f7

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

Filesize
289B

MD5
c9977f8f6c8734de1666a4014a81843f

SHA1
5204652ffba6904157e99029b3c43d558c6a62b6

SHA256
4af025c957f8064c70a72c45b7c079743e89622a8b8bb8f4cc1cc0af1c8a653e

SHA512
d04ef6d16da181ce64fbe31ddc437ef47de3032f07ee32b652533f2a49dc6dd20b28e07340ba40e9d46f06e64a5e32aa79a3a492a107497ea024f4216c935e48

Download Submit
C:\Users\Admin\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Visited Links

Filesize
128KB

MD5
f92f79a987ce57f887a60c4e09ac2e8e

SHA1
e60bc6c6c0c787e33c6cbd55c7d423550107bed0

SHA256
300be65205a8464b7b5ce1e148036f706834eb28c956f5a36721337e47895957

SHA512
264cb62c0a43a258a82ac4e15c37148e9f302fc0de2d8bfeae59c55212f68f8c02c0f97d6f880100fbebed674da6622171abfaf57376c85e06d8d41c23650d57

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\AdobeSysFnt19.lst

Filesize
97KB

MD5
700e7d6f9cfc26cea4d04f65f02b3452

SHA1
e5580200e54edb7cd4f7c5daada5c031434cf334

SHA256
c3d8aef5d450a90e4a51335532c977515e589143be772697e666c8c9f4ab0c0e

SHA512
1cafa5bab9838052312d8a6ced7d9baa4f28ef77d48681ada4dedf29400d235b51e187a1f207cfd8e008ee6274156cb7ef2821fdf7cbcc65d697ff4f469d7a82

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\IconCacheRdr65536.dat

Filesize
149KB

MD5
c928c173f3aca24003e1c18ed879afda

SHA1
5aeffca7c73454fb1a7f638b0c7c4a650e1809a7

SHA256
c5c4f9623aaeb798d7aa78ced2137e22561e93ed74baa26eb4d802443d1392d2

SHA512
b75e3e91bca73269ac1c17d4179a59fbc22128cce82bcdad0af5b9ef4e72f33c54ae9e930719778db600c0cf3138a498de66934efb4ccbf3ddd99724a7ae36cd

Download Submit
C:\Users\Admin\AppData\Local\Adobe\Acrobat\DC\UserCache.bin

Filesize
39KB

MD5
74762320051074fb747d3714bcecb3eb

SHA1
ca30b75a96870a4197973be68b816b79845ba0c8

SHA256
8185ebf03c1af35ff80aedad2efa0ff0cb41fb8a299080df06c596564a6bcfcd

SHA512
63f75abb14ad7a13fad5cf8cbed98b125f1bca9304f97d2bd23ed2ac82576bd406bcb4960ce5c96c9a9d76cf86dd5f661a679caa0f4e06ba4a3389806ed287be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\780cbf52-f7be-4072-ae93-9b28a05f36ad.tmp

Filesize
9KB

MD5
161908e4f9579dca4f91e3e30ce8b32f

SHA1
d0c87e4f9b58d0ad75cf541f04747b6317f2c998

SHA256
b467f3462056319045c19e79f73c0581168b760cfc94cafd707f6072163bac5b

SHA512
13d0302161906856454bcaa966b2cad0b1c688bb51937ec31035f6e4c829865d4c6dd8d4d8760828035da38a92ac84ef76699bf1a4285bb4a1022078c721215c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
683d529c743da8ea161cea402f3a80f4

SHA1
2fff7ebaed2ed34edeef22cb121b5b7d2f791d9d

SHA256
c497b67f46b504a6f6a50c7c3aff2bb741b999f47a1bc15f54cbbe8bec716de3

SHA512
a372ec980a28280d8ae3c985439d8b7604837973d19a355e4f2e07f6f1710d6646a9cebf77865e6884c379a98951e3df17b1c9b2dfd54c4440132ede7fb6887e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
216B

MD5
90af44e1b29a47128fb8b7b49ef41498

SHA1
a64dc6a2c455f6f1d1abcc25d7370d39c6964232

SHA256
207ba57e4b554b9fdd67d2251ec3950dbb1cb6deedf71d1a10bb4aaea3a356ca

SHA512
9aface356e7d838d05defaf3d3e4290844d41017224cb9899e468850e91a24980862be44dd0eafbfafc6236155428dcc59ba44d1ed42fb6c50d002f357215273

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
fc0c646d6dca7533d5ea82576e33bad6

SHA1
573111ca4762e47c0b29991eaa8531f2ef474177

SHA256
18381783f6de7909138f9549a19e28123ac0b255b50308323755b1187b0294e3

SHA512
5866926ab4bf0c196948551d9e4614a2a335f38adb78f7a0afa43b8d9474f053cec50576d911651c36514402acf5a419ab49e28f70341222b212ea59c5bd03c3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
e38b436812414645afa9f512c927a2d8

SHA1
0d9cb04450833d77c1d6f375c76c73d8700f6ebb

SHA256
34c7b55d31f4508fc24b2f7edd656f0fc277380ec4eaa8a7728f0055d6f7c0fe

SHA512
ca7075f332e021509f9899685a01ff996800586d3ee70fedf0a513d890b3cd708080ad7dd02a2313ccde9411fb37c6d153208612c935fabe009aa7a3dc8fa106

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

Filesize
851B

MD5
07ffbe5f24ca348723ff8c6c488abfb8

SHA1
6dc2851e39b2ee38f88cf5c35a90171dbea5b690

SHA256
6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

SHA512
7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

Filesize
854B

MD5
4ec1df2da46182103d2ffc3b92d20ca5

SHA1
fb9d1ba3710cf31a87165317c6edc110e98994ce

SHA256
6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

SHA512
939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\30355ce0-dd50-40de-8296-b34c4a7e6fdb.tmp

Filesize
356B

MD5
290cfbc2c636c7e887b75de83bae937f

SHA1
7b39ce21324d50e47674ceb444bdfbc0534204a7

SHA256
fd2fffd57ee8297dd5b1a2e79edea152302e7823328c767370da72f9ebfa56e8

SHA512
ce117a1bab1d6cddbab6b89f43a35d33a40d41d2378248653fe8d5f2c7ed087f2ffe98cbc4265fb3d9e0433038d623c539ffe8f2252147ba264609a52449b477

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
dc3e434f2f0fe59582a755fbda9e1575

SHA1
385a8e48f449dbc01c1bd5af704012394ac14d7b

SHA256
abeea2bc763e84d665d1d42b1e8d091c2968219b2e8f85ceadf11cc170567ef8

SHA512
90edd1a087b68c013450faca446eb96d92a9dcd40cbd3484847747b553efac1e281302bfee6163ca2b14155f6399adf193dad0cf3a2d83df8ea4f6c07231d039

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
5KB

MD5
b8be1b840c0a8791ad26d644d4052c90

SHA1
3a2c43b50aa3355c596225a5e4bf7a6e9a831408

SHA256
a2c12e129fb9985cbe454404e53eac0d70d942e0b83edfd4df17b3905f9630f2

SHA512
017662418da9d85e02ee5fc6976e77738a9075d46a5caf57c373722a3e1a7a0139bc3302f7ea263c32eae5cea49be76db0c2d6e5426a4964e777f87e8f016edb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
6KB

MD5
f9cbe70ca46ff56d874bf572d98fe873

SHA1
1bf167c11aca7e554e1805ab52d574b58f6db663

SHA256
c882bb09f2c623df0e123c8904626f541d9d9259cc93262a7406de9ff95e4dfb

SHA512
94e3beec4655c84724b951a6350652ac62cdc133cd8075209c00dfd6eb629dabf401066be70629dc8b7556d5f237bd01c1f1bb28184a5787fe927403ba53f72b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c9b0decffbed48bb844530ad8e1ecea2

SHA1
453cdd3f511da4931cdc3857fea6ca9340901f7c

SHA256
fbaa4594f325443831bf2d3d399e17d083a6718c65b6d86bbed101a33a572edd

SHA512
f09d7865a422033cc4de96a6a089448c4a82537a8ebe048551a5c5b00d75747e6cc72a5bdbe9de1c5a09f8a80a5c9f6b6d09c4c3f69e08dc9582fd853f7d9bda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d7bf7556e4edfebf32e642472bbb863d

SHA1
fdca57ccc8f09032011022e14ecb93aff7b827dc

SHA256
10cf4d75c4ad299b83f18542feda46d6b2a951b968cc9919640b1b50b9886482

SHA512
99e21bf957f0a250b29a7ac051a29ea67f444c80fe58dd2b30335284a5b7d8f83a9b3024f96e151230ba3b160428ebbe94a9179f533d939b443236293b41f41d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
598a161733dd6362cb1fadb9e81910f3

SHA1
5a5381d5ce838af2849d2df482c398c50ed31166

SHA256
efb53cced762fa7e44d751ac65acc471cb9a4c4a16b8d22f67237a70d96c0c97

SHA512
0af12e463f1ae0540f9271394736c416623b4c6f9e3770f8d20593d9d7280e2bb12287ea6fc2b69861853cba5101a0c13c224a456ffc4690af706065380e9734

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26bb56157ccecc01b73aa983e6ee5868

SHA1
ec5dfb9a745c16d0143967e3e046976c89c0f357

SHA256
4e42ba9cda340da6c92ae31a09431f0bcf07c3f1118797abbcc85b87566e032f

SHA512
d43154610068b82670a7dd464d692bc000ff867c708cd75c1e1c353ec3f9c48b09b6e57408a88cd0aa9bf22731cf5292879bb30febf369203b9c1cdcde832fa7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
7826bf0c1a0a46daa0979cc9829d305a

SHA1
abac9f3d418b19555bea59e4b3c2ec00f357c40d

SHA256
1f01f7f26fd533a8823a8e1d0a05782b2b9646e348f226a9cf88be9eda9c1481

SHA512
c127ae9522bbcd2b2b7f2ed71354c5bd88bb288179714283f2f7ce9343353474db4087ea56a35e20d954b3e9bf3105c3fc18a70c22b35c04d943db376799fe72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
0fc85db5db6255a83754ac9f617b83f2

SHA1
dc3763d60d7868ad96e77a5dba0ca4a9b91a3d17

SHA256
6180f528a9023ad01da48ac7a7cf2765b206e05a9eb87e83421d2ea3c80b85e8

SHA512
b30e3a102e502f0bbcf1ed3011a3beb22879cc5937f4db389c20e9ab1b775e6fcd33f3b7028dfb326fa3652e09e9c7ca0778b7afa455870ec176a446ee432e1a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
6fa7f5ad3a326444a30c0a05a55f335d

SHA1
eb6c0d2eb3ecf0383c560a398f9830875284d370

SHA256
7fe5ae127ea53bf07672458bf5dda2a10d4a8af1fa5ba16135912e18d86fb221

SHA512
24ea1b6f747b3fb22378fd8b99c2b8c4a5f1a5bb45aff17659418e43100e5c85504c2674358de11444f01c6a5f28c6382a0e6fcd5e2f7a3717b60d3107004d05

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e16043c18acf245c835e5775f4f06a52

SHA1
508f1a79c44fddfed8de9f5861d0bbf788d4568d

SHA256
f0197e6423bc105bfe95a87dc42b2e39838ed5eeeefee6525a63548dbabd33c1

SHA512
c298c12f4d991bf37df2bb9548296a08f4e4bc3764557f5cf520d407c515d9db75f9c28b43245924745d63469199a1dd7cae56a6474fac0952b338a2c2a5f6fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
a4eda1165987427f4e9b231f73c1dd3e

SHA1
e8167deff04d5e949ee358b6e995d4cac7f63215

SHA256
5465b55096ce162f92480f4826cdc3503c33cfb4db86f5c176077731e05484c4

SHA512
be64bc88adfcbdbb64aa1bd48361dcf5cea278c5f27f1e66fe21d1df8440280fac5ac039038827611305a951d5326c4a5c1c6611f7b8485c16571deaa080812d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
57531b1bc75d7dcd50753511b59c23e1

SHA1
3a6cd96b69626951e2f79518e86c67127d19c723

SHA256
c711b90d6390a1b9fdafcd8f0fcf1bc88424bb4a0e8d6e84f956f078fda3af1e

SHA512
edca4dc13636f44f87028fa1357c9e5476c369392f1338ad1f0ad719cabdb4dbc6cd6e59e59f005ec74dc3e4b4eb21519c70f7000bcc14d804fe97ffb2f7fb6c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
392ce68d6a6d79cc93e754824de8a508

SHA1
fd489e7311fb74c9671e39bb4975d6c187de3759

SHA256
2755b77a6468e0b7d736516162823e212eded447117275a2186e7b730825d2e4

SHA512
f349af4a74e3bb528ff34d683b074de2d99febde4f4e952bcbb73ed56ddfb58c549056dc0efe7478c81d27d46536fec5bb47519abcf9d3a137e7beec57ad7b5a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
772915373067804b567bfc8387328bed

SHA1
2be803cbf83e71325b5335a3d4476bdc1d313842

SHA256
ebdff12591b4e295bbfd619cae4e8147a7c4ef03fc659bf9f533745b7d91735f

SHA512
74300ad68b1fdf59b2ebcecab86d1f1363faecbe2dd44655cc23255787ecd43609d31087b86515fb6a6e19091715f5b924e392bd41f04df001c1fd138b518b0b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a3d5b0b7ece37949481d7df14da73b9c

SHA1
58a10efd805d2bd0634b32eece0bffc0d84901e5

SHA256
f43924bef36d73bf4af6397a48062d29dece7a2829ac243ed3ae13d150652d61

SHA512
db2fbc17df76c8ec27f1670823c42ac84dfecf4499aa1a217e3c163aa2cf2a072526c92823cde569f9a8d236ba66174965779225c72eda5ede80ab6bb8847442

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
9572eaca75b11b4edbdd71ad93bff0d0

SHA1
fb07f4c66e610b8d321a3e45a29ccea37b2e36ee

SHA256
68cf890de2c3cfba17d890cfc2b38e997f77dd181d814f9ed30dcd7fe5fc6d04

SHA512
69942d812139d7b0e918c4279621f4cc9ded331785435e26f4ae32cb98b3301d336752e9046205217afe8025db551f7a422e0f84ab7f7af46cc1cbee12141e4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d616a1a74ef76abd64eb9abf9b61e406

SHA1
9f080a4c1184691ce6f3e4305a34c24246678a61

SHA256
462b3ee5326954313b61bb84355a51f6ae0353c5b9a07fb307b3b8d2467c2700

SHA512
6b9ba0003f3589c61a1357d4d9640460e94ca64c602947eb01db676fa97522a8ca28bf63cb811bce31c99b7d30f41a6599a2b331c8f42a461bcf00afaedfa419

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
af9349faa8bf46ceb07314dbb164c8ed

SHA1
8b8b0ca1288c86812dcd5146b5a6aa498d111f77

SHA256
e0842776807386010d8ecf74db942b0af47f2a929a3e1e9161d3819f20c567fc

SHA512
9ce0eb491d70d3111eee04bb29b9d17d33d4727bc071fdc1ffea09bb0b1b5a8227ffecdc9e8be502b1eceedf8580b2796818b2128034d17bd88bc2e26218e5a8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
31f72208add0ac83c7f9ce3d2b165a9c

SHA1
90200a46ee67849a2c6beb2a5c3047f03c3175c0

SHA256
80587c1cb175acf97d61f657a7af40d89d35f775d22e6ea408d4f12065dde62d

SHA512
a15fe60855b31a0766fda4f5f323f4c59902141bb703d5ceee125ff7e68b79c222cd90f250f6dd8960f318197aff9a15bda6453fc56f0ad8f4820461389fcc50

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d6a3411f7ef4b8e13557b0f5f5e8a6bc

SHA1
ccbc746fcaee8af380266b95be61b6aa1e21bd3a

SHA256
3804946415eda603b8a026242377bdf8be83a3db239e9a3171a99c0af44039ca

SHA512
1433cad89ac6793545842ad394f8e5f5d64e6b2a80df995c0525d58586ac7913c392e20929d8553888604c93d6119f93ac8d04787e317495b0b2a2c5fa7bd8e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
778f64cdf59bc491b615e1c6357d4359

SHA1
f9bdc77d4a86fc68cb68ddbe254b5d041e2f1ccd

SHA256
c7c6e9d4c35290ee7ed7a42b98d1032f77b6317cd4958d6aad8598391efa324c

SHA512
88c0b978f31cea3d08e8d4fa922840493a0e5981943350af948c1c8f65b5697d563de5e188f289209dd228482a62c5edf9e8e51f89f469e00e67c280bb0fcd14

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a5def221ff9e2a909b0510d910a9d4e9

SHA1
0ee27deb7e83f2e06da157a59d7d350078776a83

SHA256
acbb66ba8477f98778907b1de5b899912b4bc48082f37ff2a54db9b2b6e9e15e

SHA512
b11f583ca2845d14f75610d119ace212cfde5b6286378032440b8cf5d23dff354b380a2c95aa93058e639ee02b072d17782d4bfa73b31f4129f4b793019a8c73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
6073dd64f4c895e60fe0eeb3278b65b3

SHA1
2692f7e7e86060d651bf5bdcdb287edf9bba4cb0

SHA256
a72fb9337a72876ba461b1284bd39437e143d15d0bda5a42c31e01139ae4a040

SHA512
f571a1284dade3df6bb5a91ec8e77980610fa4919e7dac7fb32ac841aa1f9031b25e607896ecebaea8f93fab76c6148dd4374f5394204631bc6555a6db817a01

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
5866ac8204e6e343d22b4e7d61ee5b06

SHA1
bbb4d6ea9f8b8e5866464032468f4ccef9697827

SHA256
f468eaabba608765ef62f5ca60664800e448532b80a96edcd08ad41408281db5

SHA512
456a7f02cff4f2e0aa74427201139118bd6b4874b4ae00985dda42e3214c988a49333445ec785383ff8e27906d94a337846972ef77b15d0e4ac274154d6356ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
4cc9f9a05cc28890700db512f5858843

SHA1
15e0ef5efec77e5faced9ac50df1ea0a0f20521c

SHA256
81cfa37c6787a8dccd2e9105585d766c3b2293b1ad233d12073d7132227de899

SHA512
56e74395075d748ca163bb8715a189a7177c1dce517a6a6ed2f452ce43c0a9bc0cd49a6f8dd6256dc49dd9b7922f9cbaa2b0bf18c5a8f979b636b9ba20730a2f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5a5afdaaf81863dc03e31a21f9a32fac

SHA1
a497632af6516c78a95a2036aaf1966b966c901d

SHA256
ead05291fbb663a2ebb2066cd618db0069ef705ae96d601758f4089b53d8cad4

SHA512
ee82963733c8cdbffa11ed38144659be489b5c3cdbe17b217e1832a6e6fe4de7f580fe659e9eb139824904f0654b82ba77b52ce277c6ba937ac10f7a018fc952

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b1c6cdbf29961c1e4cf5eee24237a52

SHA1
89b4a8ae36f6d036edef567b00753dfaabef608a

SHA256
5c94c96588b5a861f3b71c574d82413b37805618d2908980b625ceaef38e1321

SHA512
a8571f06d2680a3fbbf85c432063d7a7f774e13a2e5efc39599a7ba928a8838e7263dfea82da0d523e0725f07ea39ed20f0381a488ebb8cda4a55285ba7bd899

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
fdd5192e07a532e1a9af5f459995111d

SHA1
28cd1a69ab473d7a9735be7d03e8ec6d0015ba9b

SHA256
0ef90caae4b16e098704a306b0a81dcd5edd467259e4412e4de4422c926d6e95

SHA512
e9d149d802f0280c988ce5c4881c723ffe82d120a0a0f5d1463f896e0994206d0bc5566ccf39788ef9c4180a27abd711cc2929927982a7c2c3185954bf65a8cc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
4bb7ac1baa2c0538b17f84817473aa91

SHA1
2327c2292f9b168ec3a54d586c4ad1407d5f5371

SHA256
2752e5e9a0ebf458ceedfbc0d951c3fbb97d2d406cdc04ce4f255604277df263

SHA512
32991f0bc79d714959924cebb256e98d83e09dc5032e1b6dd8b34cd636796e1a9b54e316845528ce300e5620d3f0194a06d410850f9f8fe617b5add3bc4f976c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
404aaf85dc0fbd09010d2fdf69dedab1

SHA1
70be38a9b200ba86725f31ed0a4fb329639278d6

SHA256
8db30c5ec0adc2773654ab185371b14d01c71dacbc7135c429dda07a5da5b32d

SHA512
3c2d97b83b9d8ac4a94961769c65352cd39aaca51c451dd24e645b84463deb1405982ac2b425e5e0ff888dc3e5c68ff6d3e38059ca53bb5f6e0b1a2a24c8d286

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
409594b94f1db1c262c089a5868a9468

SHA1
fe58b6441e7640f8784831f2a5564660894d5259

SHA256
0e76582c3bf5cf73bfb0e18c59c3632d14732756a59ff1ed59d3ec17b81e8796

SHA512
27b2ff258683444bfc80688aa160631829acdf5a9c9d3ae663504b32c57e9ae5e491bbeb9057ce681d1e36c1944cebaeb37cc901666c9c49794ef6de6961aa8a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
9d239acc0ee0b02b77fb553016bda1ae

SHA1
7fd898566709bcef47008425db13e8dc99e8e2cd

SHA256
48de6043a2de0391164cbdf81ac05eb6df0cbc0c3397bd9124ef80e101a5871d

SHA512
443bdca6c3bd051380cbe1d553e6c02bbea1aedb9e6f4791b5f4100ca9868fdd623191fc9fbb396db66dfe3eeb0196a47382824f78e0ec0ed5db9c4076d0893f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
113d8deb29a248a53f3fe65ab3fed2db

SHA1
3a847c7ba0ed321ffed6cdbfe8ea5ea93d5da8a1

SHA256
fd3cd91d9d33409aff51a172433c6e138f50be88ad4b6829f58b48158098113e

SHA512
55c7161e700a1fb2a418c35f4a6b062f78b7dae9dbce67e49c6d904607af43d4f5165a5b99f4d6055c91d259779ceb321fe1991729275e167604326db17a5e96

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6b28fddc215e017265ee84689ea723c8

SHA1
9d94dd6f3111678dfc638c24cf5db345fe826e10

SHA256
0229d164eb49db74925a77a0facf5ecfa16dfef3503333ea1f02ffa6a84dd975

SHA512
3230c5200e937fc8d779a1810964885f82f4a76500853799db5a1649a3995d9b403eafa514ea479fcd46271f98e7b77d248851a71c15d2bf31a3097a00fcab12

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
35b777dbf41560ec994e659d81599af3

SHA1
4724bfea78c1dd631562ec90070df0978a7518d6

SHA256
275e9d5be88be6ddd72ab75afd216f4231ce0182481bb2b1987c9deb3ccaa861

SHA512
729793c0548dce461cabc1ef3bd769109c06bf64f5f6faee1925a20ae5a40e7c73d909140a91bce11415eabd2398b0cfd496d1b5bf055bbbf6a3939ac84fea03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
d7178363f631523077c30a7dd46b8ab9

SHA1
77aa4da0c90c524a9af9c88269e57d22dbde502a

SHA256
bb4003a1e468f1381db44b3b522e11da9730b88d6750614d6d24e22d939e8ec7

SHA512
9c7e3f28b5a69ccdb3390339d75fd9567ab98957a18084f3cf22fb0f54b77a1f86054801c889684d399839908f6c1489dcc5fde66b4ed0453b3eb6decd34a202

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a3f6ea79067cce384d2472511e38dd6d

SHA1
2799a828c2e1e302cb0c3e59e7b482a924b6a66d

SHA256
86269cf8176fa6b207e2dabae42a60174b926080817f83a800a01b3c6a7f7840

SHA512
26b1dba64239fd489e53040cfca666f52299e4e0a7bc98bbffbcc6cfc8611196daa83910dedb3a56f3454bbcadb6aec1fe539a7ab9398b14b7e82d94bb06ffbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a2c699b86be2e4da192764ae2ea55b11

SHA1
c19d18adb02e56f3438a1eedc905b96aadc2a028

SHA256
20688b13ffeca9dfa58a1a60d6522c808246f18bf0111dd617f6bb21dde6aae6

SHA512
780ba66b94099f54872a1322423aa04a6da58cfbd82690cbad1d79b60a551f053ef3ccb4e50cb80b59e9b5625bd050430042966196aba1485e4969cf58e5389a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
e85d57e306c5f4e597d925b968839825

SHA1
b8b05629871d8ead7fa5d138dced91a871095217

SHA256
c012dfbedfee3c079931b4b2d47274fb56030b5d78fab66c1552d17679ba677e

SHA512
287785812a256a452883e5faf56a63df0ad5e1e116cc1f25f19fc555e40495bdd08981cfd8eb64b0a67aa373b2e3c31a5d135016adb45f99cecc13015bdcc0e3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
62cd4f8f162d4e0c992a1b46d7bf026c

SHA1
8a9cee676ef04b79781f48c9c0a1e9708fa1bff5

SHA256
dd6f1857bf9f2e20385c99ec09244c707c34fc2c355aac49a4cb77440169c3a2

SHA512
3ce5cbf68411b0415ae3b3494c7d763249d676f00be86c0a41c9f41b2bf72a93210e051d0263ff68fba92d42ee2a003ad5832f0941bc4cff2a783e100760e655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
685f8080dd00eaabf71931ca91062783

SHA1
86abe462d38baab612b1b042e78c2a0b5fbfc53b

SHA256
40cf59e2406ea7e7706fb5412fabbbe7e63ff45567a253c58ef9702efd0290a6

SHA512
8c25a0e5b6dafe5dfe27e65d81c3ae464f11d3360d0375d0ebbd74a115a2d95f962fd9e4dcee477286b2a75a56b087d87f7e899ab3cb13f636f018bc762b4667

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b5c6a63da91af5830e57150c06482193

SHA1
1191ae0fa7433791753a38db88e361c7c48f623e

SHA256
439aedc09ba2ce6bf5d4181083d0cedc40d18064f65d358698cb070f2b527a31

SHA512
ccfaabe18d2f5bc79d263ef008dbc3205a6afdcc06fb3f94f30fade6f3a65823819de444a0ff5092922b32d5adcac4dedd3148c0d6d10007f09a7501ffc35811

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6337a220600d62ca355b1f8a8fc84b5e

SHA1
8e69222495f8d85c4a543daac9d7f6d430df19b2

SHA256
6949e29eeed63c4126de1893b8d301977df40884dba2104fb4f9dfa8ffab710d

SHA512
9ba396bc048f528c60ce0bf10115a79bc8c9648405f68a1ad2e828e617c386feff581e82e8ea8af9335fd8f5f8dbc9c492ba9e47b4b6475553480958d4098dbc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
b7be809ad5a3ad2e9bf66acc9a2f41c3

SHA1
46704e378111e0a632a5421cf62147f622394615

SHA256
99bc7da9e96cca73ddb32130b0571a6e635fcb8093e478295c8d7d141ec7028a

SHA512
5272e9f5f8bff1d680fd95573d508b099bc126a76213ead278ce51cc5a40a705eac2612d68b364d530d74088805f5fc8d263a2e7c031032bea6f294d60ec3c92

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
277aee57650ba708bf494d13df868bd6

SHA1
15ba764d17428925d9b1f49e80f674202ad451c7

SHA256
11d29e693d70c90d90aead4a3dad80234e54cf5a351ad2016d647dc2bf8bc9ce

SHA512
e8a87aaa8b0bd2713b422d779fe2a40f0c4a4052f3b0d29e251d92f8949361c2bafe22d6f88d88a2ea55f80b173a1b437777c61da6fbe9a974de24b3c63720f1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\b58e808b-7ac5-420b-bdf4-28228c120610.tmp

Filesize
10KB

MD5
a28cc406a26888d740a5c69be9bfb929

SHA1
8595ee343771906f8fbf01337790e91677fb6855

SHA256
c21b86f001adac1548e5fb25d620dc4cd1b80d5baf1ca51090be57b108199e0c

SHA512
31c1f7b7b562d376f3aedf45ed6110e1afa423093f4514c43143f5644f220bb4eef5b701bb371a22de1057a48dca4dc2922e6d30005f18147f201e50b78cddac

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
e399cb780bc79f05b926635121982a90

SHA1
dc82fd1f9ef0023c8f4f24c06c154bf0d658ffb8

SHA256
482fef7a5c9a659858e5b7bfb1b1a214482d899e7380ace37f64788e1c3505aa

SHA512
879cdfdbe05ca930d69b59ff605774c8104194a42b868c10ec94ad3f63bb862895fda891fb38d270a987bc6ad3162dbb7a673f02f3f7a579fff56a840b0a5f51

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
231KB

MD5
89ac3f068b2f82c3412f4b3c606a347d

SHA1
06f0f656ad0a9b80e85727907a841d2b18b28650

SHA256
cc0db3aaac7c60640ded2c9d64615be1819fa192b4ae72d2f0bc4eed05c6ad7a

SHA512
a01e90515f48564041928b1ae45274980c232b044bf40ebdce7f4f6ec7ab21c8e77de7f333ab37ddcbe0689f3690d4f4ba1ec6972e74c3c7ba26f4d1c4e34e71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ba6ef346187b40694d493da98d5da979

SHA1
643c15bec043f8673943885199bb06cd1652ee37

SHA256
d86eec91f295dfda8ed1c5fa99de426f2fe359282c7ebf67e3a40be739475d73

SHA512
2e6cc97330be8868d4b9c53be7e12c558f6eb1ac2c4080a611ba6c43561d0c5bb4791b8a11a8c2371599f0ba73ed1d9a7a2ea6dee2ae6a080f1912e0cb1f656c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8880802fc2bb880a7a869faa01315b0

SHA1
51d1a3fa2c272f094515675d82150bfce08ee8d3

SHA256
467b8cd4aacac66557712f9843023dcedefcc26efc746f3e44157bc8dac73812

SHA512
e1c6dba2579357ba70de58968b167d2c529534d24bff70568144270c48ac18a48ee2af2d58d78ae741e5a36958fa78a57955bd2456f1df00b781fc1002e123d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7cd657689252f6e187103461e20f5b3c

SHA1
b7d25c41cf8647eed146807514ccd3e1a0346925

SHA256
de848323f395a0ebaff3073ac825f9b84aeb4855d95197f27881377d13cff032

SHA512
0245dd348ed45fd9fe1419868ae5c44a561cbf6d2f17ba8d51100951910c0c861d4e6d80b00e3d784e25472e48d7be11c9000b75e3a1d91af1b7dd68afb30a24

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
92b7ee90cb6ee71d3e49153ff23c6ed6

SHA1
868fae0e4d4169e57991c90123d7ac17dffbb0d7

SHA256
ed23a79b8fd86a47c392d5426b2377d01e2c653d8a0af6f8b6310be230ffd6f5

SHA512
74ec22f8beef2c0feefc4b3f9e261f69816b690e214d757fbffd830d51552284daa513fff83eddb60d066ac8dea7b7382e4b90f44b12aaf7461da204f7857cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
331489c7878dd1f12ee9a3067c55bfa2

SHA1
9fb7724becae780375ad3dee99839bce4757715a

SHA256
0d4ac5ab87b3d08014dc8fd6bcacc800a00f86e3e4d7539feffe29109d15039d

SHA512
f015cc4929a8ab9ed8a07cca57d8eedf7425d0da1670056b6b8ed64b33e84782fd6aa0e96b5c7b37aa02e81060e7da558281f5edc437a5641aec674f813dc8ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\11ffce76-146a-4ee9-a876-72806cd1747b.tmp

Filesize
6KB

MD5
8d920944c733eb4a6b2c691debed8158

SHA1
5e9859cab0c4ed15be084a06bb9c9f6a95b02bdc

SHA256
c88e6ff6c3b0b89d705ed182b1956deaf3f755f7e4d2c2e0c9990b8f09ab4966

SHA512
ce4175d8b1f2a71035b755e88725b03324dbeb727b57c8a54008874247a7c526ffb821ec14350f07bf6d79f544c8f42981e41acb12047271fcb939ce67cf19d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
2146a4a554a92ed9c675c904a9770436

SHA1
2c4be7a1a6e0a03c988af239be1fe313cea13185

SHA256
40af72228dbe9c56fba0f2fbe12bd30b02e00ed30781134e8e640e383ac90d74

SHA512
a49c343bc6fbadb8bc0a5bc1a02db9a6375143c7a43d1010d4096f51424288fc217186093cea14496edf893bd1e36cb99de85d4d0c549c1e9a50a441eedbcabb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
4c66340cb5b68cd51bfba202508d2ef6

SHA1
89a378012d43f6d9fea9093783691d57a0291aa9

SHA256
2f9ba0a96af758f10b9cc85fd69b9773d71bf0cc0197d1ae10720276e5e8cdcf

SHA512
ed0937738b11d3c5270166efc632ca6b5459e44feac5a05722c6e91e5bf1e72a2dbff599b84837b0b9364794d7403c48ec38169b25ceaaa736a52ba3d0f3f716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
1ccfb1d9458f4fafd8555621bb6ac932

SHA1
5d586947fac7c82d6ff38416164701a622021114

SHA256
5f9c3727c8409ad75462501eb79b8b982027a306e5ab30b14e1d72fd3280df39

SHA512
50dfe60e47b94a088fd8f2b55cd94479642251a9a949a226b61f125d20e32a66c951b5554d2c73f004a95aca6aafac4e782639a5be4cea055519fabfbf1dad23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
66fa0b44df3f1b383da8c54747314318

SHA1
813b4839026b6dd25645a80bf45630c1164ccce1

SHA256
f6acac1a8ce7bd28ae043fdde51a599565d0a3006b51a379678ba38e330c3b6d

SHA512
5c920bd32b1fe35c65a5c78fe1c8219db06f04db236fa607a630e025908fd58b8efe2863f1a504713845b62cb6a0431bc66e96f0ba420ff243b41c8a9e742108

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
2792dde5841a50e4e5c8769685cbf2ea

SHA1
b2e9293853c09b2e47b0d2ad90e873f356251a5b

SHA256
93416b568a5ec24ce35847c7cde4818ba76e5cb07da149ac666a60dc0ef0eee6

SHA512
94e416e2e736e96e5a2d90e1c0afe49d72aaa384ef306aa78ed73159807918af24662a3582a148fcaa09d59a7e0fd869ae17611a00af18e319a3284f997858f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
0e4d06f0ebbcb409884da38220546b82

SHA1
3bb41c3ba64b2f25772c92e00048f385633faffa

SHA256
ad7e70d2144d6e9aa97a4eb617bdac0698e3887a577c59d729632b2e0031d573

SHA512
609cfa4d12b4a7d2e5861c2eaa8ee0432867e9bc80bd3c84b0101df824d25d39ae15f4576b376d501f321b8bfcef6613e74ba8d4d5ed2253b6f2497b44d5ef92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
7db60ec81af7624f6e2e8a30c34b1080

SHA1
a20df01fe0453376eb9e2d9e0bed235c3a8c0eab

SHA256
3b1209f4d976bd8653d4c0da5639eb723f30a148a339ef6b9c57b72523211f89

SHA512
54ceacedfa3cfc0306850a71aa18e5521ad9e4e97edefd6399e0d95d4e4d86f9c9ad90a4ef74f312d536486d4bec5f1dee958fbe07ab974258aabab3c3b7e0df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8cbd83adc16c1b4a57c0f9ccd4bf5ec7

SHA1
8ff114a8db0db2e362d884fa6dc9cd7572235430

SHA256
e5dce3e6b501683ab73ad48cae13fbeb1481aa37af1f2e14bd94d5f191aacff5

SHA512
73a3dee104e714a59aaa86377eb57f276208588687f6e0a37b9f10681ee1710725d8faa8a5d8f32434c20c4b2f5fd3b4230c92de532b9db10f6ed708f985dab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
43123bed7dc6cc56653847374d25b095

SHA1
20db3fbf9d92584c3eb892323c35cb6e083d6722

SHA256
7ce3e4c62a7c424853d8aa6b9143310448049a890950f921ea5a23bac8d486ea

SHA512
015ab99ea0e87dda8ba49a5f316f4a943c6f4d953062215dd5427ed46e2ccf823299eb455db937b61696c70a0a64ba3669ce1527b37ca4ea89d4fc42631beeed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e5baf376958f5729622a62226bc8fc2c

SHA1
151ecbdb246a578a2744f4a8b0abe951481bb336

SHA256
c993dc0abb941048ce311192dc31766c12a3a41515fa698cab7f261bcf1901f1

SHA512
10b535764889d7ee2aeef3c92830174811db19d363c7e20a36945dc6c770155470240e80b72d33204327340f90fb1af1212c9c85914678879ea934ec0b57adca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2a6e832beba7e2c7d74fced57d7ff326

SHA1
7d39901b25f6ec6e91451acfbcab46743abb39be

SHA256
817f31397365ce9d27d78ea9abac56a7aefe6eaa389c3df16cac637ffa3be95c

SHA512
e63c8bc210869a47acd28ec2aa6968030740515df8a0b0b777917b92c06e5cd3c5f2d174f8ba034a7884830a4635cfc586ecf8becc5296908fda0e5d4077d2c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
981949091aff5fc25d7fa076e8e69ff9

SHA1
3d4b5c6de658ef78d428d8de43fccad4b856e716

SHA256
770eed3e691761d57aa310400d7b1df05ae8c8296afdc0ab0ee5b21c40ec6c5e

SHA512
f91b86603fdbf25d5ae005ebd57ce985de0b524db8323f3c567ca732751decfecfd2ee90169255cb5a70e27f8d8b753ae9e1abf8796007beb318253c9b0026d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
95ae21a679066ff6318f02779b20aff8

SHA1
8bba7985d0723b9dbff7ebcdf62f854c8579d971

SHA256
125056e917b520e0e5e038433e4106ea0e532826dfe9147cd53a9869d906d562

SHA512
6266c222ebdc2aeea3ba0d806513ebf04c628488761f8c592e42ed9d759981b0f3acaa5fe09317419c168fac6a50a0b4f0994d4e33428ee9c47c2cb7237882b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a6d930afecc9b1a90dc8cd663ef5f0b5

SHA1
7cfb2a755a00b5f0d42aeecdc9d2e8c8a3d73745

SHA256
005b28304b59d8d2289ad0b8a7eff776725c2e54d7f3b3ecdfac1fa869e8726d

SHA512
a17d0b3ab71f75d30dcae81a29e4300cff013b781664b0857be4e49274965528ce16f75f9e544bd7af03278c461cbbf6114a153512aa843338a8cd3be0084af9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e7745113-0942-4d3f-a895-50926f87537a.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
488fe24e12e4b9c0c671bd87d8b11a7d

SHA1
89fcabae0c7b016c4bdb60c4f0f3337dd30c2dc5

SHA256
f2aba750637c6a0bf53b9f5a931423f51ee7605b524becb6e0c395a48b7e0290

SHA512
64c02a2e73dd795a53a66ce1e75274623c7c78be933fac83f31f7ef33cc5041f57ff9aceb24701ed6fb4df6704f3261da5880e0871c10959aeca5a57050eda13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
77292e485991ea47529c0c1267edc219

SHA1
06d98982796ad7acb7d9e08167ace4b3ae0c306c

SHA256
aa5b425b00bb01748dadc9e54cecb4f579919f6798fa8da627609d8d894885b9

SHA512
3c34b3db72740a1b50f2c148183761d7f35d5aff3b9e4cbdc20a4495a2f011b72602b93e97f6021bbc8ff595e29bd6ffd66b42c84a03acde49a609e3abee1b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9a41d8135d634da2432514b6c61ccd4d

SHA1
128ca5efe800ff0b6cb9bd0dedab83333489f7bd

SHA256
c1856ee306040e10178c2b3965c1a2680edb059fa2969396b76b54b9ff927369

SHA512
a8e982459d1c03137d8bf67cdb82e056e0e55c101eda33bc364ef3345152dea93c498b35557e348d16c5c6357cd9150cfeee549d9e3d8254ca1e5e28539b7ce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9d5e23c9890b3c6c7f94838b8909acec

SHA1
d12fc0364e366cea85daf578ab7686e54651f622

SHA256
72fef5dfc57c8a953191b7e6ab7251ce0465996bdc62be95e8bf791236bf6cfb

SHA512
027784599bc9212ae185c3e89e53b32be73cc90e5875e3ca762d85fae20cc799d6b591eff990ee5e0c093a1c60f7f880cf81bd5151cc6cd5928eb445e6ff4052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2924_897894741\CRX_INSTALL\_locales\en_CA\messages.json

Filesize
711B

MD5
558659936250e03cc14b60ebf648aa09

SHA1
32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

SHA256
2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

SHA512
1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

Download Submit
C:\Users\Admin\AppData\Local\Temp\scoped_dir2924_897894741\f6f1744e-19a0-45b8-94d9-57567a6f19aa.tmp

Filesize
132KB

MD5
da75bb05d10acc967eecaac040d3d733

SHA1
95c08e067df713af8992db113f7e9aec84f17181

SHA256
33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

SHA512
56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_store

Filesize
10KB

MD5
994573f7adf9a0e79afcaa6b2a51006b

SHA1
4a0ddc8c9606f0badb0d945d4d109c27e0432d30

SHA256
45b6aefa3f234afe6d664ff795d5a12654b77fc226007eff25a79ede6da15c4f

SHA512
f2228262da9503cd52faca3e55d678418abb4535e802a89cfdda3fdbc5030812946a52aa8e54d7e3b1ca20a8cfe8b2554a63059d8bffc5fede0e9c54e9673102

Download Submit
C:\Users\Admin\AppData\Roaming\Adobe\Acrobat\DC\Security\ES_session_storei

Filesize
23KB

MD5
86c339093bc7af0576f866a2ef012caf

SHA1
b2402752f001ae18f232fd3484550211f4a16b4c

SHA256
376d2bc792930ac8330ca4a463772768ede65605841c362cab87f0de2769b1f8

SHA512
3797243144168a1ff4c99344749690d35e7238bf324ce7a6894e70180af47c790a9aef45785e1f8c6e3c4250bbd32ecd1e8e863d4e0da861baf8fc6117f71440

Download Submit
C:\Users\Admin\Downloads\LoveYou.exe

Filesize
22KB

MD5
31420227141ade98a5a5228bf8e6a97d

SHA1
19329845635ebbc5c4026e111650d3ef42ab05ac

SHA256
1edc8771e2a1a70023fc9ddeb5a6bc950380224b75e8306eb70da8eb80cb5b71

SHA512
cbb18a6667b377eb68395cfd8df52b7d93c4554c3b5ab32c70e73b86e3dedb7949122fe8eea9530cd53944b45a1b699380bf1e9e5254af04d8409c594a52c0e7

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\Mobile_Legends_Adventure.apk

Filesize
4.0MB

MD5
42585ccd2b7867c12052653e4d54b7cc

SHA1
a9348c3aabcc0171d1e35edeb37fd2da0fff0ad4

SHA256
b47bcc55ca8dc0625a145d6809cfa3ad78e9e3b4f33bc608b5bcaf7e9e1e5827

SHA512
e270bd1fbbaaccf3382048e9ac2489444a735ed32fb83f7681526a1edb0b7847d6adb8d75064b065309293ef75c45e2ea85fb132a1c12afd08b3a1346caad550

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/208-1193-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1186-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1187-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1188-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1198-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1197-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1196-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1195-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1194-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download
memory/208-1192-0x0000019271290000-0x0000019271291000-memory.dmp

Filesize
4KB

Download