hxxps://www[.]nirsoft[.]net/utils/advanced_run[.]html

Analysis

max time kernel
561s
max time network
562s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 10:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.nirsoft.net/utils/advanced_run.html

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

5084 MEMZ.exe
2956 MEMZ.exe
2616 MEMZ.exe
3208 MEMZ.exe
5028 MEMZ.exe
5632 MEMZ.exe
5260 MEMZ.exe
Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

pid	process
5084	MEMZ.exe
2956	MEMZ.exe
2616	MEMZ.exe
3208	MEMZ.exe
5028	MEMZ.exe
5632	MEMZ.exe
5260	MEMZ.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\0c98ef9e-ef57-48d2-bb0f-8f0f954f76c1.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230401105449.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

648 5752 WerFault.exe powershell.exe

pid	pid_target	process	target process
648	5752	WerFault.exe	powershell.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

svchost.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies data under HKEY_USERS 41 IoCs

Processes:

powershell.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA	powershell.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	powershell.exe

Modifies registry class 64 IoCs

Processes:

AdvancedRun.exepowershell.exemsedge.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\MRUListEx = 020000000100000000000000ffffffff	AdvancedRun.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell\SniffedFolderType = "Generic"	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\IconSize = "16"	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000040000001800000030f125b7ef471a10a5f102608c9eebac0a0000001001000030f125b7ef471a10a5f102608c9eebac0e0000009000000030f125b7ef471a10a5f102608c9eebac040000007800000030f125b7ef471a10a5f102608c9eebac0c00000050000000	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0\NodeSlot = "6"	AdvancedRun.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\SniffedFolderType = "Generic"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:PID = "0"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\LogicalViewMode = "1"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AdvancedRun.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\KnownFolderDerivedFolderType = "{885A186E-A440-4ADA-812B-DB871B942259}"	AdvancedRun.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\SniffedFolderType = "Downloads"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\Shell	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	powershell.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByKey:PID = "14"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1 = 14002e803accbfb42cdb4c42b0297fe99a87c6410000	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\GroupByDirection = "4294967295"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\NodeSlot = "4"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\LogicalViewMode = "1"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\NodeSlot = "3"	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\1\MRUListEx = ffffffff	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AdvancedRun.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\MRUListEx = ffffffff	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupView = "0"	AdvancedRun.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0\0 = 5a0031000000000081567c5710004d454d5a337e312e3000420009000400efbe81567c5781567c572e000000683202000000010000000000000000000000000000007d5441004d0045004d005a00200033002e003000000018000000	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202020202	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\Shell	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\GroupByDirection = "1"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\FFlags = "1"	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0\2\0 = 640031000000000081567c5710004d454d5a337e312e302831004a0009000400efbe81567c5781567c572e000000673202000000010000000000000000000000000000007d5441004d0045004d005a00200033002e003000200028003100290000001a000000	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\5\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\Mode = "4"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1092616257"	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\FFlags = "1"	AdvancedRun.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\ComDlg\{885A186E-A440-4ADA-812B-DB871B942259}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0e000000ffffffff	AdvancedRun.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\6\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7}\IconSize = "16"	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	AdvancedRun.exe
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\0	AdvancedRun.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

powershell.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2548	powershell.exe
2548	powershell.exe
736	msedge.exe
736	msedge.exe
1568	msedge.exe
1568	msedge.exe
4384	identity_helper.exe
4384	identity_helper.exe
5988	msedge.exe
5988	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
3724	msedge.exe
5192	msedge.exe
5192	msedge.exe
2956	MEMZ.exe
2956	MEMZ.exe
2616	MEMZ.exe
2616	MEMZ.exe
2616	MEMZ.exe
2956	MEMZ.exe
2616	MEMZ.exe
2956	MEMZ.exe
3208	MEMZ.exe
3208	MEMZ.exe
3208	MEMZ.exe
3208	MEMZ.exe
5028	MEMZ.exe
5028	MEMZ.exe
2616	MEMZ.exe
2616	MEMZ.exe
2956	MEMZ.exe
2956	MEMZ.exe
2616	MEMZ.exe
2616	MEMZ.exe
5632	MEMZ.exe
2616	MEMZ.exe
2616	MEMZ.exe
5632	MEMZ.exe
5028	MEMZ.exe
3208	MEMZ.exe
5028	MEMZ.exe
3208	MEMZ.exe
2956	MEMZ.exe
2956	MEMZ.exe
5632	MEMZ.exe
5632	MEMZ.exe
2616	MEMZ.exe
2616	MEMZ.exe
2956	MEMZ.exe
2956	MEMZ.exe
5028	MEMZ.exe
5028	MEMZ.exe
3208	MEMZ.exe
3208	MEMZ.exe
2956	MEMZ.exe
5028	MEMZ.exe
2956	MEMZ.exe
5028	MEMZ.exe
3208	MEMZ.exe
3208	MEMZ.exe
2616	MEMZ.exe
2616	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

AdvancedRun.exe

pid process

6020 AdvancedRun.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 33 IoCs

Processes:

msedge.exemsedge.exe

pid	process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe
5156	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

powershell.exeAdvancedRun.exeAUDIODG.EXE7zG.exeAdvancedRun.exepowershell.exepowershell.exe

description	pid	process
Token: SeDebugPrivilege	2548	powershell.exe
Token: SeDebugPrivilege	6020	AdvancedRun.exe
Token: 33	5976	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5976	AUDIODG.EXE
Token: SeRestorePrivilege	6004	7zG.exe
Token: 35	6004	7zG.exe
Token: SeSecurityPrivilege	6004	7zG.exe
Token: SeSecurityPrivilege	6004	7zG.exe
Token: SeDebugPrivilege	5716	AdvancedRun.exe
Token: SeDebugPrivilege	5456	powershell.exe
Token: SeImpersonatePrivilege	5716	AdvancedRun.exe
Token: SeDebugPrivilege	5752	powershell.exe

Suspicious use of FindShellTrayWindow 24 IoCs

Processes:

msedge.exeAdvancedRun.exe7zG.exemsedge.exe

pid	process
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
6020	AdvancedRun.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
1568	msedge.exe
6004	7zG.exe
1568	msedge.exe
5156	msedge.exe

Suspicious use of SetWindowsHookEx 9 IoCs

Processes:

AdvancedRun.exewordpad.exe

pid	process
6020	AdvancedRun.exe
6020	AdvancedRun.exe
6020	AdvancedRun.exe
6020	AdvancedRun.exe
4072	wordpad.exe
4072	wordpad.exe
4072	wordpad.exe
4072	wordpad.exe
4072	wordpad.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1568 wrote to memory of 916	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 916	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 4948	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 736	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 736	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe
PID 1568 wrote to memory of 3460	1568	msedge.exe	msedge.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://www.nirsoft.net/utils/advanced_run.html
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://www.nirsoft.net/utils/advanced_run.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe05f146f8,0x7ffe05f14708,0x7ffe05f14718
2⤵
PID:916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
2⤵
PID:3460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3696 /prefetch:1
2⤵
PID:3576

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:1
2⤵
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
2⤵
PID:4968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
2⤵
PID:4448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
2⤵
PID:400

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2840 /prefetch:1
2⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1708 /prefetch:1
2⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
2⤵
PID:4312

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:4132

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff759045460,0x7ff759045470,0x7ff759045480
3⤵
PID:1496

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5796 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
2⤵
PID:5456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4256 /prefetch:1
2⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
2⤵
PID:5568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6668 /prefetch:1
2⤵
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6088 /prefetch:8
2⤵
PID:5972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6740 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
2⤵
PID:5736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=1800 /prefetch:8
2⤵
PID:5532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
2⤵
PID:5912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6220 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2568 /prefetch:1
2⤵
PID:4800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2584 /prefetch:1
2⤵
PID:3164

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3816 /prefetch:1
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
2⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5808 /prefetch:8
2⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4004 /prefetch:1
2⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7112 /prefetch:1
2⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
2⤵
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5604 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,17410215688660096317,950739391849272751,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1300 /prefetch:1
2⤵
PID:4616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
PID:5632

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3220

C:\Users\Admin\Desktop\AdvancedRun.exe
"C:\Users\Admin\Desktop\AdvancedRun.exe"
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:6020

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:5084

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2956

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2616

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3208

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5028

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:5632

C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:5260

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0xe0,0x110,0x7ffe05f146f8,0x7ffe05f14708,0x7ffe05f14718
5⤵
PID:3636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
5⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
5⤵
PID:2620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2888 /prefetch:8
5⤵
PID:2776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
5⤵
PID:5740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
5⤵
PID:1668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4612 /prefetch:1
5⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1948 /prefetch:1
5⤵
PID:5764

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
5⤵
PID:1260

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5156 /prefetch:8
5⤵
PID:4816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
5⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
5⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
5⤵
PID:3816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4968 /prefetch:1
5⤵
PID:1624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
5⤵
PID:344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,17711437527989369449,6847226707094544233,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
5⤵
PID:3388

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:4072

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
5⤵
PID:1608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
4⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe05f146f8,0x7ffe05f14708,0x7ffe05f14718
5⤵
PID:5088

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x4a0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5976

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\MEMZ 3.0 (1)\" -spe -an -ai#7zMap17297:86:7zEvent9483
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:6004

C:\Users\Admin\Desktop\AdvancedRun.exe
"C:\Users\Admin\Desktop\AdvancedRun.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5716

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoExit
2⤵
- Suspicious use of AdjustPrivilegeToken
PID:5456

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -NoExit
2⤵
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:5752

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5752 -s 1620
3⤵
- Program crash
PID:648

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4116

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4980

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:4124

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 408 -p 5752 -ip 5752
1⤵
PID:488

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Web Service

T1102

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\powershell.exe.log
Filesize
2KB

MD5
6cf293cb4d80be23433eecf74ddb5503

SHA1
24fe4752df102c2ef492954d6b046cb5512ad408

SHA256
b1f292b6199aa29c7fafbca007e5f9e3f68edcbbca1965bc828cc92dc0f18bb8

SHA512
0f91e2da0da8794b9797c7b50eb5dfd27bde4546ceb6902a776664ce887dd6f12a0dd8773d612ccc76dfd029cd280778a0f0ae17ce679b3d2ffd968dd7e94a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
014c9ce3e520f19a8bba679c7296f8c0

SHA1
dea10f30a0c313c5c9e23e45b21ed5c5e02624b9

SHA256
8d37ac330684d1c59dfd971e5e5b8b1923e4d127262a8ed5159896358c52a295

SHA512
d473297d1104abedeb488e33d49b6d563d0c8e002dad29abdcd7b7735e14d1b32c36bd057421a52befdbbbce06260c58530ffd38aad4878af74a722e664f050f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
014c9ce3e520f19a8bba679c7296f8c0

SHA1
dea10f30a0c313c5c9e23e45b21ed5c5e02624b9

SHA256
8d37ac330684d1c59dfd971e5e5b8b1923e4d127262a8ed5159896358c52a295

SHA512
d473297d1104abedeb488e33d49b6d563d0c8e002dad29abdcd7b7735e14d1b32c36bd057421a52befdbbbce06260c58530ffd38aad4878af74a722e664f050f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
74772d44bd57caa87b1ab5641ddd714c

SHA1
a76f5b90ed28fe7678fd7dce57073bb9344a7411

SHA256
e12de4c8c5bb3808f4a9fec5f4c6957bfe75794f2d92cee7089828b38fbedfa2

SHA512
5aec46ae45a1de627f5d526b8e2c884910708f36261993c96a81fbe2e71745ecabea4915225e0b3fa90af86001aee2f2295006a813037a36098dca1d38a9aabd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
381d75be2ef0d97091c9ec08d18ee75b

SHA1
e23445bb9d2c4eba3022f1669fa7a60f0a9ddb32

SHA256
511d5c40d8d21c727ee7d4e43660046f85fd519aef01f49a4e1cb227a06a4738

SHA512
08d1bf00a1fc33730a758ac3be8cf84e3ab45ed302e29d889f98c228d678d4165e4719d666be1cf19cc5565e3c3a0d178b54efb8df42d9364f94cb8b6d9b3302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\58ad417e-f329-4b17-968f-77179f7fa27e.tmp
Filesize
2KB

MD5
e81d5bc717c02d82b7b78f190074f276

SHA1
0bbaa3198cd3a0eebed9c39b2eab34c87ff589ed

SHA256
3b30a2538bf1b0b41946aa12c41f8bddf32194033429a03ed294dcce7449d43c

SHA512
0c6e2220e1c924a3f932ea01659c887af24ab3cc8396ee1c81c929be20b4150283fabdc7eff4babfe7f226f27f50933037f6a749e09e076adf5fb700b5195df2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011
Filesize
67KB

MD5
a69d5a892093579ba2eb14e030cb887b

SHA1
1138a13f8c61e87ffa9f611345fbe1c57d836725

SHA256
7076781310ea6ad20afb3e8d4089aa877eada0cf19684b44a615d779c1427f65

SHA512
85a8327fc6ac3f7eef2a96454e3dd7a284c99fabf8f6d814382714d3ed8ea21f7f7b6d599953fce74989a64a4c9875db844bca0710b333646be1f783edf7d6dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
64KB

MD5
58442e87246f8c13069e8b637063ffde

SHA1
95a17723e5dfe214569b0b2523ae6d40716ea54e

SHA256
6ceb84d55e5da2e124f76a14aa2b673c21a0007dbafd9f8a701eda2378e80821

SHA512
502bfdfb5eae82d37ef0003a3ea13429496cbd8fafaa4d1a2718523330d44a4bb583e0d5061a14ee6718c8e394e679f5442c490233cee1c3937ba6e183d5ad1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
38KB

MD5
e4c780a544249a7967b82f07268ef432

SHA1
64b38d103f06b8de4241c62835f67b28a96d286c

SHA256
4d2dc675ba41d56f2aa6cc1286f3f127590c9748f7b4e0bf4c79b0b4bd620a9a

SHA512
74b9135f09dffd7a081889235d2f4c7a343291a4c4458ac69754cdd5790b455b9b98a128561d516202549e83671de13cc4e4b9cfb3ff195dc3d23b42885edf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
21KB

MD5
4335ef21c20ecc614035ca54e606b526

SHA1
cdaad692b7e1d6f3b0211cd1fdcf60b3018811ec

SHA256
79a496fdcde9b68e0867fe2262ab98d495f519a33329ff834038d8d9b0781559

SHA512
c410947fb9a2c06f1be8fade63ea466e7a9d7ea83a35b3ee2e3be8e80c27a54c2f2b5a6d64b0fabf09261961bdd70c2f13baa18945f0dcf3dda56d7d47f90267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
24KB

MD5
dbe7c6e02802a28d4866e76ae2ae212e

SHA1
1ab9c00502d8f9151845738767733ca76d937e1b

SHA256
df943aa1d3154fa150a2c7500295320100e1c864e3abbc04bac65bb2b3676c2d

SHA512
d9e62a59e0a6022109ce18f0f1f96d794cadd50488ddab2eb9472eb8dd3b41f5d47f05ff69527353fe8d22d644aa67a7bb3011b1750f1db837215575b63b10cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017
Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018
Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019
Filesize
18KB

MD5
d98f6933949ebc124cc652c76b4523eb

SHA1
b5cb19f3a4924d02e67b3a41c6474a741a6a6f73

SHA256
9e3f1271c142e7da1cde822650f2c087db51c39a38db21cbfbad503e882116d5

SHA512
b6eb511bbd0a32ecaed2c24fd4b9638b5b81f322dbaed7b48647ab3e8c2b1c06e23c12ad10acb24da0cf18843104395e14bafc1cdc4f8af1d104fcce3cbdb638

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029
Filesize
35KB

MD5
1b70b8e6058bf15d867ca5e4fb27a5c2

SHA1
aa9cf3b0c7651a1164f8ce70ffda2345dca3d90c

SHA256
9fd48bd8d0b0495c85b643d3cc8a530daa5fee2a4c49011b78e317ab7ac1ac44

SHA512
4d728f5d0e4d4b7f0e76d7717f5471e34acac2b3dc5576c1b98000da20210fef552259bf1c97836dc0f49b7c28bca6e356169a001839191377db0b564fc131e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\11452bf561130ea2_0
Filesize
6KB

MD5
96546aa6dd63bbb4c2dc4c55a9fdd930

SHA1
2b1c214d4b837ba0bef4f30299fc4165b0d57742

SHA256
037252069ccd7af7214ebc1c458ceff964ec71f968cc9426cb64128c9d15b132

SHA512
a8da284e3e400e0ba0e9c0d5f8f751bdc8a47c51ba017f09920b02770964ccd7f95316a49275ae730aa8a76ff14b05706bee60a6f40196720f3a49237a7fbe0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0
Filesize
1KB

MD5
831eb7b1f49c8da2b2709340c0558984

SHA1
63b7c4bd0f0e06a6976f258556f321245e3cba0c

SHA256
a526c0d217b2e4452a55a3a2708e4d47dbbd78df444c8eaa73acc8936a982111

SHA512
617291df1697d0eaa6ce1c33cbca29d3ad9dfded6433b95730bfdbd8cf20b7d9181fd594bc510a334d1318ab77840b0b9cf7fea79645fde97239ce4b26e45b68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7f2d1a0cec0ed79e_0
Filesize
2KB

MD5
f714630acb006df385eddc037da8cbeb

SHA1
aebf286b11468af26ee622855c3e23f76712dfaf

SHA256
dd0f48d8dce6bed95c20fd673efd2df1272c55139fd9a4f57db38d99004c4bc1

SHA512
72f5e9c4027a8740824a17d4dc69e04fc8e5b1ed8461b9f165de40e448af14a87508ab9efe225d988d088da0e9b49871dfc70720a85542d95c55bbe0e5205220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a4b9525940a248b2_0
Filesize
3KB

MD5
27626b171bf9699e36374fb69ecabb76

SHA1
bf6a0d17cc739fa9c1a8e972790967cc581632de

SHA256
4ef8fce3567b9d3b271cc21cc9c224c018ffe7ce9fbe0cae68da5c6ec0d9c26b

SHA512
99710433c7eae0e8e4f7c37e311cfa62418376da37da1dbf8483497a3e169a3a82c553416429c747b495c01c48df5d79e4599c2b4c7a543a455d66f653a26b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a908999b3e5e8946_0
Filesize
6KB

MD5
ba06a2d7389cbfa998bddb27a18a5399

SHA1
1df31416214979b814ead160b46812f9f6c4bb7c

SHA256
b45120454a20b8d3193c6e7041335dde3d116ccc0aa6e9c623932898bd667fb0

SHA512
93d8fda1c9234918f85a5c92af4bcf0e1d89f2bb0c7d6e32bc6e6c0ade66c71512370b77d62eae32f224635d91482243d883c0d2f4f89b72517af48bacbda591

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da7c3efdfe9dc804_0
Filesize
1KB

MD5
1823cabb5aafa2dc20301b578c0aea11

SHA1
241c4fc0ac449c4e7bc226c0ec6f4f526cf16c6c

SHA256
cfcece572b8fcb283d23d897d45b66baa1e1e99356939512f5aaa971650a1637

SHA512
529480910b5b1f2792a15f0931e345d270ac9e7d86ca4db13aad699d430402aeed3379e2623576f8a6562e13f1d729d02afbf51dd3c030865bdc1969f43b0f42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eac4495b9f413ea0_0
Filesize
1KB

MD5
1b802aa66e0c1b7543b9c46086755e4a

SHA1
2868cd010a095196826832c15c61d2735d397d5e

SHA256
2915f232d0fb3d66d25b3188cd68d056358d3a15467f78ffd86374d784d8f1ef

SHA512
c190b9322697afd6734468651957ea620f85f9c3c7bf1257d16fcbe6d9bd9455afa2ac3e2cba96f5580a5eb9086c1bbd058b053b7af44cfa717a9e05c5daadd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ff51a1be27f78052_0
Filesize
2KB

MD5
49f0163f505bb39ff122d4660f2b1f62

SHA1
f0dbc2ff7bd1cc72292921a4ebe77eba3ac6ea4d

SHA256
e79017cdd7c7e93b8ee4339fd6df19172c4f5262d4380e53c9a005f30eb23881

SHA512
f4ed8f1e5ecb3917931170423a6b95e55c7c2ecbf6bfb0aa9ce555edee50160090d30fc12e241bd138f3074ed3f1679c337029ee5939a7e33fdcd8dfb8158c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index
Filesize
4KB

MD5
60a6c968535a3a3b71180b452c3990e8

SHA1
6f19285da9a8dc728b2e797e0f6901f376b23f90

SHA256
4ee8d943df4dde05dd88d65b45f2d2f53a9e099453e8a56ec64b3ef657950e6a

SHA512
fa95f71d841ba3b7404962b916f41dd77e0f63bb247ce1bbf2c95b54f74c7fc7135afce641115a96cfb89c7e268f45fb68545697543e41e55ff71aafde781e6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
b840d51a4e52b2920894fdec989bfba1

SHA1
70af7a37e3eec109ab7329797995e8e60f5b5f8b

SHA256
8ff137a3b0b5dadc3b5197c70d5fe090888a6661176a0fbda33578b0e35aaa47

SHA512
7a0908226a85de0e57c05db546212ae432c97c0cf5a75d1d8eb6aa46c46c73359b29cf099cb078afa5217153403cf1a4ee6ef3978a30da00ac20e057261a45a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
6246c3fd9ff5c4bbed7d0828926e0878

SHA1
bfd4faed3d0c30c593a12adb67311d887522151d

SHA256
6f300c2ffdf94129ede317bc8d5352589cb8b25274146b01fb78a11029c0cf99

SHA512
751a734d391dba921bf84efc9c8f4daabbb2a2222d5ddc0fb7031a412bf9d9d34e69634682c69b63caf91fd51c7911bb4213d785073d61852cccee526fb662f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
cf375117d739fa5c95264b109907cc2d

SHA1
65be7b5d2fde751e9309b3cfab834f29ec1b6e99

SHA256
0b5c61e6280ec2713b86c36c5f6245607d02e93feaa8347aa9ef33026759164e

SHA512
049e7e9097b6f09afccc3235524ca388c47235f12047e420475afc5095c81805ac863e74592e9c233fa8207fd7180bde1502ee89761d40e033e5746146ef4cba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
f7b5a2fef8f2660f4293d6e08dee5f19

SHA1
4dceaf6352769678957dfacca94326c81356f533

SHA256
90152e222e57cae0ff0cfecb5ff5e961edeb44adeba9d124428d8af5d8580c84

SHA512
bef14a5505a410a02fa3c089e0460650dcf803f1e177033ca63d567eaddbfe26ce2f7f210f155216e9318521cf3795ea2dfe9212d7b9c417e3de9248e6380c3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
6a19f14632491021f6e555cef87a3bfc

SHA1
ab58ecea7013ac4f673026c7b7b2c17373af3f90

SHA256
1cbe78c2c729233e12a0899a0bf4dfb23b3e51aa1f1422ac5a65ba36e4a9272c

SHA512
dd995176f8961fd2f84bf1b9e632f22da705915a9a6f837ac6950dc0d30245ed695c6cd23b06b5556a7af7df086c1b7a7296e5694233c1d17e7ebecab8fe84d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
3803c06ca6d213340b98001847638de8

SHA1
41c4565b0e599d89eeb6e7ca4a24689f2de9969a

SHA256
5fdada5a13b6873eab4fb88edff7d303e6743d3f0e02f83622c219b5658ac1a6

SHA512
8df20df77c0575fafe5f79cb39edd4281747936ad68e553c1f165f7c15663c2a507cf14a7495da9d7cb6263111ea6430ab0cb84e95e6e5883742dd569021bb69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
1e21668d5eccde49bec27f3a7566050d

SHA1
1565d1859937418de12bf1596fa4b3528572e0a9

SHA256
054f4763138b0918d264deae9c9669d52b97dd07f5846bff3d48022919840e44

SHA512
72d9db4b15acd2fd33ad2b18fff7db76d480f1a17845ffaf50c9213147b7f9cc553b0affd2ea0058a1c0ce248703da840fcbeee22fa6691f209a5c848ae40b27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
b8c95ed26645a9df8e43d5c053c3d140

SHA1
03bd265224f20fa21c1c7e26b0707cf163537631

SHA256
9f7933060cb16ec38ef00b863465ca0556c289c195270ee5d6d6163827d3e24d

SHA512
9c1950e447012635eb0a536a33024c6283029c2b87be3d87610936ab8d65624d9f409e3c82062a47222399f8b881bc97f4686d945642d9cb6d1bc7808da156d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
19ffb890df5b1d2817ba390653885f90

SHA1
4599cff66e7493ab7686245bc7e078dfa845ecb7

SHA256
539108918c9cdb36ea7f6d0aa2aaacdf6de183a1083a510a774e24ffa6b0becc

SHA512
259a3eb36768818ced64c95d3e3302a6b19ba65ce7a9b0e2935d96c970da6a6c29fdf835aacda188382ba50f181a6d662e75342137efc573e4efd5b1a5366b3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
ab21051c86b6752218ccf29be92dbe61

SHA1
032b78eaeae502accde79acbdcaaf716e9e60580

SHA256
e17eb49023e940f92b8cb69b5a3e0bc8d30dd5e2454859cb8788625f45c78616

SHA512
ecd2ced5f1ab20ccb00aad762ebe27309a81feceb5f79f8cb3c6dcfe51846d9bd96986eaad079925b3707945da905d8d33d5f0cc819115448a6c3b042f335ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
1a77d87dd5cf8c0911f106d5918bebb9

SHA1
d03f7af2170ee52a945c43c9a61e255574277653

SHA256
a441b6f38bc4f9a96145209a8033ca43d32346aa9b09bb88ff3c964f804302cd

SHA512
7df67d92dee637230a37ed1102cc9596f6c9f14763fddeaa87bdbf634eb979dc6e1a8fd47a079ed0d1fe46006aa047d2d05ed69bb2c9b911d32c440318841b9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
c3364aa3ea79a4c921474f856c421d29

SHA1
355438e689d57a8f9cd66a60863e85135f28a778

SHA256
8f1c3b27eb75954096bbbaf768c475b6dc229c3ec4a61474a63e0e000e1da17f

SHA512
6afc4531387b937dcaa5d7c3e2fbbe148157dddb593adc7dc7aabb356661c728eeff1002b2ac97aad70cf9e66add935e0744e8f16d91d5a0fb950b4194805ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
77812b2285e070ba59dba0df63aa36a3

SHA1
033627943c027a26bdd66cc4d7a3ed01d0a78ad6

SHA256
75009ec68edee1ffd73f428d59c04c36255432d171c446faee7a56bda0ba3142

SHA512
eebb6fb64b97e9315fd46c1d2753b5d8ffa6de21ada746aba8fe35cb05a9c892628c38f8b82a3a4d0d6a8ecb6b127c52a5f71dcf5f862d384f00524d95574648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
15ef66ffeba57d2768d9a2366bbc87a8

SHA1
4995314018ae966c4ebb61ca2c8268f357ed3602

SHA256
11084c1c67a1b6d09d53afbfdde388eede8344e8b36f670cb29df3d770e2e364

SHA512
93ca6cbc1cd19c9180e0ee5c1f3085e8a9646e019c770f1fd3f666c87543aaedb14eab4caf3f9694d9a4ff903f6745e7aaaa03dfe835f5c24cdcf53592037a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
ce0b4b73513f4e72934f51a43583609e

SHA1
a1750f031533ce77e8dae192f2a52ee4e9c446e1

SHA256
47e7e2c30910641c93b539a6d42cae5e08e98f3c007fdc6cc8bf7f1df53da844

SHA512
c7cae08968961ad4c63f8a633b490acc186349395fe87768a2a3532b96e353388695bb5cc0eb03ad8965710c1870bea8a315f6c675ff54e522cf2c914e65398c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
2KB

MD5
d551011f14f6c8409bebb03324617bd7

SHA1
73324b699e38f210f4d6304257e56e159ea2c76a

SHA256
36526a072d8cbcdf44d728e17eaf39c8c8f708435161f34f877354cdfa423f6c

SHA512
c26efdbdefcde18ff1236e54143e3f99dae455f935451cad32a52891be427da2e7baf89059489e330f85a71c38c420dfd0c88d3770d250a8210bd9786b98e4c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
a367f6b06713e34851355938826f2d05

SHA1
2045b37a069db96e53365b2e416c223a647977d4

SHA256
484daec7f2fe6e4c11078534b1858f3f59b3040c3801309729624499b9af9e18

SHA512
2a90e1a021c383494c1531cb94d908abb18be7a767e55a8b761ec3834ca4be1f1c2874b82b12573eb214723b1ede127b8542c7a3728701aa3e7e8d44b2881aef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
bd53141179c7d33c837ccbddbe7653a5

SHA1
6c2cc4aa13f2c16854519aee685e15e2df588d9b

SHA256
a83c6821734a3390545c9294f8a9cf5a32a47d89bf3fb35b9f8492bf46c7e26e

SHA512
dff5a18f1251eba4c18e516e1f92d329299f6456fe25e169aba04278b0377e40188fdc780f23a084b6593c593f65cdf27633f7278f6d3e7a232e82c6fe987428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
5358f87929e06aa4007bfe7796f3bd2e

SHA1
2c7d51778ffd3655f0d5133e20411576f07a18e0

SHA256
088d0a41d16b0a7639abe105d8f2f049cab0712568b7b5f40e1cfa1af19c9bbf

SHA512
12361018da49382a0a1076a638e8317d5fb5feae19561bf92a507a11eda00e55320018b85def9532cc3688fc498742fff1149b11c8b9bc2e4db814ee13479e3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
424d2fa162a47579cc4dc4c280ab84fa

SHA1
91b150b6be60eb76c976c1fbbeef54f068925158

SHA256
f16ba0c3030090da80ea61897188c79ce31103b4cad71b81b08758d56cf6ce21

SHA512
e8db62f27300ad4960c6d0b45d301f25f8d3876dea0db13f402b3f335805e55adc3ed69ce653f8d976258fe87221519cfa8ca84110768d5512bb7f38e6d2abbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
11KB

MD5
deee69b10ed82ef43dbe090dd4f1b53d

SHA1
0644d9d4962fde3c37060826daecf2b3aa90dfa0

SHA256
1e9672fb504566514a212557cbfa246bae76d1c040a8ff607c3e1002d03a00e0

SHA512
65a6cc3dc76861dd59085b2554ae2f33eae0fb106b7b3cc48e64b3d63cbe19ba477daf9bd7b3a63039e9da6dbd9b65ad3b59089a20e371cbb3708bbe1662cf0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
256419e9f53dbf193820ba38c92091e3

SHA1
4989740b4df0491998605f23ae4edc6507ed5deb

SHA256
07233afbb80042f0b1fc6111b48d1161dfaf0fcefaefa9e08004bb8712f955eb

SHA512
de981bd870e984ce7d330c775c1ab967cd7d12439391c3d9ad988ddccd7d241dc076e543c2d687b41b404c8644733b9d3a58781650d901c5de4f5480b1de072c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
85839d5a16dedd9b6d53cd77fd3fdd90

SHA1
2fc5aaa948b095f56a0c62fb084d5153f82c94fe

SHA256
5d56500a9bd2180b9dd522f593c88c3cbcab8d78d525a02f311cba1c9edef3e5

SHA512
7398b728c961fffb214519aa0ebfc8d1bc377910573db9448256e2282cd1a6385c0f0249faa445a0ec53fff2aa8a420bb5cd3b191bb509a4d1e08a35f0670e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
a3c1485fcf71323dc454b512900e6d89

SHA1
6ea7c95da1572a626991fe538cb3e0f9413788fe

SHA256
78c36dfa421ce99196fb1d443dda25cffa94a02808b9c9720d9116202cbd37ef

SHA512
aeacf7304cdaaa33e094a13a9800e01de9eec027a925d9487a6e5f67d33a45a8b4d7c23414d7f15a1b4ab009bcf8756d784a9c250b0095839b7eb0bdb9a9f667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
fb88b3f1aafe2ceb5b6017d589262e94

SHA1
c20d93fbe422a874063483e02f6c92f517e9ca93

SHA256
26d990e2ab56772cf2fb33ace2aa83328112502d281b69029050ac4b8ca5aece

SHA512
d57e8f87b5465321027f19b3efe83dc963a236d10ca1290e48f3e0b32786b147c80110bf22050590ae6173981b6b671ef057fee75694f7d6335c27ed73e1c5cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
fed87304d90108671eb1f78135a7c063

SHA1
327c0b84f1e9e6676cfcfe4750eb3df916285d24

SHA256
9ed710907c45b9cbb38b354d822c9dd045b737e59f2a05fd97a91561c306e8e7

SHA512
19b87edbb2d6381fcd81965844d31fd0f11059b5d87b586fe102f390ba60d8645229a3ba459a760cae117556894ab2255f148939c4b47090eb17063f2b3e2a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
6df32c5f40afad1f0a3fb9c447189777

SHA1
81f5cf3af25dc89ec10d6c73d36b5103f94d39bc

SHA256
3b3d3111cc49485cb64f2bda7a06e629a9dd586df7ddfd312119534c8bb7ddb5

SHA512
06e764e20ef42431d3b61c743069e4d5a874d81e650ad6bee150c2fe8526fdc1d692dc1ca1c8dad43118b04130f8edf5edda6e9678ac6ecbd92ab4539653ca98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
9KB

MD5
a84ab297ca9c1a751e80444f29a4e179

SHA1
bc5e8732bb7045420db521d44b35cde5e16561ab

SHA256
cc3f6846c1e37afca8e43f090d20953faacb98591b88e0b97fdf1b8fed9a67d5

SHA512
2c02caa0ca907bb8e6891e7a4a4488d22e5168f1eb56048469b64fc06c0c99c46ae0800dc8cc2e148624bd633605a3ebc4d6853cc2e08b47582aac5a69755aa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
71a7bc6fcef116143e44a703cc706762

SHA1
af4edd19a5b85f500dfb717847c1d7f78ac4cb23

SHA256
58a670b176f3c99739df475fe4b363df00a9cbeef0a4d64e029481e03b6573ff

SHA512
aeb317de454d1db45314361964d5d3e71fdf87dc683d6a6f29c8b5e96c7ec3e564a55dfd05153b7618f409968f977abef5beb497b104d12133d165f18337b63a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
238ed3ed6ff6eaad558e6f0e10a6ae7a

SHA1
529a947df39500ff734f40431afa341f38cb1988

SHA256
2f634176625019556f1492a97aba4166c6e64b6a19b51a6d5affd377f8dddf10

SHA512
908d1c6030d2c34ab1ec93b8bd27c51c7ae273e90f233fbcb6e279b19b7bd5625262012b0a0ba8d2d7993e2e431d9069e8dc1e06334fc775700609cc6055020d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
10KB

MD5
238ed3ed6ff6eaad558e6f0e10a6ae7a

SHA1
529a947df39500ff734f40431afa341f38cb1988

SHA256
2f634176625019556f1492a97aba4166c6e64b6a19b51a6d5affd377f8dddf10

SHA512
908d1c6030d2c34ab1ec93b8bd27c51c7ae273e90f233fbcb6e279b19b7bd5625262012b0a0ba8d2d7993e2e431d9069e8dc1e06334fc775700609cc6055020d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2fa6e4bedac551abeb3a38761f74639b

SHA1
149413f1cd79ba274d703f76847ade530beb2053

SHA256
a691bb90834707a16bde298c06f6333a21e4593e2bbd753e4e621e72ba569281

SHA512
17d0a439809933f8042e589227f9ae15af4e2f565b705f86ee9025efb72be24e29d5bb05bcb4275eb219861d53082a4065eecf091cef1b0170501abf668a7b94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
5df2d9036cbe7e54738449503c15080b

SHA1
26b3092e531d05f2c1c075e9a173f50c45557307

SHA256
5b4a2eb21da6268eb48a0b0aded72e56e39c637f0beda65aafaa7478508c8ec3

SHA512
eaaaa17471cb1527d5bf3c9e96c55e0916661e272a55b785d927fc081187d7e4131879174a0accb536c183445e378778b3bea63cf8202df3c41cdd26c178d3f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
c325881ebe65f710ffde9291a337fa80

SHA1
1ee282fbda5f7c9b49406abfc182cc83148883e6

SHA256
3b769be053cc0fb275a708dbd5e7cca5af41a5b4994385cbd19266e880da9c0c

SHA512
f28ba69ec56f4d1dd8e241cb47d4514ac7f9d9cb177929f1c48dbb04bcc9adea13d95f415dfb4c660eb3c79ad1211ca15459b3c566179365d026ab3e5b4cad0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
13349a786963264e4cebb04e10e077ce

SHA1
edb64c345a9bbf211650572bb62c71fbba2b81d3

SHA256
6713339b7dc723455058ca979fd9616c5f116b3e521e70e7ac42d825468e2389

SHA512
7e4c80e113326fcf51aee8890fc87ed0472c6bd050aab3a480b018f3dea803854c1fd3377a609d7116c7d2d2b607dd8c20bf30a874f1f1da405cf267d276a2d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324820350603623
Filesize
27KB

MD5
afcda13ef7f71060758d26524a57bc8e

SHA1
b7798f67d5e0686f30ceb0573fb556065d4e44f8

SHA256
723c2f933b486470b3c7127156dae3f238758fc800a98cc2b02d4bd10556c36c

SHA512
5307adfca3a74b5e42cbc0e17de7991235c624ca494eeff9c07265521aadcd91437c15721da96efd58982e2aef3acf7fc3af11a84dcbf1770103d13c35a16474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
391B

MD5
51dd09f3488aea5020cc35b21cd226bb

SHA1
692477a1d30805e2de6e5aa71c64efefd77628ec

SHA256
2ffadbe56027dce95185fe1aee070e0c26bfa8ba64c39b0385fc6d23543d9f31

SHA512
6c86ffb3fb2b1a135c51fff6d89f74c1e95b58585ff27b6e41abb822a2668f98bf8d9a9c88281324134a61c6d503bc3063b4d3b647a0f06ff69562b350985bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
389f50fe27b2580f4fedeaa19a5d8405

SHA1
50ed7845df75931de2a49f166751d1538013051e

SHA256
abe8e7c4c11836d20215355d144af4f235eb3e9215ce2150e59ef6b115862488

SHA512
00ef709ac6b7a5da1a2cac227ed0002669c356a5af44131724baf8e1bfba219f55e7790fa6ef3dfd070694c7cb2ce6092befcdd2536e22a2f66b6ea9714c4e02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
326B

MD5
58ae54c877939a21bc1d77262b709400

SHA1
e06c60cdc9ccb7c2470d9f5b52cd9080ce5121ca

SHA256
789b6e3c055a57ed369bfadbb945ee0721242c67e1f3b262471bf259b2ccbaab

SHA512
d108e671a22cc8d25ac4bba8a9367e7fae326e02abd418c44a71b41e331862a6e402e368839bd577e9185932b57d12e44418007d24df2ed721de600cc006c1de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
b181dd49cb2de7d1f51708acb24c9129

SHA1
54e6dcdccf0dc6db8f03f8be9e915644bc675121

SHA256
e81fa4d5396f898583b117808e53ab00375c595ad50082ab663c132681ef87d3

SHA512
5f4fb6024f1ec3610ea47663f0ef7445b46e7931e8cc71b06ad19a8cec8fd4dee25c92c18d756aff25d7b14c7c410fb74ef239039ebbaa88cf7d774df8fb991b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
63ff70598c79bcd5e578cff458e7683d

SHA1
501f2c805a99f3bd589113c2b05122a2f173a310

SHA256
9aed20b3dadd1e1d10cc7f0da079a60618ecc604964896acc0db7f87ece57177

SHA512
17e64d8e6fce59116b48d018c3305fb0b702f454435f15df111cb6d35d4a80d9f730f9885fde4ed9cbbba3dedd7468eef2325fa7f14e9bbe31d600f64df1d5e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
eb697ba73071df03dcdc67d2045dcfca

SHA1
c188b5db6f0cb702b04f30ccec4d35c630c20129

SHA256
adcc4a3d31c29e012b452212407f73d9999c2e20a7dcdfb61922640060528db8

SHA512
c328f93c6bb3059c9295e0b537be77b78d37f486de307a069249d7bcad4bfcd645a2dfadae51cd07055aae16fea7406d19318f0dc64d20ad815aabd206db20e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
a7cecb8345ab85cd1b1f6e45ba2a7683

SHA1
f946819ccad699104f19d5d573bd2d94cdbd18d5

SHA256
a3304edc2ff19b215f071fa61ea69e43b4cde12801cf9635dac5af5167fd7acf

SHA512
b22043e9171f2d36678ccb6f59ef5e583db15ceae0987ac9f61fac962545ab69e6e6c8e211d431a69172d08554052a43fa84181bf4a8e9fb9f45b2cb6a562d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
70db32511346321dffca33a0ac7ec498

SHA1
1716345025cfb6165cb93bc92124ab7dca9a8177

SHA256
ffabdb22c3f706280d1b559c45751fd0ec24bd30d9db3dd15eeff2a9da348500

SHA512
753bac0ef1924590c4ae72f950dccbd9d6aacb6d9e213b80af5ca583c00449ab21fbc3cb4693b4637229a36740c6224c796cfbdeeab54c19f685931451a060ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
96b5e57ab8c69f35ba50195830c2a23a

SHA1
a1fc7af4d6619f5c592be7cc622e12c8d4c03992

SHA256
65b100a36ea0ff647f74f561ff1f7fddd6115da2c2e2fe89da62094c68a92c52

SHA512
53fe9c80e09676c2c76a1621439087d0900dd7a4d033bc5310d5e2a4e89cb3e7044fd76af57f3c15f683458004c2dd38f7f929deac0ef804ad09fefb313ead39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
89f28c9d8a12a2b35c5e22f3d7c9dfba

SHA1
aaf706c874ec92b15cbbb9cffa5f7827c8672909

SHA256
b73034f194326891f667c04c33e4c2ec86b2e00a4b418d9539fff2d15a33277b

SHA512
ce2217dbbb18e8b97396037194d660c0d6a9a99036464e50f42b7eb1b18603d25d05e3d5d7362a1dff4dc9659c7da76539f0dc60e9c1bac56b43f1a79903fbe2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
e780d2eebc20ee70f61df6c3f8aae9c6

SHA1
2b1176d61e82ea691869fb84020cc7bc542256a9

SHA256
e08299bc2f95272f5bb54cce8456cdb4119b5e088ca301dc8d48a64865863100

SHA512
ae00eec658ba13c1d1171bc672281e97184a38cc861dd031b0fa52212fd59e0a5e3b99d26e284daffc79ef5e1f4a9555172be46722c4b00e8813f917775e5bc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
4492aea388da4ded5c1a800db73c7428

SHA1
f1dd6454f5f139358d75d7a42445257032fd503c

SHA256
9752184b78519d130e896c84ec71628fb5b4f9b26765f13825136fe7149250aa

SHA512
abafa461525fe4234e0c9bfc21494c44a4502bc77562cd12f703d3e4b21ab0b23687eb1dc4256e6dac9c26e1887aa6cbd64eb5be2e1bb03c1e9e46b16fe7713a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
77206cabd8d94cacaae7c16b4bc2a374

SHA1
db3cfd5c59fccad0f1e048e63bbaa86927eba8db

SHA256
24034bba09990a09aafc60c3aa49e16ffe9a434a32b9d4798c0e479e6f659892

SHA512
ddbe18aa88e630fe5c2795f2162cc7cb64740d7ded2a703a5503e0e19164e01a2652aea719c0ca0c93384ad6a2325c909eecd267dae03f2115d053e9ef8aa7e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
00d55cfd028d1197acdcdbb7f0e71eb8

SHA1
2104f7f0c672a70ea809a52d2700fc9b0e38a436

SHA256
06b03fc0338f7c610ddb598935500b9dbc6d9d38530afa6b02d0632a3e892703

SHA512
82242e3deb01e1b3f9ba3df9d74986647cc5dc0f6a501eabadb6ece3917317891635cf6207b70b76f41684588cc9de5a1585ebcbe30c56fbc726e844e5983f4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
89b0ca506d1385e3d6534f4efc10d135

SHA1
e6fe56bb6395539314a6b5dfbcdc5a57debe4f0a

SHA256
7ac7016773ff6a615770fa5b183f7a3228ca1bdaf86b655d762d70fd7d31c807

SHA512
cbb19bf38ef99b8f6eb58167ef099adbf07c42be6b31b488f36ef58ce7dd1a7eac4f9e8fa6f3defeef59e5d2acd386bfe82513b4027787a012e309d22ce66862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
2KB

MD5
4f363669dcb6a70a54572bca8a5a6263

SHA1
996d3a55733539ecf94301282e845e2b44cb9fd9

SHA256
1cdfbcb63c1264cf5f74f35c34bbad72bdc281af43e3e7dc27d380424859a4b3

SHA512
2633bda835a2fd8c04372f54ed2f1629070b4bac659390e0d146db5999aeeb28c8ce86439c164ecaf4913258ab08bc3f813d842071b9b914e77a5de8cf1203a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58acc5.TMP
Filesize
705B

MD5
00e83c8caef6bda72724b5a94a4fca79

SHA1
1da6adaf74f1cec270f381906ed916492c0e1b71

SHA256
59c2c56187e7703b558f8de0c878f672356975905742a4fe2f6328228de55826

SHA512
f9528a1b698743764d59e8505c7ee67b21f9a8398b6d5494354717bdca2382e208e6139b99ab217d3028aca1040e57bd97cd22365686e3760e420c8b183da3c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
8694c38a699549f9349eac3016e669a9

SHA1
e8823c8af8623b2c8404f95029d37887adefae93

SHA256
b7d6404d5b6869700caf155b61db39d83f1c0d7c93d9803d432a846acfa9cb0f

SHA512
a599851df7470b1529da997e5534426a39a3955b2b63efe94987131df8db1675161f5582f5b70e729ea40f415ecdec7caafcd8999fb5fb01c9a03f54a133fc93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
6830337c82d1d80446d843eac57aeb06

SHA1
67d44ee40da72ec5d6414bd0940365c6dd2fb7d8

SHA256
26d67e20021ad8f3889a65dd9ba1a46345556393c1a7bfe37efa76e791e53772

SHA512
3a7ca00c66a58d0db8e16321e922bce7b7acb78391897b4993a86b0245f6f8fbc98ff8b81f9344c938b5cc1cd08f2ec16c9dcf5165126a8c8da4eaec86e4ec66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
3869e52d2977471215050315602db6ed

SHA1
c8aafc3a53c7262a71d2c65eabad12026dce8df6

SHA256
1028f3b19685d70bfba254ad9122911b95bb9303b8ee994d3240ddc881259f96

SHA512
a805d143389162043ee8ee9d98bb78471fee60f5b7bacd8fc5b3142a7d5553267be2799469f2891fdba7a342a295d0ef443e256c33c218d4f013c8e438d3295f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
3e4dad9a9dc013e52247f207dd9f6aff

SHA1
fc717cbb93dc3ad51476554923759cbb7b9061e8

SHA256
11099f08a3c48adfcae96c714056bd024a07be63eb8417c5d04595f268d82b4c

SHA512
e5bd45bfac0d8a4e556a3b711e62e2d4b790b2ddf713316632e8611599fe1dfcf4b620223f3b161682acb9b3e52cc8df8a4ee00a64bf2e73b112d0b8957faf14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
1c119e0a248fbcb4db0046c688bfba22

SHA1
31f67115ef376773efad9ae1681dd616174397cb

SHA256
13463830143c680e8f71fed62ef97358e57f9b45e5c6acc4f77c3a741ff12ac5

SHA512
5a29ab2267a4aa8c2c22d72f014c8b4511615f5bdbe1a4cc2afbd35b8628beaee66b963227b03a099232010df419243ed56dcff672f06ce1f8bc601f534f6b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
95323d40759bfb0e098ec156949648f4

SHA1
aec46d0ee9143736343fbb7a47188fbe3a6351a0

SHA256
3b8edf790c14d6b0ab9faaa64748c058746c298a95dca98622b9e20286ce8b4c

SHA512
dae00127a7afddc28c1817b13a1c9b4c71618948b977bb31ba4289b53ede1991badea9b9af5b6e0d5094727082183dc0959a90a2c1932dcf9faea6e2c88518b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
4e46e7e2030de0622abb017da55eb2ee

SHA1
704679302715f2eae46102f17f86f8dea5741bdd

SHA256
f1f70f853ba4b9bfe2c02f6dcf056a52a0d6e8b914caef14cc077e5acb95399f

SHA512
a725f3072476c0891ea50c76d9d52467d6fdb4ee16cea0450f2f2067a8efcc8a8f1d460880a13cf30287b3e418cccc3641176062700f1425af3265f830b9c6f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5358aecb0c1703bb230368a118c71f81

SHA1
3a73fdade999ca59b83536294991a96c3bb07427

SHA256
892f6a3eace6a6c07ba4839f0b1d6a049efb971f7b523170ab018e851a5dc498

SHA512
8b31335c323179f2fbd04ca8517c21f9e090bc82006b5e2a7eb4a03e67be6e9f60ee6c6865ed05fcc14405571da94cf44ddea88547781746a9dce400a70a224d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5358aecb0c1703bb230368a118c71f81

SHA1
3a73fdade999ca59b83536294991a96c3bb07427

SHA256
892f6a3eace6a6c07ba4839f0b1d6a049efb971f7b523170ab018e851a5dc498

SHA512
8b31335c323179f2fbd04ca8517c21f9e090bc82006b5e2a7eb4a03e67be6e9f60ee6c6865ed05fcc14405571da94cf44ddea88547781746a9dce400a70a224d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
8218762409ab7a9754d8d9c3e3c9a8f8

SHA1
2b35b53b40fea3b89dba6b7da404333acabd8b75

SHA256
8aab461637691a48ba7c8e3bcb3d74b59bfdce5588b5c42d50f23e13a7dd1d98

SHA512
3e1e4c03d79bc74c2ce9f830155137b107b1c8f48445ace06259488d7599e9510a8c39ef4d26132046914e43d44353af06dd77183dd9807aa13dbd17388f44e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
52b8de8e4da989f81e8f4e91d76b1fdb

SHA1
2cfdc553be9b35778527b4fc9aad01e4d2ae2ed5

SHA256
d37c8de3ccd25573dacf296a7c3062ebd626d24ada343a71c73eac388170f042

SHA512
3036b583ff8e860479c946397a93ae3fd443d5e3e26e5381933a8bc7307f34af73b3d80a58c8d6df5fd357107c40763f70cbc1d48f2fc161b8f58ba91cd4ce78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
52b8de8e4da989f81e8f4e91d76b1fdb

SHA1
2cfdc553be9b35778527b4fc9aad01e4d2ae2ed5

SHA256
d37c8de3ccd25573dacf296a7c3062ebd626d24ada343a71c73eac388170f042

SHA512
3036b583ff8e860479c946397a93ae3fd443d5e3e26e5381933a8bc7307f34af73b3d80a58c8d6df5fd357107c40763f70cbc1d48f2fc161b8f58ba91cd4ce78

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_frqs3hpd.puo.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
37876deaef83d41a3a60913c4b7699f5

SHA1
2045d6d5d686a7626409ed982f05896c670c943f

SHA256
6870150eaea5af1f482ccdc05e5559477a57df24f960ccab34d0e569cf91828f

SHA512
af0e7b6dc56383a35123c4507e3c0622813fbd6684422c5f617c0b1ff7b552a2ffbe29f28cde0e3503d143655eb5baf262610c1600fb753deb09c2cb283783b1

Download Submit
C:\Users\Admin\Desktop\AdvancedRun.cfg
Filesize
631B

MD5
d16e8cb2b93e9758df1d3f3922fef256

SHA1
5e21126caf7e87ac2bf661f8b74ff0dde5f58ba8

SHA256
6d95bb0688214582a28b324f6283973f79628d445d027261587c3608a8ff9c01

SHA512
1fa459025170122022c9b49f7fab0aa1497b1c4dfb6bda713eb439f7c466804b6c21c0260a3c6811a4a9f115a52bf44175a717ac70be7841f14eac71d08eddf4

Download Submit
C:\Users\Admin\Desktop\AdvancedRun.cfg
Filesize
813B

MD5
518304cf0f2b7087f463899d2d5fbe03

SHA1
621b8cb9e4f29c214ebf206019d4626683ef6c19

SHA256
85141cfbe448c0e6eb4622c9ff747c12b0bcb13a050ee96f509ef10c1e5242b9

SHA512
64bc91a24669531a19b3eef2791bc444c912d291d57503147fed13c54262db3b1106735043ef2c3841bfdc186e94854b6cfb96fd56da88b90edbb61458da4c61

Download Submit
C:\Users\Admin\Desktop\AdvancedRun.cfg
Filesize
813B

MD5
518304cf0f2b7087f463899d2d5fbe03

SHA1
621b8cb9e4f29c214ebf206019d4626683ef6c19

SHA256
85141cfbe448c0e6eb4622c9ff747c12b0bcb13a050ee96f509ef10c1e5242b9

SHA512
64bc91a24669531a19b3eef2791bc444c912d291d57503147fed13c54262db3b1106735043ef2c3841bfdc186e94854b6cfb96fd56da88b90edbb61458da4c61

Download Submit
C:\Users\Admin\Desktop\AdvancedRun.cfg
Filesize
813B

MD5
518304cf0f2b7087f463899d2d5fbe03

SHA1
621b8cb9e4f29c214ebf206019d4626683ef6c19

SHA256
85141cfbe448c0e6eb4622c9ff747c12b0bcb13a050ee96f509ef10c1e5242b9

SHA512
64bc91a24669531a19b3eef2791bc444c912d291d57503147fed13c54262db3b1106735043ef2c3841bfdc186e94854b6cfb96fd56da88b90edbb61458da4c61

Download Submit
C:\Users\Admin\Desktop\Microsoft Edge.lnk
Filesize
2KB

MD5
ca4f87708872432ac97622d5de0b001a

SHA1
d566d8ef88e715f3f514b0d8f29cec0233bd6daa

SHA256
172bcfe2112afc2296e0947a0d331a1cebfac51bee5a91c238126131c52c80c5

SHA512
e40a2b90ffe0e982303f2bf266a51ef73ff59890546bc6d06f3e5f86b1e217c789ede0eba7e03bfcea60da5bdb61b910948f0cd21d0e8a3fe540f4da73cd1c7c

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1).zip
Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Downloads\advancedrun-x64.zip
Filesize
85KB

MD5
8bb2f8ac4a8e38d2a757f24360c55e02

SHA1
58bc86303b547b068e213c77ef91f977883dd282

SHA256
a05825b22d78807ca5a6fdfcedaf326297d3102756fdaa58e9c0a52aab7091d2

SHA512
34bd5e72d9323a2c500dabd9e04071316cebea246edd204270770f5bc1415aaf778e5b0a512dd27d9d0b14a0eb00b82e80c4113e4f3d79e8c69be4de2aea8ce5

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini
Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_1568_GHYUDVRWOMHVTSIG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5156_OABLAXETBLJRALSO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2548-144-0x000001EB4D520000-0x000001EB4D530000-memory.dmp

Filesize
64KB

Download
memory/2548-134-0x000001EB339A0000-0x000001EB339C2000-memory.dmp

Filesize
136KB

Download
memory/2548-133-0x000001EB4D520000-0x000001EB4D530000-memory.dmp

Filesize
64KB

Download
memory/2548-145-0x000001EB4D520000-0x000001EB4D530000-memory.dmp

Filesize
64KB

Download
memory/5456-1972-0x000002ED575E0000-0x000002ED575F0000-memory.dmp

Filesize
64KB

Download
memory/5456-1971-0x000002ED575E0000-0x000002ED575F0000-memory.dmp

Filesize
64KB

Download
memory/5456-1973-0x000002ED575E0000-0x000002ED575F0000-memory.dmp

Filesize
64KB

Download
memory/5456-1852-0x000002ED57C10000-0x000002ED57C86000-memory.dmp

Filesize
472KB

Download
memory/5456-1851-0x000002ED575E0000-0x000002ED575F0000-memory.dmp

Filesize
64KB

Download
memory/5456-1853-0x000002ED575E0000-0x000002ED575F0000-memory.dmp

Filesize
64KB

Download
memory/5456-1854-0x000002ED575E0000-0x000002ED575F0000-memory.dmp

Filesize
64KB

Download
memory/5456-1850-0x000002ED57560000-0x000002ED575A4000-memory.dmp

Filesize
272KB

Download
memory/5752-2026-0x0000025372060000-0x0000025372096000-memory.dmp

Filesize
216KB

Download
memory/5752-2034-0x00000253728A0000-0x0000025372906000-memory.dmp

Filesize
408KB

Download
memory/5752-2029-0x0000025372950000-0x0000025372ACC000-memory.dmp

Filesize
1.5MB

Download
memory/5752-2030-0x00000253727C0000-0x00000253727D0000-memory.dmp

Filesize
64KB

Download
memory/5752-2031-0x00000253727C0000-0x00000253727D0000-memory.dmp

Filesize
64KB

Download
memory/5752-2032-0x0000025373CD0000-0x0000025373F56000-memory.dmp

Filesize
2.5MB

Download
memory/5752-2033-0x00000253727D0000-0x00000253727F4000-memory.dmp

Filesize
144KB

Download
memory/5752-2028-0x0000025373070000-0x00000253733D6000-memory.dmp

Filesize
3.4MB

Download
memory/5752-2042-0x0000025372AD0000-0x0000025372B36000-memory.dmp

Filesize
408KB

Download
memory/5752-2054-0x00000253743D0000-0x0000025374436000-memory.dmp

Filesize
408KB

Download
memory/5752-2055-0x00000253727C0000-0x00000253727D0000-memory.dmp

Filesize
64KB

Download
memory/5752-2056-0x0000025372780000-0x000002537279E000-memory.dmp

Filesize
120KB

Download
memory/5752-2027-0x00000253736A0000-0x0000025373CC8000-memory.dmp

Filesize
6.2MB

Download
memory/5752-2025-0x0000025372B40000-0x0000025373070000-memory.dmp

Filesize
5.2MB

Download