ca981e42b7a18a592e2dc84e5a1f09edc18ca6e10c8d04e5967506c3af81144d

Resubmissions

02/06/2023, 13:36

230602-qv9tmsbf25 7

30/05/2023, 13:15

230530-qhnewahg23 1

30/05/2023, 13:11

230530-qe6r2shf83 1

26/05/2023, 22:43

230526-2nf4jahe24 1

Analysis

max time kernel
719s
max time network
1801s
platform
windows10-1703_x64
resource
win10-20230220-en
resource tags

arch:x64arch:x86image:win10-20230220-enlocale:en-usos:windows10-1703-x64system
submitted
02/06/2023, 13:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wallpaper.jpg
Size

2KB
MD5

d5bf33cc7434d7b3735562ef0ced129e
SHA1

7e017dd951a5b8ca2298fae493ceea47efb8e625
SHA256

ca981e42b7a18a592e2dc84e5a1f09edc18ca6e10c8d04e5967506c3af81144d
SHA512

eb1d024d2d5abd4f5f3b1eb948443ff1b5d5eb2a9bfcc1798f90f8e17630f3c6340c09812c1a5cbc9127a42425eb69aaed192fad19218adc48190357ec061453

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
1208	MEMZ.exe
192	MEMZ.exe
6076	MEMZ.exe
6068	MEMZ.exe
1400	MEMZ.exe
4572	MEMZ.exe
5156	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\ramdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\4183903823\810424605.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\1601268389\3877292338.pri	Taskmgr.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\2219095117.pri	MicrosoftEdge.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 26 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe

Modifies Internet Explorer settings 1 TTPs 5 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 8861a2905795d901	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "23"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\msn.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\msn.com\Total = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore\usage\dscc_inventory\ExtensionI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.msn.com\ = "43"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "5237"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates\AA549154B737EF29C5	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\OneBoxLoadAttempts = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 01000000dee5466928e5fa4a50d38f73eb446e53063ceb1ebc725bd38d7ac5281b5f076a66bdb1d4937e92f01ea7c093a48100295d88e5a7d328960be798	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\SystemAppData\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\PersistedStorageItemTable\System\{EDA0B4F9-DCB7-494E-AD27-D8139121C1D	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = 0100000003baaeccbb3c8c318d50d1610441d965b3ebeb469f772499e82f594b0cf38f5eaae51cfac059d26f7319cd9d09dc8b80b4778fca5540172c6225	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = db4626565795d901	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\SharedCookie_MRACMigrationDone = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1311743041-1167936498-546579926-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a37395755795d901	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1).zip.ysb8m0s.partial:Zone.Identifier	browser_broker.exe

Runs regedit.exe 3 IoCs

pid	Process
13908	regedit.exe
6560	regedit.exe
7436	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
6076	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
6076	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
1400	MEMZ.exe
1400	MEMZ.exe
192	MEMZ.exe
6068	MEMZ.exe
6068	MEMZ.exe
192	MEMZ.exe
6076	MEMZ.exe
6076	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
6068	MEMZ.exe
6068	MEMZ.exe
4572	MEMZ.exe
1400	MEMZ.exe
4572	MEMZ.exe
1400	MEMZ.exe
1400	MEMZ.exe
1400	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
6068	MEMZ.exe
6068	MEMZ.exe
6076	MEMZ.exe
6076	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
6076	MEMZ.exe
6076	MEMZ.exe
6068	MEMZ.exe
6068	MEMZ.exe
1400	MEMZ.exe
1400	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
6076	MEMZ.exe
192	MEMZ.exe
6076	MEMZ.exe
192	MEMZ.exe
192	MEMZ.exe
6076	MEMZ.exe
192	MEMZ.exe
6076	MEMZ.exe
4572	MEMZ.exe
1400	MEMZ.exe
4572	MEMZ.exe
1400	MEMZ.exe
6068	MEMZ.exe
6068	MEMZ.exe
1400	MEMZ.exe
1400	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
6076	MEMZ.exe
192	MEMZ.exe
6076	MEMZ.exe
192	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
5400	mmc.exe
1340	taskmgr.exe
5156	MEMZ.exe

Suspicious behavior: MapViewOfSection 54 IoCs

pid	Process
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
748	MicrosoftEdgeCP.exe
748	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
5256	MicrosoftEdgeCP.exe
5256	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5164	MicrosoftEdgeCP.exe
5164	MicrosoftEdgeCP.exe
5132	MicrosoftEdgeCP.exe
5132	MicrosoftEdgeCP.exe
5048	MicrosoftEdgeCP.exe
5048	MicrosoftEdgeCP.exe
6040	MicrosoftEdgeCP.exe
6040	MicrosoftEdgeCP.exe
1544	MicrosoftEdgeCP.exe
1544	MicrosoftEdgeCP.exe
1544	MicrosoftEdgeCP.exe
1544	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 27 IoCs

description	pid	Process
Token: SeDebugPrivilege	4864	MicrosoftEdge.exe
Token: SeDebugPrivilege	4864	MicrosoftEdge.exe
Token: SeDebugPrivilege	4864	MicrosoftEdge.exe
Token: SeDebugPrivilege	4864	MicrosoftEdge.exe
Token: SeDebugPrivilege	2700	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2700	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2700	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2700	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2120	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2120	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2120	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2120	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2996	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2996	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4864	MicrosoftEdge.exe
Token: 33	4996	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4996	AUDIODG.EXE
Token: 33	5400	mmc.exe
Token: SeIncBasePriorityPrivilege	5400	mmc.exe
Token: 33	5400	mmc.exe
Token: SeIncBasePriorityPrivilege	5400	mmc.exe
Token: SeDebugPrivilege	1340	taskmgr.exe
Token: SeSystemProfilePrivilege	1340	taskmgr.exe
Token: SeCreateGlobalPrivilege	1340	taskmgr.exe
Token: SeDebugPrivilege	3428	Taskmgr.exe
Token: SeSystemProfilePrivilege	3428	Taskmgr.exe
Token: SeCreateGlobalPrivilege	3428	Taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4136	cscript.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe
1340	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4864	MicrosoftEdge.exe
3768	MicrosoftEdgeCP.exe
3768	MicrosoftEdgeCP.exe
2120	MicrosoftEdgeCP.exe
2120	MicrosoftEdgeCP.exe
5156	MEMZ.exe
5132	mspaint.exe
5132	mspaint.exe
5132	mspaint.exe
5132	mspaint.exe
5588	MicrosoftEdge.exe
748	MicrosoftEdgeCP.exe
748	MicrosoftEdgeCP.exe
3580	MicrosoftEdge.exe
2080	MicrosoftEdgeCP.exe
2080	MicrosoftEdgeCP.exe
6104	MicrosoftEdge.exe
5256	MicrosoftEdgeCP.exe
5256	MicrosoftEdgeCP.exe
228	MicrosoftEdge.exe
5056	MicrosoftEdgeCP.exe
5056	MicrosoftEdgeCP.exe
5156	MEMZ.exe
5996	mmc.exe
5400	mmc.exe
5400	mmc.exe
6104	MicrosoftEdge.exe
5156	MEMZ.exe
5164	MicrosoftEdgeCP.exe
5164	MicrosoftEdgeCP.exe
5156	MEMZ.exe
5076	MicrosoftEdge.exe
5132	MicrosoftEdgeCP.exe
5132	MicrosoftEdgeCP.exe
5156	MEMZ.exe
4976	MicrosoftEdge.exe
5048	MicrosoftEdgeCP.exe
5048	MicrosoftEdgeCP.exe
5156	MEMZ.exe
4404	MicrosoftEdge.exe
6040	MicrosoftEdgeCP.exe
6040	MicrosoftEdgeCP.exe
5180	MicrosoftEdge.exe
1544	MicrosoftEdgeCP.exe
1544	MicrosoftEdgeCP.exe
5156	MEMZ.exe
3320	MicrosoftEdgeCP.exe
3416	MicrosoftEdge.exe
4112	MicrosoftEdgeCP.exe
4112	MicrosoftEdgeCP.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe
5156	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2700	3768	MicrosoftEdgeCP.exe	73
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 2120	3768	MicrosoftEdgeCP.exe	74
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3332	3768	MicrosoftEdgeCP.exe	78
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86
PID 3768 wrote to memory of 3540	3768	MicrosoftEdgeCP.exe	86

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\wallpaper.jpg
1⤵
PID:2088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4864

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- NTFS ADS
PID:4960

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3768

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2700

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:2996

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1656

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1960

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3532

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3540

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5412

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"
1⤵
PID:5588

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.bat" "
1⤵
PID:1616
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  - Suspicious use of FindShellTrayWindow
  PID:4136
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:1208
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:192
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:6076
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:1400
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4572
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:6068
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of SetWindowsHookEx
    PID:5156
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:5252
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      Drops file in Windows directory
      Suspicious use of SetWindowsHookEx
      PID:5132
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:4876
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:5996
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:5400
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:5360
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:2544
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:5456
  - - C:\Windows\SysWOW64\Taskmgr.exe
      "C:\Windows\System32\Taskmgr.exe"
      4⤵
      Drops file in Windows directory
      Checks SCSI registry key(s)
      Suspicious use of AdjustPrivilegeToken
      PID:3428
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      Runs regedit.exe
      PID:6560
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:6436
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:1920
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:8120
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:8144
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      Runs regedit.exe
      PID:7436
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:7956
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      PID:7296
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        
        PID:6884
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:8564
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:8588
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:8824
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:8844
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      PID:8656
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:9024
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:8976
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      PID:8256
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        
        PID:7220
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:9552
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:10148
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:10036
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:9628
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:9824
  - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
      "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
      4⤵
      PID:11168
    - - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        5⤵
        
        PID:10456
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      PID:12036
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        
        PID:12076
  - - C:\Windows\SysWOW64\calc.exe
      "C:\Windows\System32\calc.exe"
      4⤵
      PID:11296
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      PID:7176
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:12572
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      PID:13304
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:13256
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:11268
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\System32\mmc.exe"
      4⤵
      PID:13308
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\system32\mmc.exe"
        5⤵
        
        PID:12368
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:13580
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      PID:13812
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe"
      4⤵
      PID:14044
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:14276
  - - C:\Windows\SysWOW64\mspaint.exe
      "C:\Windows\System32\mspaint.exe"
      4⤵
      PID:15008
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      PID:8648
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      Runs regedit.exe
      PID:13908

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:5404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5588

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5720

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:5944

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:748

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6044

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5024

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3580

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:5316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:2080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5264

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x200
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4996

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6104

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:4132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5256

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5924

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:228

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:3400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:3324

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:6104

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1324

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3000

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5076

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:1020

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4976

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:2964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:5048

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5488

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1340

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4404

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6128

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:6040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5520

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5180

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:196

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:1544

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3916

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3320

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3416

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:5880

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:4112

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3488

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6012

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1040

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3264

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:6096

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4216

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1464

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:656

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3612

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5232

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4384

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6504

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6332

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3776

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6712

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6268

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7132

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7436

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7212

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3436

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8824

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8752

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8388

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8996

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9624

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10164

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9904

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9628

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10740

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10632

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10396

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9596

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11012

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10972

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11612

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11588

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12008

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10656

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:12664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12856

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12780

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12708

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12476

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14328

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13708

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3056

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14140

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13660

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13932

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14696

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14936

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14624

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14424

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15260

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15644

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13656

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6b3b7b0f4969454dabf0c5e4482da761 /t 0 /p 12868
1⤵
PID:6872

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15832

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4136

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16556

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16744

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:17380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:17148

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4036

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16576

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16564

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\IV9H23MJ\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\16VLMLVO\code-9271f811184f[1].css

Filesize
20KB

MD5
a97786263f930175bb0542f465843367

SHA1
f0cd058057a53a85908f1760b95a022e56ea80f7

SHA256
12ba2b22246eab8f64c30be582dfe606ea888994b05839692a492aa42b613ab0

SHA512
9271f811184fe2af79f7d3695fe474490d9089d3ee056c0541263a08297c07003f562b1932391d08c36a8a71b50ae22554d46d0868aa4a0de412f5baf44f26ed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\16VLMLVO\fRSNKQanUHk53F1a1Bi8UA71Qt4.br[1].js

Filesize
289B

MD5
9085e17b6172d9fc7b7373762c3d6e74

SHA1
dab3ca26ec7a8426f034113afa2123edfaa32a76

SHA256
586d8f94486a8116af00c80a255cba96c5d994c5864e47deac5a7f1ae1e24b0d

SHA512
b27b776cb4947eef6d9e2a33b46e87796a6d4c427f4759c08cf5aa0ee410a5f12e89ca6ab9cddd86c8471037e3c505f43c8b7fc6d8417f97f9fe3c5c47216bc4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\16VLMLVO\repositories-0355d3fe50ee[1].js

Filesize
64KB

MD5
92bc7cc04b72eabdc5d8dadea976a93a

SHA1
efa2b79ebd856edb93184d6548e57988f922ffa6

SHA256
87e182a2a527e7a4c994342d8c40d843a489096bc1fdc5282d42d4f24b39ff94

SHA512
0355d3fe50ee70f466793c0206964c89a67a6bc19a19d05a56577b50adffafb9f08b45c9857880ffc441dcf93de03825ed101ae69170d812bf76ec534bf0b2f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\16VLMLVO\sessions-2638decb9ee5[1].js

Filesize
10KB

MD5
bc5d5fea43b7e9661b50456a77478335

SHA1
6b8f6d93bfd302cd5ada9b40279205eb12556cdf

SHA256
a02d02064dbc21e677ef0474aa7e111cb55abf165febcdcbfe62d32056be29a4

SHA512
2638decb9ee5cef55a1829e394cfb0d0fff00835713ef1198e08468bbd6d0de25ffe8b78c3261d466cacdc245703118e78c098cd2e2598222e4560aba94cd2f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\16VLMLVO\vendors-node_modules_github_remote-form_dist_index_js-node_modules_github_memoize_dist_esm_in-687f35-d131f0b6de8e[1].js

Filesize
9KB

MD5
07545d79324e61d14de7d47e9ca6b03e

SHA1
b73039cdd8e424960b0a8dc973788116bbcb11df

SHA256
ce89ceb01d12fa63f5a5edd4ce856335c85eaa59dcabe3cf38d90f6c0040fae3

SHA512
d131f0b6de8eb9ad4a24a9a4857d9b1eeb4a5004932a3b04ab9c6422a829f101c1b5089a0718a751103388d9eed36f52b9be218403da685e2611ad151432e6bf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\16VLMLVO\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\dark-3946c959759a[1].css

Filesize
53KB

MD5
2820c4c7c0513590c53d244c42fb6fe3

SHA1
e7512521010a3afcf5ca395457473e7963a23ed9

SHA256
c2982a111fe3270b0feec1917715b73a1ad11e04a918c3748a129fbedff88370

SHA512
3946c959759a620244e1e09847f1baaeb2e1aad20b8e0b84ca7652fa14a130d5b94af4047a1db76afa5abacc01bba4d87789d44f959e08f8524b864eb66f925f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\github-c7a3a0ac71d4[1].css

Filesize
171KB

MD5
2eb35e9de28f967c32f4e8d8d9478db8

SHA1
b8c8ca1d54d2e33b13a2a8055c09d5a679bd4128

SHA256
980bb59f1d582b3955af0a6189ee08c3c345b699f91e6e7f55e92b0a317771e0

SHA512
c7a3a0ac71d460e702edf86b508c4509bb12543d39d19692f21e0c4ad5ad603b4523d2f46edd1c1ea3fc22b0793f78c3db53e770399d953a18f08a6176e089c3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\global-0d04dfcdc794[1].css

Filesize
254KB

MD5
2a5effbfaaf296ce901ce3f997149e08

SHA1
d3c9b0558d7933df3e1774236bf284bc947a5fa1

SHA256
b096c40efca7e00885cb78e1caeb4c31e4db9100662228f60c045b9f4b19e624

SHA512
0d04dfcdc79457770a9457282a9ce54184bd35a9aa8d17643564af15ee8dcaad5a453b744811dd53a4a6443ada50b0c7194f90e786c91cf0c7aa4184076045d2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\js[1].js

Filesize
138KB

MD5
686c225170c14c64973b8ee27b27b942

SHA1
3dc255ea863850eb1bdcd060d5feea12349828d1

SHA256
06199a88fdcf6f8a32fe8ec0e0270a7d29aecfecdcf6cb27c763ff5e15690cc1

SHA512
013d0cd251f498f814ed37edd1e7372e47bd29d1ce1ced70a8a2166267e9da819d1a1d4603652fe2fe7ff48dce2f0fda398f11c47cedd9cfa3e727a96d6bcb22

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\light-0946cdc16f15[1].css

Filesize
53KB

MD5
5235e806bcb88fed6c8c8cfb53348708

SHA1
ab71dbe80857d73ce2ca21a45ab4a216ab1cbce1

SHA256
89233262726664b22e2d2e8a742b89d7439d526394f7413b30a92f304a04775f

SHA512
0946cdc16f1502b0f9aad2daf13882a63691a93f7f9a6afb537da241ef6db703e1173a6591975026f826792a4ddbe79c07b863e2a6a41ec6e7894ef1fa920e40

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\optimizely-1c55a525615e[1].js

Filesize
5KB

MD5
43b9692c8d52a401e01df297c8909f7e

SHA1
4e220e483ed578f5b584924376696b43182daf97

SHA256
1f023599685c7033bdc7c2177a0bae5511efb5ad603232f754abe14f6fd45c16

SHA512
1c55a525615eb64db055405b6d0842bc836850669059ac62779f7615ca61a5a82e0d2a96a5936938fb9e9d652431f4d6c73d8a47c404ca2a9e11ad524dcdf4da

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\primer-0e3420bbec16[1].css

Filesize
316KB

MD5
30f2a06e17a202d8f8afe79405920683

SHA1
752460a09cbc2a5e9df46452659827f223492f21

SHA256
c8e8e6db20f7b9b971987bb79300f39db43bcad30fcb5f3df16ca951f006bd95

SHA512
0e3420bbec1654ff4f05cb07136a2803cb323fc876e2973d3c64c9b7bfd23ae328773af23626c20c1b2978a002da91b556363c9eb7d0725b7daaac4670780d62

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\primer-primitives-fb1d51d1ef66[1].css

Filesize
7KB

MD5
75b4206d843040a7d81ac8639211cc5c

SHA1
2fcc5d28e05f27e822f4c79cd2ebcb3c55c93850

SHA256
ae074dc2c85a9557c8b646ffc5afb608a552b57066eecb791fe8f17f5fdfc1d8

SHA512
fb1d51d1ef660b84870b0a4970a8772dba4127aca9ab9fbaa29c734a83de07bd8a44b84b6bb22ed6b9b03ebe7a105bb9072a31a01fef987a6a64edc3b894ec32

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\sd[2].gif

Filesize
43B

MD5
b4491705564909da7f9eaf749dbbfbb1

SHA1
279315d507855c6a4351e1e2c2f39dd9cd2fccd8

SHA256
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

SHA512
b8d82d64ec656c63570b82215564929adad167e61643fd72283b94f3e448ef8ab0ad42202f3537a0da89960bbdc69498608fc6ec89502c6c338b6226c8bf5e14

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_filter--b2311f-15fe0f17a114[1].js

Filesize
20KB

MD5
a8f4a1a398acef2eee122fde824f9ef2

SHA1
440530ba71a7a5418ce1812d40e7bfd09d0df04b

SHA256
fb9621350585365742bffca023fc5e3462becdc2090c351eaa70620ad6a3746d

SHA512
15fe0f17a1148e338c28c1faec59a6cf86318c427a861425fc9fdf66c0ec85e118b020563161cda00099e3f73535f4b9c2075809547e3e9f6c6a359be75c41c6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\vendors-node_modules_github_mini-throttle_dist_decorators_js-node_modules_github_remote-form_-e3de2b-779fd9166293[1].js

Filesize
18KB

MD5
c5ed543ae8a311bdf58dccfc4cc18a8b

SHA1
311e3e19b0a308452d917a4db844c01c7a5386f8

SHA256
56e53054d7df85620ba0b07ec44cc41fbc64656897663ce49627803026e47106

SHA512
779fd91662936344b6e65eec18a60160a677df13d33cddc8708a70074355ca6ba8a704e27a9ec66ccf3d57cfd503fb50922ef08cd6968bc0141415278b9a526b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\vendors-node_modules_optimizely_optimizely-sdk_dist_optimizely_browser_es_min_js-node_modules-089adc-2328ba323205[1].js

Filesize
104KB

MD5
9677b4415be57695d23cf01aff7514b3

SHA1
1352108c7e38b20693b7d9b0495d01168862507f

SHA256
4992f0543a0d909d6e48123c5c1499bf476e4cae4c1398712707857b50aee18f

SHA512
2328ba3232052ba1f75d4e89607bf6b030cc3889e6dc640a8a7b5005279be25ef1d00fd72c13227385ff8143852f57f7a2063ea6891c80cb3b033ca8c0ebd21a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\G0LI7BIB\wp-runtime-14f3ad9684cf[1].js

Filesize
30KB

MD5
3c1f010485874ec32214e159db622e38

SHA1
f3e8079933fe29d9b01e9939415de5f98a4c5707

SHA256
391540da42b91cd6129c6e6e94e230f3c3eb521f522e850e4317f5467a5e4b02

SHA512
14f3ad9684cf5dcce3da3cd0a243b9c589bc3157c2340ceeae529cb2c5c18eb2cdb9583cf1515c054205c0b761c6d4d34324f477099c0c808faf5520e8f1f36d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\app_assets_modules_github_ref-selector_ts-8f8b76ecd8d3[1].js

Filesize
9KB

MD5
019ef7d910ab3ad87d523c379439ab31

SHA1
dd97c99ddd637832502230c904f6fe4e4cacf4d8

SHA256
9e6a2cf46f911f800edc46a13a14dbc4d867283c2f036942fd76d13c5c3f4be4

SHA512
8f8b76ecd8d340cc9d4a3a09ef686e0eb0c00549fd15d50199a20412f479f22026dd00dcb70367cc98e249734ce25d03cbb0b585a5156f439c91c29cda78e647

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\code-menu-da1cefc25b0a[1].js

Filesize
13KB

MD5
f6d880c309509987d43bc91637e519db

SHA1
504b065305834069a6b3c7acc07a726738bcf8c2

SHA256
e843b6d6cf094b7ce98cbb4bac745ca475a06f33b37285fcab29dec9aad82c5f

SHA512
da1cefc25b0a815ebe4d17fb811eec30b5f6b62418febafd443d374c8e889e5744526c7aa1cc04923b1209d7a255178134ead1c7c1ca0c480964fa55ec2a319a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\element-registry-84be4ef284ec[1].js

Filesize
42KB

MD5
37e97f57ebc8d5dc75173bf0befc79e9

SHA1
a8b24483abcfbe89774378531cc388608d1111d7

SHA256
e280bd8ecafe3d1ec9403c82b770d5f8917cd7f1e60b49668a5ac639b9eea4d1

SHA512
84be4ef284ec5999c9d52e262f2cab9e4b041abe5380abe64cb69b7bcb0be9b5b23eeafc8b8ee36f50232b045ea1aaa021a7ff4accc99508dc33f6ef8ca14a00

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\environment-de3997b81651[1].js

Filesize
5KB

MD5
1b85079a9ba25d7ccfa2e6551f1f23da

SHA1
95807b2db9ddb55f1c2d063de80a21126396a938

SHA256
5ae5c1c250b930691353ec3310295d1ea8128ba6b1dd69a8bd0ac08aa3283aa5

SHA512
de3997b816515df468e65014eb9230e603f485f9bebbb1e8f9e28437bb64e15c62e2377b462605099c1f5778324da56f8712ae8419f27628188332283b9644a1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\ui_packages_failbot_failbot_ts-e38c93eab86e[1].js

Filesize
9KB

MD5
a290de737f98b928791420949ae972ae

SHA1
11edff4fef75d57bf6de49c03b83169c89efb951

SHA256
948fbb66794a958cdab7396280920287c12e37f7932acb40395d6a3e5d93b4d3

SHA512
e38c93eab86e95dc38b684ebbfb12a98a4c16dd440321a707941f37794404d418517e47862933a335d2bee4cb8e6769cb4e0f160896bf880b20ec83deb009ca3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\vendors-node_modules_fzy_js_index_js-node_modules_github_markdown-toolbar-element_dist_index_js-e3de700a4c9d[1].js

Filesize
13KB

MD5
186933c0117b94c9b8aade71f6f310c0

SHA1
ae67ade0e920b536137b6e98bb5e9e6c34b96925

SHA256
1465e7c16987bcaf9bb6209172d23d157cba309e9c8b2e4751b77ce4feb1b14f

SHA512
e3de700a4c9d4e1a490d2daa45c518f837ba0f6e065274231627b3911c43faf07e365ba42dc6d110627987662366ea1cdebc9ed4f5a8b88a04b64a7980c7b5b5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\vendors-node_modules_github_file-attachment-element_dist_index_js-node_modules_github_text-ex-3415a8-7ecc10fb88d0[1].js

Filesize
11KB

MD5
bb1800636a88e2cf90f48ea181a1c3e9

SHA1
486238b0e8fbb84b4f92e462ba7f337f8c6c091d

SHA256
7bfa93a6b92eb9a2f1668a9b16ea5e1f7f2591d3664351788a48107ec879bf84

SHA512
7ecc10fb88d0dc86ce7d35b7a2be7b44f51904fbb1908b53c9afdf0d6d1fe9760753f6cf8f9ca1897bd537552d3f8238c68e9b993a167cc52f43b5f7a58b37e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\vendors-node_modules_github_filter-input-element_dist_index_js-node_modules_github_remote-inp-8873b7-5771678648e0[1].js

Filesize
11KB

MD5
cc3b9d72861037e13bd0d0be98ef5ace

SHA1
ee4ffb8a335a106b2b784364f017e017f61d7398

SHA256
7b13afa92922980886b59316cbb313d4d4c05037979c1a49fbc99d6c4ff822ab

SHA512
5771678648e04c79885e4671ed343d33268564ca16a73d0a77dcba1dd1aee2b1ea303d6ab1b226e61f4c0bd5df6b33f28d86ba2ff72e959978e03f8f640a095e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\vendors-node_modules_github_relative-time-element_dist_index_js-99e288659d4f[1].js

Filesize
14KB

MD5
f491d4f9b68507dfdf90a5ef6d4f70f8

SHA1
dac15fb588758d0cf24eb922931dc367d9f0458b

SHA256
6f7e23dd694a3e70ef7b0a8dd6b30161168039187a16bb1f8ad56c0e385fc2f2

SHA512
99e288659d4fae2fc48756d2bc57e0bbe2add23ed9ff370f8f9643ee09585f4bcacc6688cfe6380e60dbe883f614bbe2c61cd7d52fd5109f20aa79b70df6f079

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\vendors-node_modules_github_selector-observer_dist_index_esm_js-2646a2c533e3[1].js

Filesize
9KB

MD5
e5411d902c14114345232eab0b388a2e

SHA1
a079ffbceba09465e2546881d6b963d05edd3add

SHA256
3dd71977f8bc77d1d340787b166bb300047f951a16e440f75c9fe2599659a70c

SHA512
2646a2c533e30cbd3c0ef653c306fdd6052f00fb9479ea664f791ee17c4a8d8321a0337dc9f79b9a0aa0a1d68a9cc84b46bda6b2285bc16a8434712b54794f75

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\vendors-node_modules_stacktrace-parser_dist_stack-trace-parser_esm_js-node_modules_github_bro-a4c183-ae93d3fba59c[1].js

Filesize
12KB

MD5
e81d89b97d24210d1fed01b8c7527dff

SHA1
e9aeee63975aa26e1c18fb15e703fadef1044af3

SHA256
b3dd2be29f2c480a351a18ffbe7d3fb4b7f3c7636cddf273bcaaa4d355d479ef

SHA512
ae93d3fba59ca967f3bb0b0e6bc1867b903c647d389231e92e559eca742b7d9f5b1f1c9b79b682611ce40ef8fdb327c76b47646f4d4ae97ddbe531e5008c46a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\GMQBWZJS\vendors-node_modules_virtualized-list_es_index_js-node_modules_github_template-parts_lib_index_js-c3e624db1d89[1].js

Filesize
16KB

MD5
e64f83d1a9f51f9c14c9ab8f3a50f8fb

SHA1
16e820a27942595273eded6a23ccfb20e47d5472

SHA256
4fde779475a942b75da84597dcf9650ae9eec74aa4718123b7b1d804267883dd

SHA512
c3e624db1d89f8a4598209f6e86f431371354696485067d4c97978b5d8258342e8d3c4079d89b7d1721e782f6749eadfcf4398d635507c8202f34c8e9540d5e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\362338[2].gif

Filesize
42B

MD5
d89746888da2d9510b64a9f031eaecd5

SHA1
d5fceb6532643d0d84ffe09c40c481ecdf59e15a

SHA256
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

SHA512
d5da26b5d496edb0221df1a4057a8b0285d15592a8f8dc7016a294df37ed335f3fde6a2252962e0df38b62847f8b771463a0124ef3f84299f262ed9d9d3cee4c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\app_assets_modules_github_behaviors_ajax-error_ts-app_assets_modules_github_behaviors_include-2e2258-7effad8d88d4[1].js

Filesize
13KB

MD5
e5e0ee4e4de0c843b03099c3b1aaa7d2

SHA1
eafbae47da31696b3c09a2e4d4d14f376a66a717

SHA256
3b81439b3860fac8d5bd56a7579ab2d91b68c66c42e14cda16aeb6d6f28924c1

SHA512
7effad8d88d47e07020e165d94325f23be53e5030165842c0fd8b44df717211934c2d0561ffd4fa2403114e09f182160ad0cf9c60e11878b9eefd1668a06e550

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\app_assets_modules_github_behaviors_commenting_edit_ts-app_assets_modules_github_behaviors_ht-83c235-c97eacdef68a[1].js

Filesize
11KB

MD5
877af1a0f83cc799c024e324dde1c078

SHA1
e07d194bcdf77c01c0bb78903732babf0acc99f7

SHA256
85edcfe9717ca67aba8f94c45da5071c5bcf600b1431e5daec667d9463474877

SHA512
c97eacdef68aba2c690f85c669524ac13ef83c6c54cd3afe654d0c74f400887226a84be09da958c50a0581f9270aa5ed52b476c336c08d392cd67e4a53c513ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\app_assets_modules_github_behaviors_keyboard-shortcuts-helper_ts-app_assets_modules_github_be-f5afdb-3f05df4c282b[1].js

Filesize
14KB

MD5
9200feadadbbca8309d5977b36e8ea6c

SHA1
5c1f182157d97fdc3c765f93d4e5d1ddc8d091a3

SHA256
c2703d901b7c6cba74a1e0e7179941d5aca8748c25ae79479a48f562d02e77a3

SHA512
3f05df4c282b95264abf3cef77b0dbf2bc00cfd3bd2af67073107f6d929a29c8015f6404da03b32fcb9b9ec70809a6b4f3b9e3107abf5f19f173c57a36d331d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\app_assets_modules_github_blob-anchor_ts-app_assets_modules_github_filter-sort_ts-app_assets_-e5f169-c54621d9e188[1].js

Filesize
6KB

MD5
7ee251a6f80c7f077f8d307c0f96f667

SHA1
3606d3715836bc5b0a9862ec37cfe00ea6a5f8e5

SHA256
d969c168035c946188b97f6cf8af2a71ad2d207a775e9b918ee6488d721c63fb

SHA512
c54621d9e18841f538bc2274b29cb272ef9ef1e5e282970c3467b739cceb5712c23db00c0c53f65a66880db3b744e2063250e1af206a7ccdcb1d6dd0ce2b9baa

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\app_assets_modules_github_sticky-scroll-into-view_ts-050ad6637d58[1].js

Filesize
9KB

MD5
472d32c51f1f61232b4067c6ce1db8e0

SHA1
6a10d4f7f28e48d06f86bd47f7a9f1bf678594fc

SHA256
2909936c658bd0564865d9dd672aeef5347af08b70d3e57bd4e2224cb7ca6904

SHA512
050ad6637d583c942bb7c8638eed0dacc4da3bbfcec8b1198091f40964de91dbe828fc6a24e74b7f27bd5a5ee28334caf223cb015eb8acf3e6595c832ec7483f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\app_assets_modules_github_updatable-content_ts-dadb69f79923[1].js

Filesize
8KB

MD5
ea38f9963d35351c101d238af3a3cf73

SHA1
9ab43d46fd1b2774ab8b1bd7d51b55a6a2a49c84

SHA256
8158702cd486d1cfaf584b4784649207f4c668e27d37c2c3c38fc70d0e30b24d

SHA512
dadb69f7992377066b58045ae7182c82eaf7d8c3233571020172bf70e11589447098c1766954df0c736df3def39f1e3f6f34e6153ad571eaf0f71e06477d29b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\behaviors-3647463f0628[1].js

Filesize
214KB

MD5
48c5480c68bdb9752025d4f413b2de96

SHA1
d2379970d39986f98204ee653d9c091a8e78d6e0

SHA256
ffec5af0cd49856f7d2bab405bee2d43e479f8021468fa49d720e913b9b64899

SHA512
3647463f0628339a2a080b69ef1f22b4622187fcaa7ba30ff5fae3bb2b30d674c0d0687cefa2d7c446f68638abc315c45d1b7bfba3ef419fed12f953edf8946b

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\github-elements-6f05fe60d18a[1].js

Filesize
34KB

MD5
5b04df474e86da9d2cfb56c6a655e9fd

SHA1
7aa0801e4a25eb1fbc4ede60b3c7efe4904bd945

SHA256
ab9c8d519415855e6af5957980d48ce278e90551434feea0df9762c350c224bc

SHA512
6f05fe60d18a3fe5f40d7434a84513a182636e505df02bb40d0a78e4aff975d04b24a1c1f201b97c23d2f261b3a73964b239f1d3912f2896a26ff96453fa6f48

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\notifications-global-4dc6f295cc92[1].js

Filesize
11KB

MD5
f9900e70cb1dcc8a67f9f446e5d718ae

SHA1
f7be42badef3fd51ae90deefbc913e74e81e705c

SHA256
3611cb16979f594f606f41f6537a27e431a29d8a883fc1b18cb309b3f5890e7a

SHA512
4dc6f295cc92706460d7f2f96dccbaf776474d47a47889ab69fb549011d0f76cffa0ec1c8f556f8a52dcefe755a4d7d4bc4473a47c710b27223ddced094ec160

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\sXBuN34gVodVFZ4ibhvLSgv15Ks.br[1].js

Filesize
4KB

MD5
56b91eab01144db91d100617ba0ef2a6

SHA1
5994c12e9338175d82e2ee3053265f738d858e20

SHA256
ee7f4b86a5c2b3d2781d6a0ba8f3deff6ef943d21a5a92f435453c87b99f9509

SHA512
84715f3b86201e40ddf0b6e052c2fdfb8cb9c6fb79fe42df01ed4ac26197993439cdd917480ca21e5c04f6c39725695cbcf1e7ec7f4726573390f62088bbf85a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\th[2].png

Filesize
944B

MD5
5496597e20e98afd6b2f08771b2628e8

SHA1
3f85c598274fb3046bac85717ec4104d771fb3ce

SHA256
068ca3be3290c3a3fe8fd025f6248fda0a70c0442a035c0d3cd355bbe7b673d3

SHA512
7cde5dca42e2da879d36c01761ad9b033a1f0a1f04354f4a85d1223e46971cf2a0594ec4e798cae23b9369221fe7a6fa49cf541077ca5548a1d834b5f2a502f7

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_color-convert_index_js-node_modules_github_jtml_lib_index_js-40bf234a19dc[1].js

Filesize
20KB

MD5
335c0961babd1c1c0d898b5717f961ae

SHA1
104c5caf6c79e0a658ea309651ae75d734be92c9

SHA256
981215a3a3c0857405f95bab20d9e8d1eae8a0e757f787c62824bab1330a8cb8

SHA512
40bf234a19dc5a70430eb6893527d5320d850d63bac10e3789ac6ddaaf6bf1682a0ed81f2224bb1ea2154f9ddfe9afd929a1611078ae3b3f43fafe7d584221da

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_auto-complete-element-5b3870-ff38694180c6[1].js

Filesize
26KB

MD5
aed57c5b19c71c3a620a8aa2abf9a69e

SHA1
e30ccdbeb880c3b8fc82cae3d1293354226f3c59

SHA256
a7c516e60d317d33dfa33e6f1ad396b0bdc096b9e2081572ee35be0fa7fb99bc

SHA512
ff38694180c6b07c0efffc27aae6ef9b02852a15b6ec0f6b92b4bc92ec5db0bb6ef46f8d3ef15910fc9bc64dc96af4415c8d2ed44499d0b39b64cffc9487d559

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_delegated-events_dist_index_js-node_modules_github_catalyst_lib_index_js-623425af41e1[1].js

Filesize
11KB

MD5
342a8882b7df201b3b1612ba41ac63e8

SHA1
f57b133d85bee8d94a041d0f5e0a1fb44e131496

SHA256
779f91df7aedd2267003709efc2dd3fc01abcaf461ac3f8b6ebbaed38fe9cbee

SHA512
623425af41e17a40a879a496612cb521e78721a79a014daa62c637c8c9bf99d52f70b69a5a82b853a6468e9579ab4cd21bc71d4d74a5b1648a6966e570bbb137

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_github_mini-throttle_dist_index_js-node_modules_github_alive-client_dist-bf5aa2-424aa982deef[1].js

Filesize
13KB

MD5
fa2bd9163204e6ced0bf13f169206c40

SHA1
ea2d13287aef46af1ad0f04b04eada4e8a8966af

SHA256
0c2a6aa4860bd3d3a135d59418bf4e7a00173c3e974842ae436a0a2fbe3da624

SHA512
424aa982deef4fc0969c58c54d1dfcf1b589d6c9da95575e4b5f88ffb03a8457954a19c03b00afbb5f4fa0d64a6d7b7361c0a4737c1d21490d2767eea227e0db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_github_paste-markdown_dist_index_esm_js-node_modules_github_quote-select-743f1d-1b20d530fbf0[1].js

Filesize
36KB

MD5
005512a59c929cfe6857ae4aa5b4a445

SHA1
a4fc118a8e3ec2924ff18a65eb6af04c43b6c37d

SHA256
c17f95538fcdd61055b46582d0f102c66342fbfa173f6de5a53f26a1ed49f7b2

SHA512
1b20d530fbf0cdfb7bb55d3e9b89979216267176559260c36357842ddf30b866a249d7406c86d881dfa57b4f43c9a21cd05a2457005fa68956e19c14557a2c92

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_github_remote-form_dist_index_js-node_modules_scroll-anchoring_dist_scro-52dc4b-e1e33bfc0b7e[1].js

Filesize
12KB

MD5
6ed77e8843f620ad455509ea7f15e2f1

SHA1
6ca0ef769ba65722f22abb77936e917fe66136f2

SHA256
270e861a9bb0e815d2b57ab3fd881132b05eb9a39d1e9269f12529b03aa168b3

SHA512
e1e33bfc0b7ef7040dac38396663113672f27ae9c49e9517a18238dd67012d693ffc8e1b562487ed87dcc9ac91286cfe9bc2778e2b3eed044cb7dd0c6952622a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_github_turbo_dist_turbo_es2017-esm_js-ba0e4d5b3207[1].js

Filesize
76KB

MD5
80de3fe499fabcd32f3eb5a1c8a080b9

SHA1
45c7a787dd927214b847550fcd44f37261413256

SHA256
0f0b5c21ea9467b911d1377fdff0272addf7fccc7a588f2f30ec6f07ffbdcb6f

SHA512
ba0e4d5b320783d52465d15d4a36113a8e10261eefc707314d7e6f211ebb57930b7cbf2568017febe5e47cb43749552e6992fcd652aec702110a330364e08506

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_lit-html_lit-html_js-9d9fe1859ce5[1].js

Filesize
15KB

MD5
29b126d180066f2cd72287a725af3dce

SHA1
da1a0918b337b6bcda086580271306fbb2d41ea0

SHA256
9417afb32e38d089ae0e18debddaec99629f25af815081ebf426a48066ef3438

SHA512
9d9fe1859ce5c02054af70a2435b2b137398d7f41f2b71cc138333f706bf3c175eccc001e8ba717e80508a10590fd40c91468a9ee60839cf2cf5464c2601deec

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\vendors-node_modules_primer_view-components_app_components_primer_primer_js-node_modules_gith-3af896-d8cf3e5f5813[1].js

Filesize
84KB

MD5
4d8ba4c37951dd52f66e0e34733a36e9

SHA1
c1ab4e1f09ebd165cffe8af3b5d414a21c826b22

SHA256
81d5e204e6971ac39280cbe9eb0b85b801b49b537ee789c0b0a5bd7adeeb6b19

SHA512
d8cf3e5f5813c726fb74d03f26ea7e7d5be180d39708ecaa1e567a40f89fa6c7c6bcffe476cf8e32486f848b93d5eb1ffbacc207926f350b7ff918426d1206df

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HXK1QZ27\en.softonic[1].xml

Filesize
1KB

MD5
4267e0b3a3d1812fb4a79f192d40ed78

SHA1
eb3335afa6ec97e8b840af75a49aeff5d43d74da

SHA256
240aa4ca2e5f9ddfc18bb7ec7defdd9aa5d620104376e5c0ac9a0eed32f408bb

SHA512
2fbfa7cf8861946304292c77dedc13a4417ffc14da129bc05fe69edcf615aba8e9ddb8feb715dc55b4f93bb2b37901feb506d778afb3118880575e49717bd5a6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HXK1QZ27\en.softonic[1].xml

Filesize
3KB

MD5
dad62d9c5984fbe1bd546b046e867b05

SHA1
f8b4abdfe6b99e97302b1a566dfd128f10d5c9e4

SHA256
940e5b9c6b28cea98387c2ece1a3575ee7615b309389b8093ad4b2b8c285b2b2

SHA512
170b1eb7e71996fbf5d8ec1461b51667dbd43d30a723889194f70a81da03eaea447f6ac09e718ff4ecf0711865e0be59385f88782122dd8678307bfd5dea7c98

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HXK1QZ27\en.softonic[1].xml

Filesize
2KB

MD5
9563fa6221e13711a83f7865be4bf7f9

SHA1
5db29b443ea2734f9f7b5f48b7dc238eaf943b85

SHA256
e1fcb59907d52563af4bc351ec7258b52574c622450ea416f9ffe3b97c2455e2

SHA512
8fb3337b794011783589edbd4925874910b54f2c49c4e2651cd24855d203f753d20d580640d41c43984f8a4b58c623d080a38edd14219eec954b2c953f8b4c6c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\HXK1QZ27\en.softonic[1].xml

Filesize
2KB

MD5
186bf03bdca47458a99b78b295d0b641

SHA1
7b22584abb42d1eeb2fead3ba14ffcbd673598f1

SHA256
e3835b7a42c2f095734f6f96eb3ee1234bd7b9e5ffa6ef8c2530d25b6c5ae1cd

SHA512
f7d36a80e31413ef27f70ac30a829ee15efb4db2f03e1da86c0e9cf0ccad2879f8b3fcf102e2ecb85f78392bd6ebffb651318b9410249612036da855b7eab0a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\M851W5EK\pcoptimizerpro[1].xml

Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\ETAGMCUV\www.bing[1].xml

Filesize
97B

MD5
2424c14295380211ab7028c5324bda65

SHA1
f4fc6ba5ac4faccfb9984b9b1bdade13e35d2d81

SHA256
d53af7bc6bc38e401fb85a9a1f3bd953ed87ea0003c8c8baea5c27672ae6fe36

SHA512
0c1367aeb39cdd4cc35b7d738bc76fe019a9fa85e440a694023357c0dd169e4c1f74aa314b8ce6d9304f63026e898c4271c4200210324b5a067c8aaef57ecbdd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\82FIWYF2\PCOP[1].ico

Filesize
6KB

MD5
6303f12d8874cff180eecf8f113f75e9

SHA1
f68c3b96b039a05a77657a76f4330482877dc047

SHA256
cd2756b9a2e47b55a7e8e6b6ab2ca63392ed8b6ff400b8d2c99d061b9a4a615e

SHA512
6c0c234b9249ed2d755faf2d568c88e6f3db3665df59f4817684b78aaa03edaf1adc72a589d7168e0d706ddf4db2d6e69c6b25a317648bdedf5b1b4ab2ab92c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\82FIWYF2\favicon-trans-bg-blue-mg[1].ico

Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\82FIWYF2\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9ZZX483C\favicon[1].png

Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\LZZ2S192\c6a73-91dde[1].png

Filesize
1KB

MD5
91dde5a34a64a36d8de82112d86249b7

SHA1
a62281335242dee49863f3d2ab7bdce82453dd32

SHA256
673b00e2d93145a1a38ba186d0d5035f3539c0a91b83518624501acb5d41d229

SHA512
3efd740b9c2d05c3ebbd51c000c3271a2f634d39e1bca60871fc31fd49b702e57395d8dd32792786813c9c254152524c692a026d5dc82c8a17a896aa69f12751

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\LZZ2S192\favicon[1].ico

Filesize
4KB

MD5
da597791be3b6e732f0bc8b20e38ee62

SHA1
1125c45d285c360542027d7554a5c442288974de

SHA256
5b2c34b3c4e8dd898b664dba6c3786e2ff9869eff55d673aa48361f11325ed07

SHA512
d8dc8358727590a1ed74dc70356aedc0499552c2dc0cd4f7a01853dd85ceb3aead5fbdc7c75d7da36db6af2448ce5abdff64cebdca3533ecad953c061a9b338e

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q8AKXLZF\Favicon_EdgeStart[1].ico

Filesize
33KB

MD5
7fb4a1f2d92cec689e785fd076ae7281

SHA1
f3477f75f8d14dd3bcf5f50176f8cdfdcd3944f5

SHA256
8ffb08e22d8848b0dc64e13ef43a5db913a3b4c112f67b0346f1508f2811aeb1

SHA512
bfc68283080028dd1b93bf28600f2abd8cb3c375c6433649972485e027b6d72e81535221ff2c89c2e5b255dc24ef3a1db28129a95eb872f236ca624f1ca9d02c

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q8AKXLZF\favicon[1].ico

Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q8AKXLZF\favicon[1].png

Filesize
7KB

MD5
9e3fe8db4c9f34d785a3064c7123a480

SHA1
0f77f9aa982c19665c642fa9b56b9b20c44983b6

SHA256
4d755ac02a070a1b4bb1b6f1c88ab493440109a8ac1e314aaced92f94cdc98e9

SHA512
20d8b416bd34f3d80a77305c6fcd597e9c2d92ab1db3f46ec5ac84f5cc6fb55dfcdccd03ffdc5d5de146d0add6d19064662ac3c83a852f3be8b8f650998828d1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
77081ef2cbe9f3c017b42b553b68085b

SHA1
73b31ea3147d21626d5e45bf05fd376649662da7

SHA256
b4c2714d373a181622f0211820e411f8af4ae2cbfa9c68d3f98d60d572020a3e

SHA512
f31c6e16b931145d472a124700a6e27923c2576c8a63f4e65cb7f144f476947cdbd0d65c849e8206cef3b87409ef411cd7eb763952d6b92452d421c05f67a977

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\8km1ngy\imagestore.dat

Filesize
57KB

MD5
74801571529792f667e093dd93f1e72d

SHA1
a9408a4c0094c8bb7fbaf8d678b7637feae903da

SHA256
5190f92ca7d114823814f07df4abe2fbca30454b951d728fc5cbcd4c0b8a27bf

SHA512
5128084499c406566d75048b85a420e0eabd57ebcbabb5deac457cb9af811289a55cf4eb86a8bd096d1560fc5560525bdd7525d9bb672b7121c34a65b05126e0

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\8km1ngy\imagestore.dat

Filesize
42KB

MD5
9c73e98ddf3593fad7463b61198201ff

SHA1
d5a708ee56692e964e6c1e64ecf9123420d7df98

SHA256
337ddfdf870664faedada565e136035bc50889290850e1f676d15fc5156e8ef6

SHA512
dcdf224898bc6eb4c80da5af64c3a177d13ed0c710cdb3f5ce87b8cc1a4cea498c6ad893c0c40d54eb848b220f4ead4ce437c6c2d93262adbc69e3fad9e8fa9a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
f7dcb24540769805e5bb30d193944dce

SHA1
e26c583c562293356794937d9e2e6155d15449ee

SHA256
6b88c6ac55bbd6fea0ebe5a760d1ad2cfce251c59d0151a1400701cb927e36ea

SHA512
cb5ad678b0ef642bf492f32079fe77e8be20c02de267f04b545df346b25f3e4eb98bb568c4c2c483bb88f7d1826863cb515b570d620766e52476c8ee2931ea94

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF3835D3E6A1A0E8DC.TMP

Filesize
16KB

MD5
bc0d9faf895a23585fd3d3e7236d21ef

SHA1
2c1f1568e8b6397e574be6f7bcf3596657960e1d

SHA256
928a099f7bb44f83de1637df4df0a2241a36cf86f13bd8d2d79231391c1751cf

SHA512
151d9908c380181849817e4aac4027ef6b4061d482cca7aa2d1a58cf7c2839ca5c9661466889ecbc85684c0857d1fef2451e1032500ac598b36d8f2370eaf573

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1).zip

Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1).zip

Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1).zip.ysb8m0s.partial

Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\x

Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\x

Filesize
10KB

MD5
fc59b7d2eb1edbb9c8cb9eb08115a98e

SHA1
90a6479ce14f8548df54c434c0a524e25efd9d17

SHA256
a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

SHA512
3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\z.zip

Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\TempState\Downloads\MEMZ 3.0 (1)\MEMZ 3.0\z.zip

Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\JDIC3X86\MEMZ%203.0%20(1)[1].zip

Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
1KB

MD5
e6c5fc05c5967137d3d1903f881a4399

SHA1
2d0f1cb6c60d7577a92d162ae3de36212e78e854

SHA256
cb05fe65b24b59ebb215444e87fa014f60674a03d0f9539b0f92fa3b10268c62

SHA512
f3a62d67c6cec8fd9e65e041981b76bb210fc2a24a477ebcb8b525ca28eb0964c52d453b5f50699ba86b6bd764dbbea9fe918bdb48085dbe931514e70712efbe

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
68922600a2ab5a655b71826013aeb3b7

SHA1
b89aada63b01c865f6db88571ee0a2e1c3bf57fa

SHA256
f48422a5bcbad8930c9e3f7ae5be8912e45952e4487ea1ed8bd2d7401cfc6120

SHA512
03cd8dbd29ecfdd07081bf9abbcba14c6b478e42b5c04a6fb157b392a5f0daaaccf747dff21c1de6f7b359a164201bc0eae739eb9f5a8634e7ca0b00b6a5bfee

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442

Filesize
416B

MD5
caa551f21c7c9c041e9a857baa96db56

SHA1
c0ea09b290ef4526ea04bce1f5e48cee2e5fab92

SHA256
9810110fe62a10b92176ba422c77e2fc7cd2e6e766759189502bba176e0cf49f

SHA512
c78320787e5be4d6fba2416171ee3e17d4907cb9b9bb2907eba94d187d419ebb039e15ccb4b1e4b8fc26dceaf617871f8f2fac2f770c6deb94fd2561d411cf7e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
404B

MD5
43f61081d88d7c19d51011f90cd36f35

SHA1
c53fce9f5f95502fb3df7671707cc0eb1133b517

SHA256
d14ae116552130d32c6c56bb0b3cc7db84dd22f4255ed0d241747e9380156383

SHA512
07c8e5bbd673bb99293b4d2e2e964fcb705d63cb90fc917d3f56b1a95918ff8d26117a2f62d3a55c7e3890e8f48188849d2de613157b9ce63198c3a6c0f3b8b4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
77081ef2cbe9f3c017b42b553b68085b

SHA1
73b31ea3147d21626d5e45bf05fd376649662da7

SHA256
b4c2714d373a181622f0211820e411f8af4ae2cbfa9c68d3f98d60d572020a3e

SHA512
f31c6e16b931145d472a124700a6e27923c2576c8a63f4e65cb7f144f476947cdbd0d65c849e8206cef3b87409ef411cd7eb763952d6b92452d421c05f67a977

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

Filesize
8KB

MD5
d1b4b36689a81bc7238583de78036323

SHA1
033905d6c9998bdba76e7af06720ac58cfd588e6

SHA256
a1f3fdc10b2bd9dbd04df274d7955f50a2078182e87e73813f517f450c024e02

SHA512
012a805a56878954f2d00ce06cd43d6a113c10ec6450983566be7045136f458e24b9d2b8034830121239a7115aa9a56c08ba39a34f8c1561d45afc69e9553e44

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

Filesize
2.0MB

MD5
0565463a2ebbf48c2c5619611db1112a

SHA1
0b3802389adbd97f1fa9a4df182aecf157c0b7c4

SHA256
2ae71ec02cdea8bb8a2509d8a6f1ec2a3b66a8f6dca0abf5c3a1b123265204bc

SHA512
2644a99042b7b9011e1c0ba6e531594c2351c9381942b072a5551963db43dd53f9586420d5d4f8494b4b2661cb4a328df701e718646055f53c3e79c725004cc9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

Filesize
16KB

MD5
f6e04bfa43ec49d8c026db72f8406e15

SHA1
f30c8ad0b8b553ca1fa010ac49478ed32cdda5b8

SHA256
06e1592f7110bc76dacfcdda60463a3b872644c073fa993828e3a0e1e6b14cce

SHA512
daf703d92eb97a643a5936cc9ac9dc215e634996c2882d063d955b7398fc1b151b49cf9d6db80f495ac92e944b6b851eb5d6af0620228f64fd16ff335b352140

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\8km1ngy\imagestore.dat

Filesize
52KB

MD5
3de7a600654d2b686b08a6037c2c4db3

SHA1
d2803acfcac2918d7f909ce3affaa4774840af59

SHA256
a59d19b2e33c37133fb37c8872327534bf311edf759813423a9f0e8af1584be9

SHA512
889cedf78b380d46108db897fc809c564c884e95fd66ee5cc626ec046c351d1bc851fc2278d080ce94ff794bd168b27bd44b2282462889e17c9d1d816f2a557f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{5AB9419D-6F32-41CE-B193-886D8186CE10}.dat

Filesize
5KB

MD5
3ac29e52d875aeed9aa678fae7a3f4bd

SHA1
62744b3d5fc5f3e2304f6512c6fd33d9881c9d25

SHA256
69beee68ca126f45f88831925285bcab64c9afde36d1fa86c5a9e2fdfd661f0e

SHA512
01d1bd0cadd79f36aa1c7fc4db7a5340dbad67ba16475df3310d291b2647b1e24bda968d56adb8e63afe936ee6560ecc45c885f82910ccc7cf7b5f70059247fa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{4F79FC88-3355-4CB9-AF10-C4D25FE5D40E}.dat

Filesize
7KB

MD5
c60d27c1313cb57ef2323fcc129e711f

SHA1
83c3b933b6ddfd82f354d70667e25fab96d4d2da

SHA256
119b16e4fcb5b0ba505f42ca35b8ba8480dce4205cf3d5627af9214e0f7da3e4

SHA512
00b7ef741a93f710b841dee84b1bdad5a6a44ff1791cf68a3f4d41f124cde2852f1c7c91f8f34ce4445fdc6815df0f84bbac749d4800793ba7623f57f0cecc53

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{8ADDC8D8-5FD7-4525-9868-8745FAD44D01}.dat

Filesize
11KB

MD5
01cf5a662d50be200833d1f15917842f

SHA1
1781020042f0601e3929808e69933407c9e171d0

SHA256
e295d40b7e2991cfcccc23bb18d9416f0793f32faa4b2b34fb1b2a25de4890d5

SHA512
9c6d6087638518daf4fc3681020e6fd968dd57f0d11e22e9443f9bd5ceca9e9759beac8e2b92e7bd82fce83250aa78f0c37ae078552475c560e753200788aaec

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{B27778A3-E407-4F61-AFFC-9FDF232E4648}.dat

Filesize
27KB

MD5
fd0f41522a5a185b6c196ee6fe8000d8

SHA1
f8634958d780529639ef699d2b67e2989d0d8a77

SHA256
85f57d63f54aade5fd911ed227e141e0aff7639fc195611d82b3b6a26c4d4c0e

SHA512
a4d36aae7c6bb6eb5da8269f3bd7e5afa543c0fbc66fcfe399bff98662b5deca8f6d9f119cc8e4c45efe745ac51772bc80200b7a62c66d5c4937a58bb12d5d3f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{DC96462C-A7A3-4DC5-827F-FE1D9ED134EB}.dat

Filesize
9KB

MD5
7366b164aefbe2c1010467c86027e088

SHA1
0181d70713e52afa1119c5f6b4ad9627f735fae8

SHA256
7957fd106cd6ad2f6d7e00825a7b4d8d6306164bb1b2b01cd1a1570f011e9327

SHA512
54cb018702045be4e4bb413049950deed644f1b6858305056af2efa960338088a2a4bb55e60e82b0c3bda76af1450b774ca23bcf02a83360a420f38f2f012824

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{F1BC74F3-8507-4C18-BB1F-E129791762FB}.dat

Filesize
56KB

MD5
97c926c8cf538919ac1c8bcd192bf602

SHA1
da7caf0fd990c53c8498d7a94e31e9ba6f4a2f46

SHA256
2244a30eb5fa6effc91c7e26521e0171b2181b0b777e036008d01b69289cdcf4

SHA512
26c7441bfdaf08d15647254f88263c64d84e6ff96119f15abc5b901c4e1dd6b112464784f85c92a440db4131bec2e93451317dafbe5aa8e2162bf90e72ab4795

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.pri

Filesize
207KB

MD5
e2b88765ee31470114e866d939a8f2c6

SHA1
e0a53b8511186ff308a0507b6304fb16cabd4e1f

SHA256
523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e

SHA512
462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\Desktop\ConnectStart.clr

Filesize
208KB

MD5
3901b0d9cb9565a9cb059ece4aba39cc

SHA1
547970933101456c188e6000be82844f0c3b4ad6

SHA256
2dc85d0fb30cbf59f6f3accd432cd6db3fe120729e3c08d12d3690c59f97af2d

SHA512
9a22cdea76d25ba94f95aa62431379a489ce3fcc9c55d5d3fe4f125a275b260d17ea4d7b6fbe94ce13bd41716c480619ecd92ce84bc3d7a52962d36c3603dca9

Download Submit
C:\Users\Admin\Desktop\ConvertToRestore.mpp

Filesize
397KB

MD5
2eb7aa94811d98e4d225f71c306efad5

SHA1
98438ba7fcf8149f07a88042b4d37cfcd4fbad64

SHA256
fb92481c5de0c0d96489066a8bb1e3974f169e7ebe8af4e46b249b8c64b2f3b8

SHA512
f5aea1bf362351cb6c99a7684a9075bcdf3bdbc56c8c16d9405a2fab6c590dd15bb5317971fdd9e7a5a277c0930bf1e0db5b45ad41498d825e877f01b8def241

Download Submit
C:\Users\Admin\Desktop\DenyDisconnect.potx

Filesize
240KB

MD5
e686be30a82a12148c7dafc9eeb8a92b

SHA1
ff565f827a1b2b6dd1da430f1c8ddfd051db82f7

SHA256
e0848d225d44291fc42dc6135f6e3d40349ed9cac6a74bd9a31637ff57d0030f

SHA512
b84c8e0948e4572e53c42ad0ec902ab157f9793b4bd41bc4a874ff86297f45c3c6553050ec0e3d8b7cde961405c29986b8c56b734664bd361c109bef3498e736

Download Submit
C:\Users\Admin\Desktop\EnableRepair.potx

Filesize
323KB

MD5
f765d893eac5a824c3fc64189a6677db

SHA1
257c59a251c49d2d04a31c7347603ff3e0b23f21

SHA256
0cb01811ad03c5c0dcd2304625f7d4467a3875e6531df806cc2aa6749275ac62

SHA512
e667368ecc87afbeef1104254060929c7a4360929dd42a14d4989776105bc0c34e4ee17a0ad26eee3aa3d4d890af8c77da8b1a41bcd4fba49308dcba96ee745d

Download Submit
C:\Users\Admin\Desktop\ExitWait.dwfx

Filesize
198KB

MD5
7b3788a81c95ac88a8ba6360e6f5b3a2

SHA1
c210563d4c4632008835106bcd3938f36a3b0a1c

SHA256
f7ede988b008a633ad74202eff2f04d4821da4befad79f3db5e1f955dd579cdc

SHA512
9f73c865155aa8d8c4edeb1b80c17d6015c5eb462d02faa402f2341bb40a43225d0642762d3718b10e4d52a904bd497b1eed341b09ee36e0dbda6cf86a219e23

Download Submit
C:\Users\Admin\Desktop\ExpandGrant.mov

Filesize
292KB

MD5
24f957f7d54e022103ba8c055a04a8c9

SHA1
075a2221e0330e59e3cda282235fb529be286f6c

SHA256
5b610b1b6144d88f862bfd26fc7df184186b672ce03b71c3f0558f8ee4a61d48

SHA512
0a3039786574e300f57cdc1fbf8f314b1083359bfee3dd6392ab9210198ebb7ea42412551012ae03ca0b8422acbe1cab3b03091520553b842946c3c5ce3056c5

Download Submit
C:\Users\Admin\Desktop\ExpandSend.vdx

Filesize
250KB

MD5
aaa4786d15346380ea5e802831aa2392

SHA1
bc6745cfe80275d0c5aa811993ede6dbf6836f84

SHA256
eaa80b04e0a062c8b3abac477cd9986b00af1990d711fc578e1ed160b30cac2c

SHA512
3d57f58b302cd1e20ff9e79308b4ae25497183e02f35d9f81638069d9bfe2cb216958d77bcd2b587e57d86dbce91b98e63b3e56ba6b76a9f0783be353a57926c

Download Submit
C:\Users\Admin\Desktop\ExportInitialize.zip

Filesize
313KB

MD5
25b02f86806c069179d991198bdcc54e

SHA1
a2320dd99891745168f71129f650248a9f7a4576

SHA256
3fb92fab41fdd7a8099ab9a319bbe9b8cad1c5a4b042568c774c072a11a18a86

SHA512
b63866bc788cec9c09336f1a0696ff3c7c8038c03b53315f971653a6a623818f15816564d0f99f15b9cff7ed454aee868fa0b677f7aff3111124e754164b853b

Download Submit
C:\Users\Admin\Desktop\FormatClear.hta

Filesize
177KB

MD5
308ef12adc3c7c45e0ec2a2d9ba04ebf

SHA1
d35788e344b37d1d7b99924f2b8fa5bf46a8e056

SHA256
74f191e43803adf3e891204c14e2616b51ee6b37210ed15141dac0a64f62d2a3

SHA512
fdad76ee056f4a5e9bcc2f1e742dd86f70d4cb26a18cfcc5892ea42c19c83dd51da91957f5ad63ce8183730a1176efc269d349cdc158fbcf71f33ff59bc45853

Download Submit
C:\Users\Admin\Desktop\GroupConvert.jpeg

Filesize
271KB

MD5
03e255689a9e07ba8021e615d903d2c2

SHA1
0d35170fd71f417da030095c91936e6152c853db

SHA256
4424b4e340344483771b458177f8dfccb3aa51c861749f98a72ccb6b59462239

SHA512
3d4b087092372bea3d07a2267c7e1196ad262c02ea5b6bbab00db74e0b016a2e46b9d9c6e2a45127feb585cd148d990e3761359156b56fe43f0e9b2bc651ddb8

Download Submit
C:\Users\Admin\Desktop\HideReceive.bmp

Filesize
219KB

MD5
762e63e1aa93f6cdac0976232df7cf19

SHA1
e51428fe217921612e833e605d063f496377c4d5

SHA256
c3eb99d16f5ebd67e07381a5f309884e99d60941e2b99ee9a89e1bd1977c7f1d

SHA512
05650ef35e236dbcdb69fa5d064d1ab154687f89cd740446506e5e95622ae804298fec374f55186827bece0efdb58c3608603254bca3a5c7f343a3ccbaa3532e

Download Submit
C:\Users\Admin\Desktop\ImportLock.vdx

Filesize
334KB

MD5
77691ecff309aa5e916c10b71c7fd622

SHA1
5cab74c3da23773d5f9d99d9762d626850534d1c

SHA256
cef1d0c252e0e779225778fc4c6ee6f97dfed6586fe9cb3ba0d0844bca0ae98c

SHA512
9f790f2d6d7d0ae3ea392cd2efba88aacc8949370efeda2bc8146abac9f2485bdc18cd56a75f23510329b2b11a0cb67a26ef949adc888e5d5efd89470dff2fcc

Download Submit
C:\Users\Admin\Desktop\InitializeOpen.cab

Filesize
376KB

MD5
1f41d870534e43f5c469bdef4a2aa9d8

SHA1
9817657fe2c8e972cc5225059b42b86a37fedc26

SHA256
fa765c69ec1d8d13d6dbf00a3fe98073cc87dca0c7e6f659aefb86465ce531e2

SHA512
75f59cb2b8e11381345767ce24f55fc6f2dbfd7c7e119b8626d445d5187d850bbbea92cefa917f72c06792abf339a8d38aeebd32bbdfefa2282bbf30334fb146

Download Submit
C:\Users\Admin\Desktop\InvokeDismount.xps

Filesize
303KB

MD5
1e33c7590dbad0ba3459d3c1f2d59cca

SHA1
d97825d41f128a9a8904339c56d87d1cf308cbfa

SHA256
d26718e4a07ef627774d0bad48cfa437cd1d7b98aff8f4ec6d8190ed739d4fa7

SHA512
b72faf2e2fcc60f28c7eeac45b07153337cae8cc5214e1207f92bfe15a5ace107946e7037fd3c1ea7c2d47227a6916c430fde18c23807046f29d1e788112deb7

Download Submit
C:\Users\Admin\Desktop\MergeCopy.zip

Filesize
417KB

MD5
a30b0494e3b00405d4c8448fd4ec514d

SHA1
8026f399d3b5e436051edf40a8b1b2e62dbecd2b

SHA256
ad6a44d6082e1e4f96fa02ef2ba97d9d7808fc6b655b77ffe0e5727908f51470

SHA512
4776c22a7dbd51fbf75d9f39c78093e9c43fe0928b7dfa382678901b5c027a38d6ec1e1effea446edebb2fd898a7761ead6ebe563062194c43b3c835af6da9d5

Download Submit
C:\Users\Admin\Desktop\MountResume.wdp

Filesize
146KB

MD5
d7d7763cd9611e9aae20fa86c8774293

SHA1
3e0541633da014c2a84c32aca611887cb13af639

SHA256
e30a9890adf29a85051a5d6ae62d3630dd70a335979332a4ff3f8884a3e34074

SHA512
6556fb17f07a7d7dad738983fb486e4864a9d26e0c030d19f9e89455b9ec9936a57ca7a6ddcd76f5f9b01b9bad0f3e9aec51d93d0b0bd2daf0972182ddac6aea

Download Submit
C:\Users\Admin\Desktop\PopShow.xlsm

Filesize
229KB

MD5
f14c5c595d5e2ee60258aa09a131a17a

SHA1
3c600593a83017228352e511aee5a879e6df0eeb

SHA256
a0d3b8870f6505e9eb5e64cafa2228d152f0aaa2dff5441d9dcdd05377ed601d

SHA512
d0e0406e317658e455e47bc5c72b17ffcdf9ef62d29a347ec7ac5d09d9219e0bd38095aed3ad2a70b1c3318ca21e0f7ac506240a24975e77f0d93f84672fb4d7

Download Submit
C:\Users\Admin\Desktop\PublishRestore.rm

Filesize
386KB

MD5
3969c7fd398c814b01536f3006ff8f56

SHA1
842b53e66c934d62e0497a29783762b5a01a2a3e

SHA256
c684779ebc15da5cbf6b2f99a81d5f72221b6e86153c21511056742b48175400

SHA512
b71825427e69ac19846c06b4a6d88341bd94f07f423498267827aa274572985c909e06b2db9fe30793e06b21a5353c1a8c234c2369113cdc2edf55bb54f33596

Download Submit
C:\Users\Admin\Desktop\RestartEnter.dot

Filesize
282KB

MD5
8b0197a26fdf136071defd388bdfd48e

SHA1
b61f604aa1577fedf33cad9b2da55e562bdfe38d

SHA256
64c4c961c4e8a1d5fccba2053a1edcc95e4c854ad48398f487ad19770b1fe387

SHA512
a4e577004a67b5ef7f5fc3ccfb82b91f4715f7ee62bea00df8314c06841cc76e760530f8142ac700ea24d97a1a9832d9bee745dce4d4f9a1add6888dbab94049

Download Submit
C:\Users\Admin\Desktop\SelectDismount.mpe

Filesize
355KB

MD5
5410b39cf5bc8bc996cc7253bed0ae75

SHA1
82761e7dd1a671e6a3af9d2f5cf8e09d6051aea1

SHA256
70962b0ed34540e12655fbf87a561128276d5e44cc7dbe785a795f85d166c63f

SHA512
3e77cfd75fd025846ae9b230977418a3ab381e6ab2e9ac38c66d2ddeb622d51298397d1c523e1ce10b26308ed2e0d23dcaa3f74101ab709ae2381d4cb157d381

Download Submit
C:\Users\Admin\Desktop\SetUnpublish.mpp

Filesize
407KB

MD5
19a5cb529d31541c1c8ce586b4f02078

SHA1
da06ee51ced7c747b6da73910bb4c5d3f62ab656

SHA256
49d5ca54cf7e3e3bb75c5b3181d83c4d55a00f5d255b4de25cebfd8b44a05c75

SHA512
471035e7e734b87244bbe0b9181fd4c61e24f2b0586eb3b201223beb0d07423165573690326d68a461225f18ca13259909e4b9cebed901649000969401c58abc

Download Submit
C:\Users\Admin\Desktop\SkipLimit.M2V

Filesize
261KB

MD5
62ae736a1ff3357d9258f8e07a5bb196

SHA1
1a3a02b661973f9f3bc3e45232850269a5a1bcfb

SHA256
91c85169239c2267f45fc469d2ca3c49ae00d3405e99c149893324d92f51972e

SHA512
59c91066a1eb4754407e18d4611261bb6d9458138fef9138bf4596d9d11c2c6326e12d661c043b6dfe021b573f10aade667a6072b06139498485fa1818629002

Download Submit
C:\Users\Admin\Desktop\StepConvertFrom.pub

Filesize
167KB

MD5
ef4b0c1fec09befb0d1d01f2302e4100

SHA1
7b3560469f41adad2072d6fefd42bfec81e60f63

SHA256
f3331159d85cc5f85c00f036a9b4b13e457204930f654a19fa167178b0fcc547

SHA512
1952b10ea5788326c1cd994bcd00e9f74654292259591c5ae92361d5c2e6b891732e90d0eb05be5309c6960c8867d427a108d0924fd81512507880fc17e939ed

Download Submit
C:\Users\Admin\Desktop\SubmitAdd.ppsm

Filesize
188KB

MD5
6c9f1f4368c66626f81fb22133b2d32e

SHA1
b7d51e0b8268e0213813e9a64256b1e050a93351

SHA256
b032b63a239f52338baf7492d1f3923e62fb6283036a9aa9f3c37b148c085cf1

SHA512
6e2cd5b53bd5a21007c09035754f764dbcd338e51e75fbc822fd6615bf56a8349ec3cb09f1d605851b7dd1ff13543f2aa2acac64d503358986fa016b05dbf5fc

Download Submit
C:\Users\Admin\Desktop\SwitchInitialize.tif

Filesize
574KB

MD5
840b8894c732dd25c75cc936b82e9eb9

SHA1
fab313a6ed79ab250ca6d75952aeff08ddce2f74

SHA256
3fa6a454ad95f58786828a456adc3a6ed1da18973ca8d9652903d00c765f3f11

SHA512
c6047a50d08b5dbe5bfc096f8dda80f761bc3430d9d45c36cf9c57292f78978b623639298e79be123447416d3983785cc552dbece15285a201fe511c77bf3176

Download Submit
C:\Users\Admin\Desktop\TestPing.au

Filesize
365KB

MD5
20195f03a72cb995560a44688253e97a

SHA1
fd6dcf37840ad5f5abccfa9793086d9531ea37e0

SHA256
925e4105f67df2b2ce3755e06fea562bea81c56a5f9106fd3b8f6867b8176e92

SHA512
baa6d25608d41f415ac6a2ba3b4974a6288667b21d83f29ea5dd69303a9470d2562499c319a958a89122854b156c4e21961314d6a88e247813357882444b39ff

Download Submit
C:\Users\Admin\Desktop\UnregisterGrant.jpe

Filesize
156KB

MD5
0e4fa69ba6f9b0e76eff4b23b95b780e

SHA1
6fb58c0e2d03be0f04a3dbdc964674e4fd8883b2

SHA256
38f81ed1bafc2ff7653982c95f41bcf80c0acbaf1741645cffdd8c75fe2adfba

SHA512
b5ce75c1ec1493ca549ec66de4cd5e3608bf62c0bcaa4da7377b86dd84ad5c646bbb7fbc12ee4908125a7a5605bfc72289bee897799c83c93ad3256b895a5837

Download Submit
C:\Users\Admin\Desktop\WaitMeasure.aifc

Filesize
344KB

MD5
6a5e89fc864517ff8d33d0c953e33925

SHA1
2bbd16dd04167f38cba3f1f07e1f68b952923dac

SHA256
cd7a23b15d9bc67ea3b08581d9206c2f8b260cf189fd5be5e3e372c01ab2d7ae

SHA512
75af160908091f75f045fad6cd4e9d8515edb7abc73d8e8e7f6a5bb9f360a3004fa3bbdefa29c08ae46b10e037b18c53210fc8b83785218de2f3bc5918d1e695

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
5ecbb06717f462da15f407b9908ff34b

SHA1
7ec4b6152378ecac57efd193497c18226d47d83f

SHA256
f9224fb5fc01e3bdaa789fa19f90e63203776e8614769f81afc2fcf859af1038

SHA512
1c4fe6e1226c502fdc245b81364d3e98d35424f224774384fe29913df3207abd2a19583edeb359fff0215b937efc8866bb487a4be97c712fddcff0513d47d6c0

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
d28c1414ff0026ddd670db5ab6578785

SHA1
7d5a16facdf1908f0c9c83197cac04a59f5fc971

SHA256
b07721083bdbbfbcacb4e53264addb6b2ee31860c2823c53ea3e72f51d11f892

SHA512
d21e72763ed9527c087abd1441644071cb95850392f31c6b728c13226e98ea7533fe40fd523e36c6a777a82aa82c787e359bd976bdba802d52374a26b903fefb

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
b44e2121612244c1e3a392551feb374b

SHA1
df3ea2a8ece1a8f9f17ff961371dc18255e9c379

SHA256
597bb3efbfee0e4a6b6369c6c6a7881a519eeff1dde95165d9f2a80052997a40

SHA512
c9a0496aef67c1dc1a4bd82d31cb8618fd3c00b490c3cf8dc7016d9e4a0988f9f7cc0bf87236e8fa3d81d1076d0b7651be3a5489b1adca3f8bed00679b2a2be2

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
2feef89f2ebe031a4d2447c955b3b107

SHA1
35a14410fcaea659335f3e443a4995e64531815f

SHA256
04e0f406f40d794399a47a27e21dd3384768f796c665f6add515da7f09ec5f23

SHA512
c3119dd4cd2a3420f174d2bcf3ce92dfca9f2971655fbac98618d427fea610aac7842af6b46b35ca47d6adcf293d5606bee0e3201ed9b358d44d99a2765c840d

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/2120-575-0x0000014167020000-0x0000014167022000-memory.dmp

Filesize
8KB

Download
memory/2120-430-0x0000014152F00000-0x0000014153000000-memory.dmp

Filesize
1024KB

Download
memory/2120-239-0x0000014153160000-0x0000014153180000-memory.dmp

Filesize
128KB

Download
memory/2120-721-0x0000014141F50000-0x0000014141F60000-memory.dmp

Filesize
64KB

Download
memory/2120-722-0x0000014141F50000-0x0000014141F60000-memory.dmp

Filesize
64KB

Download
memory/2120-723-0x0000014141F50000-0x0000014141F60000-memory.dmp

Filesize
64KB

Download
memory/2120-256-0x0000014141FC0000-0x0000014141FE0000-memory.dmp

Filesize
128KB

Download
memory/2120-343-0x00000141532C0000-0x00000141532E0000-memory.dmp

Filesize
128KB

Download
memory/2120-534-0x0000014166790000-0x00000141667B0000-memory.dmp

Filesize
128KB

Download
memory/2700-359-0x0000020D7F930000-0x0000020D7F932000-memory.dmp

Filesize
8KB

Download
memory/2700-225-0x0000020D6D940000-0x0000020D6D942000-memory.dmp

Filesize
8KB

Download
memory/2700-215-0x0000020D6D5E0000-0x0000020D6D5E2000-memory.dmp

Filesize
8KB

Download
memory/2700-220-0x0000020D6D920000-0x0000020D6D922000-memory.dmp

Filesize
8KB

Download
memory/2700-460-0x0000020D7E7C0000-0x0000020D7E7C2000-memory.dmp

Filesize
8KB

Download
memory/2700-351-0x0000020D7F870000-0x0000020D7F872000-memory.dmp

Filesize
8KB

Download
memory/2700-365-0x0000020D7F8B0000-0x0000020D7F8B2000-memory.dmp

Filesize
8KB

Download
memory/2700-458-0x0000020D7E7B0000-0x0000020D7E7B2000-memory.dmp

Filesize
8KB

Download
memory/2700-462-0x0000020D7E7D0000-0x0000020D7E7D2000-memory.dmp

Filesize
8KB

Download
memory/4864-121-0x0000025ADC320000-0x0000025ADC330000-memory.dmp

Filesize
64KB

Download
memory/4864-394-0x0000025AE3DC0000-0x0000025AE3DC1000-memory.dmp

Filesize
4KB

Download
memory/4864-395-0x0000025AE3DE0000-0x0000025AE3DE1000-memory.dmp

Filesize
4KB

Download
memory/4864-163-0x0000025AE0EB0000-0x0000025AE0EB2000-memory.dmp

Filesize
8KB

Download
memory/4864-162-0x0000025AE0E60000-0x0000025AE0E62000-memory.dmp

Filesize
8KB

Download
memory/4864-160-0x0000025ADC7D0000-0x0000025ADC7D2000-memory.dmp

Filesize
8KB

Download
memory/4864-158-0x0000025ADC4F0000-0x0000025ADC4F1000-memory.dmp

Filesize
4KB

Download
memory/4864-137-0x0000025ADCB40000-0x0000025ADCB50000-memory.dmp

Filesize
64KB

Download