8df36ba59f97b2d8700ba4a941b35f83d90fce1538743f99802bb3f1c77dd7f7

Analysis

max time kernel
412s
max time network
440s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
14/02/2024, 18:50

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

victoryforog.wav
Size

905KB
MD5

2118c4917f946774c2882c787e24aaa1
SHA1

a4acd2141a910751f83a2f8edfb4a88d58a06a5a
SHA256

8df36ba59f97b2d8700ba4a941b35f83d90fce1538743f99802bb3f1c77dd7f7
SHA512

0dedd147b8a9ed4c8b081574c67bf723ae6a0120c48b53fb1d5d511e6346b90f4652265344f58963ff7359fb5aea624e2a52efcecc715206acd594fca4542a82
SSDEEP

24576:4v/bmx1UUQOtNavjrA2uI1mcHPju67TdrTw3gRl2UOE:GM1U3SkbrA2uI1vHPju67TdrMc

Score

6^/10

bootkit persistence

Malware Config

Signatures

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
114	camo.githubusercontent.com
134	raw.githubusercontent.com
135	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133524102733981084"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2398549320-3657759451-817663969-1000\{E768C60F-C5CA-4DBF-9E1E-C02524F0DE39}	chrome.exe

Runs regedit.exe 1 IoCs

pid	Process
1096	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
1824	[email protected]
1824	[email protected]
4020	[email protected]
4020	[email protected]
2864	[email protected]
3432	[email protected]
2864	[email protected]
3432	[email protected]
1664	[email protected]
1664	[email protected]
1824	[email protected]
1824	[email protected]
1824	[email protected]
1664	[email protected]
1824	[email protected]
1664	[email protected]
2864	[email protected]
2864	[email protected]
3432	[email protected]
4020	[email protected]
3432	[email protected]
4020	[email protected]
3432	[email protected]
1824	[email protected]
1824	[email protected]
3432	[email protected]
2864	[email protected]
2864	[email protected]
1664	[email protected]
1664	[email protected]
1824	[email protected]
1824	[email protected]
4020	[email protected]
4020	[email protected]
4020	[email protected]
4020	[email protected]
1824	[email protected]
1824	[email protected]
1664	[email protected]
1664	[email protected]
2864	[email protected]
2864	[email protected]
3432	[email protected]
3432	[email protected]
4020	[email protected]
4020	[email protected]
4020	[email protected]
4020	[email protected]
3432	[email protected]
3432	[email protected]
2864	[email protected]
1664	[email protected]
1664	[email protected]
2864	[email protected]
1824	[email protected]
1824	[email protected]
1664	[email protected]
1664	[email protected]
2864	[email protected]
3432	[email protected]

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
4980	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe
1456	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4016	unregmp2.exe
Token: SeCreatePagefilePrivilege	4016	unregmp2.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe
Token: SeShutdownPrivilege	4916	chrome.exe
Token: SeCreatePagefilePrivilege	4916	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
3676	[email protected]
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4916	chrome.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
4820	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe
5100	msedge.exe

Suspicious use of SetWindowsHookEx 15 IoCs

pid	Process
3676	[email protected]
1824	[email protected]
2864	[email protected]
1664	[email protected]
3432	[email protected]
4020	[email protected]
1812	[email protected]
1812	[email protected]
4556	wordpad.exe
4556	wordpad.exe
4556	wordpad.exe
4556	wordpad.exe
4556	wordpad.exe
4556	wordpad.exe
1812	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2072 wrote to memory of 1612	2072	wmplayer.exe	83
PID 2072 wrote to memory of 1612	2072	wmplayer.exe	83
PID 2072 wrote to memory of 1612	2072	wmplayer.exe	83
PID 2072 wrote to memory of 1664	2072	wmplayer.exe	84
PID 2072 wrote to memory of 1664	2072	wmplayer.exe	84
PID 2072 wrote to memory of 1664	2072	wmplayer.exe	84
PID 1664 wrote to memory of 4016	1664	unregmp2.exe	85
PID 1664 wrote to memory of 4016	1664	unregmp2.exe	85
PID 4916 wrote to memory of 3876	4916	chrome.exe	92
PID 4916 wrote to memory of 3876	4916	chrome.exe	92
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 1544	4916	chrome.exe	94
PID 4916 wrote to memory of 3392	4916	chrome.exe	95
PID 4916 wrote to memory of 3392	4916	chrome.exe	95
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96
PID 4916 wrote to memory of 3408	4916	chrome.exe	96

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\victoryforog.wav"
1⤵
- Suspicious use of WriteProcessMemory
PID:2072
- C:\Program Files (x86)\Windows Media Player\setup_wm.exe
  "C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Open "C:\Users\Admin\AppData\Local\Temp\victoryforog.wav"
  2⤵
  PID:1612
- C:\Windows\SysWOW64\unregmp2.exe
  "C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1664
- - C:\Windows\system32\unregmp2.exe
    "C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
    3⤵
    - Enumerates connected drives
    - Suspicious use of AdjustPrivilegeToken
    PID:4016

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd893f9758,0x7ffd893f9768,0x7ffd893f9778
  2⤵
  PID:3876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1688 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:2
  2⤵
  PID:1544
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:3392
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2240 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:3408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3208 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:1
  2⤵
  PID:768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4732 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:1
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5212 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5224 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5252 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:2832
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=5344 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4156 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5956 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  - Modifies registry class
  PID:3944
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5944 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:3688
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=3240 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4944 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:2916
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5324 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:4248
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5312 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:3676
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5280 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:3552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3156 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:2932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=588 --field-trial-handle=1888,i,15975822106311446566,16849387526235389838,131072 /prefetch:8
  2⤵
  PID:2148

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2252

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1032

C:\Users\Admin\Downloads\MEMZ\[email protected]
"C:\Users\Admin\Downloads\MEMZ\[email protected]"
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:3676
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1824
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2864
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1664
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3432
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4020
- C:\Users\Admin\Downloads\MEMZ\[email protected]
  "C:\Users\Admin\Downloads\MEMZ\[email protected]" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  PID:1812
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4820
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd986d46f8,0x7ffd986d4708,0x7ffd986d4718
      4⤵
      PID:4452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
      4⤵
      PID:2468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
      4⤵
      PID:3808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
      4⤵
      PID:5068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
      4⤵
      PID:2432
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
      4⤵
      PID:4456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4728 /prefetch:1
      4⤵
      PID:4952
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
      4⤵
      PID:184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
      4⤵
      PID:64
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,15760266929484877222,13555490475777737627,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
      4⤵
      PID:2252
- - C:\Windows\SysWOW64\regedit.exe
    "C:\Windows\System32\regedit.exe"
    3⤵
    - Runs regedit.exe
    PID:1096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:5100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd986d46f8,0x7ffd986d4708,0x7ffd986d4718
      4⤵
      PID:3712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2468 /prefetch:3
      4⤵
      PID:3824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
      4⤵
      PID:4572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2612 /prefetch:8
      4⤵
      PID:1712
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
      4⤵
      PID:3152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
      4⤵
      PID:3764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
      4⤵
      PID:2108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
      4⤵
      PID:2352
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 /prefetch:8
      4⤵
      PID:4584
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4088 /prefetch:8
      4⤵
      PID:692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
      4⤵
      PID:1096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
      4⤵
      PID:4044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4804 /prefetch:1
      4⤵
      PID:4564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,9960047758406147555,16919312218854518481,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
      4⤵
      PID:840
- - C:\Windows\SysWOW64\Taskmgr.exe
    "C:\Windows\System32\Taskmgr.exe"
    3⤵
    - Checks SCSI registry key(s)
    PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4980
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd986d46f8,0x7ffd986d4708,0x7ffd986d4718
      4⤵
      PID:2140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
      4⤵
      PID:2220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
      4⤵
      PID:4276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2968 /prefetch:8
      4⤵
      PID:4100
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
      4⤵
      PID:1988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:2660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
      4⤵
      PID:692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
      4⤵
      PID:4044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
      4⤵
      PID:4848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4180 /prefetch:1
      4⤵
      PID:1760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 /prefetch:8
      4⤵
      PID:3944
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2952 /prefetch:8
      4⤵
      PID:2568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
      4⤵
      PID:836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,9048020351990763680,16325667834561609560,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4248 /prefetch:1
      4⤵
      PID:3980
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe"
    3⤵
    PID:2392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=the+memz+are+real
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:1456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:8
      4⤵
      PID:2660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2220 /prefetch:3
      4⤵
      PID:4124
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
      4⤵
      PID:4060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
      4⤵
      PID:4236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
      4⤵
      PID:3732
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4464 /prefetch:1
      4⤵
      PID:2524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
      4⤵
      PID:704
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
      4⤵
      PID:1940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,16458647185742135387,9329727226751848988,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
      4⤵
      PID:660
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:4556
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:4852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    PID:1256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd986d46f8,0x7ffd986d4708,0x7ffd986d4718
      4⤵
      PID:3468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,5573045076925482538,6156738144748004804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2144 /prefetch:3
      4⤵
      PID:2256
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,5573045076925482538,6156738144748004804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2960 /prefetch:8
      4⤵
      PID:1264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5573045076925482538,6156738144748004804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
      4⤵
      PID:1524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5573045076925482538,6156738144748004804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:2108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,5573045076925482538,6156738144748004804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2076 /prefetch:2
      4⤵
      PID:3784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5573045076925482538,6156738144748004804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4800 /prefetch:1
      4⤵
      PID:4320
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,5573045076925482538,6156738144748004804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
      4⤵
      PID:536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4684

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4464

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f8 0x454
1⤵
PID:4220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3980

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd986d46f8,0x7ffd986d4708,0x7ffd986d4718
1⤵
PID:4164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4160

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:2204

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
PID:3412

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4480

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5f12142cd7b5f31399806b753a3b7fd5

SHA1
68865d8a6d682603b8d357f2679305ea3c16fbca

SHA256
ea35cdb033495b77f2d8c195e86555ea8aa5150380fce9e9207efd6574629280

SHA512
08348dd37b1e43d307f6f8ddfbed75b0c489b2341b8e4f7cdf5c2e8e50b8ddfc08e78d4623518c63c4020aff7c67ac9548c2a16ce4a68d87e66956f843127eb4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
8e60b47b9810b42cbb81bcb3c0084366

SHA1
59a93f1ffda540b9e25d10ad0b5beb0238665540

SHA256
954514eeb4e1cd8427d442b023d6c046eab5ad5b6894cd82b6093d4a4ea7d455

SHA512
19f55d03616c021bf4d5c74efe6b6c87abff36a7e6407b016ec086d112610092832d9adc63abebf85d276dd8e96d4647a1d1390a5350ffce88a0e25599ac8972

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
23170418696e7444baebe4169de31c06

SHA1
4bfa0cd915dcdbe263a4f38eff64e604d684b7f7

SHA256
b77503904c8396ce521cddc4390fd9a12ed4fc9c211ae71ae31a6bbe1d42ed08

SHA512
2b1c4be04d2c0fd09b6270745275f9d2d843c2cc0ca6f1a46ab00aff1749022b9f4e180b6fcb1d0bac5eaefd329957c7d5883e73e0b255f6aa4a2b035af989c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
2cf6a1e3340bf01beb8c25335f8738a9

SHA1
cad8485e92f94bef5128b11be7527200626d405b

SHA256
ee50ab4725bc05641f1c4c7cb00c1b502241948c9f40870cd929c35c87c642f4

SHA512
efa35dbce2ba301cc18cd8ed5ebf2a080986a228af333c79591f5486ecaabc4cd2a5dcafb16e694a74cbed0949d7f67849c881ed97e82a2647eb3947cc87850c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
866B

MD5
4bac28d1ff144875dcdc3e360f157bfc

SHA1
643cf117c1631640e17f3809ed83fa0d60412721

SHA256
7a39db16f3a81435b8e31209161eb60d82f806fc443c6f137569747f3fc25bf5

SHA512
2db15524db43a7cabe0a96f871afafa5c4eb79fdcaaec6d7a0c0f984bc26486c106c478aaa99a96eeb7ae761ae9ee47c286a9872b2f7541b77ef36326aca37bf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
69d54399aa7d8b88d5945aff1e542508

SHA1
5c0524132c1a18067bbb234d0d77d0788994153e

SHA256
fba807bf3d1f787a2d1328b91ad7a40028dee4185e344efd3c39d920f60c78aa

SHA512
a048b88eb756ce50919872aa436cc2fb113b3a0b1eab3868b64f74eeebda77bc1eb3149ad478e42393d834fd01775c2118d90057c377a63824d13c1d0912d281

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
a4831a916c24142adcfa4d4f411fac63

SHA1
94934eda1508e9a61cbfa206fa9f0063a192bf31

SHA256
26e58fc3cd7b02c63b2feda35bcd5ddfeebfb033880bc596af499c76fb711eac

SHA512
93ca0145d872d7cff6f102db6c1ac25c1986cc7e23e8966c2366289829b551a2968cc8654d175df7c725066cc437241d30ff0a0a4378171208b7f4154e02a094

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
b5d13b73023425a68c3416e57af7b803

SHA1
fc7daeaa4ed47b948ef74f8c22966b6be04c292e

SHA256
df62f4be4e219b73ef74f531246448ad69e1283994b016be35360a249ed2e672

SHA512
a66b7500da5e5ce28ce6dea25b1f993622071773176bb274c4b4fd2ff1526d0bcc5d00d8172ffb7f472194e6f8aee5c274fa8bb82588a8727c60f7cc72d8b1ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
743cc40310d9a195dc6b1bf6558c4b90

SHA1
95726f785868fe7398568b80a41727133f6f7e99

SHA256
970b4e22f67f430a8e74eb4fd52d5fc53ac7ac9876ad89551ce33c4281f06d63

SHA512
7e1b245374f099638896a37aa03f91c8ca814c6521ed3485c430431adfb285d45b266d15238d2dc4c7d6b9a1780712d2f5f1fbf1225707045cbb2b0807e8fe3e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
e692a2b8b28df7610606807b26b2deeb

SHA1
83f8036491fff6d058d8091d453a78c4a4959200

SHA256
2ae17164a8446f49256809ed89ccb7d2b8ad1fa93a5ba8ad49efa40d7ed76b2d

SHA512
5b32cdc57911f29e1148bb3256ebfe108047511465248634df8ed24871f124fbbbdac56eb6894d887c8775a0772647361475adfda6715b151b6ce5c2452023ed

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
96c53b855bfad3124e49bd160ded60d0

SHA1
f4032cfa11e6dd0751b47cdcde0e35cc36e9116f

SHA256
5fa6eb344f20f3ea3e39b9ca5d588ad57300307c880747e8b21eeaab05b01f85

SHA512
4d1b2fe99c0100044d07a6f071e4a4c4d3b6c3d03b4e690cefba838ef298ce1ce11a05949402bd3a979ecbf07148a84e6fd145c2b2fee733cfa3293e221f5cda

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
f420009b7f5ccdc94c77a9e34223f873

SHA1
0c389d662a46fb807e3a130d511aeee57c5dbc08

SHA256
0ea934f68708b3c858815874a96bf2c2b8711c8c8b4b80f848e2dd98f3bfbb04

SHA512
dc6b72d06b496c674cc24f1bf86a7dc246a59299d3a7a6091719f4eef38198c26813da36d56b87b615394465760b953cb84cc4e6c72443f5992704b5ad546f65

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57e465.TMP

Filesize
120B

MD5
df4d0b9b9a7bc41a3ad4b3b237032a17

SHA1
08090a984254f9267da98634b20306175c5521a0

SHA256
cdc395490c448e04eb7bb42031b3432c43a8f4fd27c66db0f470f4af1648cf55

SHA512
1934dbd20c686fdce00db9a8be466ac7a11c98e0c1ce43bd1a92772c1ab879c32fc2d7099f0f3f4d6d4b65be4dc24045abad6f9694243f85f39d22294ed078d4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
241KB

MD5
9246a520fc55229c4606fb82c0f5d7b8

SHA1
43c1a480779fda938dc9f635250b2bc3bebb36e7

SHA256
a332114e9cf8773268da263566e9ba0b2e804c26b7f93b3c0659193f4ab17d64

SHA512
eb987116e052ed316a17b298f636f0525bfa816d5a4a8e8f4815273a51356b8af752544d9fdfe80342d9074c85889d35f75c350d6dc31f206a75a8ebb39e5551

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
247KB

MD5
06f7c7ff612aa35d472dffdfe963f1e2

SHA1
91611b19bf3676fe338401cca796b9d286ef3229

SHA256
a711fbba7580ccc9519174805845dc8242d2cbac2a8e26034179839750cab644

SHA512
0c1a07f34eda3aaa01de6d208ff8519992a3ae11428675cf07aba92e7f1174b765af39a8c3b7dd94527841141c6a7ba869854cd561383769a660a3c8bb413223

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
260KB

MD5
1238281db56489aed4cad409d6e4e77d

SHA1
e330e4c12059e28ebacb0d22fa89262a16c9256a

SHA256
daa3a5d03898866c978534b4630bace545b1f17567eaa36753bd69831758f38d

SHA512
9718b9d28e6d49bf5749619b42562b71161402d61a1538faef50fdfe405104ff87cf49c71cb3e4eb4c41a3a1f6aa5288100354732157ce044cc3c02724eb181a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
115KB

MD5
4830e050b3675bca71e37cd37b1cbd8a

SHA1
98bb5efd22f94a397d51a64ac87988f8b6544f74

SHA256
baf44401f9a209b5a22db7a949c1f774814f5d558dfb5a83be47384e93c9244f

SHA512
ffc061b6005f8481cefcb96b37a587c58ac88981fcdfef0702a055f43fb2d4de1958d1f5b4859d288ad99754f0e379f6e6c8eec0d3cff882e1b6feaab4b8cd9c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
241KB

MD5
4ad7af70ca31cc33684e31ce72780ae7

SHA1
677f18a5993b8abfb522f7c218105b9e46c43a5f

SHA256
67eaab5a44407d9f2b3e75d2418a3ba344f9787f582f20f480975584ecd41ed2

SHA512
03b95b6dd41261364db0fd9a912b21df81513fa8c703dbed3658d42ec0071095f8b3d2988400cc1c089dfd7d3fd9f34573431e9d11373dabddd966dd7256dd9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
108KB

MD5
13e998995ded5e5923a5e476d91ea997

SHA1
e040fdb69846016d9bb3950f89c9e5fcfce86110

SHA256
0c55cd641dbc525826115d0d6512db505ce081fc797533b2d907d50ce302f8fa

SHA512
b253d463013c7680cac3d70cfa6ca1cfaeea163b4039930d6172106b44fe1f8674dd1dfe48b4714d164967ed1f468ef771b8b81dc8dfdef2d303789cc9538c7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5856f5.TMP

Filesize
102KB

MD5
b2a37d02ac2781acdfce06e090328915

SHA1
1cf7de8a7717a1252552ef7b45a3c55b9121f621

SHA256
73190ef7041bde2846d500aba3ed9b6043d18fc7b8492727168a332d7dfd9eb1

SHA512
0302a45ef17fd522de6020c867a0b98677a8b7e80aef250cedb8a9e9b5b9c589aca1b0a0f3733830b9bcb08a8396a41265d50d6bb02f661945dbca9e56c04895

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2ea27695473f0486a722a7492d7e316b

SHA1
7d7e7edcdfb84f0ee41f0ea3c75ae2a4b4a47a63

SHA256
1823eb7d1636de326df5760b9a938fe75330dfafcc7963e5f432fe64d87d79cc

SHA512
71e9d08d2783946b154e8a7c8db7377999d2a6fd97904d6dfaa85dc01b443225e8adde858eb1e07d6776f8b5c694a8226e119c1fe0489b247c504313af538f5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ff8079fc89c44d7874e1342b42533475

SHA1
7d42a596d15910de207f7e38e8e61a69cb4f1a7a

SHA256
93dff1cbc351ab9c66c4371ab5ccb58a45ba0fe7c174624c7e961a9563c07c43

SHA512
5dbf66b6532064ff2e2d4cf9f1cde86c933ce2fb3513b049e021ca2f71938ce28e03d599725f73f665c2dade3ec7e6e89126d4428c85248f993c66d2645b4fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a5862a0ca86c0a4e8e0b30261858e1f

SHA1
ee490d28e155806d255e0f17be72509be750bf97

SHA256
92b4c004a9ec97ccf7a19955926982bac099f3b438cd46063bb9bf5ac7814a4b

SHA512
0089df12ed908b4925ba838e07128987afe1c9235097b62855122a03ca6d34d7c75fe4c30e68581c946b77252e7edf1dd66481e20c0a9cccd37e0a4fe4f0a6fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1a40217d99cf4eb4fc3b5ed02b1208b8

SHA1
a0f9e2b287d41367d0834ab14d9e5d43f7e38e16

SHA256
e153c449133d0bd656b389e17aa3570bc2c85afc0fb48bf256e1c232d86f6725

SHA512
8cd89676ee747bc9f19ab316ee4a27335dfd420f08cd683649db51ef0e7fa83f391d6d68b079f3083b02ec15039ab2c080cffbf57689fdf50412b87ab4524400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7d0293d274eca16ec32682951c77998b

SHA1
2f1306f70bacb03746ace1b20403cc386edade77

SHA256
f95e64d944e91b69ef68a17f6fd9cd764c45addef351ac1b5c5e3fb2a7a11067

SHA512
c9e0c2143339925770fdb5b5373337ddbe5ac56f5ad00547fa0021a053306802d9a24c6763c54a31fa97d38b69ecdac256b701b6d60fca7ec66f0d23e9528153

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d48b2223aa9adc0134beef9a9e3281e2

SHA1
6028444786fae4e7434b3103dcd68f4beecbf3fb

SHA256
7481ee5f59c14473d0980aca80f80d9aa3a8e45361ac468eb66de1d496b56c2e

SHA512
2e7ba9e58f05efd8cd421e3108a15e8c6362a848535dab880961f7bc0135e34cb1b9c09027779c9ae5ce11e80269cb5c61ebc643e38da43067b7763dbea54e10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\43924219-06f9-4a6e-8470-f7418b16c3f4.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
6920d94fa61c167e4c7a62b767b513a3

SHA1
cbd30a0295f60f085adb8d9a8c03273dd8375ef7

SHA256
7bcde7ca3ae832a21ca13ed3d0512b122a01ee48cdc903807c341500b003eda6

SHA512
adccb46e8a265d7e49461a798a6b6a23b56b9d07cd7a8e86f3d6db187915848c6bb3c3f352891fe04dab3ad97fdeaa0004d8df322079cf906a8a7b7b43d28430

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
a96729b0adda06c56a9a866d3b184b9c

SHA1
daffd4a8892a64f53b0b4535c72cf39aa954d6c7

SHA256
9d6c86888a53b360f2745bbd3140f6df5fec321ea365f7141e9aebe2b31e305b

SHA512
2ecc7d0820527be49ff03c007a9fa57ff3c39fdf4cd11a47102b701cf074508551bf23e16d719445bf60de8c0f47ff15bc81e56083c7b8cc51683e084ea4d61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
64KB

MD5
e3c1ff38bf7262adf768fe8cfb3992a2

SHA1
8efb260068f383f5929860c5b35d7a698f6fd591

SHA256
2b7099986519e32ae2f497412e3ff3359301e5664a63e64e1018cc9e303a0da9

SHA512
03aa7db91aa463acd793f1ef7133aa0314c8df7c301cf374f6872b575871991c19e88b112e3001e981f172f207635e51aa14a30e29aeb67551e7571b6203a6d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
192KB

MD5
625c8779c546b41ff9d8cd8291ccf9c2

SHA1
7c60c30722c7519d860d7984946bd5f26b7b62ff

SHA256
ed84f7a6676bab025fe123b3228b691ea9e8c53ea17f3f1a954ae90bd0c1a6b2

SHA512
59878312956823c30d616c295fb61c885da35e3d2da2d63a7eb5b1433c22232fd712e37e9bd6f210f5c003f4d8f80a387c65405d1e295f4252459e01d9b0a0b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
194KB

MD5
36104d04a9994182ba78be74c7ac3b0e

SHA1
0c049d44cd22468abb1d0711ec844e68297a7b3d

SHA256
ccde155056cdce86d7e51dfd4e8fb603e8d816224b1257adfcf9503139dd28f1

SHA512
8c115e3e5925fb01efd8dda889f4d5e890f6daaf40b10d5b8e3d9b19e15dadcb9dcf344f40c43f59a1f5428b3ee49e24e492cf0cb6826add1c03d21efdec52ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
eb2b17b913015dccd203fe05661f70c5

SHA1
98fec41e86dec6bc9572dc411e6f6fd35d017975

SHA256
042da073baf960eff453ed09fd6b78f74f9ecc4959ad1cf92ad3a3489afc5ce0

SHA512
cde47b5084214249fd80e29a54d11bc00670d2bd6dd0dbe7843a518bbb92908d09d421f65605f3664bae034b502c71139437ce84fcb72c9916cb3e993a348e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
76ba242bed9ad8d80e0ff2ae984c8d5b

SHA1
f1cfb4e0021c539a0689ed4aa0e8f4ca64aad71a

SHA256
102edf18f628bfb36ec2575789317a334ec0459a5c154b8c943659d9eff66fa7

SHA512
979f6601aaa45fba80bfd62689bd4a764442611a721d6d1112af0153529089c7df4a9840ea550aa7f2d695d7188ce308fe957a68b2e588afbd616717ec296b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
322f54e08037661c221edeaed1081cc8

SHA1
9d8e571ca8c8f434ec6703e59b1f4c3b74d73eb9

SHA256
a91254515159e48c9c0e8ea9ad7ffd45f288f92f55315e362302f12dcb4345ef

SHA512
9fe64a8a509ec6f490714009f5e4b71c9293b27f3571faecbb99d4d993727c39422681be3a965a354b82eab3f70d8b4a25128a0f2ca5f2f6a249cc4cafc08d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
052662f9f2d5f3ae8bd4c6388b1812fc

SHA1
29e30977a0dea1cdd4971da29bb888aff2362176

SHA256
9724d277d60b51577d7c3bf182903bdc6b1629a9371235e852ec47150e9d1e39

SHA512
83379980f19e3786ff87015ee786a0c7ea6601fe5deaf94b68c6d2196677f7cd6110f706ff8147d750e984dce3114512251fb7c67cdb727256ab9fd05c941804

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
6c3f3906a34c75a2b6f88a412c5a828c

SHA1
f5d3e50578476c43157ed384cbe986383f99d3c3

SHA256
7914d793e22a68a9dd19705a8ea8fd0dd8061bd93430ad0c712e5dec6db91c95

SHA512
82b27a0fc50b04af297fcbacd10028f2c1c1469072d0919c981b938c420c467d90713e37d468113c06f1ed2549da47c2c8e87021fad145ea570529ac35731449

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
0cecd14c7ab15e41c534c812f80b99ba

SHA1
96e985f2cd15f4a5f79e54fc7e94958d24d7428d

SHA256
5070068c3956acde428fa409e5265b3b171b91f5d66a398149e0164d4ab984eb

SHA512
d5992e5099d0bee4b11fb9db286f57edf430a451094dfe800fb73c70b296f290efeb14f052a231c6fa21ab6aef2bbeb6df093e50fce1144bb2e91a0ebb86a3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
7ce9f4717558cdf2dc71015c6f5fe2ab

SHA1
3548374c559bccd4fd0871bb6b22f3b4d31564f9

SHA256
8593e8dbd8e7108052053db3de122aedf0c8a5d18373632b6e89d43d4364d220

SHA512
646f4d40bc7c8e900fabc47a7143104ea5a1616a6a8d5c7e2153f41f18eb659119778688dc2f1222ff410d2da4c1d3ca937cc13204b5b7419dcbaab61ba59aaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
7ae2caa72d2e3a7302dc8075c7c87d3e

SHA1
17d78ac6d51a1013b173217037a9c9034d5c3234

SHA256
6fead37b92e367eac14d3d01aa5643cb8080783bc9f0aad8496e47a2dfdd5e4f

SHA512
4470002e2b7b0798c0931864e02900367679aa82cbea6ffd31c6a4c83a93fc992eedc5d5ad890cc7d90ef6d08bf61444ed66dd3bc1ff6e8c37099beaccf5ba34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
633597c7895d25f2a6b8415202fafc84

SHA1
f47fc52d827a0e49ea575cf76b9ead633666b68e

SHA256
4065f74081c24f0d7790dd478e93179c0a3bffc2d3ee1feb71754a3db1b10799

SHA512
3616e27099ef43b9961b61c1831cb9415c396979b811386ba2c72ec492dd6634219d7cf5354e6fc9d813f32fe4fba4f4bd6c69bc5261fae6e59068a20287c00a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
cc54623b1175ba8bd8c392d5e6939167

SHA1
04cf65bdd2fe066ea0023b74a93e022904d8111d

SHA256
db8bb2ba4afb8c6ef9f674416e54ba1fdab08fe7b3f5b295dcce8b53ad759554

SHA512
d597da6b3e216897174991cb8a9debf357583968fce2739f4c269936dd5cfe62837ec8c048d89ae7ce9698e304ccf3b629b4195871038412d04ac64e6af1d448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
82400e7c36f8ecd32b126f70f2ea59bb

SHA1
3766a40dba1a6e8fa1626ccc2c25e2a4ccf66630

SHA256
09ca36d6526cbb591c3794f1a6bc1485a25bd6fa11d14055a1d10c543643cd7b

SHA512
a33fbbc01293d8069052ee90ff88a7ff99270af79b21c9f996dfe612eb33fab4fe815bc8483e773c16c6d2d6076cda283ba0c533cae610a57c37293f508a40bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
820b09e193daf3df29b67d57f9dd16ad

SHA1
498077cabcde85fee64ddf5349ebef0a34f57728

SHA256
c8bb0af0adffa828b06447e9fe9833ddbc917dc24e9140a0f18d87365b811361

SHA512
e4077ca0d25a850ac8986da4285ab168ed4ed82a092e43572667d866ccd1037d315f1233386b101fa1f29ddb1359856e7a664b16def1b3e062c0bc33adc52dc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
75ab5f8d3930b55b934f1fe1ae5b0b46

SHA1
dbc3a219755a9f75ac2f6d2d823edbaa4406fb53

SHA256
f7629ef25b4a17b191fd9031251a15d9c837be854608bf35afaf309fdb1d56e9

SHA512
cc1bb1506ad086dba14b4275e5012ff6a28323ffb50a80aa87e58f16dc54c125d625515cb67ec81955d93e42e0d17f1b53e8856af748c7a719d34f5c39f4087c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
815b7eeb545dc0332b1a3ff24f463cc6

SHA1
34ff80c1c919c8868d27bfa7b24e9fd9471eb60b

SHA256
f3f5376d0e30a355251707665b98a87a758f3423d899d403870ac776ea170c38

SHA512
f0adfcfc338a8ca4a3e082269ba15915cfd9657d8cfc830e5b0f341095f9948c52618bcc96b8e39eae0a6aee4f5eccff70a31166e9df9e7660d7a6d3865c1c8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ed8878eea25352ddcd170a250a05cb8

SHA1
02286ea650550654b0ed1af49b68e5e0d989f22e

SHA256
31997a88812515f6ef249c397f4253a7730d3578d80ee694456b99d4d61334c9

SHA512
51d6ec0db9f5de6890d9d7311a08c5817a1b26c11b89771fea00daaab18c40213e4493f1b7ef612c62c09220726f46f13ca2d856674d3dac6dbdd6b9375ec227

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7f2ea10f9a0781c2ecb0b6da50031791

SHA1
ade2e9292e748472d6c780c2faabb4ef04983496

SHA256
aa7e1819137769bf6a4c88b32a962ef89e39ed07eef124db27314d6ce72cd07f

SHA512
e946e4c14099550cfa0033cda683816025ae6500e17e58798ef6bdf0f9786269bcc4688ad6940f5274b9bcdd7461c6322c2856928287634b2ae67d4fabd48b10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
092da0b8c1343d0e15dc7bdfe7ab87d6

SHA1
f0afb2aa5b3cf3d2e4bcddc38edd6de2d9456947

SHA256
c219a574b81b8524042879e4924fd4868169d8ea625c9f919ea76e2bff1003cf

SHA512
511bee78f6b357a2a61116e17ca931a0b67df5ff2a68aab05bde474d318bf37391672d58e10479ee2e85d374aff1a213dc2420d57025390c711705ca0aeae793

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
71cd73c0745a971458fb753aa105199f

SHA1
237b6aedf4acbf0f3df0087e691872b4d99f550f

SHA256
a7bd7ffe1df8fa482233818352171d8d3219b1e5c794441e85a108bdc4e6658f

SHA512
425f0a5fe0af6bfc305060269a4ef03ad1a960753f79c59f397b28cbbecff4e2aa9a0c037a318d7aa32777172780c32dd80f82904ef6321970b7f96c5b0249e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
96da6d3220678a08699cd3ba862eff59

SHA1
60b799fd6c9792b6e4f694714e6c036618cd671b

SHA256
16a608d2c15c44acb5fdd65a1a123f76a28a4d7a7418c4e85bf01194ba3a90d4

SHA512
ab99f69ef67d3ae92c27f8dc9f3639787366b472b9147ea2db85a4398cb62597aa0f2675e1e35c3698fbd761acf6f2db607c7267a82c760737aa929a6e52b3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
72427ad14c80d1c2578e383f93ed65a4

SHA1
e01392fff7f732ead05fcf55c64acdbf85a17143

SHA256
eb7d2d8284882332f6e0d2f6874762ad7ffb8c88efa421a37c4b0ddda5c3cd4f

SHA512
fa446960866788dddb8e78c09271fefbe5d4c60fba76a8952a3f4484333f2d6136077ed9c6b8892a375178989acca298553ee7c2913ce7b79454fb7d8c247483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0233b5827a295ed6bb9c3d65bf8f08f2

SHA1
0361eaa930281f5984929c3822615c014fd44e33

SHA256
7a1ca1afc21320cee722f46e1be63e003cbb8630773a46edc8812498342ec3c4

SHA512
ac15fd5fcc31ede8a6b25adc537eea15f43753cfb048e62763f7aa20d5590e0de31abfc03d57014c722431fe0ccf281aa537fff8f3061efefd1c2f0150013bcb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1c32cd1995e1e0f2e6e25d69ef77a87a

SHA1
eedd513c7831d3ca708391c4b8dddd94540241fe

SHA256
178bb35a3aa7b7ffd2c6bc13769ea5ba2bec796212845bc80ed548efb307c500

SHA512
0df32ebf1a2514f0d80177ff4e66160971ba804c7b441cecc8f3931b79f794dfa98a3448f7126fcb4f0c2c28dcda5ee1a3f8684f50ff4dab2e74d802c8a6e9a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
85b3b5ae2dac70a2f05cd9dfa3a558d2

SHA1
552648e11680ebd63004c5ece68495d43e809632

SHA256
45116884651a3b4cea003dc66d332e5cf5e83b1c17449f9dea92955e84dbb90e

SHA512
a9624465a3ad4805c39aa36d705891a056c3a008f49bc810dca419a92824604760d05fbdd99dd12b199c583eb33d2bf5db1ed3cabe283950ce1669d5adc64bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
500B

MD5
6f5ec309b0941ca683409cf4532d1934

SHA1
14d3efcf7d503371db7557367b50f086e4725dd0

SHA256
9aea3e2b66cf0735150ad0337bf5d72125c0110d05f9d7916f1b91d7196e7d49

SHA512
721da38ed1a748a700c680ff745120ff23b1b1b6d4ce48285782c0df78ed48c281a71e6be2f71e6ee2fed2178953c547473b400b2743c2c5c2355f1c0a5e1354

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
fec6094e74051b39c658ff1f42716aa2

SHA1
9ae5d8a92bb98fe591b09a4ecf8dcd045c319e8a

SHA256
58f47d829bacadffe41d36467d3738147c422ef5112dabd3bccc48e3347a8626

SHA512
b944af76abd9139f2068626744f8174a143ab6d3ef52160cc1d931802adfa3de2bc91aa7278df62d8c909a32d9b91323d045dc771146a87dd95b5990d4b7a948

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352410467526632

Filesize
2KB

MD5
36658400083f75e666094ccbea7abbfd

SHA1
a30e4d9b23bf6b942d3d0f705e0235c6c3b36374

SHA256
eea7015bcb0a8ed722ab2a876e942ee7d84be6d017c9ea185604b6e6b9ad9ad2

SHA512
78936b25fc3c170b9e245bd1d38f1ccb75ab7702d90b673624a5c75023c21f033573c03642f2b9d3aaa172a8361c9eae43d8bebfec4cffdf48545b0debd027ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
3726f89c15e7c3547fcdbf39b8aafad3

SHA1
1b2f614774ca78e94f23a77cfc24f8b8f35002f1

SHA256
adf042255b8a598432f86621271648310929111e0f116f3ef709be5099ec2f8a

SHA512
c8a6d06484f585fc81d3b880ef760dc46e7fd9b5e5bf797df468fcda5ee201e12dc02d361b8bb64002f055e54114e80bd0b65f511e98b93b7c1fd9de0feb48d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
dbf0a742a81ad43bc343c771a822cb67

SHA1
b825e69021eb6cf97a8fd19870e667b367a10882

SHA256
249506f7d6b30409ceabb29e49fe3066a6b497ab2b5bae0f9c37d40a124ee2b8

SHA512
782e301ba4dd3e4200ed105ba68aca3a8fddb563b07b1251b98a2edcc33254892acbb6bbfd22eadf017144f2ad679edb5188003977db23c7b5a2a29809767963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
b942841fa21efb164f257f087e3f37f1

SHA1
b3f4ee852eaf8f3bf26739914a5e158f108f842c

SHA256
0d1c538cd9acc51f1d1712f2c3a15c93dc5d098c8cb448d41a99fa849915a6c0

SHA512
0ba237e57118621a5fbdd7962a84442bba98e6b1b1eb5d3decd4253f086c10082b1fa1ecca1c2b1acccf6ffd2eba12521e0c31d6940492dde47fd1dc2a2ec8c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b277cf8590f46720ff30e4483fe700c4

SHA1
9b43121312970d5076b6a12aef78e00213e31e9a

SHA256
2953bd9f8784575fe56624244db9b752c84af86be88d16526bf48f34cfd5f18e

SHA512
da9bd47b64c8ea27091ded71482131158619dcf52c2fce80f0d30ea3763bdce3f7d11886e5eaf5082fe2e2e0ab8e96b569ecf9a67d91bd7e58e2548699a9aaa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
55b3e1eba8b935897cd3fbf917b3a90f

SHA1
ad80fdf73cb3e629efd061f49fd530a5e0682ff4

SHA256
c1a13dfc43a3c290694a78da3574c47889def07c7e256cb6b6ac06d302c577a1

SHA512
836b663a9b98b309c2a4bbe486113829e82c994a5299c95aef1ca10f63febba555def117ce820b2791252658baeb96cc049818dcdabd52f9bc42b030b3f895e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
120fd93495ab948f4529f30335ca3c11

SHA1
ff2397ac0148c7fd04a101e9ee8f451526cfecd1

SHA256
c52ee3912090a5cd53e533e65b8f439f55aef1faecde4b4e683e04fa5d1ba038

SHA512
be4cb24515f74016ee9d1faae9d1760240ca4fdbb5bb14519fef245195ba87a00c5f28836c415b3475ce349d9107d7d6f0fc481eb2e7a56e9c9cb498a915a279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
ab23f68fb01d52218cfb437b0656dfc9

SHA1
4a0d4c0116018152279284361c2d99ceb65da2ce

SHA256
aa384dd08a0c28e75f4d1a40e628f0e135d4b3f68a433856aa51716d10ac5e3a

SHA512
3d12f17498527935c373a23bf41143ade4afdfd8da767e69245ce2e28259add43cbe12ba61761fbffe78885b44a4d347b89c2b8c5bd823a8469c3e36a5d03018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
0891287948bebd7c9946de4f296a7d00

SHA1
0e66152028a2fbb8f31ed1e36e75a6f7b482c167

SHA256
fc35cd0e587c6cf43169761af57e8629bf1224c7475c4a053ace08c1412e1da1

SHA512
cc58bcd1d9dda82fc65712f364c1889f2b05a6a68b3acc911e0e91cf9de1328619d7e76dbd96b2466a1f1acb3b74ef964bb1300c756a06a9e7a310f9ad6b3bed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
88e0655241be63d852c71553d5370781

SHA1
8ac1e4c2c0d4839a916d6d5287c777540383f871

SHA256
df2bca807b5366d573d164489ed7221f4243d12daca3f897ee896f6fc6fc3dc4

SHA512
71981129c9aac4f8366b786338545edd1c81107353c6eb4cda74fad15fe9e0adb362de16c7a2fd56b728f22b3d287e73df04eb1709075e2548eb5c75432c7308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
1954d2cd2c37d2cf7bdaad5bf997be9c

SHA1
f4377d613c7b7636df9cd86065da3d087fa45b7d

SHA256
af687023ef74836796c72f02c2feb2d428250cb8e49bf3e912a5015def26a7ea

SHA512
90dc8bca9c081a199afeebf75a39fc7136bb5f740f6ce58c7365cd153317cab7c5f8a8dcb02f8a1357192328dec7cc26b5fc4e70af5097e511a3a9a6fb8e9285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
986972122a795a25dd248064e8de9cd5

SHA1
9410d2cc2b52d4f727c0ca7d4b9a19635512af04

SHA256
67a685bb2ebde8ff6e5b1b30b485490ccedbe9a57c8641e29862866909047653

SHA512
cce8abe42ce45b695545c66d8655723f9c730148e32e25d8c1a0fc343b0b96af617d5df94342424b9afd995aaab4e03c3b872153a115dcdaf06b2a92199680e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
67e98d8ca5d5d7a09eddda64dfc78cee

SHA1
25d2d69740f063cbfbbebc22f369e85aceee0d8a

SHA256
c9439c26219c21bccf9668e0408a38d2fefe43f39276d1b66e4803b05acc69a1

SHA512
ce5576296d143d2230f983f6ccfe45a46b2cd8f13bb8e082ffebc6cc6e740c4a225363ad531615911dd24055734a454f3c3432c1bb71bcfa16f4f36c8c65f210

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
42d46bae7b3d01861ad212242b652c3c

SHA1
3dfea9d7167f9385737526885c0a4cd144731f23

SHA256
8ac28bb030d91f58537040fe2b4aeb0431faf782a78f584ce04afd945034d00f

SHA512
20bfcfc0f32b0286d186560c261aae04a04608c9f07ecd1dc9d4a0d9ba9b0858253a9cd458863efbf9623bb6e909144effa6bbccbd0ea2e5d1dccc3f1105aabc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c61ba787c22ec116d9bdaade3cf3e199

SHA1
cc9612b430dc8628f87ba32400a78c98df459ab2

SHA256
720fa5d0c8ffeb9f421dea2afc16ef84691bd727b6aea0706abc83cbd8e64849

SHA512
a0e3fa472555ddc8c4937c9ad41f4307a35e5b9acb9048350e8e46e0ef1536d70b7d0735397ae569a260ca17ab73523fa7ca1e53347c2898b5baaf6cf885465d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d7378295cf4aaeaf8288c8a269593783

SHA1
ade8cd55d3e099563f55034cc63fe0c77b07c7d3

SHA256
7c909075a2def24a450dc0d946d2b0cf0d46956792b42bb909e49f50e8e03a5c

SHA512
94d9361057324bb536bf84766df59f819a71fc1f0ca6ca53308a2b9084b7823b7ba142f649c468ae6b63f2330139cd0158d802338155d520133b1ba8f00a7904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
b83bacdf653a4bc45f2f05a97fef6b2c

SHA1
d2224832c335c63ef4571225f2ce622c55e28525

SHA256
7c3101853699fc52e90721b4cf1126952300cfc9c55c61b3ecf776a139dae140

SHA512
2455ef6673f614e6a18eb0a698fe1ddafaf5c087dd795b56c775b35c9cd3eb854856ee75d192be0c05c22ab615ca7b2129537b3361cf0f6cc3b49460d30724be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb

Filesize
256KB

MD5
41e020ee798eceb4ac90cba2142a7a1b

SHA1
714ffdf4ddc441ae72c3fb2e4548a8219ad06fb8

SHA256
60968b6f285adc7f7347c43815c17a27a383807366f91212b81b17cac20131a8

SHA512
29d22703589df058c7f3509ce58f8e2f8fdf1fc2077e0622a796e4f9c17e563994e3cce83d74b5d58d79ae5b335a1e114c86ca7fe149bab10c3656c0acb0ae76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML

Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log

Filesize
1KB

MD5
da17eec2348bd4eb5f7d259e0d3c8ced

SHA1
7164dd3f708a31fc13cff960f43d50602509dba4

SHA256
1e430456b6e74cc9544602c5ec5b9c2d680837ac721f049947be33d5dc8b52a0

SHA512
2c42dfcf061ffd9eae61900c81cffb02bc6c551454c81ebe6be1baa146ce931f23db4fffa704f00015aa1658e3162a8a3165f616bedc53c47b6fd46e74346b5e

Download Submit
C:\Users\Admin\Downloads\MEMZ (1).zip.crdownload

Filesize
8KB

MD5
69977a5d1c648976d47b69ea3aa8fcaa

SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a

SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/3412-1173-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/3412-1174-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/3412-1183-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/3412-1182-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/3412-1181-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/3412-1180-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/3412-1179-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/3412-1178-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/3412-1172-0x000001FAFE170000-0x000001FAFE171000-memory.dmp

Filesize
4KB

Download
memory/4228-918-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-912-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-917-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-916-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-922-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-919-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-921-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-920-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-911-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download
memory/4228-910-0x0000000008AC0000-0x0000000008AC1000-memory.dmp

Filesize
4KB

Download