hxxps://insanitycheats[.]com/free-cs2-cheat-download/

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240221-en
resource tags

arch:x64arch:x86image:win10v2004-20240221-enlocale:en-usos:windows10-2004-x64system
submitted
21/02/2024, 14:24

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://insanitycheats.com/free-cs2-cheat-download/

Score

1^/10

Malware Config

Signatures

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1790404759-2178872477-2616469472-1000\{50CCD942-0F90-4EEE-A015-585B9A59133D}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1790404759-2178872477-2616469472-1000_Classes\Local Settings	taskmgr.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3628	msedge.exe
3628	msedge.exe
1872	msedge.exe
1872	msedge.exe
4248	identity_helper.exe
4248	identity_helper.exe
3604	msedge.exe
3604	msedge.exe
4328	undetek-v4.6.exe
4328	undetek-v4.6.exe
3148	undetek-v4.6.exe
3148	undetek-v4.6.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
380	msedge.exe
380	msedge.exe
1600	msedge.exe
1600	msedge.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe
1600	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: 33	3684	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3684	AUDIODG.EXE
Token: SeDebugPrivilege	3688	taskmgr.exe
Token: SeSystemProfilePrivilege	3688	taskmgr.exe
Token: SeCreateGlobalPrivilege	3688	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
1872	msedge.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe
3688	taskmgr.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1872 wrote to memory of 844	1872	msedge.exe	80
PID 1872 wrote to memory of 844	1872	msedge.exe	80
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 1716	1872	msedge.exe	81
PID 1872 wrote to memory of 3628	1872	msedge.exe	82
PID 1872 wrote to memory of 3628	1872	msedge.exe	82
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83
PID 1872 wrote to memory of 2088	1872	msedge.exe	83

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://insanitycheats.com/free-cs2-cheat-download/
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffee37d46f8,0x7ffee37d4708,0x7ffee37d4718
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
  2⤵
  PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
  2⤵
  PID:1688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4680 /prefetch:1
  2⤵
  PID:4888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3984 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  PID:2988
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5564 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
  2⤵
  PID:792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:3336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:760
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
  2⤵
  PID:2696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6052 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
  2⤵
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6192 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,10832855026350248268,9484074695370183716,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5760 /prefetch:8
  2⤵
  PID:2104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:916

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1368

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e8 0x4f8
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3684

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:972

C:\Users\Admin\Desktop\undetek-v4.6\undetek-v4.6.exe
"C:\Users\Admin\Desktop\undetek-v4.6\undetek-v4.6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:4328

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\undetek-v4.6\Install Guide.txt
1⤵
PID:2060

C:\Users\Admin\Desktop\undetek-v4.6\undetek-v4.6.exe
"C:\Users\Admin\Desktop\undetek-v4.6\undetek-v4.6.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
PID:3148

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" "https://www.bing.com/search?q=uczoes.exe uczoes.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffee37d46f8,0x7ffee37d4708,0x7ffee37d4718
  2⤵
  PID:596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:2080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2464 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:2832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
  2⤵
  PID:4736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4960 /prefetch:8
  2⤵
  PID:4140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3672 /prefetch:8
  2⤵
  - Modifies registry class
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,11489761847118468330,8094917994479098832,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
  2⤵
  PID:4032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4076

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4248

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3bde7b7b0c0c9c66bdd8e3f712bd71eb

SHA1
266bd462e249f029df05311255a15c8f42719acc

SHA256
2ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a

SHA512
5fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d829a75e48d99afb0040a2391dfbf7eb

SHA1
6739a4bb4932b0c8f5302e9c9c6512e0d65f13bf

SHA256
0d03e8287092be3377d4135da02f84ab5016e7a4cbddc670f8e6ebc008b93712

SHA512
3bd66452adebea5c5c3441418ec0c9acbd58e9a13b2777c051f8c576df6adc7224ef85aaac93cccc86b473b9fa78e2010da88cdafa2c7e919a7ffbcf954ba021

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3624cfcb355c6c7888cfb022b59a03b3

SHA1
8269bb7265487ced0f15c3705188714640d1df3f

SHA256
28abe3d6f18ebac6166dc8dc601f6672a609bbf3d857d4fb1d9e8f6564ae172d

SHA512
70b3510103bbd50779bb464806d7e15e5d3044269edaa863313fa5ea5cc9dd5fcc3d3e000a4b5f2c4b3fde604c84a89b85a1a12ae17797ce3ab80a23f61fe802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9cafa4c8eee7ab605ab279aafd19cc14

SHA1
e362e5d37d1a79e7b4a8642b068934e4571a55f1

SHA256
d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166

SHA512
eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
28117fd0a762ee4dda604642a20f04f3

SHA1
5c8079cac1defbd8457b72795d775d69229fc9f8

SHA256
bb18b47a1a215a242a1dc905bf3c4e0a0de8daa2b46b29d98f0b0593ac8eb39c

SHA512
e52e70567ec2eabb8d4122d645f6395b3e40b790b836bb37455dabfed5b0f18d9458d6097822aea576b60fa4a2eabf28388aa6c0ba3a70dd70133e0cf8739599

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
3e734e13c1a68a875c665c6c2abc6126

SHA1
cf1c3106fbbc3d0eab8901fbd895d5f547040543

SHA256
63fea59c125532e9c4fdad1509c8c91fb10e5e3f44e8c3b64ae14a395f7a77e2

SHA512
2b5d384498ddf728edfbb29dd323261276fd7c05b979d4b01aee1325491bc55957460342622bed8e3e1bbcb937a6789cda9afcd48f26d0dda30106a5f020bbc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
15732023c7b5bd4ead878982c959c3bd

SHA1
ffe626d7c6345dfff8fab453c93746c0ef893c8a

SHA256
d67ade0fd91f39a80179afc952b9b774706be083146913435b887a10d0dae4f1

SHA512
8922d40fca8ed7c3e77881d7ba335bc3818dff0ed0feac24025961d3b368c6080d3db65a0afcc84551946552043bfc7655e7f9dc7340ff809dbd464acec58626

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
3.8MB

MD5
d5e5d1a8ea15f3b41a742d70c923f7ae

SHA1
fc1c23a775ecc32afe6c7603b169e57eec69c6cb

SHA256
6de94ffd3ad6ba378e853b245abe8b4dedc7f5614149e4f24b667e0ab270fb20

SHA512
a9e4e36a5d5e8e720f52eeca79c80ff2be9394cde47ed3335e01b3b017e41838b2895b7aa3ffbdfb9dfc55a2a781c163cdbe94f76e124e7e07aedd000946912c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
4b4ebcee8faad9c771601f47d81b2ce4

SHA1
f14282027608e40547849625e2f54b6ed7f9343f

SHA256
39d7b4512c4bc3fef4278950de2917d14ae00fab4df2e63c0cd2937cd057655d

SHA512
7bb64464aa409807f6d3c62cf0858bb1cbb5c992b8b671e7063a11718f5ea64bd961ce5cf43b99bb485547b406a9f46e41a838283549e898ea7eef2c0c03bb12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
da65b03bfcc2c91969a947f43bd9a0cd

SHA1
4e0f04d8ea785759f175fd556c1d766fa6b087c3

SHA256
bbf23fe42dc57d1299274e2bbe8e9c1a378c0a0e1937a6546c64ab9f4f16b03a

SHA512
ce5642765a2c0a889a8a556bf9453cc5ae2b53838d58dd81e02ac6676755d2ebdce974d01cf20fd3c315296cb2fc71154698f5b88cd70d7b5eeb7c682c554801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
87f7e1cd1881f643fff7357ffbcbf983

SHA1
ecae829f11b227ef895f96f78a6bb89c907a5d28

SHA256
bf19e7597b2cc406441be8970a5a81e9ea01c31aa42509b63137399ccea8cfab

SHA512
b1a94b55bd90d45142019c95fa1f25392374b0e2e780d388b4be82039372c1028291563399a35786a21733b0c57f840970778fb19a312745ada92bb16dbece36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
17eb45c58664e8ebf7fd8b4319632839

SHA1
72a22cb97d71be93eb53f8c48668864ffd7428c5

SHA256
8fbc2b793f617b090b335d8fce3dbc275d00cd76cc73b078e0a26243b6341a03

SHA512
dc6bc8134177cf944c0e53ec01340c74b2bbef214fe12c62f4c212f2fcf6b1e71f8a4116edb4fcf6ac4d28300948b0d12922bfbbe91e71141b0a5be9d5df4237

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
45ce3132a5ea8e073ccd13106c14c679

SHA1
e262968c2ae803663cbe1472563764c95d0a8bc9

SHA256
e580688d2232dfdd1283b7613b4d4d4872904ffa5ed45f3cb76559e5526a6bca

SHA512
38f71b1995758e7e0635dc3a9334a36c51d824a32beaff4cc9152748e2266df730d56f72cdaf25b21e74944ec81b8eb42b1c19621fcda6bb3562cb10366f707d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
16KB

MD5
147917f91a8644ec6d45a9c01d94efa2

SHA1
3c4608fe0022dfc16e07bd6990dcd45e26840a10

SHA256
dabdc7adefbaf99fe7a0626a10af3be645e3bec03c42290c11f5cb630f83c793

SHA512
0f7dcebcf5c46ef42743364f3bb319adcbca8cec47436f48e0a17f7c01eacf049f8d952661787d98e6fa9af5c0f47b8b31fa0eb8f75559fe882bbae40b319bbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
e17c121dae0d687e50e766e3dd696989

SHA1
907acffa3caa6523fe201f71e47a08af053b5e9c

SHA256
fcb2e15af8865825f0e428b1ff62116742fe67221406bf352d2d8df1414d1f4c

SHA512
31ddaec01f4b52222e34dd4fb2d32ab40c61589b48e71847e8edc3df70dae219ff2cd4cbce743a8e966c9602c6d89a5e985595a670e9c0f04bf9f182e95472fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
e452240bc4348decefce508b76eaccdf

SHA1
07bba18e50398b8c07351e740d2f408dbad1cea6

SHA256
715c4bbd36f1c92b4761a02f9e4b9baab4fd0b4d73248355c24cd690aca962e0

SHA512
efb26a1491875e1eaeabcd87b08fa4fcb605db3ab02eecff4bb921da31f21316b26ec95a5533b216bd510a05021946979e16d653f43d56193adf596e9659ac2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
44KB

MD5
42084870e8ff5233886e3d33d1670212

SHA1
fcfc73a0bcf9dba8934ba463b0e36f945fca7c2d

SHA256
8d7bf92d538f50d5ec7501664b0538e04e962f94beedbdadcf63bb0e7aff610c

SHA512
4800d3ca9863747af15c89a225e222745ddc10bbd41f6d42efc5e7f2e9ef66763f48a5e5161ad669d6e6da42797c1f9293d354d5434f6ff5b644214d1f7e1a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
800B

MD5
ace26e10bf35833cf52ab53ee1a09a3a

SHA1
2b0131b67d869290e0fe2ee093810b263b6bedbd

SHA256
996c286c12c3275c1a10152913e1024d5cc4dd69531af7d004bd1e12ea1b7c4f

SHA512
b7a5c7de5f9b90b5a0f445c8eb6da86473e1b74df058550f50a18be573449cfdf8e876312060ac695174adc1fc81f3c3f53d0bf6cdea136bd029fc1c90e7d9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
8bf8f4f5caed34dd3bc7913b3a1625dd

SHA1
5edb8f38a4e60e6374db54151bcaae72b9e392aa

SHA256
9ac2c7353a0758a630746fb82008876775b621ad8b2bdc0272556245c75490c7

SHA512
874f54173f3ce8643e0697e046acca8b28061308fd4bafe3279e529bff8160a401591656823e51b34c394d4a496f8d83f520762c35840d5df116bfc7f3370cb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
1a7e177e05e87823285bbcf24362d99e

SHA1
cc2e663c19b04f63dfb6a2ceaad0a2110a7f45e9

SHA256
0d67fc876274ec6ca40a8b1a5a45186328e987be29cda9c11cd21d7838fbaec4

SHA512
4d9f28a7f9e8c4a0e480d9dcc0b5e2c1832aa9b18e118084f191de957871dae79ed3d8070858ca179ad3905e9942f4da9ee7caa24767646cd11c5d3b2e81e79e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
92ecd9d97da06dca4fcc040c25054a5e

SHA1
f4bedc393544a0ab57d9f5a9d1d45a2657103d42

SHA256
55019500436cd9a6eecc8d11e2c5d69af37950c87e68b3251d576c68c4479f2f

SHA512
198861b52991105a4de444c27c7d93eb1b4cac3bf55b9c9d1bc57987fcbc2fde58e4966b7e93a3ab8ac468e9cf137567f7479d2d429e490813160ff0cd7e93f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
eb5287d437ee034094b1fd3a01c72909

SHA1
82b6b9888021fa09f95ad363f4560d98cc2d6b14

SHA256
6438b72b27e3e179d38d9ea79c5ab344498c6282b3913aa4b3ed67f13ac39100

SHA512
d5ebda703771c27946ec05201adba2702c5af3d53cdf6e2964a6b7a6bda7a0518c85b8f4653ec8187dacea8b61fe4725dec74cd3c61219416a0243e4ef4823af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ef9de242ca9ade637f0ccc3e9289be76

SHA1
b30b020feae302354a96a608d58f3dd4a19c5ce7

SHA256
ad7867f3ef7cf1afc252dbe44fa6875ccd1c6e25ebb6da29793504590d72d1ac

SHA512
6971de4b8c617fad505444b02ac70c89ab384f025aadff2ee45916fa08ca54f83f638bdc9efb2a888fea4387d4e1921174ca34f2a3536374f262a16f21264b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6b3ff81d51e8d50502805dac88480e71

SHA1
9b38e033d7b9e9607a1521684de729d085b9f094

SHA256
0cdfa01e9377cfce0ebdad62b818d9ab11638441d5bb7df955c1a17f5cb4b884

SHA512
c73b0aacf0103b2676505bbf2c2611d36f205fe722f94b2b92b42a2e70714cfbb233f3f8f079d9dff399056988f6f52198bc5ed24cc8052c275c6bfd7c2eeb05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
277fba5e18aa786ae288840fa881ff4b

SHA1
786cc39f626953a83fa9aa1b1eec85095f1f233b

SHA256
f4d7d7ecea538d63fc4cf2191a5d2d226e1361db9332eb72cba354d28eaba68e

SHA512
47c3455b1693837c80bfc4e97bdd96945e6a41984abfa83b2fd2d82c05d0d199b2d957bac3534ca3517e54ada08fcc8c7fba6524ce2b1f3e16c044846d8836b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a8d6f9e9c55b25afe03b713a2d93ae7b

SHA1
fb74d1eadd90ae7891357c6af9efaecc5b4196ca

SHA256
a7b1976e5a2014a9fbed38942138c4376e3ed4fae13b53d12a65cdac3600a331

SHA512
bfb09b6d3e41b601e799fd4ecddee45f209207524e65421156c7d5c762da4b90ad9c9f81263411e6db2d50181095b6ed18b775fad1ac000e4e765ac57c956559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
947d41814098c3a5d340e50c59b995ba

SHA1
d3f9382724d4ace0181e7d1368d12e47a64ab188

SHA256
4084aedfa26019b654613d759cca660b418d08cd286f2c08e0453dadfe1a921a

SHA512
0613d0715399d2c050adc8560145359639f781ba99778fb34384ced0a5f9b52b36561b73fc8846045bc02f51fc26d684c1b2d59278e3ecc162d489b1a4018ef1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
378c32c1883440b90f47eab94b4040c4

SHA1
7ea50d23c76a6b4808b908fdf67f92139b7831b3

SHA256
85e00cc56df7e746f713ada4f326a62c7acf6932f16574d862cd465b17e8f7a0

SHA512
2d068196d61ac8bd96aa05d0179ba8662b418bcc2c552a6b5ce41c36e4845491505473987651daeabac1d5ff6a5dcfd8be1ed41e9d7fa3dbf168cf60be254837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL-journal

Filesize
28KB

MD5
2ee82dbd537c5bf62f18590c85c37300

SHA1
1da39ec7107280a30df77de88258e1ffd991ee95

SHA256
e47769f7acf7b79ec451dff780aad015ebbe83b5c646b09035e3d444b6fe62b4

SHA512
d277345edccfc2a1c7b0fd65b81d698e58715dbfaf47fe6efd2ea5d80e72448e125e97580331c626a8b7914f0109a1d932b1a94b5c27ef0e40eae637a9820ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
2KB

MD5
4cbe9d7ab12275add5727ecbe26db468

SHA1
502015577c5bda075b2bf553219528148aff86d0

SHA256
dfd3db089a17124a974794b793359e00af5dea180aba89f5b430c55f34be91c4

SHA512
0c5ac520e39bbe4d4c13e4ff3aeb3f2f9ab957e57011013d37fe1bd0adaef448a71fd60ee3f519a221ca34ae1b465fbe35e30e6fb200b338bc213a1c5648e494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
ff929b8a29fa765e1119675317393a95

SHA1
c7dfe58498bfc132da27967fdc2d5d707885f59c

SHA256
d8f79a055e1a8d01136901d1a819f16d26cf816ff5922f8851841add1213d567

SHA512
0634790367180b40a60b92068301e3be041c2b1ecb0f868c108e4a4254ea3e26f18bfc26e2017ebc580956ec44ae0d321f0ed5205dea8264372adaa95fde2b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13352999103944411

Filesize
25KB

MD5
01319ce449dc43163ed7d25c4d335b24

SHA1
3fbcacdd4cd61574bf011e09401bfcb76c6f55ce

SHA256
8ebd633f071934a412a44d8d238e6fb7040067a5fe1163395815fcbd1cd7c7e2

SHA512
2fcb1ac887129930099beddb2ebfc2a95968a21066037aaa20de1b6cbaece0ea1c1a2562dab4cb7568ab8c434cc4a1eaff6c517df4b6f46408d76fb8ce4b609d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13352999104209411

Filesize
13KB

MD5
2f45aa4be59ef279bd7d018d439f89a6

SHA1
e4d98658f0605431f69354ef76896f7eb18100fc

SHA256
abd9b491fd0f8e949605a2c5a28710ab0bcb07644bb7fe4242a020e0b228d78b

SHA512
e5a05235cf83514c15f684e9a3ddc2a7212c5cf36c437383cf82400f561ea64a2f689f70b99df1fe22e56bdd3721e115df6dbd34e37774b4f3a7c91d42fd98c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
5f9dcc16c823f2ba02df883affef5cdf

SHA1
dda66ad636b2015ad9c93f5e76114e7703c0d070

SHA256
26a6fb45ff858da4cbcf84b806dc5b73179483c5bc2f355a2975e8151e62929c

SHA512
ef5b3148a346df4aa749242daf5c1bc827b0b5cb71fa57b8636c9454c2854ae86e3a0f1e4c0850592b32f90b809eba9594f2bbd3642981e6e2f2ba32867e689d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0609c1385af4f6a51e77c91b6c54a298

SHA1
bdb045bf2d372803ccb92140e9afe105d0f6952d

SHA256
d093cc0dba540ed1ffefd7abb3be7d5465490e684b91c7b62f69b1a572a5eb84

SHA512
e1de33a953f9ee9693cf0d98d0b1e22938d6ce4587307c2bb6329c8b7596aa6e0f7f5750eb510b72e7484c7bcc7b25b73c755b202a3389a84010c4afe32d9491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
dad92cff515529d2cc212143f5e7ff38

SHA1
ca4f93cc8031aee84f41ad84798d9ea4f4989a84

SHA256
cb6455944f836ea4ca6f70a2c8da28fc40845facfc622c41d8df26a2960c341a

SHA512
5533090b91a4a507bfa64c3e7df1b34d336b571809afcd5cebfe85c93501d48cec01472a22ee8f379ac552e53a151db6c6fecfdae2d89299adecbd3149551413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
8e51edd440f5ac888c0171dd923f3698

SHA1
a53651e9e01884372337af8f74478b1c0b944bc0

SHA256
e2c6b7fd490dcc4fddba580f68a9544dc5e0ff2c6439dbc0f800f5043650d7be

SHA512
b39a10003b48b8fdb488d3d5731c833e68227d77416b7b6bc1dd88471b6e4f11d0be0329d3db9d1a613d1edc3d2569f4ed1c32aa15863ff43f8aaa94d5a44c68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
e43efa6ea1a712c9f86f954554390e63

SHA1
014ded14f15613844bb3da422c877a2c2af6c55e

SHA256
a4e25745c0f158ad15215178c3ae6233e4aa0409cc12beb371eafd8d55a85000

SHA512
b5a2aed2109c79838261be78fbdbf32b795e5b184a3d33c5591ba17395eb84cf4f901a7a8e627041d2d1a773f01af5d74daf975c32f49289e154750a7af2ee0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
2d47100d18f0443b36a3a9462047d2d0

SHA1
f32a51804ec7adbc0d05e9684f84b953794b3f41

SHA256
56ab1fef377081ca1c2e7cefb1b1343445ab64d4e77cd784771c66dfc3e45ea4

SHA512
029667cb92a65802a0bdaad8bc0049b60d928a7b0e3de0fabec814768ec6835892a2dd5955aee373f96b989e1c29be37c0e57dbcd4912de524b4f0d59cd49844

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
740KB

MD5
31caa646863d95c26167ba07a6dd4eee

SHA1
0d4c69add4b10c5d7a803da99c63d88fabac8c70

SHA256
503c28048f4678b2706d676cb58126037c09b0cc4f146a37c7712defbc7824e5

SHA512
6c48d82e34507e50838ca853cfbbb830c9dee1311d92251d5e2d995dafdfcac249346f04469dcecbc6555cf6244da35ff5a4009273c045b19d51ff99b11daee3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
59a93947e3fe5982cef8d8b984b7e20d

SHA1
a6520d677974580f582d5664961f25d508d135fa

SHA256
c302616f30eb760d5150d1463ffc2dc4c2490f9136b567f1f8d0959a1277a8ff

SHA512
1bd4a413aa0a4675be5c4bdbb40594e5cf29b9258b9c07838b5ae43576dcbd779d234091d93ae9453d3d2a2e34bc13dba94b1131524dcc922dd07f34c39a9c9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
dfd65fbe612c3c15c954b9600d515d81

SHA1
996ed0f6de86a24475a5e85e23166ce78ed4fd09

SHA256
91b8cf315e70f704c40a89242ca8be53e02583a2545bd5cfe1dbdb6c324aabc9

SHA512
ffc57df9afd201d9bf056118415b84f668673e8728755c421cee33f49bd271ac215fc9e8be40bf2179c4e1ac12cabf79b828ecec42c5b30c661bb725ca8f04fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
e61b62b72908958a04305b50f9fbea29

SHA1
d86a5a6e1302d20440e37953c3a5c3d77b4a716c

SHA256
6e0d811f303467694136b01e8b3b9f62435a672854d1185f902b4d25b2c53a05

SHA512
05742e5e8a2ee60d88de5d8b8b1ce72bd3d3405e01be320ae0b6fac1d9dbac12f5949bea2ef702121336f3d1bd351b4d0eba6b48302a89fef0939aa656132e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
9edf679f95f198fbd375280a9be9d9e7

SHA1
15fba02136a95633c6580b838b41376f5e0a6c35

SHA256
6038b8fe6a1b26eb40d61eebdd54281bf48d496a168b25fb74ea3bb5364e295f

SHA512
d8a2ac2ef37b1ebbe14d7e85cb27b701bb5cc333625c540c69ec2a20fad8d64c5bee3f32fb925321912446a78ea0ab677d2702cefbbc400adce8bd511db432db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
34e8880c65982a0e4df83b45769b62cb

SHA1
66c4e7b6fcfa01753ff610a91d2cdd6aa481ab26

SHA256
f241cd4b039b32a95945222d7bb098e95ac68dd24de01b06daf9fa5dffb45870

SHA512
669153c11f84daf697f090689abb23ab27e8a4c8359d380226fff365649228660f1fba512288153d389861ff1583146145fe20ce5d7cfa6bf714994791657ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
610f09175401358ab19ba74d6a924d0a

SHA1
b4eaea29e8d19aa2e0f5026f81d52270813a151a

SHA256
137936d9a74902f5fe79f03d4d42d7ffd54a5011bc99085e24acbafcb9693722

SHA512
c2f861bead9c787b850b1ab4397afd2d40b0e76238e15ddc47531f273ef6a596a4e0c45677aa47251a617d77b02a94b142657905a60f8eef12920ef8d1bc248d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
3.5MB

MD5
9f1b99294985ceea05deb1969d3793d2

SHA1
7a569c040c14c3b26f771c352cf4740bb016beaa

SHA256
da467c51e289e7de87fb0ccac3ccbcd21e7f44a6ebe2737aac0e5813675aacf4

SHA512
2a5ac11f82d2a2952f521748d07068b8dc43985fb3a616d61d682ba6bf3b8d4c944e0b3d4ce369f39610e9b4be09f4bc828eb182f882f8d681f041cc4d2e95ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ecc010cbea90c9dad429f0a03dfd1df8

SHA1
fba7959ef22fb08110c13e97dd120f3ac28d864c

SHA256
a06b95c8af957ced7fb56dec0ec8793e961fdd87df446a3566ad201625b01d99

SHA512
d76213db3dec6e0ebd3eba2c16aec242c232bc36035967309ce34e2e98d7fc153bcb3c9dfb3f48f821dd4c4e007a7147d48f722d49406b84e012d4ce59a1719a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
911d20e7f4ddb2bc475e3a6f2ab668c1

SHA1
b1bb32f3ae31c3b145f03016e2c93146b9b34b80

SHA256
945b0c43307cb51ea21912f886c37af7809b2a063c11d11cf6bb8093b8f05688

SHA512
3349e8cc5f1c057de93e16fc576fc6f7c9f616e050e38e6e2577ca6af44dfaf406e409b35afb25807e0c8720eb128f363ccc3d2b0917c247a3eb38ac878f1f7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
cb3100325811c60328c2427621f87eee

SHA1
95e637702ad0efd5d6599f776891af0c349bea37

SHA256
1152da4251b337c0f884870303aff0d462e644dc6615aaa96459b1010c8ce995

SHA512
543b19974bb5a495eeeb5f08225ec52fef7a06e775c0abf4bda6510c0389cf10818f58cfd21bb839c4e4b954db4367a7bbf300039ee7170091ab8e4bc7673b13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
fe3ed32b8d878556f36e75423a4dfddf

SHA1
cd84afa342a6dc34dd9bfd918dde06048c8b6645

SHA256
c7cecda1b2892fb746ae5ebe4708a89480b7c6abf8ba7ed1c0c84763c40d9cf8

SHA512
242e1a745d6b4adeadb4e8109e5e0b741d7e5ad2f3343a3e48dde87b79e353e29bf0dbacf0edfe592128394c6ee49ae28b4e0f3b6e942bcfcdd2b08a69cb2df6

Download Submit
C:\Users\Admin\Downloads\undetek-v4.6.zip

Filesize
44KB

MD5
790c082f5bba2f30732467b01655e87b

SHA1
b8d653e03ad0d16839a2d61e9631ed8faffd7fc8

SHA256
7f2d5db5cef5c092bce9c1d9d95ffe9f199a317c3716be77a05dea71a95ca9d2

SHA512
5c735a9fdf0158a215ffa6316a0f83a6540ec1c42c3ff0f77c77958e1a30f6060055090ce337389a526e8f0cdb0adfec9406803dfd8bfd8addbbedd97d45658b

Download Submit
memory/3688-261-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-260-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-256-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-255-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-254-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-262-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-263-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-264-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-266-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download
memory/3688-265-0x000001DE22020000-0x000001DE22021000-memory.dmp

Filesize
4KB

Download