ceeb05a06e9c655e8a1c3a247a90dd1ca24de78114595a86894fcee8bd5aacd4

Analysis

max time kernel
299s
max time network
308s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
08-03-2024 10:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

_Getintopc.com_Atomix_Virtual_DJ_Pro_Infinity_v8.3_Build_8.3.4742.rar
Size

58.6MB
MD5

91a67934a2c9b08b91357aae91ad658f
SHA1

2f486c9c29e80ba6f033096a5a1fb12586f53d07
SHA256

ceeb05a06e9c655e8a1c3a247a90dd1ca24de78114595a86894fcee8bd5aacd4
SHA512

74fb1a0173c28479110ac9a72d76f52d7856fbb27a8dd8ee4fa122a98100cdfea768a935eb360d278226e75cb97016c7b373228a8c0de3011743256920fda504
SSDEEP

1572864:G0CuBwoSVs7M8Ioh8VTVDKDyWdnr49nPlm8NF28CoT4RDWm:ZCLJVsAHTVDKDJVulm8728CzRz

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 4 IoCs

pid	Process
504	virtualdj8.exe
2988	crashguard.exe
5064	virtualdj8.exe
3308	virtualdj8.exe

Loads dropped DLL 6 IoCs

pid	Process
504	virtualdj8.exe
504	virtualdj8.exe
5064	virtualdj8.exe
5064	virtualdj8.exe
3308	virtualdj8.exe
3308	virtualdj8.exe

Blocklisted process makes network request 4 IoCs

flow	pid	Process
2	3972	msiexec.exe
4	3972	msiexec.exe
5	3972	msiexec.exe
6	3972	msiexec.exe

Enumerates connected drives 3 TTPs 46 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\Y:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\H:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\J:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\G:	msiexec.exe
File opened (read-only)	\??\Q:	msiexec.exe
File opened (read-only)	\??\U:	msiexec.exe
File opened (read-only)	\??\X:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\O:	msiexec.exe
File opened (read-only)	\??\R:	msiexec.exe
File opened (read-only)	\??\B:	msiexec.exe
File opened (read-only)	\??\Z:	msiexec.exe
File opened (read-only)	\??\V:	msiexec.exe
File opened (read-only)	\??\L:	msiexec.exe
File opened (read-only)	\??\N:	msiexec.exe
File opened (read-only)	\??\P:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\A:	msiexec.exe
File opened (read-only)	\??\M:	msiexec.exe
File opened (read-only)	\??\W:	msiexec.exe
File opened (read-only)	\??\I:	msiexec.exe
File opened (read-only)	\??\K:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe
File opened (read-only)	\??\S:	msiexec.exe
File opened (read-only)	\??\T:	msiexec.exe
File opened (read-only)	\??\E:	msiexec.exe

Drops file in Program Files directory 7 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\VirtualDJ\D3DX9_43.dll	msiexec.exe
File created	C:\Program Files (x86)\VirtualDJ\virtualdj8.exe	msiexec.exe
File created	C:\Program Files (x86)\VirtualDJ\virtualdj8.visualelementsmanifest.xml	msiexec.exe
File opened for modification	C:\Program Files (x86)\VirtualDJ\virtualdj8.exe	Patch.exe
File opened for modification	C:\Program Files (x86)\Internet Download Manager\Atomix Virtual DJ Pro Infinity v8.3 Build 8.3.4742 Patch Uninstaller.exe	Patch.exe
File created	C:\Program Files (x86)\Internet Download Manager\Atomix Virtual DJ Pro Infinity v8.3 Build 8.3.4742 Patch Uninstalle.ini	Patch.exe
File created	C:\Program Files (x86)\VirtualDJ\D3DCompiler_47.dll	msiexec.exe

Drops file in Windows directory 12 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Installer\	msiexec.exe
File created	C:\Windows\Installer\inprogressinstallinfo.ipi	msiexec.exe
File opened for modification	C:\Windows\Installer\MSIB716.tmp	msiexec.exe
File created	C:\Windows\SystemTemp\~DF154DE17929AC3CE7.TMP	msiexec.exe
File created	C:\Windows\Installer\e58acd5.msi	msiexec.exe
File opened for modification	C:\Windows\Installer\e58acd5.msi	msiexec.exe
File created	C:\Windows\Installer\SourceHash{27BB4087-56F0-4E5F-B24F-31A159B735AB}	msiexec.exe
File created	C:\Windows\SystemTemp\~DFC83104A86A2F0BCD.TMP	msiexec.exe
File created	C:\Windows\Installer\e58acd7.msi	msiexec.exe
File created	C:\Windows\SystemTemp\~DF83A9E95E7E725FC1.TMP	msiexec.exe
File opened for modification	C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log	msiexec.exe
File created	C:\Windows\SystemTemp\~DF1B4AF6D73E7341EE.TMP	msiexec.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 5 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters	vssvc.exe
Key created	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\PartitionTableCache = 0000000004000000ea0447ff9070a66e0000000000000000000000000000000000000000000000000000000000000000000000000000000000001000000000000000c01200000000ffffffff000000002701010000080000ea0447ff0000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d01200000000000020ed3a000000ffffffff000000000700010000680900ea0447ff000000000000d012000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000f0ff3a0000000000000005000000ffffffff000000000700010000f87f1dea0447ff000000000000f0ff3a00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff000000000000000000000000ea0447ff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe
Set value (data)	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Device Parameters\Partmgr\SnapshotDataCache = 534e41505041525401000000700000008ec7416a0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000	vssvc.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\virtualdj8.exe = "11000"	virtualdj8.exe
Key created	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	virtualdj8.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\virtualdj8.exe = "11000"	virtualdj8.exe
Key created	\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	msiexec.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION\virtualdj8.exe = "9000"	msiexec.exe
Key created	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	virtualdj8.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1101742937-4171729779-750941522-1000_Classes\Local Settings	cmd.exe

Suspicious behavior: EnumeratesProcesses 30 IoCs

pid	Process
928	msiexec.exe
928	msiexec.exe
444	Patch.exe
444	Patch.exe
2360	msedge.exe
2360	msedge.exe
3768	msedge.exe
3768	msedge.exe
3828	msedge.exe
3828	msedge.exe
584	msedge.exe
584	msedge.exe
4896	msedge.exe
4896	msedge.exe
1436	msedge.exe
1436	msedge.exe
504	virtualdj8.exe
504	virtualdj8.exe
1896	msedge.exe
1896	msedge.exe
2708	identity_helper.exe
2708	identity_helper.exe
504	virtualdj8.exe
504	virtualdj8.exe
5064	virtualdj8.exe
5064	virtualdj8.exe
5064	virtualdj8.exe
5064	virtualdj8.exe
3308	virtualdj8.exe
3308	virtualdj8.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3480	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeRestorePrivilege	3480	7zFM.exe
Token: 35	3480	7zFM.exe
Token: SeSecurityPrivilege	3480	7zFM.exe
Token: SeShutdownPrivilege	3972	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3972	msiexec.exe
Token: SeSecurityPrivilege	928	msiexec.exe
Token: SeCreateTokenPrivilege	3972	msiexec.exe
Token: SeAssignPrimaryTokenPrivilege	3972	msiexec.exe
Token: SeLockMemoryPrivilege	3972	msiexec.exe
Token: SeIncreaseQuotaPrivilege	3972	msiexec.exe
Token: SeMachineAccountPrivilege	3972	msiexec.exe
Token: SeTcbPrivilege	3972	msiexec.exe
Token: SeSecurityPrivilege	3972	msiexec.exe
Token: SeTakeOwnershipPrivilege	3972	msiexec.exe
Token: SeLoadDriverPrivilege	3972	msiexec.exe
Token: SeSystemProfilePrivilege	3972	msiexec.exe
Token: SeSystemtimePrivilege	3972	msiexec.exe
Token: SeProfSingleProcessPrivilege	3972	msiexec.exe
Token: SeIncBasePriorityPrivilege	3972	msiexec.exe
Token: SeCreatePagefilePrivilege	3972	msiexec.exe
Token: SeCreatePermanentPrivilege	3972	msiexec.exe
Token: SeBackupPrivilege	3972	msiexec.exe
Token: SeRestorePrivilege	3972	msiexec.exe
Token: SeShutdownPrivilege	3972	msiexec.exe
Token: SeDebugPrivilege	3972	msiexec.exe
Token: SeAuditPrivilege	3972	msiexec.exe
Token: SeSystemEnvironmentPrivilege	3972	msiexec.exe
Token: SeChangeNotifyPrivilege	3972	msiexec.exe
Token: SeRemoteShutdownPrivilege	3972	msiexec.exe
Token: SeUndockPrivilege	3972	msiexec.exe
Token: SeSyncAgentPrivilege	3972	msiexec.exe
Token: SeEnableDelegationPrivilege	3972	msiexec.exe
Token: SeManageVolumePrivilege	3972	msiexec.exe
Token: SeImpersonatePrivilege	3972	msiexec.exe
Token: SeCreateGlobalPrivilege	3972	msiexec.exe
Token: SeBackupPrivilege	3968	vssvc.exe
Token: SeRestorePrivilege	3968	vssvc.exe
Token: SeAuditPrivilege	3968	vssvc.exe
Token: SeBackupPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe
Token: SeRestorePrivilege	928	msiexec.exe
Token: SeTakeOwnershipPrivilege	928	msiexec.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3480	7zFM.exe
3480	7zFM.exe
3972	msiexec.exe
3972	msiexec.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
504	virtualdj8.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SendNotifyMessage 36 IoCs

pid	Process
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
3768	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
584	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe
1436	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
444	Patch.exe
504	virtualdj8.exe
504	virtualdj8.exe
5064	virtualdj8.exe
5064	virtualdj8.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2808 wrote to memory of 3480	2808	cmd.exe	81
PID 2808 wrote to memory of 3480	2808	cmd.exe	81
PID 928 wrote to memory of 1200	928	msiexec.exe	93
PID 928 wrote to memory of 1200	928	msiexec.exe	93
PID 444 wrote to memory of 3768	444	Patch.exe	98
PID 444 wrote to memory of 3768	444	Patch.exe	98
PID 3768 wrote to memory of 484	3768	msedge.exe	99
PID 3768 wrote to memory of 484	3768	msedge.exe	99
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 4072	3768	msedge.exe	100
PID 3768 wrote to memory of 2360	3768	msedge.exe	101
PID 3768 wrote to memory of 2360	3768	msedge.exe	101
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103
PID 3768 wrote to memory of 3392	3768	msedge.exe	103

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_Atomix_Virtual_DJ_Pro_Infinity_v8.3_Build_8.3.4742.rar
1⤵
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2808
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\AppData\Local\Temp\_Getintopc.com_Atomix_Virtual_DJ_Pro_Infinity_v8.3_Build_8.3.4742.rar"
  2⤵
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:3480

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2068

C:\Windows\System32\msiexec.exe
"C:\Windows\System32\msiexec.exe" /i "C:\Users\Admin\Desktop\Atomix_Virtual_DJ_Pro_Infinity_v8.3_Build_8.3.4742\Atomix_Virtual_DJ_Pro_Infinity_v8.3_Build_8.3.4742\Setup.msi"
1⤵
- Blocklisted process makes network request
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3972

C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
1⤵
- Enumerates connected drives
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:928
- C:\Windows\system32\srtasks.exe
  C:\Windows\system32\srtasks.exe ExecuteScopeRestorePoint /WaitForRestorePoint:2
  2⤵
  PID:1200

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3968

C:\Program Files (x86)\VirtualDJ\Patch.exe
"C:\Program Files (x86)\VirtualDJ\Patch.exe"
1⤵
- Drops file in Program Files directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crackingpatching.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3768
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaf9b3cb8,0x7ffcaf9b3cc8,0x7ffcaf9b3cd8
    3⤵
    PID:484
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1848,17151061092306665603,13972352887028047680,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1864 /prefetch:2
    3⤵
    PID:4072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1848,17151061092306665603,13972352887028047680,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2360
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1848,17151061092306665603,13972352887028047680,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2784 /prefetch:8
    3⤵
    PID:3392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,17151061092306665603,13972352887028047680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,17151061092306665603,13972352887028047680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:4712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,17151061092306665603,13972352887028047680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4636 /prefetch:1
    3⤵
    PID:3420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,17151061092306665603,13972352887028047680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1848,17151061092306665603,13972352887028047680,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
    3⤵
    PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://crackingpatching.com/2017/10/idm-crack-patch.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffcaf9b3cb8,0x7ffcaf9b3cc8,0x7ffcaf9b3cd8
    3⤵
    PID:4436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2080 /prefetch:2
    3⤵
    PID:248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2596 /prefetch:8
    3⤵
    PID:2700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
    3⤵
    PID:4548
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:3216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:1
    3⤵
    PID:2380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
    3⤵
    PID:4884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
    3⤵
    PID:4744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
    3⤵
    PID:3392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
    3⤵
    PID:2128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4124 /prefetch:1
    3⤵
    PID:1596
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,13249572917649065194,17836787958873738433,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
    3⤵
    PID:448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1440

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4212

C:\Program Files (x86)\VirtualDJ\virtualdj8.exe
"C:\Program Files (x86)\VirtualDJ\virtualdj8.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Modifies Internet Explorer settings
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:504
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://live.virtualdj.com/live/sm_connect.php?s=ggv7SCayu1dQTl4k3H
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:1436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0x100,0x12c,0x7ffcaf9b3cb8,0x7ffcaf9b3cc8,0x7ffcaf9b3cd8
    3⤵
    PID:4620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
    3⤵
    PID:3504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2852 /prefetch:8
    3⤵
    PID:2400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
    3⤵
    PID:4496
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
    3⤵
    PID:2532
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4440 /prefetch:1
    3⤵
    PID:3708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
    3⤵
    PID:3900
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:4648
- - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4092 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
    3⤵
    PID:3272
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
    3⤵
    PID:1756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
    3⤵
    PID:2132
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6120 /prefetch:1
    3⤵
    PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1912,4347355241341631922,16881279057118090298,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
    3⤵
    PID:2948
- C:\Users\Admin\AppData\Local\Temp\crashguard.exe
  "C:\Users\Admin\AppData\Local\Temp\crashguard.exe"
  2⤵
  - Executes dropped EXE
  PID:2988
- - C:\Program Files (x86)\VirtualDJ\virtualdj8.exe
    virtualdj.exe recover
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Modifies Internet Explorer settings
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5064

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C8 0x00000000000004EC
1⤵
PID:4512

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2456

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2544

C:\Windows\SysWOW64\werfault.exe
werfault.exe /h /shared Global\ce586722c8b64abbafc0300360e1bf9a /t 740 /p 5064
1⤵
PID:3864

C:\Program Files (x86)\VirtualDJ\virtualdj8.exe
"C:\Program Files (x86)\VirtualDJ\virtualdj8.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
PID:3308

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Config.Msi\e58acd6.rbs

Filesize
20KB

MD5
6ae552ba4dd7c22ff3fa87a80a73191c

SHA1
d0937fee69d17c99962f7863b2c2bdebc87c45c5

SHA256
a77cfa7f61da70d1a1877e05538dcec5b65e7166f239e27d76085eea71497546

SHA512
82145a76db9fefdffac76701ece3100127631b3d6d4ff6d2c8a88eed34ee58544f61fa0d657f0ec54c092d307f6bf4572b47d5b4d0f7484bd49307af5396c272

Download Submit
C:\Program Files (x86)\VirtualDJ\virtualdj8.exe

Filesize
14.5MB

MD5
f5a47b788488fa1d3b22599691c4c8ab

SHA1
762c96c46a485ae71440c1a6d0d8fa40a7306d99

SHA256
764239adf45b5469e414fe9a2b7a656872c887b23e8ceedbe64968fe8e09493c

SHA512
26e1970b1cc0fcbe34f3090bf1987ee2621ff4d71d375a5247e7503f8c40932d38c5070aee8720fd17de8f137dd5f5848d581dad8c9cb093443388fa2f1b3720

Download Submit
C:\Program Files (x86)\VirtualDJ\virtualdj8.exe

Filesize
10.6MB

MD5
25b92458714ea2f29d2455dfcebf9752

SHA1
e8e8b4634e8b9277667ec2e699e0903d0e596ec1

SHA256
2c63e489becfdc10e9134b168e3cd0ccb18325f66c34cd6903156062a2e540ad

SHA512
cedacdcbb03dc0fe03aa0812aea4506d56ed4c39c69c3dc4600a5df2461c9f3fc1a28bc49bfed4db4f135bf6dbd6f39c8c5b96eb4e1b4ee4de7139e2d93e95de

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40C68D5626484A90937F0752C8B950AB

Filesize
834B

MD5
9b1f6b70bda69a1103260c6951aa560f

SHA1
121da6f9d62998913f09dedbb4b23efdc2d509c2

SHA256
fb69fd0d9babc979c3b479a20301fb658b23ccab1b0377925423860439dda4d5

SHA512
3ab2380733ec7c1e1bdf2252cecaf4b5d50aff8b887184de127b0849016a19dd332dc9d392254f4dcca71c730f17bb9d1a57b1fe47e32adc78a1021d433448d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
5B

MD5
5bfa51f3a417b98e7443eca90fc94703

SHA1
8c015d80b8a23f780bdd215dc842b0f5551f63bd

SHA256
bebe2853a3485d1c2e5c5be4249183e0ddaff9f87de71652371700a89d937128

SHA512
4cd03686254bb28754cbaa635ae1264723e2be80ce1dd0f78d1ab7aee72232f5b285f79e488e9c5c49ff343015bd07bb8433d6cee08ae3cea8c317303e3ac399

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EA618097E393409AFA316F0F87E2C202_EA26BF1CFECCC2830415658BE56037E9

Filesize
1KB

MD5
b15855fe4420ee428ef988e78c322434

SHA1
e274fcd77a6988899c22cc30309a1c1452f34162

SHA256
5c1468b2a8e2cf73d48af1a51e7ffbe44879c783bccabb9926212e8c82b82eb2

SHA512
dc51433ef2a2002c91428bb99664412c0b48eb1b1cb3a01f424cb2c442c37c8cb402b787ebcdd48900c3a2b641428deb601fea4e1ca6efedc2ab8e8febe15d28

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40C68D5626484A90937F0752C8B950AB

Filesize
180B

MD5
faa6c83c8e2c212dc0ccaf4d03a1e5eb

SHA1
7431ad2cc0de3dc2c0fd97deaf1c58773716ade6

SHA256
c9895069ec617daac25e5df53eb17a1d975f8c2f9f087bebc9aaf660dd3f0865

SHA512
62c0be343dcb54b90ee51c3eb0e7c5d18f8f8bdb6ca8f94ee87a7e2420b696ba8bb30f8e62dd77f18338a07130f8034e4c6561565b6394c69d760135342db92d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_6043FC604A395E1485AF7AC16D16B7CE

Filesize
398B

MD5
8c028a56127d3acd0425c280d7f795cc

SHA1
fd41f4beb6b21849b8476f02cea98e8335d1c414

SHA256
3384ee1c4a7326624cef4e9b75f1ffe039d8dfe9936681066dac4dd8a4b40395

SHA512
3357e69022ef616541801ae1bf9a5e95f06e1495f84afdab2b29836dea57605945189568860bec956a7796ba63d2493f40b4f5628be79c95410770796046e646

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EA618097E393409AFA316F0F87E2C202_EA26BF1CFECCC2830415658BE56037E9

Filesize
402B

MD5
9f60d2ba2ac8cd89b0c9490c6d8202c1

SHA1
49c7e2f02b0b9065800661e6538ddd35c634851b

SHA256
0ec03c5df0120f7d1de5efbfb38050b9789be2279e5f6915a4d770485debe24c

SHA512
fc4c40acc68551756e476f910447cb795da7ca8dc2fb37b9c03e6c54f18dfecbe9664e511216541032647361b2ac05e0435384e767da2afacc245f1d5cfba5fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\9b64a3b6-a8c0-49c8-83f5-9805773055a8.tmp

Filesize
11KB

MD5
958758941974c4124a56124b0646625b

SHA1
eff11723592c9c3e7faeade820a2a1cb601e0f81

SHA256
8c6cdd7d450ad527f87448ea6aa356143f0c7964391562aa11d9dfb8c50bbc5f

SHA512
13c4d50ea20a81f990e4789e8287e3a294c5913883e671ce0ae548d722ac4e44b7760fd1ec77fc6a37667801304081d604f7cf92217f18b08580b6452dc5ac45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
601fbcb77ed9464402ad83ed36803fd1

SHA1
9a34f45553356ec48b03c4d2b2aa089b44c6532d

SHA256
09d069799186ae736e216ab7e4ecdd980c6b202121b47636f2d0dd0dd4cc9e15

SHA512
c1cb610c25effb19b1c69ddca07f470e785fd329ad4adda90fbccaec180f1cf0be796e5628a30d0af256f5c3dc81d2331603cf8269f038c33b20dbf788406220

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a91469041c09ba8e6c92487f02ca8040

SHA1
7207eded6577ec8dc3962cd5c3b093d194317ea1

SHA256
0fef2b2f8cd3ef7aca4d2480c0a65ed4c2456f7033267aa41df7124061c7d28f

SHA512
b620a381ff679ef45ae7ff8899c59b9e5f1c1a4bdcab1af54af2ea410025ed6bdab9272cc342ac3cb18913bc6f7f8156c95e0e0615219d1981a68922ce34230f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ebc8fd54671c2543a33a9bf0e90561e8

SHA1
89a7a693ed6e87f947cb9cc9ca3281c6d5b89ad6

SHA256
2d60c4d3483347eefe3b331032d534e7a623cb3a66ffe18257527aaf7c85174d

SHA512
83530202bb8e774d0fe4de9110ee101ea7fc2b88c81cef50404051110b5394556ccb83d8f8d9232aec805524286d2f3b428b48ae297c3ef6951526a3578c5f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ca88d08c651ae3d1f6f36545f70e086d

SHA1
489e4e58dfdc79d6620d9c69efeb9470945d3345

SHA256
60d9d38522e421790d12f5f75c67cefd63f0c24fcd1411a0a321265ea95a3175

SHA512
1178d771707b05f53c3ed04497f7c1c8473b2f67b463f7005b8855242e3eecf4cf60c2a3c3564e4faba3a4791ad90fe887af79b3485a1a7a22d4e9cd7c11486a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7f5ba0d4d2291e74bc8b668bb7708621

SHA1
5ffd023df0dbcb0bdd140dace40e470f576bd070

SHA256
b48539b3f006e6c1a8a1c2fac4441cf95fa345e661fe866fa7ee0b9a4e96514a

SHA512
5cf612d95a515469c3537f396f97b1f7e439f3ad6b7cd4a34a15920d9093f20c3e50278be62cc0a4c0c4ef06df8eee153deb2cce00739b6a9c4986ad7c598480

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8604ee14-bb40-42f2-bf40-f88b0d869241.tmp

Filesize
4KB

MD5
1ba35988fb7b13e4da650cf462d90ec1

SHA1
14a5d0cca8689241382539c4d54508ed5e95dfc1

SHA256
c780c15d03c397bf13524021ccb7c105206f8f1d75ef885614c6181a7b76466e

SHA512
f16e62d62da77ccba045770a43b03a05c8d359f8c6d60aea9a81697563c03faec48ffd7f25627e3792d5fe57ecbe9c421423a0550bca28c1e2494481f6cbba19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c94bdd8dc0545a0b6c1f4110c3861f4b

SHA1
b408138357f2a3fbad0178651a253db60f78cb9d

SHA256
097bd3aa0dcb7ae2aea92d0194d4186443cc3838571fd80188b4bb7764ad76d2

SHA512
8a1f314fcedff6fec627996843e17b21dd10c361198e78b2ad7dc39187db1fe8d621d2ae670af8746912a2d61e41c420c5bd338dae4500148494aeca2d414265

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
0a9d76703b7e35f1ca43ae24050baded

SHA1
78c8531bf25ec25ed0ff293a78f191b242e8d19f

SHA256
f9d29fbaadd3f3c23fc284bd967c627069a741e0b41053473491b091c5455d49

SHA512
8dc335a9fe244123c9c73954f77c2100a42bb47f9fd80f5308a2887741eea16e7617478b44c7d578491d116a13070443b34b8fc04ce6751888006ab8e4a0e8bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
4be03aa8fce3e34d170e7e884cd46498

SHA1
dd81b872f09c16ead2365a482a6ffa2e885fab3d

SHA256
8c518a76dba171448651bdf00a348baac784b891580edd96f5ddbf8fabcbd4d8

SHA512
0f2fc52ad5990619e13b2fb0f4fed72d3d08207812a5efecd22b556732bdc2006c4d21ae6e7dc3ae0dfc843bea4ae6b9dcfff4d86f1afd42063de3043dcaaa56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a4025175820303fb61641178f942d683

SHA1
c6900553887855926c77388963cfe35c64f00bb8

SHA256
776a2fa4b5e2aae3e6da31765d286492faeac2665284ff2a909272e3677f8688

SHA512
36f5a4419a939b53547aac93da5378e6525c3fd324a3bb4b551590e92249be43f43ec27f3e56159c8ed4f9868e73bb2724988cf1f7796055c46eb16d898e47b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
16KB

MD5
2d287d60ceeaf3f62ed57478186f2b58

SHA1
382e4441811d412519a01da1eab10017a060a2d7

SHA256
c69aa18e0e3961ce8c9c2fc83c2a14a36bf66cbdd09f5305e95ce446564c6e72

SHA512
fd0d09c66f49736496864289394ab473f8c7de53a21bb9640ec61d6d4da8bc1cb88f5da0901f03b6b00f2d477628780557b97d35b2110f5205ed4d96784bbd18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
31KB

MD5
dfc6b5b73c7492e49c83443c5774182a

SHA1
d2f334bd5105b183a05df3a5b2ac073022ad7249

SHA256
e68b7ec7821ff1cbfe9fd46954a3be3afc5bfe70ec718b0488e07c500abb9417

SHA512
0d20f291b946c2dab8c9d43efdf32df55ef7fb3d0841c1e1b40399b14409bf7930abbe49a31c4b7af12e9c49cbcadd14ada61bf5a57173ea8ed99207b1710288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\211792b0d09fdf24_0

Filesize
204B

MD5
093104e11e1a95d61915b1007d5fb009

SHA1
7d3d3155c424988712435f846974834133ffe73e

SHA256
94e4a87fa13ba02b31d26e32656699237938fc004aed45e971becb4d0bea77cc

SHA512
429c548a3e1e447fedce4eac9550475fa4ea944ad2fd834e63e9aadd6402d333ef024c706650d49538e30a48be7d1156d85613ceb504b5ca543b4da32f9030ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5fbfdfce6295c1f1_0

Filesize
208B

MD5
335871ad73dc407c37f979bf36d08f37

SHA1
095d13fb6fc1d87f4df0ea40f9bad5f17d4865e0

SHA256
d32f31dcf9369c7d4015eee8384d4a437f0c85433adfdf4a34c05912100815ab

SHA512
a2bea99d1a0c2e1d7c31f1f5ec9943be19ee65f6c93f807b6614da114a492474d874c4484cd13ce7beb92bc15b8729e39ee8445998b1d2b4e0aaa65a05cba6c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\66a4ee59b424299e_0

Filesize
228B

MD5
711298fd923e1c8f825f07a46b6e81ba

SHA1
7f6b77d501d7e5dccd17a0f6e1c6ed01f5b44e81

SHA256
c913ddee8ad006153b8fe91f94ae8fcc2b9bd8a9acd777263f7035cf130be880

SHA512
ee01d3b88798cfcd2c105494995df18532c2d5cdc1ec49bd2f55d69cd1a6d49ec25ad65f8c202d5e4159a9f6e8e5c6f686099f1a35f7454b637ff65ea9e50b3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b1150838f26b77_0

Filesize
236B

MD5
8539266c3b20082a7a0905583d37b9fb

SHA1
e435432a20f5b9f9af208179a0a7b6950799e5e3

SHA256
dc994201caa77a9b889bdf3b5ff1c4c08e1d7edbc7f0bf5bc695047b94d49a10

SHA512
49ddb8091431965bdf2468a3410c80bf2118bcc043226a74c3f428a6b785a4793f2003c11e12b154a7448cc67db930d68487d41060d8849316221444d1132e97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\95c7a0fc749b3eee_0

Filesize
253B

MD5
9c118e8ff3624c6203436e48510a7aa7

SHA1
9c7f29483d3e2c527b5f384fed7dba51cd25fb06

SHA256
3de719f2707e1c6722721dc250ff86098530208c6ce91f02e3a604ec22386de4

SHA512
b6f3b8a68875f3d676aebc9a440c9b93e7f12f49f3217a7ffc09eb7a0b502df799adf0b3d18a7e85a36cc7e4b81a486a33fe2c9e0bc7de96aa42b9c46d5fbc64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d275e6d6dcc09a83_0

Filesize
250B

MD5
9817b2c2bf57dcf1b4495d09d0067e78

SHA1
7b61f3359430eed4605159cd17b8f8f880f3dfe0

SHA256
5960170f7719af5536df769ab7fd4c3f594464c3468de57a4497bc747020dda8

SHA512
5ea1b0decbcd05d5f95b145a1e5d9f3eeff05b7256f6b51478211a3e9340ddda1b051f44b1b4a216df1112e9e406c77d608c442d9ee825649930a22bb529fe2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
912B

MD5
21db2ce9014ee08da9e72749273a6cf0

SHA1
2edbde0eb30310087c437b6d195ebd0f1c0001fb

SHA256
aa3423619e24351ec3bbc12988e908d2f628b2344fd7cdc7e8548f955de87c99

SHA512
5f6d7e13c1247c1ebaa4c57982f5c984382012cf6d22e0780757b3e2921b4e195be02a50f8e1f746e364188d84d7c63dcf2345733865286bd4f10581d0dedee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
8e98d18c0be411a500e32130e3777c1c

SHA1
9ab8e00af5869198800caf3097532d5345883175

SHA256
c31f25a789d11b7f91dbac0835a0c162c5a5cf0df5d228b709005947e30dc40a

SHA512
989583f6f4f534ceb13b5a3b7097b871a9dd4ea4a90fddcc527f774baeb222ef0a3d7525ee163eb35900e339af6e816e934ca2f7638ff826aaf2211e63e4c8ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
39ef7ca78042d5cb02754a51742ad4de

SHA1
f4b7de59d6769e01f2ba3fc9a3e031c70de0b097

SHA256
20b943e9b2dc6a6b666c3dd0ad3c7e5fc0c1a3797f9e08ab397c4dc163ba04e6

SHA512
464b4bb7a6e39f3dc0d9b3a03269f43e99e65f30e9d6c1cdac6d5344b71c807e36e472f80e0cf397ceebc4bb5f30f50b901364d0303d1a37057e999444bea379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
d86c999601b06bcd01fa88a16cb33333

SHA1
4544bb342af9d0e53ac06cec5f778772e117237e

SHA256
6d85c636dab54edf73425820a8ab719d9cea92a55790c64bdd990a79e644685c

SHA512
a97acc2d46e60cb1b38241e1c03a8d1fbfd863baac5d37b01b131832db14b306bac19349e8abedebc2f5b61238f80dfa5a921f54f3b4f2e57cfba532b2c3e843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
ce3649d6f0fc6d3812432f1ed5dafaaf

SHA1
b102b44179f8c02778454cefdfeaac090df5037e

SHA256
1357b258b290478d80b9051dee906713708483ce7100ba1deef418324789b4ea

SHA512
e91cdb3edf7ba4832d278d69716cd65256496165de490058fdb610904af335803dff7e243ffc77b4fa69e859a3a71519fd2bfc7603dbd8cba2974f16441ec36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
1aec89b8ab1b7bfe7e3629428799fca6

SHA1
5336ef2e2cedb2f0a32156b07dc1e26b003900bc

SHA256
aab678429a33b6280e5db99f4a145807f4626b86120e31eb1c073f657035eadf

SHA512
42f985f312fea0b0ab3231830d7819043825356704eef0e0607d8fbfa1388ef4b968a25abbdcf2ac94d0ec00d505a06660b0c0293320f8bfbca0c39e4e2cf2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
589B

MD5
9e485ec612824ebf10482a94410f32e3

SHA1
da182c10274e2109dd22580b8c9b8ca21c8ea9be

SHA256
2fa2cf0030d709801baea6d11ca05a76763712f4e1afbac18779bb90185fc5ad

SHA512
41816490253910b512515a054cbfd50456b9ab861a65aca390cfa5df6ea965bc7e19733f34f413bb7e6e1192d955b794d774d7909ed1e070da643cd96219c768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
9022f69b3ede9c5c04a91a410671d84b

SHA1
671a0a1e6b6d67b3edd1f9737bf55c98fbb90a4c

SHA256
5684ff57106ebd402f18d35b2c120cc0645a1ddf916e1619545cdf1752571339

SHA512
7179306ac65dfb676257969dc904841509390124b06f1254d7220d407d0601bba13c288550b48e60197b28e7866fc04b1f08337bd56eeffaa0b03f10ad906b0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
141B

MD5
0401b8768370e2b67d10b52aee398bf3

SHA1
e2840c1c5d285d908573454ac2c4bc566e02a060

SHA256
4ace179bafe800cd0f657d8a7855db7cdd9780f86d0ed63cb513ae95a7eb7b76

SHA512
0f9bd1d3167606a482db7fb2493ce06bf954243c84e9f47a47332d5f5073cac81e7d9a9203f5e7a5652538d6da847a2495df928abdd254a848b567cf8d65c1cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
0079011c7b30dd6a9e8dd4d178093961

SHA1
d93b6d43caa49d6e92635c5551581d6d1d273b4c

SHA256
c877552f88a85b3e81b2fb9274d07c2c7358c08810679f83cbb7eca34a0278b6

SHA512
302227db6f973bbc2a9583b6713cd4a008455ef786ea424744540e46400a36883d871bf76a85842dc7a5bbdfef01661fda6f6700e9988c02d22d7d06f13f5700

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
29ece8bca35b82283c9fad541f6209a9

SHA1
33d89f2ab603463a8b31e9fa5e7a294d94085113

SHA256
aa96bca80ca2871de6728ff5570dad3f0e8888e58c9ebfe450b6234f6b2962e5

SHA512
274c5b3455f0e4e76236eacd6d905bae6e11c3523324514f97002ab0c8577adc922b17a19ca1db9dea58762caf9c4dfa3134b4f24727442e7f9279aafeb20288

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e4180531c878c62c4961009bdcc7918f

SHA1
69f2748062943362a3d6e6941c220f85dc5459ab

SHA256
27d26e9a55e8c0fe8075e8216bd85de78867e8dc3eb028d455ff6d36cbbefef0

SHA512
0a021e11a76d6c4ee636483ae29088ced509e288a45ec562cf4b96257d17cf8e63f2d63f2df2023dd489e579a03828f882c5d3e31626002d5f5abc9455f6b198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2e0f2c38cd4d64f2fb597e6a0574e110

SHA1
25b82d1d999f975705add5df8316a598dd85279a

SHA256
6888c448580f5c6e792473460f4fc9c0a6debc2eccb57edd66db3bba2ab24bff

SHA512
870661dd05c74ab13a319eadd5a6d3b8788fdf9bd50e3a69e6b349526139064f19b0e6ce2543d282d509489d53b87c6b34a1202c1fcb9e7f4b58147a57450937

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4cf19285512c91bb2e47e672081ea71c

SHA1
2ae904919bbc1d320518b46cce7984f03f3ea6bf

SHA256
21443ffbc9c013dbc5ad8ffe5494ef97ea80360a8be5f2a7b84f3fc4bc856a7e

SHA512
129463a07144f7fc62ed62260e2304019ce024b1694297cbf5576331b7c87b2d7c22b48efda86108caf4a37d70ea94efe17d0cf947d9110085ec0dfc2c454f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
600624846860bcc9fb8d38e184b56c3d

SHA1
b54d2b1d216591daead5715552a307a65705b747

SHA256
d42334fc47e107bf4b856b648e62bc85d085ae1fee9c22a3acfec4618b5f34ab

SHA512
035d0aa7e2c662a1ae6b250fa5733fb9399a6533faca05f6a3a4e961702ea28d4e38745918a34da82d28c61fb75576df1b4ed3cf412cf83d4f3ff873e02dc6df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f0428f23e37002a731c7c1d2392cb5c4

SHA1
0b144eec6a8bc24ec6868ba9af5aa9b2fb708a16

SHA256
f066ab087be615e2c261c3b79c0b6272923b2b9c3ee8c0c6a56049c0c695a073

SHA512
741612de51524c709c78b706c6e1119fc2bd5df69a03c8eb54c8cb0025b6596f84be74390562672de262f9425ce3ba9e894c291bc05871cb542fd20d2f2b10fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
dbd6789f925b8f85a22f00ea1a926ef7

SHA1
0815d5486e8112c6c69fa9324f5445a0919faeaa

SHA256
c8e1632587da5c64835271046250ca2c9a1dd370acbb8d1ca2cddbe70a827e9e

SHA512
d756d7ea66a985a06c0a5d184bd7d6c0e2566dbcf8696ef515cf42540e00a68509ed066ec75f954999fa4648e75961d73f9fd3cd51cae538f257e167cd91601b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
664d8188f61b1e30e8d207e2b21bb35c

SHA1
ecc99ce5e97f161f3d3f485e34d9bd1ab7c1fc19

SHA256
169613b5b61be3dd818bf47211ef0795d520c7fe0d89d664ff68449dc38a0846

SHA512
f67802641c3ea55e9c95590ffe2a9c6021311f05d4178621327c84d5867cb5bf481da89f3ff26de5c343d4997ef6c22f69d7ed2f35c48185c67ec06cc50fb43a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bbed6c7843f1dfb45a90835b06b0149f

SHA1
5be253f101042fba1620852f1bb8538729d0eb5f

SHA256
ee6ca2dd97eddcdd5d4af6f948d08b4ec98a28898fc834ebb85fa4f1c770f6dc

SHA512
4eb47199e0b513092568b768fc4b8c0db74aa1decd60696fe9eee4f6d01fb545aeb76d34d1496ec56830c9cfe9dd70e6e3248d2e8473b684610377d166e59f35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
bcdda1aea81b121969f1d412235d17b7

SHA1
0d0d5c137db0cbafc60cc309d0d6568c84b0d966

SHA256
d2fe7589901d0545f263aad2b149ef5af5772c3310524a3ac1774c1b2b0c05ee

SHA512
2edc7ab8370c5fa95a1668dd34a331adc8cb431edb55b00dbb022fe13d3667cd08c0aff678b82d90753050915fa4defab93c558d95bdc7d0da740c44372ca740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
2ae6c12be1f59b8f0f90666b61464199

SHA1
2c11dec54c98f420cc8b4254436ad9f374fcffa6

SHA256
8c5b3e068829024d5fef60869426a9f82b02a3f098108636141bc5e60eb34ec5

SHA512
9cc10f6a50ad03b0970f0d4d6d60c369e6489e1c21602489beae1ac0004d3fce48766222b337bdcd17016dad501e3033d6358a12b960303402b6de780625e91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
512B

MD5
b1261d59a0d8204ea539459d2a7c7e6c

SHA1
f74a094d9567ddb51f7a1d240fd08ca4c7e7801c

SHA256
f819494687e0236bce30e01d1d5a19556a7f19c92fbc3d6ddeab3c98b9b0070f

SHA512
f3538b8829b1ea0f9ecae1b367b99709b5d61f358ac21a32b88d01c564ae97844d13dc97ff67e58dffc10f20d56958c168071d31f3cb643a16dd4e18b4d96609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
3ca102a8235c0e324ed646723461839b

SHA1
860c52af41a6c7f617afbf280e8b2e761807a59f

SHA256
7fd9f4ff250ccd30e9f258cdbbd105402d386a6bb979beae2f743c71807ad9fc

SHA512
dd06a9bad6e76e66e6b83fb65d04e2c7c2c4a34d3e51d5ae12a33dd6eb01353193a5c2f9e9c8957b7baed58d22259e87cbf63248640d96f9d890d153e5a66d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13354367435156625

Filesize
4KB

MD5
ac03411721a5e2d462dd9199cfb8cbbc

SHA1
d9238f09c663201d478fa5f2438ef170115d6450

SHA256
523b49ad8b72fec0f9f238774ed77d293f898446af968b1e11846d22fe6f0210

SHA512
cd416003f4fc59f47fd27a132c578464112850891ec1c4b71c96582e0a71bfd75e25206a014ab90b11bbecc955c07990df61543a5c9045ca170f35028a90484f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13354367435578625

Filesize
3KB

MD5
39cbb3255f99ddc34553e9c89d071361

SHA1
d6e008e93ffa1dabc283270522e4980bfc07973a

SHA256
56ba6a196c09745ccbfbe63095f71dfd3aa9f6cf3c85ccfca5701428a81b3795

SHA512
4586225ac429d72d01594cf33ad4430aa0cf00be135c3971767ebc4eb1be9df09f4cf5b9c92e20c17fac55bf78b174a262ed46485a9397b104437de4182f6f67

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b9a6673197f1a50a562928b3fc191ed4

SHA1
c39cb94deb49c0ff50f5ca4802e3a8ffd85c505e

SHA256
8e8aa10aa17f2d50c9a424e277bc4025fd8e395c8e3ca8461fe96ee73f6d0f22

SHA512
51199fdedf77e1e5d897d9feda5fa61b29b9c1ab3547f0c52c0d79e5c4765ce16a4614347318160c869bfd9849acecd44b9e24fce269db0ad6633b11a5559eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
a7aa4d51d3f16e1cf4faf40158ee2a52

SHA1
175c9f57617ca77a23519fce66c9c799d7fc4699

SHA256
921df68962278e313583a180c776b2e43482b2e600204d6f4ef06bf180e88366

SHA512
f9c4ed5d68d2f42cf31556a3c5c92abc9c192a351769001fdc821d51c2a33741b60207a9f9233741d36ecb40ced988f4a6408646c9729f9a2e92c78f1996e4b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9de48bee4a93eb6b830cf2480a7e42ad

SHA1
2546a09943e1eebff51fb7f8b25039821e7dee33

SHA256
bf821bceb46bf1813b7096e537b56c016bdf7b74d81b90051d8720950b20b186

SHA512
01c1edcb5ce228a6aaf021025dbf3dee8f2c24b6a82909d8d78df0d225610a419eb6eb4a81f2d33b5a4c72d97e2ee6a0d61f957c96b3be56020d7849442f829f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e2d980e66321f2542534ade084c98b5

SHA1
71a75b2c6375c3c85e0f1ea6e001f553ff51256f

SHA256
653c0688e2f4044e45cd008c9cf992eeee062b90e3a250e395d7c6a411813ade

SHA512
41bac326d05fdeb289ff67068a138b05b0bf61682a09fc5596c3d5b616b68f826579651812b3d7b121537019ce6a1d2a569f398ea42bc46cc79f2404ca3815db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
340f6a6d33eb8cd99b300055027ca71a

SHA1
c5eb55d6787cfd73477c5e125d042ed46312cbf0

SHA256
722b7aafb62cf0149c3c180a282148ed8fa5a91eb328fcf0950cd90c167e991b

SHA512
03525dfa194908a5ecfa7b5d5c1902cd9c453e2b043b9c4422bbf484f2186e23803eb242501a6d0b7711b6009e43de354342297a0b07c0774faac1b301ce01b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f527e4ba4fe3573cd54a3ad6c58ad48b

SHA1
c12b40dbffe8c73e9ad4c7112911a140bf9b61aa

SHA256
d3ba85ce42d6697eadf852b3b68c207e295b891f92eeb18a1c9ab5265af2a556

SHA512
9ed7415d2d19dd127f9d78d0557010ba1fa9aed49f858d7366da1887233e01a4292dcace4aa4e10bca6ce958ef807422babdcb032e84ba114914f15f0f2b5953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f1f72e46056749041dd707495a1aec3f

SHA1
0d1d766c39ad899be8ea2e5ad7fe2883c1d46286

SHA256
9e9abe861502822669341089f44d171a99b9998041c75d2ccaa054f3da6fe2b9

SHA512
9c59bd593092fc4238a26d174ebb267fbfd5f285637837781ee60bd648ac62e342215b26778d31864c9fc4e50a99b499bc670ae67f4c4ee60a9c809a8e08e0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20951c85e4807a02f706223bc1151ef4

SHA1
891fcf6f41673ce6d5d77e361bc337b9b4f7232a

SHA256
2721376d8c12f0c4e7df3e53fedaea0e5adad34343a09ed512afe4b84afe2277

SHA512
1e70beb9e09e4ced52b6676a977b66fa2b0bbac96dbc19d096e512a3c643866850dc1aa587d5bf89e11ccc6f115e87db5484f5913ea69f1f35fb1d420dd9e294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
376fb8673c7269db9c9b5f0b0eccaa18

SHA1
794c694f44c7f323199af0ca0dca16e263ed795c

SHA256
fce1a5321778101ceaea1f32c614aec4f6b0b604828c7396098740de132c36d7

SHA512
d5aee9dc436b2a7547d76b7ea087ea008c55468175d7492e7c78849dc8d88e7bf2d9c27e908eaa851a3c1b536b0cc36ba2a18a00666fd6ed0827192784e38143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
b76001d9e7d250200a0da972be8fbb80

SHA1
848cc92ced7b2dd094fb6b69096603b6b68fd05b

SHA256
6127db373b407b884921d0e3aeda28f0d4602ee529c5c40f61ab692edc4e9229

SHA512
3118e8ef776b428c80f9e0613089b686b1c9453fe56acffc4974911784e034d74cb0a2c6e9ecaa91bb9fd7ab97fff4b90295ea1e108410f155d8d3263b8a4b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db05b51f-5f34-482b-84bb-d2937ff9de96.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
ace862a7ab86c96348966eb003339ad7

SHA1
b006e9ddb6c833e6e1af3aeef603099773e0baad

SHA256
cb0ba005a645120b30feac8709d46dcccb5f9329e2092fb4d576fedacee6d587

SHA512
7060811074fc8cf79761ddeace89d6a1c3f396158c562e9f234608e126dacd54153e47cc04827605180c915a2c67c7214a1f8e1e7a76e064f9b7453ee16182e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
08c4fb409137a7fd2ba07c7b273835dc

SHA1
a5204aa90378c7d4d419515f5777fb0d4fafd6be

SHA256
dd4d238a4c6d8507b06b4041217b3677cd891baa09d7e1076606f5f95baac008

SHA512
13c7ba035dc027d48eb78b24948419ce68448910f1be6079f273fe9eaef690e690a0585b8d45cd92444e0bd934e4a88eac13eaf3e1cdc8010dda1969738d8f06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
a74ae81962d851763dd68f3745debaaf

SHA1
0e1a748b91a42dba076343ac108ad1a4f6f1c457

SHA256
3ff4c07d5eeabbf75b399ed7cb362be5e07d22ecf8296e15e4a2a61c3d9dbe3c

SHA512
a043ae82756453b1c01721392a2b4cdf38df95308988069c3b33a326c71c92b43cc5ac8c7ca4c3e866b5ed787c52f0c4c64d3b9b3ddf884d9839af9531042a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
52e43abdd8f2b4f5ad9e140a4af6f114

SHA1
3a26b9052c8bf71e50cfa6cfcca9dbd946112f8e

SHA256
a1be43354a0c879e230d9b1e733741c9cb8b0cd2c4ca879a77aaab630f59ff60

SHA512
5e31e136a7151318380107ca3b54a1837e15a2eb522543f2f97a1bec980b80d14034ca2a959c32fc8c8afbbcd7b47063fa5ff03d909ae7e6d2d7e74c91e73fff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
9a0d758ffc442ee8c1f9e435a7c30420

SHA1
4569bcf5bfa1c7c0d2fae00a017f4c9c6a561c52

SHA256
2fe1425578fb18aca8ac0bb27233ac9651a8461452d6fc75d3ffd96529acf67e

SHA512
49ae6ae7b38787e2030d1269a8479146aeb2ce2e55486b673757e26d436bdcb7fb6a0908cc3ace56a1340dfe64b83e24ca3111001c2f564da271cc8e3bf8c60b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
40c31d3f0d6422ab19c3ecb892ac140a

SHA1
d903fe9cbd4a3d7a6a356174581ee96ca55c00a2

SHA256
805b191591531f446bb681582437fddb4fd0c0c6c3ff3276ac747c3e002ec442

SHA512
1be5a468de9635d177072857e7021910eda3dbd41e9eac18bcc6b530204c1a88069e4ce1b3cbe42e223430ef6044400a6c82654839364d3141b9e4026c31c91a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
92d8cb3288c049868710a3eab166aec3

SHA1
83cb6eb8b2c595e5718d25f02184a19a88a16d02

SHA256
c28356b784dd79db0c2496f8cea04080b693f32e47c4dd6f9f0784eae86d4d01

SHA512
eef63b61b4dde7c80f4c9a89a6df10f29b615cf1b70012b0d6d405c98afb3cca6d5d01c41690243f49400ed0b8b7f585027def3167181185b1046dd1eadd19d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dc349e5b384e6029fa8ac9e489033c9a

SHA1
e3af6511b1c501885e8e13060a99fd434e45a2ee

SHA256
7420abbec45d390b7825482b2fbd6d4e1f5f9f572f2355aaec3a6b57ae1468eb

SHA512
d05e7f528ac0ace87388078ffefd6c5e5b238189927662585e6644a7708856fb7d388c127935cc1ecb00849a49a574c8978026cb9fb0f0f54069e5bb69759ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9282cb4f3892b196a51d9a2f67c1fa23

SHA1
c268938c7973f07b004f5fea6829739af7b5b08f

SHA256
84ab29f861f58cfc0da547f4cc71d3252e00052d2279b61ec114aaa70fffa82c

SHA512
0ac141e29a445135a95e1d83d661ab2fbea72f91fe05bbe1e1bfa3322bf13516bb49619916784c345525c9066c46829666c699de3061f22688633b6415581c96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Temp\$inst\0003.tmp

Filesize
756KB

MD5
8fd5536b0ff9f7a7b13838f5db9ec2db

SHA1
fca6137b60ff736e17d04cedf9b3e886259a89b0

SHA256
ea66c4abf3b63d9a2cb6ed03121dd8af2e7c78a84306e0ad784c4a492a448d73

SHA512
add2575be183cc8301c91a60e689cc280e761f7961b4da705ad9bff10afd8bded6d7287095a2ee3e34a08c70aadfe890ecfc90d2df908ed44cb851f041b87c16

Download Submit
C:\Users\Admin\Desktop\Atomix_Virtual_DJ_Pro_Infinity_v8.3_Build_8.3.4742\Atomix_Virtual_DJ_Pro_Infinity_v8.3_Build_8.3.4742\Setup.msi

Filesize
6.4MB

MD5
6b329bd3f5ad424a7a34111eeaaff72f

SHA1
41eda7b5ee42a7987ca86d5e3abc90badec0870c

SHA256
80e71b777a67984641d23965e2e950bac0d3ab486dd756880565ae663dbdd8ec

SHA512
0a359c19a9e12308e94a58fabf26d4709066b0910ae95b8643ab2ca6f89c0733f638de3a424bc73a9019674268a14862842360e8af44ca8e2e575183d2ded1ce

Download Submit
C:\Windows\Installer\e58acd5.msi

Filesize
7.8MB

MD5
b99f74dfb235dd666e505328e8d78112

SHA1
ce52168cb841e1cb5f441d7fab0333dd7308ac6f

SHA256
02f9da2a6c491b3bb74ef32cae4148f3f1aa5739cb450e6b8d271c5de235c282

SHA512
6f7fecdea5c9c0601dbd5726ad8f6dea3bb649a60d3d133bd5870f84926092b14df5c30bd27002739916a86653857a6fb34bef522138eb173c3ad0b405787193

Download Submit
\??\GLOBALROOT\Device\HarddiskVolumeShadowCopy2\System Volume Information\SPP\metadata-2

Filesize
12.8MB

MD5
0f4b8389e4e76ca9197229bb9239dba4

SHA1
c3b3bef7bde9ad46cb770afbe772d53323060a65

SHA256
fac42fb6d57f761cc047a4073da486a04407c6e106622c52c2f55f37d06fc42d

SHA512
1f437bc5c79b50902559c0f4544f8786d95cc2262c7acf443572c8ccca16937a9d29e58ef2346fcef26427127faf3d4cd5883594fe90f12eb19755c45041e606

Download Submit
\??\Volume{ff4704ea-0000-0000-0000-d01200000000}\System Volume Information\SPP\OnlineMetadataCache\{d5200176-cf86-4109-8a97-f2c45ea675ca}_OnDiskSnapshotProp

Filesize
6KB

MD5
5f1d59f13150a3473cec93baacd9ddb2

SHA1
e3caef317f73444cacc8fdb03ce45e6ddacbba9b

SHA256
23d0817f1204b5510f630c2c79980395250ad17cb6a0208e530aef689ac61fda

SHA512
35ea71a1f6c1fdfac66fd0fdb5ffa1111619ae1a5d71ed940f58ac8d0f988b631a1be8b7df97bb1a80be92b95e682c54b7f19496643d6edd1844a699c0b1aa2a

Download Submit
memory/444-313-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/444-142-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download
memory/444-551-0x0000000000400000-0x0000000000478000-memory.dmp

Filesize
480KB

Download