hxxps://mega[.]nz/file/pX4HnDzB#4jt18NCgfp8UbFzxATqjLDVHJFVfftxXxMl9r-IUDx8 | Triage

Analysis

max time kernel
204s
max time network
205s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
27/03/2024, 21:27

Sharing

Report Analysis Logs

General

Target

https://mega.nz/file/pX4HnDzB#4jt18NCgfp8UbFzxATqjLDVHJFVfftxXxMl9r-IUDx8

Score

7^/10

Malware Config

Signatures

Loads dropped DLL 23 IoCs

pid	Process
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

System Information Discovery

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-557049126-2506969350-2798870634-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

pid	Process
4396	msedge.exe
4396	msedge.exe
2288	msedge.exe
2288	msedge.exe
2596	identity_helper.exe
2596	identity_helper.exe
452	msedge.exe
452	msedge.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
3892	All-In-One Checker_v24721.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe
1888	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	4556	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4556	AUDIODG.EXE
Token: SeDebugPrivilege	3892	All-In-One Checker_v24721.exe

Suspicious use of FindShellTrayWindow 34 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
3892	All-In-One Checker_v24721.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe
2288	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 1304	2288	msedge.exe	85
PID 2288 wrote to memory of 1304	2288	msedge.exe	85
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 392	2288	msedge.exe	86
PID 2288 wrote to memory of 4396	2288	msedge.exe	87
PID 2288 wrote to memory of 4396	2288	msedge.exe	87
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88
PID 2288 wrote to memory of 3296	2288	msedge.exe	88

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://mega.nz/file/pX4HnDzB#4jt18NCgfp8UbFzxATqjLDVHJFVfftxXxMl9r-IUDx8
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffdde1a46f8,0x7ffdde1a4708,0x7ffdde1a4718
  2⤵
  PID:1304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:3296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:4380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:3872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:3916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4704 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6024 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,9083970439279628151,4809370450472847095,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5368 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1888

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2084

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x40c 0x444
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4556

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:452

C:\Users\Admin\Desktop\ALL IN ONE CHECKER(KAM3El)\All-In-One Checker_v24721.exe
"C:\Users\Admin\Desktop\ALL IN ONE CHECKER(KAM3El)\All-In-One Checker_v24721.exe"
1⤵
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3892

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\ALL IN ONE CHECKER(KAM3El)\CriticalError.txt
1⤵
PID:4500

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
fd7944a4ff1be37517983ffaf5700b11

SHA1
c4287796d78e00969af85b7e16a2d04230961240

SHA256
b54b41e7ce5600bc653aa7c88abb666976872b2d5e2d657bfc1147a0b49e9d74

SHA512
28c58a2ccf39963a8d9f67ea5b93dbccf70b0109b2c8a396a58389cdec9db1205523a95730485bcbc9d533867cbf0e7167ad370fd45740e23656d01d96ee543b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a774512b00820b61a51258335097b2c9

SHA1
38c28d1ea3907a1af6c0443255ab610dd9285095

SHA256
01946a2d65e59b66ebc256470ff4861f32edee90a44e31bf67529add95cafef4

SHA512
ce109be65060a5e7a872707c6c2ccce3aacd577e59c59d6e23e78d03e3d502f2707713fda40a546ed332e41a56ef90297af99590a5ab02f686a58bcbf3a82da1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
1acde366a37510c57586d96e34c62cd0

SHA1
e6a4b879e37cede2ad38588b6b22b13fe9586c5c

SHA256
4b94e24aa98af9c09e5993c9133b33ae52d394f50a130460510d2ec507e16f1b

SHA512
68f588e0936fb42cb3e5cfe70a3e0969c4ab86150d9d34ff0df559c5e8267711c25e93722d9fbd575962f3bd31da8551f8cb07fab1b73cfec0874e7837bee3a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
188B

MD5
008114e1a1a614b35e8a7515da0f3783

SHA1
3c390d38126c7328a8d7e4a72d5848ac9f96549b

SHA256
7301b76033c2970e61bab5eaddaff5aa652c39db5c0ea5632814f989716a1d18

SHA512
a202fc891eace003c346bad7e5d2c73dadf9591d5ce950395ff4b63cc2866b17e02bd3f0ad92749df033a936685851455bcdbfad30f26e765c3c89d3309cb82b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
368861bf0aaacb088626fe2a5faf0f93

SHA1
1f010ee2adb172c4d322e9e846d5fde811c4ebf2

SHA256
fb90c86fd7b9aaa7ba4734dabc5338eb6254956225ff6c8b13b4fd9e64ecd5cb

SHA512
2ae7ec896cc7ac2e337bfde74fb3e9a378706ce9f8d59e09123e15d3a2b32ec7da8d1a74426935c4ef66b819cce8623ffa4fe3fb83924daea413c0c5a7429edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b82fb764b6c8920901efabb72e480a41

SHA1
9376769b1aa410224abdc82342e550341cc36b26

SHA256
169e53d5bf7e1ebc1ad3312eb60fc56e2b080368c82bf04cf6ba6d11d49a4a06

SHA512
5de4dfeec4f21d3cf660d040e0a7f8b3fcca2eaa20d57d946a846150aaa4586ecb6bf27f51d861f15179aea74ed3b8cc33e0de837c663d680b2a410712457778

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
360a84f36579cb5720a541945996ebef

SHA1
fac2b946897293542f46e525f8cff5d989029978

SHA256
c372aafc9e088d60956249d8c877f54d28512b37a97af6488f72179032b4cd94

SHA512
975abbcf7496b1df5199167d48850a06cfac5023bc3c82603024df78d4e0fe533ff8b2ff0353ab65bcf6fb6ce4a59b563a625812f35a387c437159bc344f08f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57dbd9.TMP

Filesize
48B

MD5
0066b87bf1e9d1987df7a02a4a54b458

SHA1
46bedeae51a6e1ad84564f5d8591d0102c3f5fe0

SHA256
6cf28de3aed69a657ebc5ed80684568291cb1662af03c8e5bf0ac5e0d249d0d9

SHA512
18050894009232054b309125fe0ab9c873e7bc2550b86d4b1f5ec389ab2d2a4e2bf130b3bc36839f0fb3e66c69daf31ce74fa426ba3c6ad216bb203f3ea87687

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d891e304-c4b1-4b6e-811d-49c6b54f21de.tmp

Filesize
6KB

MD5
5a198231f239bc99346344cf867bd6d5

SHA1
ac06f9bd528fa47e74c28161bff5d452ce5e8a5a

SHA256
fd7096c1f325aa3ee1cd72052706e0bee545e9dc785d15dda08463fdf84b6b42

SHA512
3453ed10b0d93caf9ec7453e10a1fd9c67d21e0944f4aa35bfb2f059720203c050976c7cedd78e6d588986760d25db8878ef833123b7ec2b84ebe6c6e1b20a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
128de8ee7cf4e60976e71f678c6ce7fc

SHA1
3a9ff53234af19e16b3d013c1ce0070c2cfb4269

SHA256
c74eb8a1d418d912dfa57b0955fdc7f0763fb6df00ec6c644990e969ca26bd43

SHA512
85fdb57100b583615b2fb329c227b88a9b61ea0a8f8b913e473e833a2bbbffdc1db88442a0610cac626767c05d7d23e390c77389039030721297bf2f2ffc8ec3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5c7acd908dea8cbe70c1b84e6dc901a3

SHA1
7cf6cdd3f2b84dd607717e2ed549f86424c90b39

SHA256
e36c6c2c842f5c39079257de8951c0f17e49e04bd8db8e282a10a04258af5bf0

SHA512
ed682f4aa106138e5265f0399b38224ba2d16aa11eb02ff5389a4dffaab461d1150007c97f274dc0cd14496456d0199ef541c8d1d204d70f2ebd46e36fd721eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb21BC.tmp

Filesize
1KB

MD5
f3412c9a5bf676cdf6653d433caa67f7

SHA1
d4b54d9f38f16f21c9406ec0c3fad2550677d52b

SHA256
eaa33bb4f4c1a60d706eabb580b2419b8299f5c26890171f494a88e145b6521e

SHA512
7d3ec8abe27df6af843f11e6ef7ff53d61cd10b9b8f4c1715f74f0d38c7c4a19fe3b5ec349fe80b5926649fbd097ec259e42af850a33078959c172b3ab787419

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb28B2.tmp

Filesize
1KB

MD5
f43e6f64dcfcc265f9b02cfd53c809bc

SHA1
0ad186c3aa638c0f1d2a8b885bc154a832bad897

SHA256
49e652b51068d087d5664d471872e35fc4cdc62e65867dbd23e8ded69af10e8a

SHA512
8d33098dcea6cfc0e353d8e12416a7f371d006c6eaa50068df8fab1284ef81820643a40b6963ee7ad47f646035b2e596ee777c2a76470767b8b6e97915077727

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb3190.tmp

Filesize
1KB

MD5
fe82167880d6b888cd57a73c3a6271cf

SHA1
f31e09d30f8c2db55d18ea3be323082c098850c1

SHA256
e18fe429d6433b8a4bb910abe426572ff35fd154843415a28efa0e5b914ef8b8

SHA512
8c851e5f81ad5bcd80b9a81bb8e70e97bde69de61ef33e053eae3b4b504bb545fb53aabb173d536caefed0ee38d459469376b7dc9cd149a82a4aa665394854a2

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb33E5.tmp

Filesize
1KB

MD5
72234865e1892d91dc37ed9d8705815e

SHA1
b19634b6549bf417b3e96bffcde2d8398dce3df7

SHA256
010429848e281f54042a3a04110b549b8a87cff8f185c93e8917ab68e6f7b047

SHA512
12cfd735ec77aeb6f479d9310527dca0df65ed58b6136cc012dac3ac7debbb23305d44a28ffd53de4c08d109f3508cc5abb54a5ef5ccf8bca7eecd820ca28f67

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb4A7F.tmp

Filesize
1KB

MD5
c41255933a1b7b4aa656a7de8667e704

SHA1
bed4eada23fce8759a20f80cc3750056de3560e6

SHA256
de0e17aea3fe13d919e011bca1179ff56b59b0e3c7f5583304f9185724ed2767

SHA512
a3761f5be9e20777c426de57fa3cab1be0acc2dd8e10e9cda3c23d6004af88d3c71af68228c80105833f6ed5b41dcaad991f8387336a7deefa63926a26c7e414

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb4F84.tmp

Filesize
1KB

MD5
54833faaa1b54239abc24caa9ef8d9de

SHA1
4986e4d9ea8e7d2cbe86820fa70bbafb458d8996

SHA256
d9cb100289311089405438a6b2ee2aa522fc6005ca29c1bd5d653248dccb759a

SHA512
a9956bba833ca06420258a737a877df313569e5e2eef1ac02a1ea8c9b8d3a13cd6af09496a681768b8537f9133ffeefd9d01964593eab0e03693b042fe0115ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\evb5B21.tmp

Filesize
1KB

MD5
5320b3b17226b937442688c6e9a44405

SHA1
5512850a4f5944f89ae8f78e2237f8d977e7d3c2

SHA256
c2821ec5e9bef39efda63fa0b45e03affbd4322741c4585c385ec76fe52f5ad0

SHA512
1821230964031ea4bbb991b37e98d3b462745bd80642815e2521f118db80566ec7ffbd3c3214b9745b71cc0675e6976ddecc5e0dfdc40a91fe16d181889e43a4

Download Submit
C:\Users\Admin\Downloads\ALL IN ONE CHECKER(KAM3El).zip

Filesize
7.3MB

MD5
522e61f5f5157ea473bd8f8a020afbec

SHA1
0fad2584b5c89beef1dfc6c088c8df1aa152fce8

SHA256
ecdc0bdb8724f682c923d0512f7f3f67eb030e74f99969f6456837ea9e01f056

SHA512
811596db76b3b9efff80f73ee9939d07e804e30287d6a9112aa5abdaccc1303afc4f42d782fd2ae63258e1561966daf986ae4ba3853bda11caec40e5790a158f

Download Submit
memory/3892-260-0x0000000011000000-0x000000001131C000-memory.dmp

Filesize
3.1MB

Download
memory/3892-308-0x0000000009630000-0x0000000009668000-memory.dmp

Filesize
224KB

Download
memory/3892-240-0x00000000059B0000-0x0000000005EF6000-memory.dmp

Filesize
5.3MB

Download
memory/3892-241-0x0000000005280000-0x0000000005312000-memory.dmp

Filesize
584KB

Download
memory/3892-242-0x0000000004D20000-0x0000000004D30000-memory.dmp

Filesize
64KB

Download
memory/3892-223-0x0000000004D20000-0x0000000004D30000-memory.dmp

Filesize
64KB

Download
memory/3892-247-0x0000000011000000-0x000000001131C000-memory.dmp

Filesize
3.1MB

Download
memory/3892-246-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/3892-256-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3892-221-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download
memory/3892-262-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download
memory/3892-263-0x0000000011000000-0x000000001131C000-memory.dmp

Filesize
3.1MB

Download
memory/3892-216-0x0000000074420000-0x0000000074BD0000-memory.dmp

Filesize
7.7MB

Download
memory/3892-268-0x0000000004D20000-0x0000000004D30000-memory.dmp

Filesize
64KB

Download
memory/3892-267-0x00000000067E0000-0x0000000006A76000-memory.dmp

Filesize
2.6MB

Download
memory/3892-281-0x00000000059B0000-0x0000000005EF6000-memory.dmp

Filesize
5.3MB

Download
memory/3892-289-0x00000000059B0000-0x0000000005EF6000-memory.dmp

Filesize
5.3MB

Download
memory/3892-215-0x0000000000400000-0x000000000052E000-memory.dmp

Filesize
1.2MB

Download
memory/3892-293-0x0000000007060000-0x000000000708C000-memory.dmp

Filesize
176KB

Download
memory/3892-294-0x0000000004D20000-0x0000000004D30000-memory.dmp

Filesize
64KB

Download
memory/3892-307-0x0000000009340000-0x000000000934E000-memory.dmp

Filesize
56KB

Download
memory/3892-227-0x0000000004F10000-0x0000000005456000-memory.dmp

Filesize
5.3MB

Download
memory/3892-309-0x0000000009690000-0x0000000009698000-memory.dmp

Filesize
32KB

Download
memory/3892-214-0x00000000775A3000-0x00000000775A4000-memory.dmp

Filesize
4KB

Download
memory/3892-313-0x000000000A730000-0x000000000ADC5000-memory.dmp

Filesize
6.6MB

Download
memory/3892-314-0x000000000A730000-0x000000000ADC5000-memory.dmp

Filesize
6.6MB

Download
memory/3892-321-0x0000000011000000-0x000000001131C000-memory.dmp

Filesize
3.1MB

Download
memory/3892-323-0x00000000067E0000-0x0000000006A76000-memory.dmp

Filesize
2.6MB

Download
memory/3892-330-0x000000000A730000-0x000000000ADC5000-memory.dmp

Filesize
6.6MB

Download
memory/3892-338-0x00000000067E0000-0x0000000006A76000-memory.dmp

Filesize
2.6MB

Download
memory/3892-213-0x00000000775A2000-0x00000000775A3000-memory.dmp

Filesize
4KB

Download
memory/3892-347-0x000000000A2B0000-0x000000000A2D4000-memory.dmp

Filesize
144KB

Download
memory/3892-352-0x00000000067E0000-0x0000000006A76000-memory.dmp

Filesize
2.6MB

Download
memory/3892-353-0x0000000004D20000-0x0000000004D30000-memory.dmp

Filesize
64KB

Download
memory/3892-354-0x000000000C770000-0x000000000CD14000-memory.dmp

Filesize
5.6MB

Download
memory/3892-356-0x000000000A250000-0x000000000A25A000-memory.dmp

Filesize
40KB

Download
memory/3892-361-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download
memory/3892-368-0x0000000007060000-0x000000000708C000-memory.dmp

Filesize
176KB

Download
memory/3892-212-0x0000000000400000-0x0000000000572000-memory.dmp

Filesize
1.4MB

Download
memory/3892-393-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download
memory/3892-400-0x000000000A2B0000-0x000000000A2D4000-memory.dmp

Filesize
144KB

Download
memory/3892-410-0x0000000010000000-0x000000001001C000-memory.dmp

Filesize
112KB

Download