f005e2f45699c7a9795047606ec3537e5308175df9952e2831f66d1f940a442b

Analysis

max time kernel
326s
max time network
328s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
05/04/2024, 17:34

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

.html
Size

18KB
MD5

19947c5b75730443db796c73f83f9c5d
SHA1

b23775fbde5d961853ddc4979733983b1d63f232
SHA256

f005e2f45699c7a9795047606ec3537e5308175df9952e2831f66d1f940a442b
SHA512

4f20ab8027a74a42f7bc7343174dea53a892d415be22bdcfa772bb412873426961d9a09fc1469ab79f621c79b2c13900020f68e41d14c457b92a06fe53620401
SSDEEP

384:rUKkBDpmReVoOs42N9ylKeGMvU8Hhhbbzw7YS2LjFrSE3+gVJCBXQL:rOBVoOs42ryI1MXBhbPOcFrSEjJQQL

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	geometry dash auto speedhack.exe
Key value queried	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\Control Panel\International\Geo\Nation	geometry dash auto speedhack.exe

Executes dropped EXE 8 IoCs

pid	Process
836	MEMZ.exe
996	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
3864	geometry dash auto speedhack.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
98	raw.githubusercontent.com
99	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	geometry dash auto speedhack.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-275798769-4264537674-1142822080-1000\{B9462716-CCCD-4E7C-9130-103CAAFE77BD}	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
856	msedge.exe
856	msedge.exe
4628	identity_helper.exe
4628	identity_helper.exe
1884	msedge.exe
1884	msedge.exe
2244	msedge.exe
2244	msedge.exe
2840	msedge.exe
2840	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
1732	msedge.exe
2072	msedge.exe
2072	msedge.exe
3612	7zFM.exe
3612	7zFM.exe
3612	7zFM.exe
3612	7zFM.exe
3612	7zFM.exe
3612	7zFM.exe
3016	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe
2464	geometry dash auto speedhack.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2340	7zFM.exe
3612	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe

Suspicious use of AdjustPrivilegeToken 20 IoCs

description	pid	Process
Token: SeRestorePrivilege	1816	7zG.exe
Token: 35	1816	7zG.exe
Token: SeSecurityPrivilege	1816	7zG.exe
Token: SeSecurityPrivilege	1816	7zG.exe
Token: SeRestorePrivilege	3708	7zG.exe
Token: 35	3708	7zG.exe
Token: SeSecurityPrivilege	3708	7zG.exe
Token: SeSecurityPrivilege	3708	7zG.exe
Token: SeRestorePrivilege	2340	7zFM.exe
Token: 35	2340	7zFM.exe
Token: SeRestorePrivilege	3612	7zFM.exe
Token: 35	3612	7zFM.exe
Token: SeSecurityPrivilege	3612	7zFM.exe
Token: SeSecurityPrivilege	3612	7zFM.exe
Token: SeDebugPrivilege	4312	taskmgr.exe
Token: SeSystemProfilePrivilege	4312	taskmgr.exe
Token: SeCreateGlobalPrivilege	4312	taskmgr.exe
Token: SeShutdownPrivilege	3016	geometry dash auto speedhack.exe
Token: SeShutdownPrivilege	1500	geometry dash auto speedhack.exe
Token: SeShutdownPrivilege	5104	geometry dash auto speedhack.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
1816	7zG.exe
3708	7zG.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
2340	7zFM.exe
3612	7zFM.exe
3612	7zFM.exe
3612	7zFM.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe

Suspicious use of SendNotifyMessage 54 IoCs

pid	Process
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
856	msedge.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe
4312	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
5104	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe
5104	geometry dash auto speedhack.exe
1500	geometry dash auto speedhack.exe
3016	geometry dash auto speedhack.exe
5048	geometry dash auto speedhack.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 856 wrote to memory of 3344	856	msedge.exe	84
PID 856 wrote to memory of 3344	856	msedge.exe	84
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 1012	856	msedge.exe	85
PID 856 wrote to memory of 3728	856	msedge.exe	86
PID 856 wrote to memory of 3728	856	msedge.exe	86
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87
PID 856 wrote to memory of 3696	856	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff8bdd246f8,0x7ff8bdd24708,0x7ff8bdd24718
  2⤵
  PID:3344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2288 /prefetch:2
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2340 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2924 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:1004
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  PID:3544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5232 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2264 /prefetch:1
  2⤵
  PID:2020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:3076
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:2896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:4860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:1444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6048 /prefetch:1
  2⤵
  PID:4908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4856 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2184 /prefetch:1
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5844 /prefetch:8
  2⤵
  PID:1940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6380 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3356 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6676 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6780 /prefetch:1
  2⤵
  PID:3284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2120,10408819273661099802,3788684750141926061,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6760 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1380

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3208

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5016

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\" -an -ai#7zMap14093:66:7zEvent21131
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:1816

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\42\" -ad -an -ai#7zMap26197:66:7zEvent4885
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3708

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2340

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3612
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zOC1E3D48B\Geometry dash auto speedhack.bat" "
  2⤵
  PID:4480
- - C:\Windows\system32\cscript.exe
    cscript x.js
    3⤵
    PID:4200
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
    3⤵
    - Executes dropped EXE
    PID:836
- C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe
  "C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:996
- - C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:3016
- - C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:5048
- - C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1500
- - C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2464
- - C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:5104
- - C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe
    "C:\Users\Admin\AppData\Local\Temp\7zOC1E675FB\geometry dash auto speedhack.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    PID:3864
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:1824

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4312

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f35bb0615bb9816f562b83304e456294

SHA1
1049e2bd3e1bbb4cea572467d7c4a96648659cb4

SHA256
05e80abd624454e5b860a08f40ddf33d672c3fed319aac180b7de5754bc07b71

SHA512
db9100f3e324e74a9c58c7d9f50c25eaa4c6c4553c93bab9b80c6f7bef777db04111ebcd679f94015203b240fe9f4f371cae0d4290ec891a4173c746ff4b11c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1eb86108cb8f5a956fdf48efbd5d06fe

SHA1
7b2b299f753798e4891df2d9cbf30f94b39ef924

SHA256
1b53367e0041d54af89e7dd59733231f5da1393c551ed2b943c89166c0baca40

SHA512
e2a661437688a4a01a6eb3b2bd7979ecf96b806f5a487d39354a7f0d44cb693a3b1c2cf6b1247b04e4106cc816105e982569572042bdddb3cd5bec23b4fce29d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\0c8e839d-5b78-435e-a177-59b8a790b833.tmp

Filesize
1KB

MD5
566c795c157fa859fde6a3f5d8fb9851

SHA1
49db3c9ecad3e7185124fcc17b23803f1c65c069

SHA256
25e60f50ddfc91d4e53d07620d84016f1e2c8bb467b0052b6a62f1ec87ab3d97

SHA512
aa4c828f6a1d996c1371d7f82fffb38e636622b2a5a795000d2818fbdf37518ae1fd5b229701dec8b29e6290fd395502e2de695b593c5e631c09a58df1b1a131

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\67d6dd7d-2def-4726-becc-d25a175e3b71.tmp

Filesize
1KB

MD5
5664f1a396a73ffc7a7b7b98fe0aefac

SHA1
330f9d05ae0f085708d7719ecc092be53e9f4cce

SHA256
a2f1e3f5df78e2e1e062f6f67a735c6ea76bb94c8c1dafa89b2c6b87c86b227a

SHA512
fae9e81b9bdac5237896112ae60d878eb829f3237a036a931ac154653691ee3d74f855d0dca54620771ff3e5aac8ad7f0ee9cdad58c68f29000993171882de02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
35KB

MD5
5e37c5625ae47ab3ff0f06ae3fb0c850

SHA1
0453bc4e6e84986c5178df976870cb44fcde7b9a

SHA256
bc0ec5a5880fa67188ecd02c51d4b7f99b87c9c222089b555dec81d4b7cd2b4c

SHA512
acaa24ac46d9a220e5dcf7fdbb3ef49003152d31a782703ae0c23eb80a20ac2e4d870710138be1b0c9ed8f0e8d72d991c8b3cf6a88087db416eb53dd1329fbd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.1MB

MD5
93feab00f76536d681c1b77eca2c7caf

SHA1
c48cbe893b3178a56357c132cae2fa63918d790f

SHA256
5da61564d6ae3fa4506522460d177f8b642b20bae63f81cee14b9ca71fd49226

SHA512
6276f945f1008c70bdc559a8d6a14c609a033af2fae6bd80c129da546e7df6cfb3fcdcc452508df8ee5be7a0a87a6f9930664b8b9726c4e52877802a9ceca5ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d49bc2725decf8357705017fd4666205

SHA1
498c79f29160d3f6c7c80352b511e67d53e81084

SHA256
dcbf3d55f114081db85fb1b0652e8cb705673a0023abf3b4509c41bca85aed48

SHA512
e00b17aff46e2ffa841d83d2d42e0034e4c9e81568ee22d9f0847c0d236725c7512691c8092151a9d443b9401b02535e03477861e82226e6e25c0124856f715b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
50ebcdb4e51687b97de1ac5873a3cce2

SHA1
53dde01f621bd9760f4309929742a788bbb45f39

SHA256
c905f8954316626c106112fc861a9014bf2a1a38e49abecf3002882ca2231879

SHA512
7a90c3189d81f4fd1cfd3646fe7395cfded7e1df0ae92d202138b1ac449cb8f30a66be9acbb3fdd0208c86c392a9f15e23e210906f470527fe166318c87c2a78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e0c68975cb6d4cac0c4a08a5d71f2591

SHA1
44523a528c6c40775e69f6d0a26da11fe8c38840

SHA256
6af39d67185a608e80484b83c55ab8dc976366d35a41f5ae8288d77e1a90a196

SHA512
0c61a0805a4d79715d7a682c06c9de9901d370d378e7648dcaf9525842b73a7fb32a4514514e119bfc20beaac84fa35edaaf3b6a04ea431eb01399a92c90e56d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
950B

MD5
8e23c5e6f2af682d254c07b773f7af12

SHA1
2f979a88ab7330915b70223b3e8588de5c68d2aa

SHA256
d173bd061ce566405ff52095ac455bf92874cc30508c3fc580a2ef248f0a9d3f

SHA512
206d1a63facbe9958fea9a3151b1153ee286799e7c695242103091fa3826485ca77c8729599d8392ba6b3e5f741328beeb65a0d6403659c5c58927102c223fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7bd6a46a09df4725c0ed075aaaede7d2

SHA1
5d878d6894ac7365ede5e1a3ee2406b4e544f0ad

SHA256
5033e3d9255ac5537373705d15a96555d84198adf089614035b95c64222b9dab

SHA512
039c17e64c11742e944988e59654a4c3b80bf529a1da09121deb5a84a923f245e5ca1a2e21f4bfaa10af2ce8607bd700631417177f4a8c48cb2abd572c604008

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6a306e4c9176866cfdfb7d0f46c69252

SHA1
bb6c8ad3b9363ee7d64365bd480c21ef96754de2

SHA256
e039886ea181d26f3343cda0b97af69e1a6c7fc5c247eb62b66775016f5e9bbd

SHA512
00ed994790455487dddcd7c645abee768cbc3931a4e199afff0e5302f218d8b51207a624ef7369018cac4886b726dda4c714f29e43ce68b2488fc391a3155c82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
54e0aadc71ebc6120cfad50c63aa752a

SHA1
a55724015f4a5da7aab2282a5024a384b32592ad

SHA256
a845f6a310d25ade60b0fd2678100536caadf6d35814ee29f69c3463d3d44e35

SHA512
626eaf09d41e1b9855185b103c06a744f4a048f5463b9781fc6a30a83a186c3d43d73c31a29f19c8da2aec4702ffa7a6105764f1aa6ad212761a7ca77051cc6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03c6b93591ae76201ead665d40a728d2

SHA1
f3d233c237338ce88f4e7da467a14977d9aa6b63

SHA256
ecd53b021073ffc0e31362735bff817bddf11305f99528b3ad600442b0ad5c08

SHA512
53e881eabd220c7abb6eecdfb111447d0ea1e7a4557351a1e5a658fde1450637db2608b4c132acc0f56ae27c91f2715a27e532886c728f8815bd2b9ff3021438

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
187e07844d63fdbcaf18a9f7e1837733

SHA1
2c4f4111df6ec21ec1db5f8b9e97a09d040643ed

SHA256
05d65e29db49023d5361d53b1a18ec8e7f2ad11a1b01265ddcaa22e5a102ef1f

SHA512
72034984ce22117ec82c370222abffd14ee69b890435b80a25d131223ec8a60716cbe2f2503ac30ee18424b325e7d001b73c0d1a364e2b1d9c02196c33eb53a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
da4eb0bbaff8b8ac9b74c80c35cdfd03

SHA1
a852081711585f774e957814eb76ecdb3e9d9970

SHA256
00402c4a515f0f29a04eb10c8ae018d4b741e4e46fc433f6f327b44a4e6cf09b

SHA512
95bb355ada5234ff10362ca93ad4a07a647bae840fc905d866f834f58f9f5083c3006a7b443227772bb76f7eb339208a621f6fb58315ad15b6e374c370bc1ecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e0a2693b5730fcddb3bb6636677c0678

SHA1
51b116eab89eb7c33aa2a880d9a51e330e871eec

SHA256
f4a45ae683a6caca641e567ebe4fe8d14f6e78cc1c018630c7d18c8e203ac1db

SHA512
151cf524b05bd66b96f23a4169cba2178658d39e77032c477b9a12fdb6aa45bc4185db0ba950d967f37b2906801bfffa18054c524df0f8dde5181a65fdd8fe21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f744e5ae1388cde8890c5463f0e19f87

SHA1
311502e51df4def22e30a2d57c77aea64f66d5c3

SHA256
36c31ee528bdc03f5d882eedd2bd1b8ac69f18f4c1050a92d004f0a8ab6986ce

SHA512
9a82c100bfbe5dde8e3880e18bb36919338110de5ef3a90b552d6d8a4df97906e76c91796175a27dc4a4b6906aa5298bac1690adad60ed06bfe9b0870116dc16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a5f6fc30da80b57fc3df9a775a54aa47

SHA1
1c3f645870c526891d19b853de8f382444f33e3a

SHA256
46fb945ef6d2269d6a4831afd2eb10290a7ea8d788ff49641f813d81dba89ff8

SHA512
509531b0fc56d9fbda7d26c90b1788daea9f9a795fc8b4c1aa17dd56cad79a90e663e6ab9a67a4a4f7abe05142697d9ee02d7613f158518e56f2654296bfcf2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3b7739e9eb57f9359a3f2b1a7959bdbc

SHA1
7da30d3a94e509958557ff7b6c221a6f9b20c9bc

SHA256
33296363e2dd5a50421440cf3043a462e024e08e82bd82257d191a7e380f9444

SHA512
8350669b2967623f119e04388a37267c6cbbf3fd066e6f7678524034444ffeb6e65ec724524e3a7e673c0db601c10bfebc2cf3b99568b0c03b32bc2cf2be4f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ecb56959d5f29db822caf42f57428510

SHA1
f84f0c98c7d873e851f48c9142f591d4e9aa3898

SHA256
2a2a896c9daa1b8ea9c159e8ce20704f247e23caf0fcd522cfc089ad6850c7b1

SHA512
795be1385826c489e9c928d3f9fe7707ba20ad1fe70a3cb05b5e6b78c4a56b86d1f21bcc6e2bfa32986cec57fda52e7abe8f04b76e931ff8ea53d5cde6f5c28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e42c8b3619866c27c26a53f357d26138

SHA1
249ea11bedce35a62c26eedf836b141b70e46f01

SHA256
0a37af4f8860ad7480c144f145fdb96ed5bd75a1db9d1e994f1a3b77fd476a91

SHA512
d6cb8fce003f99d7b1694c0786c07d5e6ef687a4d09d636e56c8b867105699528a68b49310479cee9a66ba9d9c25a4a3fa27e6d3219481d9c1f9f2c2e0508a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58c4e1.TMP

Filesize
1KB

MD5
7b0378993d65b94a2ede395f9827f913

SHA1
077fc92e0b8ec7c422fbddac1d65c4c1f67e37ac

SHA256
74576aa9c30fba484414af376c6c4f83abcfa40d23e90c0f0e035ed8b192410c

SHA512
337b54474951e14a591f464dd2681ad93368d582e1bbb7656a477e3950d9b8076ee4a39fb0895a2358e1f5a92ffb6ff1646a2bd55c385601a73d8cc4cee83c8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
978b44af532301234eb0fe3966cf6b57

SHA1
5a55020b25e42126ee93ac0df449869116663f3c

SHA256
0af2e44ec16cdd1a02a81ded421269c390d01ad3ad08bfd7da7eee253ebb7884

SHA512
ee6286f1669f511fb51bf4f8433a005e2cf879367e5b7d1684ef762bfb42819d646484c2abbc14921036add9fe2ed102d2eb6bd0449046d726f6793c0ea0d31f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ebdf45a04201ec2a4f3dcb96c7e49565

SHA1
0214337014569a00d2cf11b822eee03341aab531

SHA256
078563f27051ad38fa10ca864c25784363b9b5ef66a09f71bd163b62951400b4

SHA512
803d1097320800c6ab1cb5bfbf4989cb733c39b436c75022021a1bf53e7525820e1eda9b5e6228eb32e77fb5cd306549ac6482cfa6a3e814e362daddfd37ba6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
a3047d9d92993fa6fb4a935e9770cd40

SHA1
1a62d5baea4063736670f13f5cda194a5fb1551a

SHA256
ed5fc900b9be9870934e72e93ca681141debc801ec65f7c628e72fd85bb00f71

SHA512
c418c9f565d94c565e07938fe2414a1b121a08c6ec393f726c1dcb3ef66d3f3fd38c5b6cc5bfc2982dcaa5ba8e5bff88c29fdbeba70102bd6dc82f029c07aa98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8df59fd98288645f947a231d59d9079b

SHA1
74354eb63ae5f0f7c332ebe2321dc777d797d9c7

SHA256
c0013409abe73843203ae611151d1f5067841a83f7251147d4701d0d13e4306d

SHA512
9f4b14d3ff95cdad616cded2be8b67551481acfc67a07d03bf98f65c76dc1cbc15b4fe88eec87951a5035555f0476428c1a857a42b0f351a75b998e4920d84dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC1E3D48B\Geometry dash auto speedhack.bat

Filesize
13KB

MD5
4e2a7f369378a76d1df4d8c448f712af

SHA1
1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49

SHA256
5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad

SHA512
90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC1E3D48B\x

Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC1E3D48B\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC1E3D48B\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zOC1E3D48B\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
8ef53a60b53e040a05d2731093f94a15

SHA1
ee16736cbd7e3ef9a66d899f606cef60e41eee7a

SHA256
36a49796138c2eff10a7327f12ffcafeb99b52ab9cc65e7a31cce5403246e0a5

SHA512
7eb4d2941a3e39e746df48032a5606552684b3e94171365cef1fae719fe14d416915d0cb0b9f66475860de049e21aba01ae5a5de7dc53bfdfb19b5d92a4c9ee7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
c97a368481a67d4e1cf8217f40332f46

SHA1
bf8bb6e815bf38e3c410c9e3a9da38d23b245066

SHA256
8e63d4fea0da3ce469c01cb9526089d0d9e09b6229f58008d9027040d225abe7

SHA512
afdc0a2ba4e925104c1e26b5936fceddc153f2a9852ff604bef90011787d8ef60a0bd14397889c98fe7ed0201bfbf11d9b58aa5cc1b2eb3d2fed5cc29bc0105f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
80878b27482bcf40362cc1684b048613

SHA1
7659b57aa3af0e66312173b3e54edc72d2c0247c

SHA256
39ad912f784a6c66017cb614e2c9d3c353c9a4410320040085dfe2b8a0b8f9ac

SHA512
96795f461581208e2dcdb90a955bed32a47f5e86f6d6f243779be2e049a897b464d57e29abb9c373c6ca7e95f179c183ad2ac20934882cfac41424c68efe64c7

Download Submit
C:\Users\Admin\Downloads\42.zip

Filesize
41KB

MD5
1df9a18b18332f153918030b7b516615

SHA1
6c42c62696616b72bbfc88a4be4ead57aa7bc503

SHA256
bbd05de19aa2af1455c0494639215898a15286d9b05073b6c4817fe24b2c36fa

SHA512
6382ca9c307d66ab7566acf78b1afd44b18b24d766253e1dc1cb3a3c0be96ecf1f2042d6bd3332d49078ffee571cf98869c1284c1d3e5c1c7dc3e4c64f71af80

Download Submit
C:\Users\Admin\Downloads\lib 2.zip

Filesize
34KB

MD5
0a76bd3e26768bba68aca3d210997069

SHA1
753690994a18cf58ed0fe3749d16448b763047b8

SHA256
9056b87f079861d1b0f041317d6415927d9ffb6498ce2530ff90fda69fa64e78

SHA512
14408ea7f44bc365a58d7480fff9ea3b10fa21bfbd3363c6e30b74a4d4121677e20ce1108cce12c203f0760768aee1c1aa69b130e090c409f9a516ea02d70c49

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/4312-1414-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1415-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1416-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1420-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1421-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1422-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1423-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1424-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1425-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download
memory/4312-1426-0x00000216BAA90000-0x00000216BAA91000-memory.dmp

Filesize
4KB

Download