da6062107b3fa8e3e95c3fe0bf63e065a39e01016217ba841dac9e34b2cd4b64

Resubmissions

10/04/2024, 19:06

240410-xsfaksca6t 10

10/04/2024, 19:00

240410-xnz47agf92 6

10/04/2024, 18:57

240410-xl4plabg51 7

10/04/2024, 18:51

240410-xhvbrage44 7

Analysis

max time kernel
300s
max time network
294s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
10/04/2024, 18:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.html
Size

18KB
MD5

b96c2023aecaedc1ef2eba00d10c2acd
SHA1

2db4028fb645c078655b1540747368e510a5ea77
SHA256

da6062107b3fa8e3e95c3fe0bf63e065a39e01016217ba841dac9e34b2cd4b64
SHA512

146dccb0a81099bd762c649cca97a866f1ba2b2bb7f5e909cbb83eaad92384c5fec36999a90bfb9e0a9c06d79e08eab6c933601bdc77e5945f20a9fdc1a1a361
SSDEEP

384:rGzDpmReVoOs4xN9ylKeGMGU8HhhbOtq7mS2LjFrSE3+OVJCBXQL:rGzBVoOs4xryI1MMBhbWM6FrSEpJQQL

Score

7^/10

bootkit persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

pid	Process
3944	MEMZ.exe
4604	MEMZ.exe
2280	MEMZ.exe
3720	MEMZ.exe
3264	MEMZ.exe
788	MEMZ.exe
1108	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3594324687-1993884830-4019639329-1000\{D31EB3E9-7561-4866-B3CF-B53C9512057A}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3594324687-1993884830-4019639329-1000_Classes\Local Settings	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Memz-Download-v.1.0.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\7zO8C026E79\Geometry dash auto speedhack.bat:Zone.Identifier	7zFM.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3600	msedge.exe
3600	msedge.exe
4580	msedge.exe
4580	msedge.exe
1252	msedge.exe
1252	msedge.exe
4820	identity_helper.exe
4820	identity_helper.exe
2488	msedge.exe
2488	msedge.exe
3584	msedge.exe
3584	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
900	msedge.exe
4728	msedge.exe
4728	msedge.exe
3944	msedge.exe
3944	msedge.exe
4296	7zFM.exe
4296	7zFM.exe
4296	7zFM.exe
4296	7zFM.exe
4604	MEMZ.exe
4604	MEMZ.exe
4604	MEMZ.exe
4604	MEMZ.exe
2280	MEMZ.exe
2280	MEMZ.exe
4604	MEMZ.exe
4604	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
2280	MEMZ.exe
2280	MEMZ.exe
3720	MEMZ.exe
4604	MEMZ.exe
4604	MEMZ.exe
3720	MEMZ.exe
3264	MEMZ.exe
788	MEMZ.exe
788	MEMZ.exe
3264	MEMZ.exe
2280	MEMZ.exe
2280	MEMZ.exe
788	MEMZ.exe
788	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
4604	MEMZ.exe
4604	MEMZ.exe
3264	MEMZ.exe
3264	MEMZ.exe
3720	MEMZ.exe
788	MEMZ.exe
3720	MEMZ.exe
788	MEMZ.exe
2280	MEMZ.exe
2280	MEMZ.exe
3720	MEMZ.exe
3720	MEMZ.exe
2280	MEMZ.exe
2280	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
4296	7zFM.exe
200	7zFM.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 46 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe
864	msedge.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeRestorePrivilege	4296	7zFM.exe
Token: 35	4296	7zFM.exe
Token: SeSecurityPrivilege	4296	7zFM.exe
Token: SeDebugPrivilege	5384	Taskmgr.exe
Token: SeSystemProfilePrivilege	5384	Taskmgr.exe
Token: SeCreateGlobalPrivilege	5384	Taskmgr.exe
Token: 33	5384	Taskmgr.exe
Token: SeIncBasePriorityPrivilege	5384	Taskmgr.exe
Token: 33	3336	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3336	AUDIODG.EXE
Token: SeRestorePrivilege	200	7zFM.exe
Token: 35	200	7zFM.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4296	7zFM.exe
4296	7zFM.exe
4580	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
4580	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
1628	msedge.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5384	Taskmgr.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe
5748	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4108	OpenWith.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4580 wrote to memory of 4972	4580	msedge.exe	76
PID 4580 wrote to memory of 4972	4580	msedge.exe	76
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 4080	4580	msedge.exe	77
PID 4580 wrote to memory of 3600	4580	msedge.exe	78
PID 4580 wrote to memory of 3600	4580	msedge.exe	78
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79
PID 4580 wrote to memory of 1104	4580	msedge.exe	79

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff94ac33cb8,0x7ff94ac33cc8,0x7ff94ac33cd8
  2⤵
  PID:4972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1960 /prefetch:2
  2⤵
  PID:4080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2376 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2796 /prefetch:8
  2⤵
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:2888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4992 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3516 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4028 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
  2⤵
  PID:3100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:3080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4736 /prefetch:1
  2⤵
  PID:1672
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5788 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3348 /prefetch:8
  2⤵
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:2136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3552 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
  2⤵
  PID:716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3320 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,13018878832173504498,16935909686851391110,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3944
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:4296
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\7zO8C026E79\Geometry dash auto speedhack.bat" "
    3⤵
    PID:1572
  - - C:\Windows\system32\cscript.exe
      cscript x.js
      4⤵
      PID:732
  - - C:\Users\Admin\AppData\Roaming\MEMZ.exe
      "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
      4⤵
      Executes dropped EXE
      PID:3944
    - - C:\Users\Admin\AppData\Roaming\MEMZ.exe
        
        "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:4604
    - - C:\Users\Admin\AppData\Roaming\MEMZ.exe
        
        "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:2280
    - - C:\Users\Admin\AppData\Roaming\MEMZ.exe
        
        "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3720
    - - C:\Users\Admin\AppData\Roaming\MEMZ.exe
        
        "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:3264
    - - C:\Users\Admin\AppData\Roaming\MEMZ.exe
        
        "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
        5⤵
        Executes dropped EXE
        Suspicious behavior: EnumeratesProcesses
        
        PID:788
    - - C:\Users\Admin\AppData\Roaming\MEMZ.exe
        
        "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
        5⤵
        Executes dropped EXE
        Writes to the Master Boot Record (MBR)
        
        PID:1108
      - C:\Windows\SysWOW64\notepad.exe
        
        "C:\Windows\System32\notepad.exe" \note.txt
        6⤵
        
        PID:1912
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://motherboard.vice.com/read/watch-this-malware-turn-a-computer-into-a-digital-hellscape
        6⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of FindShellTrayWindow
        Suspicious use of SendNotifyMessage
        
        PID:1628
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff94ac33cb8,0x7ff94ac33cc8,0x7ff94ac33cd8
        7⤵
        
        PID:4576
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
        7⤵
        
        PID:4036
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
        7⤵
        
        PID:2248
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2644 /prefetch:8
        7⤵
        
        PID:4912
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
        7⤵
        
        PID:1492
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
        7⤵
        
        PID:1280
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4376 /prefetch:1
        7⤵
        
        PID:4264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
        7⤵
        
        PID:1960
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
        7⤵
        
        PID:4444
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
        7⤵
        
        PID:5084
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
        7⤵
        
        PID:2224
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
        7⤵
        
        PID:1312
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
        7⤵
        
        PID:1796
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
        7⤵
        
        PID:1640
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4312 /prefetch:1
        7⤵
        
        PID:5292
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7500 /prefetch:1
        7⤵
        
        PID:5456
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7484 /prefetch:1
        7⤵
        
        PID:5464
        
        C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7120 /prefetch:8
        7⤵
        
        PID:5652
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
        7⤵
        
        PID:5708
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7356 /prefetch:1
        7⤵
        
        PID:5804
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1860,9622282179941730603,10000841784383201164,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7184 /prefetch:1
        7⤵
        
        PID:5812
      - C:\Windows\SysWOW64\Taskmgr.exe
        
        "C:\Windows\System32\Taskmgr.exe"
        6⤵
        Checks SCSI registry key(s)
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SendNotifyMessage
        
        PID:5384
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
        6⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        Suspicious use of SendNotifyMessage
        
        PID:5748
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff94ac33cb8,0x7ff94ac33cc8,0x7ff94ac33cd8
        7⤵
        
        PID:5752
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1928 /prefetch:2
        7⤵
        
        PID:6048
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
        7⤵
        
        PID:6064
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
        7⤵
        
        PID:6092
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
        7⤵
        
        PID:3860
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
        7⤵
        
        PID:2328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4864 /prefetch:1
        7⤵
        
        PID:4076
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
        7⤵
        
        PID:2916
        
        C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:8
        7⤵
        
        PID:2964
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5492 /prefetch:8
        7⤵
        
        PID:5244
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
        7⤵
        
        PID:4108
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
        7⤵
        
        PID:2928
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
        7⤵
        
        PID:3968
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
        7⤵
        
        PID:4728
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5572 /prefetch:1
        7⤵
        
        PID:5848
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1924,6174646227238338285,14831305827616429120,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
        7⤵
        
        PID:4960
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
        6⤵
        
        PID:5460
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff94ac33cb8,0x7ff94ac33cc8,0x7ff94ac33cd8
        7⤵
        
        PID:5508
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
        6⤵
        Enumerates system info in registry
        Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
        
        PID:864
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ff94ac33cb8,0x7ff94ac33cc8,0x7ff94ac33cd8
        7⤵
        
        PID:3332
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,7060607500566980376,8361958955157793701,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2040 /prefetch:2
        7⤵
        
        PID:1136
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,7060607500566980376,8361958955157793701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 /prefetch:3
        7⤵
        
        PID:1368
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,7060607500566980376,8361958955157793701,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2668 /prefetch:8
        7⤵
        
        PID:5264
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,7060607500566980376,8361958955157793701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
        7⤵
        
        PID:1904
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,7060607500566980376,8361958955157793701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
        7⤵
        
        PID:2384
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,7060607500566980376,8361958955157793701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
        7⤵
        
        PID:3328
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,7060607500566980376,8361958955157793701,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
        7⤵
        
        PID:1536
        
        C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1976,7060607500566980376,8361958955157793701,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4388 /prefetch:8
        7⤵
        
        PID:2904

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2964

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1900

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4028

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4108

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:428

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004C4 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3336

C:\Program Files\7-Zip\7zFM.exe
"C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3236

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1286cd2e-5055-42c3-9add-a654142a71e1.tmp

Filesize
12KB

MD5
bf0d07ffc337adec41f011fa147d7f45

SHA1
0f117f3d54bd2c143eaaf1683df71bcf6c108c91

SHA256
7d31be7d206c6b252075d421b3d78cc46e8447fec3ddc7258abd0578510dfb54

SHA512
1d72c85e363a88cbe9203172a18d3c62d7ab423af71e542e423a39a0fbe53ae5eb68bd2648e9a4bb539879cdfd95c5360af8a4fa5c6bde18c831119eb59fa659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c65e704fc47bc3d9d2c45a244bb74d76

SHA1
3e7917feebea866e0909e089e0b976b4a0947a6e

SHA256
2e5d6a5eeb72575f974d5fa3cdff7ad4d87a361399ffdd4b03f93cdbdec3a110

SHA512
36c3be0e5fbc23c5c0ad2e14cfb1cf7913bea9a5aeb83f9f6fcf5dbc52a94d8ccb370cef723b0cda82b5fba1941b6a9ff57f77ff0076a2c5cf4250711e3dd909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed15a81e4476e64bdff23b208d41ee5

SHA1
d6f3e750873032492cb64d3e66d74c35fcae893e

SHA256
26a798110f8c5651d8aee38a92bb8591a4ec3da0a26c41157c436243d5c901d9

SHA512
2e78692e41737c6a7ec45af46d6c69d27988d25d61dadcfaafea3acb856c975bca9a2573a89b5f8099c7053c2c01c04fc3521f0b502720ae96b672635f9d16d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cf48b98433f6465cd2a5ab3beb0ec326

SHA1
0a414c7785c75c2f50c49b287bf37a810f415ecc

SHA256
ee177275fd6a7c5a3ad60b622d0e0b3cdb8f1b6babc1a828cae8adf8eebefb7e

SHA512
72769ccde385c905ad799d19e612d2e39e6ac3f1888b5ac102b22291589f58417422d9860c76011876b4cb84c1707e9d6abab3ec80363adba8e2e3a496716011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5c3ea95e17becd26086dd59ba83b8e84

SHA1
7943b2a84dcf26240afc77459ffaaf269bfef29f

SHA256
a241c88bb86182b5998d9818e6e054d29b201b53f4f1a6b9b2ee8ba22dd238dc

SHA512
64c905e923298528783dc64450c96390dc5edbda51f553c04d88ee944b0c660b05392dc0c823d7fb47f604b04061390b285f982dfcc767c8168ccb00d7e94e21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2f56ad3ae3571b4cc7348ee42a89dab8

SHA1
ad9ee18a41d1f679842e32fadac93cca45493745

SHA256
1f3ac717c549dc85421fb751eee3a5c0830cc6a659f9b02033a7d3c5b6d21f3e

SHA512
3bd5e4e8eabf5452ab5ad5f4682e19a699c80d127a65b9cc12f2aa216f989a694252382428f90957b1faa6dfb34fa4646a9cd2de928bb52f41ed3d78fd064982

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\09e24a1c-d59f-4fc3-8836-f4a30bf28128.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000058

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
6KB

MD5
d2c12251a9f8b99a858f26ce7a2df762

SHA1
06860e565386be1b8ac91d9e370f762424bd8c50

SHA256
2ad9ecaeee854bf317821b731298a2f7b1abed3748342ac1afd02762fb226435

SHA512
00b87c575efc42e34484ad5565cd39915171414385322ee52312f1d72a6d99d59b2a6989c9a8bfacef063d49ed874012d6b94ef4afdcf5c977513781623d895a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
9182a03b0f0d9114e93e3944d308982d

SHA1
14ad9e04e53ced93968589417706340bbd93962f

SHA256
f05fe2909784b7e2fc486c37a37f263953f98f1011dc941cbad76c492a3155e8

SHA512
a6122c4b2fc20898aee7c0c8365e39c3afee6a2ca149203b37b92e4a240d2aa79dd196075d0115001e2841475c73e84a65f92d4d51cdb5ef3787ae18c17e2cca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
66e70e09850148bb541d80f22a6faf46

SHA1
66ae1e89fdd21f79d03373963dab18073b1317ce

SHA256
921fa56301b488841472b9071490a8788650dd4af6b8982d24ef5f1dfba0f326

SHA512
d6fdc04604faa5f551bcf6f98a9add9c5a5c38266542cd9b48514b4a5f9907cf4a2f213dc237ab08b1ff6494c89453f8e2dc8194c3323fbe0ee35731703ebb0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f24224351cda38ca0e306bec9e195f26

SHA1
9ee57ec6c841afe1bc36cb118a66c56de4ace345

SHA256
379abaa89db7aa91be0893899aeb194a9e2b28a575c9e0d5a4dca6e518814fe3

SHA512
e1390c88251a21a75f2d2a780d0bf659dd7a122e6fed765324abb0b2e570781a813fbc923b68ac3df091d371128ff776514e3c3b9751395d4f25114fcae7c8e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
8eb88b8334d2441a9b550e3fb4abe984

SHA1
7ca4c0af0c722daece54bfc47b4c908441e2c634

SHA256
d77de1e1c73f7d2785604f302ab1ea6b1bd753b983dd4c2b4af796b70a60d9bf

SHA512
572af67a752bb1a017ef143f91c87b2c4b5f511a56ee8b38880cc713b9872988a44abeaed3e06837ea031b2f4c7cd540d6c8c3131539b3eb0205e44163669a70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
94692109134b170cb8b7498fce3f4723

SHA1
494c5def1546dd0ccb613cb92a97027f0e102906

SHA256
e146f0a111f692dbf5cacc25019fbbe9d2ba77024e8fd7ca47afb169b6087101

SHA512
b991ca63ceba03480ad30169d9e57aaa6b621b5efdcc9a8c94a857611a48ad03d7e67088915097d0ce729d999dee03a2542645669b7d07b789d29b0cef6365cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
2c16fcd1cd6528ed9b4ed08dd6bf655b

SHA1
5611152db87367b2ba5b76fd8a3cecfda659552d

SHA256
4c2ccf4db829ad525eb8cc5e262dd88fac683c5574654cdfb8d91d48991cbe1e

SHA512
6183d9d919aa60a2184d21588568a83ac2c3c17102f380f96a0ef2d1a585f6b94fdfd20ff36ab0b7c7610d93ba2b4906d3c5c10ffdaad2301867e80163e76734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
0bf4282f8d67c545af553ecb997ce679

SHA1
0fd508f39ebea64fdcebecc4e49d00381600182e

SHA256
e9603e69f302cc263f63c54f371973c2311c8c858d88580f22b827af638e0dac

SHA512
cbd9d435ffc11b9cc59aaa7d25eeeaa4639e843470447cadfc85d5229dfe542b951b050f2c3fb97fdd015ce9fe06420dfc60987903b260c669cf9e8f69de7ef2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
1b7bc2c6cb68174f90f0e69c8d32063f

SHA1
549275faa9401b4c91ae356e974542d8b603900c

SHA256
9e5a85d574142a0444654678adafa79bc1885efeca9aae19ded982c9253b7aa2

SHA512
55298c0e847d387a2cc51ecfc110f663e0a09f4a4078775b9f823af2d5471f27d8288140c28f031cb19043fc42e1ab3a0805bb7def1b5ac7d87e5b48442d295d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
335cbe16b0e5b9cf4eae6b892e2fb06e

SHA1
a898f97a952671529a15aec8024f13fb1862b263

SHA256
a04b4c2c2fefa907335711e60bbd330ae2630153f2c6806db891c45fc6c21f6e

SHA512
d8566439ac414e1bfd835f21ae3b6526d2b69fa95db1501a6749a304b3ad62453192eefa59346e5479fc720ceafe3ce4688371f708f5f024ecebdea059fced4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
5cac82f25853fcb47c9221eaef79f37f

SHA1
475358f3b59613dfba18bbc7342d5f3f7baa6890

SHA256
c9db7a0741352eee2da12b98b0e7c738fa7c5732839b5c4215013ba6a523d831

SHA512
6bb5864d9da0fea5948dd842809d1893c51a1b799fb168dacf189c11ec13d89e3e027dc69d64fb1088dda01f76fefbc8bee6986760cf3abbcafbb87c77bc65d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
861B

MD5
bed2405ef5a2bb8c1720d5241dc4f99c

SHA1
6ff1ec973bae19eef97482e21afd52dd31513522

SHA256
bf62e63d956d7734044b29db9cd3dc7492f85bd6aab9a77ceb747a6bd6802887

SHA512
b4029a54659dd28384200f2edb96e4c853d31811c4d095b8ed68bcc52417a6bee5aedf2c5c3a8f3aaca225a4ba6ebd59b5bf031ecf169d4320849209caadc837

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
7191f9ba178929e4238a77da146af3fa

SHA1
d6365088494e42627a73a3c5c8e910d9d809f6f2

SHA256
f4d10b418c8834af76d0e6f9be60c80026174c5144bb7608a30564a3a32a0d0b

SHA512
cf7f6672c9b7ab39da1b7995fd861b80f382cee8b997857cf91b354d24e179f2191eafaf8782da54cbb446c0eb7967cda74d2fc3edbc165b4bb6fc19680e1794

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6da7ce564918ac1b9213e22a47061c0f

SHA1
4629ab2313eaa31c366ab3b74e25068251742280

SHA256
6851903e6a9ffe5eb8f203d295849098301415945e74e80843f1e275733c90ae

SHA512
f2e83c5aa3655791b9324d91f4b7fa3a89727b58e6851bdb3e5bb4387157a290e596d32b836cb2e9a5c9e11f816ef298c861490e8387de57829478d308fa12f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
068401d7cfefe7c47413b3e53146a81b

SHA1
c0edfa4d9b2f1cafc77601f2edb04a1b5b4b9438

SHA256
2669348803e34d6e5718a75f1e500ca745f759ecf186393403821c6773eef437

SHA512
bbe8d2f2bbebae4155ccfc78b462ce0383504769ef731ab37018721ae2993d3a751f0f8d8f327bef1062213de5a12243c23cd61203c4e641966847606907baa2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
724e58c79be9ca3d72377eece910e2e9

SHA1
3507839b772f68a85ae36b33bab47ccca228cecf

SHA256
cb0c8fdac919b17058c86554e089c0b9a0cc8e8e97683a178420ca36b500d4e8

SHA512
11772f783389cea0831fe89266fd88aca1effe8620fc2a13c7a9bcdc98e708386afc70c4b0df784be9b895339149a38b2c66b617f9019e7e5e62dfe2b1d3d7e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd2afd0c172f225bc5597b570b645a29

SHA1
1223ce5f01fffeb33fc97f715061972793a9edb4

SHA256
07e42c01dcb871baba96300e02c740daa156fe8458cd2bb0a3b573bef18b818e

SHA512
8aef94ac4c79f27c70b7deed6d21fff8573c0b792599f9bdf99a9c805a37cd74b6c5d987bee21a4fc4973a5c113acae172621c0a8ff01b1ac6c5f5c2e0021634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c5ebab623e75b00e7560a6f1e3bd1e5e

SHA1
947f84502711b6a98c5199bfc6fa15582537689d

SHA256
28778a0ccfbf7d9e0b6a9e71d659bcf5095bba0a806237167dd20addd791e664

SHA512
d5480109ec5432d0e8220011150f3eef740ac308ff438841515f9f81028173b2bcbe78841f77233fdcc4f134fb78358bf30893f9b89d6613758a40f40a78580f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
500ceee3b58a81701e1f35c00dba1f8e

SHA1
420b84963103736464d42c449726fe9f1d0bd360

SHA256
96abcbc748adf86c858e1928c2f44a61b210c392bf06ea08c468cfcc3e676947

SHA512
8d1f0f13e515e1abfe122c133accf878dacb5a8dd573b8d7638fe65a739e476c8fdec1befd5c7a3c8088da4c23964ded90c36a6cbb2dfede4784f03859cf1993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
04bc6bfcdc7a1b13937af234f0c954ae

SHA1
e47e35ed69b3625af3795d52af8938efd8002f98

SHA256
5ffb8a68d00d07b5b1d06978d89d16a6d7bd30e21c1ce97d947f77e264bc43ac

SHA512
22226c6faf50b757c2281daec8b74a312ee92422d5bb30ae88602d04742f878ef1bd6b007e79c8296521a258139040f5d927a8a834e440c4cd3afdc38ee0acf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
36ae82696ee97e7c582806b942280bdd

SHA1
974864b828e8623c48d8a05c68c55bc2f830256b

SHA256
bea43f51e55e918bc53aede8a24fb1c879290acc534fec1bb60cd3d27c350d25

SHA512
7f528243c1811890fc096434e92536fe1fd0825a451049e79c6d7278354233d0bbc4c2aea67372904e6c6f06a944bfda853d0eb7f9f827f7f817f377bdd8d884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
03e15e335bd9977b718cc8c1c8e244df

SHA1
09122e85793109a64280620f9d7e100107653bff

SHA256
30c515fe6e437fd06d0e2c42eaf38697cc5a84983b26ec6629b2c58c241bd240

SHA512
71b1eac601ce40b509a28e3d14502fbc38d1cebe0cfde8e273f92ea2925b8fbf4792a1d565678f397d70a2c586fe40f5f5152fd7e596ad85a8c56ae9eb942198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7d1494d734feac25863825ad7251929e

SHA1
068a6b6d1da80755380569c9c17481bd23319926

SHA256
ac2bc0182e43ee3c71f614ca90ce6ea50c346ffdd79de94be02278b356f6cd46

SHA512
95cddb675e39dde997a9192ecc62f63f76e4f4d2d3941fb584095d071949df11bfd8c0ef6320700ff10a10fb312ecee8a3b600061814f2066f49bf619f3d83f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
554a55d4efdaf2f37f0cc69e1e418796

SHA1
4b9d3fffb2223b78d2bca66c6ceb3850523f1512

SHA256
4ffe8d604caae93aa6327f896e2818797cf884ac41a038512be35ba7cf302f5a

SHA512
2528f218e5607d0ead805f0b2d15fef37951dd08a9959f76f43dd7831dbdac9ac2bfb4be8fd23ae06f3df8a4b45da1000ade046b54f9b00f513a4695dc91b543

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
4a7eaa139bb1de5010f3957bceee1c8b

SHA1
1aff48b4b5a7fd0841fbd8b7a859df5ea7f64d41

SHA256
a8f6717ea0b7880652c1364c261853ff65b7a015fc5eb081fbc108192131ef63

SHA512
e4714e97f03f35a390df74c3bd62b02202978f7c21ebf5c623ed089e07b89cb7693998b05ec8563050bbf17aaeaa4ad5246680e2e53bbec7753e747ba87a8988

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d3678d91b89844aa693a0c30ea3b73ac

SHA1
9a61b418d748c4da65de70e900964e296add2a28

SHA256
af8a47741ce3fb6b959dc1fd2d4ec10838230443a01d002053c9cfe5e9f309f7

SHA512
a8a37a2e58e33dab607e8225fb260c39a3520d097b61684b0ffd328547f98f502a835664c8b37899c7bebd3dc323cc18bdcdd0b73d72411da2b7d80ffd3e3a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
df2ec2243087fbbb96952b3ebf361279

SHA1
830d38e6ea421bac07f9c9fa76dafeab16c3d2ce

SHA256
a04a208a5750f05ab6c2dc395c4cd636b36227f572893224ef067a5d986f3136

SHA512
b300b6f3f0bd0f0404fcf4a6c88086b28a1e060533dc4943984b6650a1d3b76633f0005f8ad062f1139d31ce7e5101387a34abf585317ffadafca12b288e93a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\66f94e24-5cde-43a7-b09a-a8b73540bab7\index-dir\the-real-index

Filesize
1KB

MD5
6f20fa7fcae42dc61be058bcab723e6b

SHA1
be1d6432eb9d0043e61bf883993e916f3a29a0d6

SHA256
c673511f8f148a0d43891b835df69ccce4039a8e89d4c07c8f7e7d7135f7b8eb

SHA512
5a2e0cafb2c83846a5b56795f035c9f3bee81e811627772b0d1d3ae1bf3b246786b869e6e94d2c257f8ebd3e898726c7d217f8cb7c5b1b9ad4a06fab24e2c279

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\66f94e24-5cde-43a7-b09a-a8b73540bab7\index-dir\the-real-index~RFe5a5371.TMP

Filesize
48B

MD5
ea121229e320cb3f7c31f3fc52f51953

SHA1
b8ac640daef92ea0855ab708338b6cd26488099a

SHA256
851df629120188e622627f318ad6dc8707a4c401fb0682ed45c61f35b04a3d98

SHA512
a7e4dd77f1f577bef67d12687d7368fdefbd11b5e2bfd668314c1e7f746fdf667ed6d8f52a316a99105ecec1e66daa1bfe3dba7e70f520ae1a68b073e9356fdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt

Filesize
115B

MD5
854e37cdc5a6aa2c5c62a27ef5ef2a6f

SHA1
013c02d7ad576366909e059019a3c7b272b776e8

SHA256
1addfd7711c29cfa5ab4abd8747fa9447f71f75af7756428d611a098728bff21

SHA512
5d4f7f6c963acf1b357675ceb320e4ec713597c0ae525696cf1cb41f6cde82b7288281d586d7beba59009b3ec6d262e761fafa17a8ff2575747cacd7ef0dd521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\c5ce88bc72edbf8813410e12eaafa3c8e5ceb644\index.txt~RFe5a5371.TMP

Filesize
119B

MD5
4a014e06687ba00b61738e078b29962e

SHA1
83107666210dfb71782cdd0439475eae00934238

SHA256
082e064d21141b72ac3aba6d5f16d7dc5779133862070ac6289b6b22be1c9931

SHA512
bbfae1623f50fccea281283b89f88a2189f8a3cbfd5d5d20ad004ae244de8f17a77b46c52b2e49ee6a910f6688a580d737e632955cd571bc711fbbaac84ffd3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
cb585a0e74037fa8c322db89a121eefa

SHA1
d6ec9a9f15906a652c9086faf24f71e9e4664383

SHA256
976a588e07d0fba5fd921becddebdc216c7472af2a234b83199bbfe2a552575b

SHA512
04efdef463b3330e17bd98fbb9414dcfed712970d70ea5608b0e0c24fe0f58dce53d17821e45aebf60a5070c2a58fdc0488d9d4f04f37f0e4e5a535a71ee5307

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5a5361.TMP

Filesize
48B

MD5
105ca56f13f1d3f1987e6fdf3191b383

SHA1
7ad7d5d5d5795efc801151d95a2cd0f1a2e4926d

SHA256
41c5520d3e6d1a9a692f2b30a22fc8a3d994c3654dab180b67bea6ac9d9ea466

SHA512
adc8ca95ee60f20c663e20c1afd8d165a2d0857510eb993ad72e01874057132b2c01f224c39900dbd0d261580f60ea67ee504762110c03f38031a3d8349cecc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357248731137998

Filesize
11KB

MD5
42068d6007276c2ba50dcdb341b6d39e

SHA1
913a4bb3305a7fb664414ac4b27b330ad95c85bf

SHA256
5eedd147061393a39a5bf81edec7ad308b45d472e2753bf1fb70d51a9b38ed30

SHA512
2aa3c5eabf91eec19dc4f18f18842b8c97437732be4773b04dbaace2b38dfebb40694747de9f6e6628de82025654330db9681d44e776b3c613edbeaaa5c8eab1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
184B

MD5
95b2834346d6518319f2153de30f0dce

SHA1
2a57d3a459672ba0d712b5645036b35db7908417

SHA256
7afc3a46f581ea5f80e883f13b04f8ee806ed56b895577ef5e7e477cf4bff30b

SHA512
a47b25e8cff042d77878e61ef99653fd9043119fc7d87df2fc45e756dd773d4066cfc7e5105f3454ff2f61dc1e56d1345cb09fd7e25d55a9fd599cd3f974f494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
d075371cde5a24750a5f379a06618ee4

SHA1
cd90898470562128844414643a8592396df6c1b1

SHA256
a97f363c7561b5beb87100f44bf30fe1b7d7a8369e7418e418376c1fb32272ba

SHA512
448976aca7667a90f24c7c9d79d9b18cac5e2e1446625da382940f6ce44a35d314e79cc0581082f7b1079ff2ba1fab9b9c2d9709f6f9a25314ca33e086e5d1b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
eea0ce2e5129a57547aa493cf930e351

SHA1
fa82dd80408e547ae3430ff12a5e21bdc09a67a9

SHA256
048a59b58a8155ec52331d29d48a6bccfa2fc5a63534c86ac982f12f8637f3d2

SHA512
292f8894a1a0cc5e12b6e3e9380ba51dadee6c9f9d37711b256b4cef813087eb01ea5ec1eb4e61b379c00c10e498b9304e75369c962fbb16d5e00540532c03fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5144ab8f3386bc5e3c15e8e22b86f42c

SHA1
f90a139509a401c78eedb26772b9c29ea75adee0

SHA256
1f26c4a1f01d1c4049739e5961ea7b3837a17e2fa77853ad199f4f5ca2859bcd

SHA512
c9096b9367179d2bac235c9677485d8529c76d943ab7ab97f8f2cd41a9948fffc753249e75159ac8ff2d63019e53e2e0b2e2656cb462d4780b0a84b979d91761

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
56adb03dd4905f52afc00746b1220187

SHA1
c1ee93a2063da095ad980ae30fe14c5343092492

SHA256
5d3144b511ace759c927a433a4e8c56201455503ade9aaf978237e737e5ae439

SHA512
cbba4287eda2b788cf443d57ced7c45a9949ae4949832eeb3220cf0b6761498dbe83a87392e76eac7aca72e3ca8a402d5e9eceef196f4573933cacec6628c38e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c51665ea0c5ed57ee9c81145882934b6

SHA1
071f2b2ea2ee639e8754f6646f57e0553e9de118

SHA256
25dde6f8a9d3ad5e40a67579b5efdc4d0c1fe4936fba711debb1cadcd4401219

SHA512
3fb79eb8d5d995fcd5f9c046e7dcbcef011b172a311b8ae81127744d743a1ac7919012d186c4df7d6802285d0ade2be7d2428bee5af49f262fba93f4be4ccb8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
5745792091aa29849bc8ea726f2e7b8f

SHA1
c66f9c86849b380d06568379e713365651b8fc83

SHA256
3ff603a3ac2a37b16bc8a68c0d202fe40b3907d622ec15c70e5516205de8abb0

SHA512
bd7904f59177cbe3bdd8bee31baffe3270afddbfb97a8ab658ed3b3edb892addf1398e0c195cb3b7c0b65062147de57bdc369f5248be17278466a2c1a0a5b269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582fa6.TMP

Filesize
538B

MD5
be7243775bb7ce238f4af7afe85d65ce

SHA1
79a8c3df17309619751aac3f29b5519da9808f68

SHA256
5973d71b39adff9e0acb3677e1f9cc746fbad304aa281b5380a87241207b3337

SHA512
e4e85357a4da5f6f93dc5e2852b1c884a06d7411f690d18b917a1e6bc440fc1c34574e50fa3d52cccd7670d50c2437569aec0707469bb7decf39d822fab76e2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
433ecf1fc4b70edefbd37f5d5c9f71af

SHA1
a0396c13a2ef64dc3883bbe0f4a3787edd8df648

SHA256
e19d90098de1d9d3f2539480b7b555632316e84e1b1ae3a1f1a9be4d39d02e4f

SHA512
990f63436c124e9725ac84a881950726e25e0a57bf070c299d1af85b5863e77522721154f6ae7d795cf35e334100760e5b51e3d92b2e51bf0e84f386f3aabfc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
105249cbb98816c50b4a5e64f14ae19f

SHA1
483ce82fe9d17dcc5c372462d8133cb0a47f4245

SHA256
8de6efda647a05c79699c85bbb53feac4a6d0b91b87e43dcc26c751c4b6edee8

SHA512
597f205c782011eeec46efd4d11820e1cae7b1f5de67a1bcee6c1fd3b214e030036f9c119043cd03d1fb919a905300761b9c37018a1ee5c75dca2e3202453fc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
60KB

MD5
cfc19488b3a5fa9b2022b3989ac98bc4

SHA1
5dd75b5a465c151944602a7026656ea74876b9be

SHA256
6afe1a09afacf53416d394b5dc4ebf4f5cb3189d26349fdc5fdc5cd83bf8f459

SHA512
d4afca33c9e037155588975b0aa98715abad67c4ffe60655f128fb0e9f1256ad8e6e65b66ae044a360267b50cb17882622ce66506a65fa2fcc0194765491bd58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
006c5fd0c1853b5062883e42b7c7067a

SHA1
4dc8a1ecc73dc216b99bc3027e13c3d97c8a4b5e

SHA256
1907e0b9b404c3d96a34ed2e5c103f680914b54c07c9482c78c3479a24586e97

SHA512
1eb3328bf62d9d90c6f0b0b4c4684fbb9db8ba476aa1c07ebe328da67d8f3b86e1da496a5d5807b4c07c973f9057bdd4cd5d0f5f858a25222ba04d44dbe8ec82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
e02878fa057a50749b4a7f23da129c65

SHA1
3fab525ab8044aaa9fb321c8fe3be1e48585127c

SHA256
f9ee1d405667d811c31e69920009f59954e1d1a400f945c3b7a83079d2c864f7

SHA512
95575fc7417af69d74a61984367741d373aa401a6420bbc0761aea28f27f1ec664ef9d92f1575df6ad9394fe5c554b8f3f6792a4730bbd775290bf781ed40018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
49439e2e6492e5d3d70de6dd7e69d666

SHA1
47c79b99262bc82fa76fe141b9d83e3268794911

SHA256
cd463c709105840464214f07b69d866c73c4faec1455b951f895cafddde35a51

SHA512
7ff408469703546d0597ca7e36aead7d3697498f01badab6fd14f4cffc178263e27ac012fdcbe5503f74d9422d4d5f636a962abe275706fa02c3bc31cc2fdbe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
44d639751d85eecd5e3d2ffe6317ee14

SHA1
87e8e5fe0cb103dda505668ca1824f089e7d4e64

SHA256
cb05b4c6a4dd64161b5d82d379573d6888672a23252aca046c3415995ebe1526

SHA512
f08f140551d61f616ab5fa5455dadc77df6d6e6aa98d9c7769ec287188e4219d3937bab8b92b9320a3195f7ad3c50da0d7b95466160da47834ac2a580cbc2997

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3b4f7750abdc97435a9ba8a030edee0d

SHA1
4b0a3ed3a00a6307a256d576ec2bde765e43376d

SHA256
da4e529776fbb420dcd1fb1292b4529e5380b74e8d5e1c55e51e8bd24cfd7ef9

SHA512
f65da962a506968ee8626fce0a8f420f51e0a3080919b320cfc577b82dfdb02809ba34964a795b05b3d9aea50c5b239bcbb8fa7714f9f736ea80ca9b38fa60a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
37ab3090af5e8fabce67e37ef20c1ebe

SHA1
9737d1b5fc8780daeb72389dd9109b1f55daf13b

SHA256
17147e31a859e911a57f04c3daef1e30c7258081f1c8b839792107d8e020f480

SHA512
0782bca1183fb36282767c8f50807973fa465445d05a16d4d671cf4e1cda2c75de348ee1a050c077304fb79782c1808ab8fbc808cb1019f226c5b721c5b9241f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
07a77ab6fdfcc6ac6288612b5ea6ad03

SHA1
5d7cab79eb9148e59347d04faba38be53600b33c

SHA256
8aa201fcc9cb1fec1162ddf9f07013088668d65775688f5569994df534a14fcc

SHA512
110d324f1bf48dc7400f5ab04653c344771634555d94597acf6166be831d73e95862425c2ada0cf6a5894566e616eef6a6e331cc82ce3a70d755992398bd80f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8C026E79\Geometry dash auto speedhack.bat

Filesize
13KB

MD5
4e2a7f369378a76d1df4d8c448f712af

SHA1
1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49

SHA256
5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad

SHA512
90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8C026E79\x

Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8C026E79\x

Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8C026E79\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zO8C026E79\z.zip

Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier

Filesize
650B

MD5
d81099bb79b0e02f185fe50866c96d90

SHA1
72afe60d830d61ba691c446b90e4471aae2f1699

SHA256
2d4084dd35fae9393dab8f1ca478afe66dc265683b55fc7b6222d15d24995f25

SHA512
98d5467b5bfeaa463ca838ad2a462a695ffc78b34aba8eb585d225a15d02f43d6c6db27f5c327c4e1c3775c641fbe29bf82c73132984aa7d35d2f966062a70c5

Download Submit
C:\Users\Admin\Downloads\Memz-Download-v.1.0.zip

Filesize
388B

MD5
76d0a1d84cca5c2404c1799556106891

SHA1
378a662c54fffccc1f2bc3cc72dcbb66e27c2779

SHA256
23b8378ff4073b47a9542c744e506ac2fde0cffba27a5ae8140f3856c9ddb6bf

SHA512
7931c992d09301f22b8c5dc861e35d4e98432f79d2ea48be07e24366ab6302ba8bd2fc85fc8e8af889da46f1588d33419c41afa8f4d46b60ed1d6d50531e3f4c

Download Submit
C:\Users\Admin\Downloads\Memz-Download-v.1.0.zip:Zone.Identifier

Filesize
168B

MD5
04f4d358437d239ec6ec44836e3baddf

SHA1
3be13f5880a1fb6c875fa2ad646270a080eeb47b

SHA256
f82532c264b7e9eb7f6a9600759550125d800683dc2d9908717f241a38b9a775

SHA512
1af4b7541511033bffa5a699102448384414d104678a71db671f1aefaa37ce76e33bc54aef1ba7d50013a021f8fc8838cf4257ede1315eb5845d42116b51e043

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier

Filesize
651B

MD5
81b30d164d7034f60f7ea0fe57a10fc1

SHA1
6a4e419c8c439fdc3487f9e9753b926d406c0723

SHA256
499edc20f27cc4ed4fa8e23d3e2e49baaa860663e9ff926a14a7d6f0d602d6fa

SHA512
ab0db338cda81dac4cccd768871b6febd222b23cfd5702febc89d81d2fa3a2f0ad612176d47a99d8ae94e27b616b2b9b1308cea3ae8e2168bb7214f0c9084853

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/5384-1612-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1611-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1610-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1609-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1608-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1607-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1606-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1601-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1602-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download
memory/5384-1600-0x0000000005A30000-0x0000000005A31000-memory.dmp

Filesize
4KB

Download