hxxps://www[.]google[.]com/search?q=how+to+download+a+windows+10+iso&rlz=1C1GCEA_enUS1102US1102&oq=how+to+download+a+windows+&gs_lcrp=EgZjaHJvbWUqBwgBEAAYgAQyBwgAEAAYgAQyBwgBEAAYgAQyBwgCEAAYgAQyBggDEEUYOTIHCAQQABiABDIHCAUQABiABDIHCAYQABiABDIHCAcQABiABDIHCAgQABiABDIHCAkQABiABNIBCDc4NjZqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8&safe=active&ssui=on

Resubmissions

17-04-2024 14:27

240417-rsxa7sdd6x 10

17-04-2024 14:17

240417-rl6lasbe47 8

Analysis

max time kernel
417s
max time network
420s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17-04-2024 14:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.google.com/search?q=how+to+download+a+windows+10+iso&rlz=1C1GCEA_enUS1102US1102&oq=how+to+download+a+windows+&gs_lcrp=EgZjaHJvbWUqBwgBEAAYgAQyBwgAEAAYgAQyBwgBEAAYgAQyBwgCEAAYgAQyBggDEEUYOTIHCAQQABiABDIHCAUQABiABDIHCAYQABiABDIHCAcQABiABDIHCAgQABiABDIHCAkQABiABNIBCDc4NjZqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8&safe=active&ssui=on

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 9 IoCs

pid	Process
208	MEMZ.exe
4320	MEMZ.exe
368	MEMZ.exe
1288	MEMZ.exe
3392	MEMZ.exe
3116	MEMZ.exe
4844	MEMZ.exe
4768	AgentTesla.exe
2220	Melting.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
131	raw.githubusercontent.com
132	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 10 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.xml	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\SharpSteam.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\Microsoft.Management.Infrastructure.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\System.Management.Automation.xml	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\UWPHook.exe.config	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\VDFParser.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignColors.dll	AgentTesla.exe
File created	C:\Program Files (x86)\Briano\UWPHook\MaterialDesignThemes.Wpf.dll	AgentTesla.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2288054676-1871194608-3559553667-1000\{3598C3BB-707C-4612-BF32-6F1F9E164297}	msedge.exe

NTFS ADS 5 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 932509.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 248727.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 168312.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 321352.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 932516.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3448	msedge.exe
3448	msedge.exe
3232	msedge.exe
3232	msedge.exe
1032	identity_helper.exe
1032	identity_helper.exe
4444	msedge.exe
4444	msedge.exe
652	msedge.exe
652	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
3668	msedge.exe
1812	msedge.exe
1812	msedge.exe
4468	msedge.exe
4468	msedge.exe
4820	msedge.exe
4820	msedge.exe
3804	msedge.exe
3804	msedge.exe
4320	MEMZ.exe
4320	MEMZ.exe
4320	MEMZ.exe
4320	MEMZ.exe
4320	MEMZ.exe
368	MEMZ.exe
368	MEMZ.exe
4320	MEMZ.exe
1288	MEMZ.exe
1288	MEMZ.exe
4320	MEMZ.exe
4320	MEMZ.exe
368	MEMZ.exe
368	MEMZ.exe
3392	MEMZ.exe
3392	MEMZ.exe
1288	MEMZ.exe
1288	MEMZ.exe
3116	MEMZ.exe
3116	MEMZ.exe
1288	MEMZ.exe
3392	MEMZ.exe
1288	MEMZ.exe
3392	MEMZ.exe
368	MEMZ.exe
4320	MEMZ.exe
368	MEMZ.exe
4320	MEMZ.exe
3116	MEMZ.exe
3116	MEMZ.exe
4320	MEMZ.exe
4320	MEMZ.exe
368	MEMZ.exe
368	MEMZ.exe
3392	MEMZ.exe
3392	MEMZ.exe
1288	MEMZ.exe
1288	MEMZ.exe
3392	MEMZ.exe
368	MEMZ.exe
368	MEMZ.exe
3392	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe
3232	msedge.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
208	MEMZ.exe
4320	MEMZ.exe
368	MEMZ.exe
1288	MEMZ.exe
3392	MEMZ.exe
3116	MEMZ.exe
4844	MEMZ.exe
4768	AgentTesla.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3232 wrote to memory of 3924	3232	msedge.exe	84
PID 3232 wrote to memory of 3924	3232	msedge.exe	84
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 1592	3232	msedge.exe	85
PID 3232 wrote to memory of 3448	3232	msedge.exe	86
PID 3232 wrote to memory of 3448	3232	msedge.exe	86
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87
PID 3232 wrote to memory of 3696	3232	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.google.com/search?q=how+to+download+a+windows+10+iso&rlz=1C1GCEA_enUS1102US1102&oq=how+to+download+a+windows+&gs_lcrp=EgZjaHJvbWUqBwgBEAAYgAQyBwgAEAAYgAQyBwgBEAAYgAQyBwgCEAAYgAQyBggDEEUYOTIHCAQQABiABDIHCAUQABiABDIHCAYQABiABDIHCAcQABiABDIHCAgQABiABDIHCAkQABiABNIBCDc4NjZqMGo3qAIAsAIA&sourceid=chrome&ie=UTF-8&safe=active&ssui=on
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb011346f8,0x7ffb01134708,0x7ffb01134718
  2⤵
  PID:3924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
  2⤵
  PID:1592
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
  2⤵
  PID:3696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
  2⤵
  PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4692 /prefetch:1
  2⤵
  PID:4072
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5456 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
  2⤵
  PID:2680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5500 /prefetch:1
  2⤵
  PID:540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:1384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=180 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3560 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
  2⤵
  PID:1332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4188 /prefetch:8
  2⤵
  PID:4400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3392 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4652 /prefetch:1
  2⤵
  PID:884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5888 /prefetch:1
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3988 /prefetch:8
  2⤵
  PID:3204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5368 /prefetch:1
  2⤵
  PID:4588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6608 /prefetch:8
  2⤵
  PID:4868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6664 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6576 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  PID:2208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5904 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
  2⤵
  PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6784 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1904 /prefetch:1
  2⤵
  PID:3644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6652 /prefetch:8
  2⤵
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5064 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
  2⤵
  PID:2608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3540 /prefetch:8
  2⤵
  PID:2124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5976 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:1
  2⤵
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2664 /prefetch:1
  2⤵
  PID:3456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7064 /prefetch:1
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,7534752873149765058,13647200674467520667,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:836

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4644

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1944

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3400

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:208
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4320
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:368
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1288
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3392
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3116
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  PID:4844
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:1532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb011346f8,0x7ffb01134708,0x7ffb01134718
      4⤵
      PID:2040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
    3⤵
    PID:5112
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb011346f8,0x7ffb01134708,0x7ffb01134718
      4⤵
      PID:1720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    PID:2940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0xf8,0x134,0x7ffb011346f8,0x7ffb01134708,0x7ffb01134718
      4⤵
      PID:628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:2348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb011346f8,0x7ffb01134708,0x7ffb01134718
      4⤵
      PID:4964

C:\Users\Admin\Downloads\AgentTesla.exe
"C:\Users\Admin\Downloads\AgentTesla.exe"
1⤵
- Executes dropped EXE
- Drops file in Program Files directory
- Suspicious use of SetWindowsHookEx
PID:4768

C:\Users\Admin\Downloads\Melting.exe
"C:\Users\Admin\Downloads\Melting.exe"
1⤵
- Executes dropped EXE
PID:2220

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
b82ca47ee5d42100e589bdd94e57936e

SHA1
0dad0cd7d0472248b9b409b02122d13bab513b4c

SHA256
d3c59060e591b3839ec59cad150c0a38a2a2a6ba4cc4dc5530f68be54f14ef1d

SHA512
58840a773a3a6cb0913e6a542934daecaef9c0eeab626446a29a70cd6d063fdb012229ff2ccfa283e3c05bc2a91a7cac331293965264715bdb9020f162dc7383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
36KB

MD5
4161219c352fb62aca31b7df6738b036

SHA1
c1b9c8481dbbdaecadb26db844d6b80a036ce1de

SHA256
f51a1f3d4b19f507a2f5e60d78011f8b5b60dad6664245b37ecbbfb3f3305328

SHA512
180d23385bda32228df1bae3547c886e2c510c40646ff18cbc84883b1a059053fe1e003a64e837422da7b5b1ba72bfcc33c8a659b777d836fca25dd8efd0278f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80089a7b3438c897_0

Filesize
289B

MD5
9c6e72fa40402b4ff4836d022d08f30b

SHA1
387dbf02e912a1792f1fa23c8c48a801ac97c355

SHA256
c119fec3f62d9aa342480088e5608313c0de439e39feff283a383813a90f3db9

SHA512
ac2a06cc37e64a0c07fa5ed7ba16733852031b2dc92f9a863af4a8fb243a5b6bbba318a2feb13514a71e8689b855d33282a0b9cb8c4649854f0856a2d66bf6ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a29e3c7b29af710a_0

Filesize
326KB

MD5
c7ec10d3933b6b57094b88827910e180

SHA1
4a9e76459b8ca0f9ba60fc1680bef0efd201c2af

SHA256
ab8aa0bf1758d22e2efdc7a8aa75d1221e76d0c3043bbdf718d405a4d6ecf0c7

SHA512
af2439428b37f4da8b0a2b7ea441903596f9e3717df43cf9b18d18ffbb354f243c8221bc4941dfd2f0b4a1662300f436fc8723c27deca51f170263f59f28e25b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f3d1844a68efdde13e180fd79d85470a

SHA1
44fcf39bbc8ed8e81c38b8e785a32c828f4c0050

SHA256
8a85962dbef645e2fb7ca6d2d285bf8ce3caaf43c2090478fa4070bc1dccb6f5

SHA512
97f5dde5a3685dac7571f3364f400314106edd6e73f00b13a7e51ac04a90f7219ff44b543a8740032cffcd3a5ffa12288f7845e1f46148856b1ea4a10705f953

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
077e830193b52e93f5f2aca5c1c47a7d

SHA1
d9410ef32a3582bb1487a0088f7edb824a1db282

SHA256
70c3cafd653574060628306639c3344cee2808c1f5a6efb907c47b77e3e0a00a

SHA512
770ce00b39c8d9e0f35ec310222db4b9b8d7b5c343c67a30233216bb48677884c1abe662c81de18c6507f827a48f556f98c2761b4442acfbdbb5f3c417d7d860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
af12b7aeef39291bfe194d9cafd8bcd3

SHA1
fda03b60d4d390e1cd9b201501c4ecb0c2f0281f

SHA256
9b260318260d86f24257c4b909113826a15bf65bdd02dd44ae72949820ae6203

SHA512
1f71c0b4dda9d8791fc286533b8a12600fde2b74b651e2abad37c16a8b85d34b810ac18a0974d16feb19f3e14901ae0846ec194d45507f7925b8f4128982f4af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
61c48201b2bbb31afb2725a52059abe8

SHA1
13df592f6a1125072b656dcc0c88bdd8c0df8a30

SHA256
135dcb47dd4fb2185c8d1ae7989eac32273ebcc9083ae97a18030c294224dc76

SHA512
adfab599d153f6ddc6efe7a42a9e5880dbaa654e45c1c5f08f2264ba3d026022c4abdeebf67d2e62991819af3c6ca2d0441a4121b91c87ea2d5cbef648298398

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
83a1457755aa5d4f72d39990318fdfd7

SHA1
a7f1cfba9e2e592d99fdf505fef47cf50c5a3f20

SHA256
3d65a1f588b4fc3b7fdc4cf4d08f2e8eac08f07ce0cefb33037edfbbb17cc3ea

SHA512
8250b73363c1c278efe937cdb109b0057cee49807512b7037575ade0871c5daa34abddddc1dedc78e73bb01a971711821f951800e961dbfb8ab35fec86a82e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d1c02b6c2582cd14f384ce7e341c3c44

SHA1
ed1242b6479d2343939a9c965e8bb9ec4c15be63

SHA256
aeffd53147435308a0ca8b2f6f24fa82f36a38b4636b505d9960d2aedfbe181a

SHA512
03afa60158e3ea35f0af4a3946ffd98494a215c63a829420cd9031e7fa318fca53ca8112715d893407174febcc1aa693eab9740322b04aaa60985ee7f85e1a10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
59da72f9a1293c0555684839627b8aa6

SHA1
e5aa7447b6df77079b918667d78ad9ce97f2cb03

SHA256
d35940702135bd567a4641d84a94a16c6e39688f06c8cc063c17bdb4b091e753

SHA512
3d0f9872eadd46dc5e4e0223ff9f2b109ec101cc829bc52b5ad2f6e0d96539e7517b28ba0681a1c7e17a96d57425ddbabd040a696aa2a50c50c73b1780fe1a8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3abf5cfb862e8e7aae73940ca500a2d

SHA1
9c78f39d48bf31a3d93e157e3a1ad91ecd821e7d

SHA256
3d574b7511cdb110575cca55fc26ffe3a460eb65891b6f68fd2de772d6fd203d

SHA512
aac3fd067800a75439a5ea8de3067567d8bbddd6baf8e523a4a7c41d2834337b49f884e7152a0ea4bdb9ca06b81ca0018b233f71340b4bd97957de14e28ffc71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c4a554bb7649746b58e8e64bffb68c1c

SHA1
3084acbefcdf52883a885af9cc87e743de675b98

SHA256
885578a1b14d1644b3fe8f712acc3f02c10f770d3842c8502f25576ae0c15d42

SHA512
413d3364586dacf73f85f0068db94d67d989a6eb1cc1918686b2dc59bd2f96a34a7dd53458eabd7400d57b4a6e5595288315f7c71d082317ff5cf60ad7e75325

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e62097c7ad99dbb62371a540b9087d88

SHA1
26d3822b524ef74b1694f9641806a2c93bb5cd9e

SHA256
f81e3a435aa9b2e652416a5e912d412d99eb7eec44fdb25af4fce11280f44044

SHA512
72b26d365335e2a8f82692df7265c25f9e13383a7da475ba63c773d161e9ea45cd6424d04347b619e86a2480b5e361345fb412433c853792569cd56da362c428

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7c1fe47f16bcec35b1566c9786aa18c1

SHA1
73f38483b7b86032a9d6001f8313d883d47b8574

SHA256
387957ce17aa423eee0a0673f9f1558021a7fa8b758bc1c8165cd0f341de280f

SHA512
8782a328886a8c5f7f79ce91e91e0daf59586faa5f1238e47cd57305b9ab6218d02aa729756b248580f1f154e92abc7132c6a4f3d8d8b0d7df7e9048ae1bad5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
beb9084dfe2c9aae64de6e44eb7c47cd

SHA1
edf7cfd28f4b3a36b92a250d9531753919d7879f

SHA256
a6c0efbebe3d61dc6968e578e7353bb18a86ce19e812fadc79bb63e65b6a3692

SHA512
c1273d10177f7e028e3bbce79c7b505027ab1f30bd824ee1996fee680277cdbe2d59f57717901f8382bd4e1d1404b03610044116c5e62ee13004ee0ff16ee389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
434935968c39bcd1823c6394959bd3c3

SHA1
612c0c04ac50fec814e74b86df0dff656d296d2c

SHA256
e15afccc45e2b7a445bb2aa39f31fd804e518b0a06fd91f4772cac3b4ef22419

SHA512
846d1372fe0c83857ace15cbc28e81fdfa8123a254e7be23ba1fbc94198d29674be9caf5559986dce0316f32db0f6f3f97a6444629e1b4c8e4ad09f4fe79b906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3d160c0bec85a2f73228fa71fdd9b2b6

SHA1
ff8ac08f85183bc58a4b6abe51aea0ffb0322199

SHA256
b656cc6d47317d11c813058cd3858540740b64355c4091970401a9b602cee133

SHA512
e4233370d61eaa81344b71ba28d241ba6210a6fe01a1ecd70a98cde76cd956f10aeb8f0d1bf360efd6947b7df2b2095c8d2a488b1d06a05bfb5eca9a748bff57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
894886c161bc92d81c76f6a9d46a96d9

SHA1
b2e7b72627683425b824b52500500882bb7cf86a

SHA256
74e026f9718d2f35a6512c76b0ca55f831d7b30152046c5d67ad179b2c825045

SHA512
0fdb4a8f933a734408670d19717da4c7e76e60d0317744ea178452034a293717270710b6d0274151c2a0f0c2681fd314043daf3dd94be5851c465a3f9e58d090

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
927e2b9264bc1ab4ad5b718159df60b8

SHA1
8d278182db877d133782dfb29129ccc5189a8a89

SHA256
08041bac4278f82723bebdf2479fdcf1b0ea92ead51b3c02e7515530ca4f9a91

SHA512
2aca7ced0087bf1da21cfd368cc8257eeb11c95e37a90e569f60ec3f21dbbfd9db20b421dda75c1101d15cd88542f77c08e836e507138d3d40f8187767da10d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3e9558e285f1fbdf543fcc7265867566

SHA1
1af84229fc719f961547ef2921007a46f5cda4b3

SHA256
06fdd503d40327db1100af928dd2e6902972c9aa0fabe807ca7812383f2ac581

SHA512
3a0d9426d34a590bcf8ef1b690b342bedff5f212a724faf4b3c081e5556255337485a24217627df7ee4fe171b1c0817160ea4750b46d938ed9cdd13a93f4e996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
3109e0cf68f3838f43b1972345dd2cd7

SHA1
53d7af90beabb7552b953176a0c52c3beb92fec5

SHA256
315ea4acff094c259ff881a7a55fc11594e82f26e4d9516ab97156a86c5f7961

SHA512
d51fb7e7aa4a1bfd146b8bff42ee40e90b3a7f035cbe5200c53c2c86bfd794a9be69f706dd68a5009d7432ab419a4d5a9eaf345fe08080011acc16a6aee78656

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
33b37ca4d4a80a5faabd6890de43e167

SHA1
5b433d243fdda7a7a8e28b68ac1c174263bc469c

SHA256
cd08ce73ac53ffc6af711d8b1a9137795b5b0505c08da406a69b0b7e0ab93c73

SHA512
dae4fc06429621d56836ba4f532c2be9a8414f32da9ed7625b9dc89e0b6c38085c7460a7172e74fb7ab027433a8d37bc1c259a66ca072bd0968eb50101a251f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
db406ae54882d2cac82b91a9c0dd4a9f

SHA1
12403f026db2a7eaa207fb5c9d92b765eab891b0

SHA256
d06c1b51e73f9fdc811a0aaeda5a354d71e73dee924a2415397aa85d486853b6

SHA512
e197ad0a1489afb6b84f8c5febd2c86e8366710e753bef27593298cff64da9f921f5a33cecff35c4890779459e33899652d253edafdd2c75285a934a800fac62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
eacd783ddc2900fd200a898f8ea94082

SHA1
9abb6a484a55485a8b2c03c298bc8979e564a20f

SHA256
b22ffadef5701f5bf39e38e6927a4ee0df4cdd2406ff0cd6d0a8213d6db3959c

SHA512
181940cf920cc54284b5d19443f560fdf48150d5449637a40ddec287fd513b58f469c02c1318717847931f1031dd79f6a6039b30b42551cf4f8c6b2ecf9f6146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e179950750f0ed6547c3886301dd667a

SHA1
20776a13b13da3d944982999396364a1ad0b4b74

SHA256
c5708409b992c519f9f1c49ecca236a7ec512627d0525cc702c53b4dbb221c09

SHA512
6876962a3446368085aa91bc1252b0daabf1de089bfb5122608147b1b569aefca27cc3889e7b5335bbc13a93e96448fdb7d48fe2189cd5499f1896f88f6fa85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5a70aff6168d1249a9ec9dcaf2e7ae4a

SHA1
d22c3bd314f68733beccc17f24a2a825a1e8c4bc

SHA256
b660e80b01c7a4066830d4801bee1ac3f2f22ba1af6aef2a53f5d69f99561c9e

SHA512
76f3553fc2b7e782e109272cc21ce2d0b8ebefbf8c99f65981cff7c822657da9c69156761cc75358d4de50cf209056b1fda30dab22fe6cb50e90a9e82e7a2532

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
540e696f53d4e298358aeb90e2f1bf04

SHA1
8281a17ba7b831cffa7c2a1adc4b15f1f0f02bb6

SHA256
175d491675c88abc621284bf96114723ed4cfb8203555dfadd29211da5340ab5

SHA512
3a331e7346e43f1ad2dfc2c44afa0a3f577b1bb9953874cf179a40fb350ec2d9428aa410efff3fadaef413fa68df48045e871b2b6b17f36b8d1bb961dba8658d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
536a964e4fd5a62281bea89fcde3f060

SHA1
9ffc48e19c985d270504f03e0c5240a9468bbf9f

SHA256
2de4f124c5138615aa21e53c41b2c0e8a308d7009f4bc869b4f726fe36beb6b2

SHA512
0fc39f1edf8ad046dc9d527718bc4177970dc348cb367f2f3946edfc847f7a669c498b81d9348400f00905dee134a4bd25210b910848c6dd5eeaff45698db43f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57ed6d.TMP

Filesize
204B

MD5
f5b568f89b6bd7895970816037480e48

SHA1
0c69ce284db4d89720048b76a92ebfc2558d49ab

SHA256
b99add25d58008006778bc16e3e01a1c375ed46744e2ec8b37039781a801f90f

SHA512
b54f5089a70278be735113fe8e7a42a4a3cc995c355be7a4a748fd070facf3645a8561facfb6bb2e6861778248eef94ad34c0083eab8fa4408cb9c605c8e8e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4d8e51e0077746390933b98d389c30e3

SHA1
cbd26d0ccaf3e9640884fe744c3bdaeeddabd2cb

SHA256
6615539d174c97829f79127e89b6f2ec725fdf9f02fbc3a22c6596564a90dbaf

SHA512
be8082f410184e1b06d9845d22677128c5db20762f76899f46995ac1d7df7a1b46dc873d7a596fd14fd1becc9b9904af41d583b8be42a1e9183c52aa20ea04f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7b281a9ee62853170c4cf58fe056b3c5

SHA1
6719f78ee558e6e6a20fc38e56624e2e22d0d068

SHA256
d498a56ac49c6a49f3639413dd91a1fe8bb4617bf362a4ab53e6e35c5aa3e40c

SHA512
615f38b4ceeba0510b4eb7d965742198aea246a622d40614bb03ca5f9cf2867586bf60aaefa2fb5a985ca538584ff6121b7e1c12aa43fc1770dc05e888bdfd0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
db060bde9fbeed5efc8b0eae1b745f8b

SHA1
91cd727152a85f9721bbac03c768e0fbfdb32469

SHA256
bdb4f9abc9fac963d4291787bb103a443dc3c943dc006b500f45fdea60c0c979

SHA512
dccef0ef14e11953a539a2f718df13c14648d7dc7c3752975a0601eba5a2cbbf8a3c8904da0004b8effdffbe416bb7d225b941bad876550ed642223b0ff3b322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
82edfd4fa3a4eafb608586234cf78e45

SHA1
671ee7d0a67d63d3ffb5f2afd0f3f12dc1469a12

SHA256
6faaff4fe600f69ad48e3744bac6f8c4eb2da291e3e938de0a2bce03a526165d

SHA512
0dd0cf8292c3e00cd50da61c0f1ef40677c221c3cf9f3937552ef500327f3052e1748b0eb6fe500787d2f62dc6113ac6dbacd70ec3828b54958f5977e4763ea0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f33898529c1437d1ffff44a26536af53

SHA1
4eb09d3cc7632d00dd48e253f24fbc5c7db771f4

SHA256
1842120c62bd95084434f402dad2e8dcd615df961cf18a16a067e5de4d6926b4

SHA512
7266f9cfac871accd53a22ebe33ec09cde7dfcd9efce59433968c7f065f4829b99bf0166b695996112f94a19df46c2c41002d11f5a0c455b5544e2c7e2d98c54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3d78acbf793bd233bbab291e3d512304

SHA1
a63ea026fa9c78016a9b52a38dae88b836609e0e

SHA256
250e8a22b58e7995ba961ad9e5798318632a426401a25882261c49505ccdc103

SHA512
af939dca3b2a7987f8c970204152d4ab9705cbcd02685d84444daae6fb696149f652352a63bfbcc2c15870c29a4befc4881ecddb76a83e80afc0e59b698c4490

Download Submit
C:\Users\Admin\Downloads\FlashKiller.exe

Filesize
4KB

MD5
331973644859575a72f7b08ba0447f2a

SHA1
869a4f0c48ed46b8fe107c0368d5206bc8b2efb5

SHA256
353df4f186c06a626373b0978d15ec6357510fd0d4ac54b63217b37142ab52d3

SHA512
402662eb4d47af234b3e5fbba10c6d77bdfdb9ff8ecfdd9d204f0264b64ea97fc3b5c54469f537173a26c72b3733550854749649d649bc0153c8fe3faacc50a1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\Melting.exe

Filesize
12KB

MD5
833619a4c9e8c808f092bf477af62618

SHA1
b4a0efa26f790e991cb17542c8e6aeb5030d1ebf

SHA256
92a284981c7ca33f1af45ce61738479fbcbb5a4111f5498e2cb54931c8a36c76

SHA512
4f231fc16339d568b5cf9353133aeae835eb262dab68bc80d92f37b43df64dce4fae0e913cbaa3bb61351a759aeecf9d280bc5779b0853c980559a654d6cca11

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 168312.crdownload

Filesize
225KB

MD5
af2379cc4d607a45ac44d62135fb7015

SHA1
39b6d40906c7f7f080e6befa93324dddadcbd9fa

SHA256
26b4699a7b9eeb16e76305d843d4ab05e94d43f3201436927e13b3ebafa90739

SHA512
69899c47d0b15f92980f79517384e83373242e045ca696c6e8f930ff6454219bf609e0d84c2f91d25dfd5ef3c28c9e099c4a3a918206e957be806a1c2e0d3e99

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 321352.crdownload:SmartScreen

Filesize
7B

MD5
4047530ecbc0170039e76fe1657bdb01

SHA1
32db7d5e662ebccdd1d71de285f907e3a1c68ac5

SHA256
82254025d1b98d60044d3aeb7c56eed7c61c07c3e30534d6e05dab9d6c326750

SHA512
8f002af3f4ed2b3dfb4ed8273318d160152da50ee4842c9f5d9915f50a3e643952494699c4258e6af993dc6e1695d0dc3db6d23f4d93c26b0bc6a20f4b4f336e

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 932516.crdownload

Filesize
2.8MB

MD5
cce284cab135d9c0a2a64a7caec09107

SHA1
e4b8f4b6cab18b9748f83e9fffd275ef5276199e

SHA256
18aab0e981eee9e4ef8e15d4b003b14b3a1b0bfb7233fade8ee4b6a22a5abbb9

SHA512
c45d021295871447ce60250ff9cbeba2b2a16a23371530da077d6235cfe5005f10fa228071542df3621462d913ad2f58236dc0c0cb390779eef86a10bba8429f

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit