bcf6979216dc10c957d4dc9f15cb3f8581c9ef596a2e126061a4cba8d992e46a

Analysis

max time kernel
876s
max time network
877s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20/04/2024, 18:53

Sharing

Reason

Machine shutdown: "{\"level\":\"info\",\"time\":\"2024-04-20T19:08:12Z\",\"message\":\"Dirty snapshot: /var/lib/sandbox/hatchvm/win10v2004-20240412-en/instance_12-dirty.qcow2\"}"

Report Analysis Logs

General

Target

.html
Size

147KB
MD5

1857b78cc695fa858880ed5203af8999
SHA1

170a5b54dba37095af834d76f4f5062c48cf5a4e
SHA256

bcf6979216dc10c957d4dc9f15cb3f8581c9ef596a2e126061a4cba8d992e46a
SHA512

a7ef8183e44aa1e06c193d6de7a4b300bc5c3ec00bc229f2cc12e5fa44bbf9dc67f07df31b6702fa43e3b0b8ccd2f1f2152d83f6992ac56658be2d3217c5c113
SSDEEP

1536:orkud8LonVJoqYarK4DsYNgRyypRMPuNPV5nPztP4FPfaParP8R4DJ2PWTllU0r4:6kPL6WVMllhAYnHhqiS

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	Memz Clean.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Control Panel\International\Geo\Nation	Memz Clean.exe

Executes dropped EXE 8 IoCs

pid	Process
5288	MEMZ.exe
6008	Memz Clean.exe
2352	Memz Clean.exe
3144	MEMZ.exe
2592	MEMZ.exe
3200	Memz Clean.exe
3688	Memz Clean.exe
3920	MEMZ.exe

Enumerates connected drives 3 TTPs 2 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	SystemSettingsAdminFlows.exe
File opened (read-only)	\??\F:	SystemSettingsAdminFlows.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
435	raw.githubusercontent.com
436	raw.githubusercontent.com

Drops file in System32 directory 13 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jcp	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00001.jrs	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.jtx	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSSres00002.jrs	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.jfm	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat	svchost.exe
File opened for modification	C:\Windows\system32\Recovery\ReAgent.xml	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSStmp.log	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\DataSharing\Storage\DSS.chk	svchost.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 64 IoCs

description	ioc	Process
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\PushButtonReset.etl	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\SessionID.xml	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\setuperr.log	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\WinRE	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\actionqueue\oobeSystem.uaq	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\setup.exe	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\UnattendGC\diagerr.xml	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\Logs\PBR\Panther\actionqueue\oobeSystem.uaq	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\setupact.log	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\unattend.xml	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\SessionID.xml	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\INF\setupapi.offline.20191207_091437.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\UnattendGC\diagerr.xml	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\Contents0.dir	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\CBS\CBS.log	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\UnattendGC\setuperr.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\diagerr.xml	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\MainQueueOnline0.que	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\setupact.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\Logs\PBR\Panther\UnattendGC\setuperr.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Timestamp.xml	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\MainQueueOnline1.que	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\unattend.xml	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\DISM\dism.log	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\actionqueue	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\UnattendGC\diagwrn.xml	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\UnattendGC\setupact.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\MainQueueOnline1.que	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\_s_38E5.tmp	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\setuperr.log	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\BCDCopy	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\Contents0.dir	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\setupinfo	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\Logs\PBR\INF\setupapi.offline.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\DDACLSys.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\Logs\PBR\ResetSession.xml	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\Panther\UnattendGC\setupact.log	SystemSettingsAdminFlows.exe
File opened for modification	C:\Windows\Logs\PBR\Panther\cbs_unattend.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File opened for modification	C:\Windows\Logs\PBR\INF\setupapi.setup.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\Logs\PBR\CBS\CBS.log	SystemSettingsAdminFlows.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 24 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	vds.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	vds.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	vds.exe

Enumerates system info in registry 2 TTPs 27 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 15 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "237"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Mode = "6"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 02020202	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\NodeSlot = "4"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\FFlags = "18874369"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	mspaint.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 020000000100000000000000ffffffff	explorer.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4084619521-2220719027-1909462854-1000\{3374AB45-E9C0-4B08-9A48-0911688349A2}	msedge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 0100000000000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\2\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	Memz Clean.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\4\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\ColInfo = 00000000000000000000000000000000fddfdffd100000000000000000000000010000001800000030f125b7ef471a10a5f102608c9eebac0a00000000000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-4084619521-2220719027-1909462854-1000_Classes\Local Settings	mspaint.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 379215.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 690395.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1168	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
4008	msedge.exe
4008	msedge.exe
4564	identity_helper.exe
4564	identity_helper.exe
5496	msedge.exe
5496	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
5696	msedge.exe
3720	msedge.exe
3720	msedge.exe
3156	msedge.exe
3156	msedge.exe
5404	msedge.exe
5404	msedge.exe
1612	msedge.exe
1612	msedge.exe
5144	identity_helper.exe
5144	identity_helper.exe
5312	msedge.exe
5312	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
2508	msedge.exe
3400	mspaint.exe
3400	mspaint.exe
5868	mspaint.exe
5868	mspaint.exe
1136	msedge.exe
1136	msedge.exe
4168	msedge.exe
4168	msedge.exe
3812	msedge.exe
3812	msedge.exe
5400	msedge.exe
5400	msedge.exe
4500	msedge.exe
4500	msedge.exe
2772	msedge.exe
2772	msedge.exe
2772	msedge.exe
3232	msedge.exe
3232	msedge.exe
640	msedge.exe
640	msedge.exe
3700	identity_helper.exe
3700	identity_helper.exe
5124	msedge.exe
5124	msedge.exe
5128	msedge.exe
5128	msedge.exe
1672	msedge.exe
1672	msedge.exe
4012	msedge.exe
4012	msedge.exe
4976	identity_helper.exe
4976	identity_helper.exe
1624	mspaint.exe
1624	mspaint.exe
3980	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 4 IoCs

pid	Process
4928	mmc.exe
1552	OpenWith.exe
1656	SystemSettingsAdminFlows.exe
4660	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 64 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
4168	msedge.exe
5400	msedge.exe
5400	msedge.exe
5400	msedge.exe

Suspicious use of AdjustPrivilegeToken 40 IoCs

description	pid	Process
Token: 33	5636	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5636	AUDIODG.EXE
Token: 33	4928	mmc.exe
Token: SeIncBasePriorityPrivilege	4928	mmc.exe
Token: 33	4928	mmc.exe
Token: SeIncBasePriorityPrivilege	4928	mmc.exe
Token: 33	4928	mmc.exe
Token: SeIncBasePriorityPrivilege	4928	mmc.exe
Token: SeBackupPrivilege	2700	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	2700	SystemSettingsAdminFlows.exe
Token: SeSystemEnvironmentPrivilege	2700	SystemSettingsAdminFlows.exe
Token: SeBackupPrivilege	2700	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	2700	SystemSettingsAdminFlows.exe
Token: SeSecurityPrivilege	2700	SystemSettingsAdminFlows.exe
Token: SeTakeOwnershipPrivilege	2700	SystemSettingsAdminFlows.exe
Token: SeBackupPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeSystemEnvironmentPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeBackupPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeBackupPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeSecurityPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeTakeOwnershipPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeShutdownPrivilege	1168	explorer.exe
Token: SeCreatePagefilePrivilege	1168	explorer.exe
Token: SeBackupPrivilege	4904	vssvc.exe
Token: SeRestorePrivilege	4904	vssvc.exe
Token: SeAuditPrivilege	4904	vssvc.exe
Token: 33	4660	mmc.exe
Token: SeIncBasePriorityPrivilege	4660	mmc.exe
Token: 33	4660	mmc.exe
Token: SeIncBasePriorityPrivilege	4660	mmc.exe
Token: SeTakeOwnershipPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeTakeOwnershipPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeBackupPrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeRestorePrivilege	1656	SystemSettingsAdminFlows.exe
Token: SeShutdownPrivilege	1656	SystemSettingsAdminFlows.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
5288	MEMZ.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
4008	msedge.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
5288	MEMZ.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe
1612	msedge.exe

Suspicious use of SetWindowsHookEx 40 IoCs

pid	Process
5288	MEMZ.exe
5288	MEMZ.exe
2352	Memz Clean.exe
3716	mmc.exe
4928	mmc.exe
4928	mmc.exe
2352	Memz Clean.exe
2352	Memz Clean.exe
2352	Memz Clean.exe
2352	Memz Clean.exe
3400	mspaint.exe
1552	OpenWith.exe
2352	Memz Clean.exe
5868	mspaint.exe
1036	OpenWith.exe
2592	MEMZ.exe
2592	MEMZ.exe
2700	SystemSettingsAdminFlows.exe
3688	Memz Clean.exe
1656	SystemSettingsAdminFlows.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
1624	mspaint.exe
1624	mspaint.exe
1624	mspaint.exe
1624	mspaint.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
3688	Memz Clean.exe
3520	mmc.exe
4660	mmc.exe
4660	mmc.exe
3688	Memz Clean.exe
6388	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4008 wrote to memory of 1548	4008	msedge.exe	84
PID 4008 wrote to memory of 1548	4008	msedge.exe	84
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 3968	4008	msedge.exe	85
PID 4008 wrote to memory of 4548	4008	msedge.exe	86
PID 4008 wrote to memory of 4548	4008	msedge.exe	86
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87
PID 4008 wrote to memory of 3844	4008	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\.html
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
  2⤵
  PID:1548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2632 /prefetch:8
  2⤵
  PID:3844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:2656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4116 /prefetch:1
  2⤵
  PID:4584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
  2⤵
  PID:2768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  PID:4612
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5688 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4960 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5896 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4732 /prefetch:8
  2⤵
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5824 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6172 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:2416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5840 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4808 /prefetch:1
  2⤵
  PID:5740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4688 /prefetch:8
  2⤵
  PID:800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3004 /prefetch:1
  2⤵
  PID:4112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5892 /prefetch:1
  2⤵
  PID:5940
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
  2⤵
  PID:3756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1456 /prefetch:1
  2⤵
  PID:392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2300 /prefetch:1
  2⤵
  PID:2404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6484 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:4988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5304 /prefetch:1
  2⤵
  PID:5444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
  2⤵
  PID:5140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6392 /prefetch:1
  2⤵
  PID:3044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6652 /prefetch:1
  2⤵
  PID:4900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6588 /prefetch:1
  2⤵
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3520 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6676 /prefetch:1
  2⤵
  PID:4492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6564 /prefetch:1
  2⤵
  PID:2672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
  2⤵
  PID:5860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7428 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
  2⤵
  PID:5796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7452 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7976 /prefetch:1
  2⤵
  PID:5856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7664 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7700 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7788 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5496 /prefetch:8
  2⤵
  PID:3856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8016 /prefetch:1
  2⤵
  PID:6116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2220,2314754699111505683,15683075449110691561,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3176 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3156
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
  2⤵
  PID:3100
- - C:\Windows\system32\cscript.exe
    cscript x.js
    3⤵
    PID:4460
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
    3⤵
    - Executes dropped EXE
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:5288
- C:\Users\Admin\Downloads\Memz Clean.exe
  "C:\Users\Admin\Downloads\Memz Clean.exe"
  2⤵
  - Executes dropped EXE
  PID:6008

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3020

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5008

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x4f0
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x100,0x128,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
  2⤵
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
  2⤵
  PID:6128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2528 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5404
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3396 /prefetch:1
  2⤵
  PID:5672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:5896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4732 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  PID:2588
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4852 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5420 /prefetch:8
  2⤵
  PID:5728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5276 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
  2⤵
  PID:4544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
  2⤵
  PID:4104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5556 /prefetch:1
  2⤵
  PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
  2⤵
  PID:3064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1904 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6360 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
  2⤵
  PID:2428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
  2⤵
  PID:1924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5608 /prefetch:1
  2⤵
  PID:6068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,6861924507229383657,1708804817635183989,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3084 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1312

C:\Users\Admin\Downloads\Memz Clean.exe
"C:\Users\Admin\Downloads\Memz Clean.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2352
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\System32\mmc.exe"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3716
- - C:\Windows\system32\mmc.exe
    "C:\Windows\system32\mmc.exe"
    3⤵
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4928

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
1⤵
PID:3540
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:1060
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:3144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault5056e111hac19h462dh8996ha16a099c21df
1⤵
PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
  2⤵
  PID:1456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2188,15387908599275380931,4427316252269543468,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  PID:3460

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\EditEnter.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3400

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s DsSvc
1⤵
- Drops file in System32 directory
PID:5572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:1552

C:\Windows\system32\mspaint.exe
"C:\Windows\system32\mspaint.exe" "C:\Users\Admin\Pictures\EditEnter.png" /ForceBootstrapPaint3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5868

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:1036

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
1⤵
PID:5912
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:1300
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2592

C:\Users\Admin\Downloads\Memz Clean.exe
"C:\Users\Admin\Downloads\Memz Clean.exe"
1⤵
- Executes dropped EXE
PID:3200

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
1⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2700

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:1624

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Checks SCSI registry key(s)
PID:4508

C:\Users\Admin\Downloads\Memz Clean.exe
"C:\Users\Admin\Downloads\Memz Clean.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:4168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:1320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2148,1159989846044390166,1370544779227751347,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
    3⤵
    PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2148,1159989846044390166,1370544779227751347,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2148,1159989846044390166,1370544779227751347,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2996 /prefetch:8
    3⤵
    PID:6008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1159989846044390166,1370544779227751347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:5528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1159989846044390166,1370544779227751347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1159989846044390166,1370544779227751347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4444 /prefetch:1
    3⤵
    PID:3128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2148,1159989846044390166,1370544779227751347,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5288 /prefetch:1
    3⤵
    PID:2300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=g3t+r3kt
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,10668084879214044043,7539665356152661362,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2108 /prefetch:2
    3⤵
    PID:4032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,10668084879214044043,7539665356152661362,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3812
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,10668084879214044043,7539665356152661362,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
    3⤵
    PID:2500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10668084879214044043,7539665356152661362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
    3⤵
    PID:2008
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10668084879214044043,7539665356152661362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
    3⤵
    PID:4528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10668084879214044043,7539665356152661362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
    3⤵
    PID:5816
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,10668084879214044043,7539665356152661362,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
    3⤵
    PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:2772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:4540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,9874206882582209626,12439483966983262076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2208 /prefetch:2
    3⤵
    PID:5032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,9874206882582209626,12439483966983262076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4500
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,9874206882582209626,12439483966983262076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2652 /prefetch:8
    3⤵
    PID:2712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9874206882582209626,12439483966983262076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:1652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9874206882582209626,12439483966983262076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9874206882582209626,12439483966983262076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
    3⤵
    PID:1744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,9874206882582209626,12439483966983262076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
    3⤵
    PID:1544
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  PID:1136
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:640
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xfc,0xd8,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:2508
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2184,15085156715743791727,15055010496034790523,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2228 /prefetch:2
    3⤵
    PID:5196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2184,15085156715743791727,15055010496034790523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2504 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2184,15085156715743791727,15055010496034790523,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2984 /prefetch:8
    3⤵
    PID:636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15085156715743791727,15055010496034790523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3600 /prefetch:1
    3⤵
    PID:1056
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15085156715743791727,15055010496034790523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
    3⤵
    PID:5232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2184,15085156715743791727,15055010496034790523,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4888 /prefetch:1
    3⤵
    PID:3860
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,15085156715743791727,15055010496034790523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
    3⤵
    PID:2452
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2184,15085156715743791727,15055010496034790523,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5176 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+remove+a+virus
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:5128
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:4676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
    3⤵
    PID:4504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5124
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:4896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:3528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
    3⤵
    PID:4904
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4432 /prefetch:1
    3⤵
    PID:856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3904 /prefetch:1
    3⤵
    PID:2660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5392 /prefetch:8
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --extension-process --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5416 /prefetch:1
    3⤵
    PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --field-trial-handle=1988,18119737871390111582,7148975336451380961,131072 --lang=en-US --service-sandbox-type=entity_extraction --mojo-platform-channel-handle=5436 /prefetch:8
    3⤵
    PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  PID:4012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:5672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1852 /prefetch:2
    3⤵
    PID:3524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1672
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
    3⤵
    PID:5312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
    3⤵
    PID:3740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
    3⤵
    PID:4180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
    3⤵
    PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
    3⤵
    PID:3368
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5116 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
    3⤵
    PID:4392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
    3⤵
    PID:1060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2272 /prefetch:1
    3⤵
    PID:5908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
    3⤵
    PID:6356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1960 /prefetch:1
    3⤵
    PID:6364
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:6684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,4390230464108611062,8453380701401490286,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2632 /prefetch:1
    3⤵
    PID:6752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
  2⤵
  PID:2588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:6024
- C:\Windows\SysWOW64\mspaint.exe
  "C:\Windows\System32\mspaint.exe"
  2⤵
  - Drops file in Windows directory
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
  2⤵
  PID:6304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
  2⤵
  - Enumerates system info in registry
  PID:3712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa7dbe46f8,0x7ffa7dbe4708,0x7ffa7dbe4718
    3⤵
    PID:6076
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
    3⤵
    PID:6840
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
    3⤵
    PID:6436
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:4332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
    3⤵
    PID:5376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4936 /prefetch:1
    3⤵
    PID:6408
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
    3⤵
    PID:6056
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5276 /prefetch:8
    3⤵
    PID:5356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
    3⤵
    PID:216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
    3⤵
    PID:6092
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,3939845781665016040,15333093688095263005,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
    3⤵
    PID:800
- C:\Windows\SysWOW64\mmc.exe
  "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
  2⤵
  - Suspicious use of SetWindowsHookEx
  PID:3520
- - C:\Windows\system32\mmc.exe
    "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
    3⤵
    - Drops file in System32 directory
    - Drops file in Windows directory
    - Checks SCSI registry key(s)
    - Suspicious behavior: GetForegroundWindowSpam
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4660

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\Settings (DOWNLOAD WITH MEMZ).bat" "
1⤵
PID:3452
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:6024
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  PID:3920

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5896

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2532

C:\Windows\system32\SystemSettingsAdminFlows.exe
"C:\Windows\system32\SystemSettingsAdminFlows.exe" FeaturedResetPC
1⤵
- Enumerates connected drives
- Drops file in System32 directory
- Drops file in Windows directory
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1656

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:4424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Windows\System32\vdsldr.exe
C:\Windows\System32\vdsldr.exe -Embedding
1⤵
PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2768

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4988

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:1168

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:5804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6044

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:316

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5908

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:1556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2892

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4408

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4904

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3c5b055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:6388

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$SysReset\Logs\Timestamp.xml

Filesize
43B

MD5
0391b2039db4f9cfaab9db1f252a73a1

SHA1
88fc79a9c285d575895c30eed97f6087093ac4db

SHA256
606aae0e7932e809010a2aad85be1969d1417d88473f3192a71feced30a6a494

SHA512
89c238119e0f7baeb678e6fc850fcaafb503fecd4a59fe4123602b211b3e792a48e64fc42c9154ad2085080ce7ebdfe4d4535f06e738ea254fd2b2d47cf3e434

Download Submit
C:\$SysReset\Logs\setupact.log

Filesize
111KB

MD5
73fd6a524385c5a2004edc7bad447178

SHA1
29a783fa367c66e6c87745d9aca536ce01ffc551

SHA256
ade9f2ae38087f66b0370d3fd986c16f6eaf7304ea75352a5dfc316f24367cd7

SHA512
4f065e743cef59a4ad259989425d4ba3e797abc92f0c7827e1bf6c14a55250cc07569511f9f7a1477dab9edbccc8e9d58bf3e1faa334783e0922085a80f2100f

Download Submit
C:\$SysReset\Logs\setuperr.log

Filesize
749B

MD5
7faa8274c74c8233ac90ad6dcb5e628e

SHA1
382843399f120ed7d721076c75497a628b1530a8

SHA256
3bca52c9f120732512566bbea1c2347f87e0c7bde2ad45f1c3dbd7ff0423ab38

SHA512
3fb68374fd478547df719f9f1fef582ea24eab6ede1a01a2605122b876b4d89b938af60cfdc9e3cce7b3342b4ae841cdd542cc0df93d95918ff7e7e823fcc1a1

Download Submit
C:\$SysReset\Scratch\csrss.exe

Filesize
17KB

MD5
a976339058116fcf346437d797c7eec1

SHA1
69a1dcf6a41bc750cacec3185c99839c079275bd

SHA256
8ebf4096d28a78e8ab36e5084784acc90464eb4a74d972c942f147ea59e5134b

SHA512
72bac6ea896d9b7f817ef5644adbdea80bc7f852be124f08487507a4507fb0c0aec167ec03b9dfb8c4ede7f0dbcbdc8343bd3c114eea62bb1b842160fce324a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a9519bc058003dbea34765176083739e

SHA1
ef49b8790219eaddbdacb7fc97d3d05433b8575c

SHA256
e034683bc434a09f5d0293cb786e6a3943b902614f9211d42bed47759164d38b

SHA512
a1b67ccf313173c560ead25671c64de65e3e2599251926e33ce8399fde682fce5cb20f36ee330fcd8bb8f7a9c00ef432da56c9b02dfd7d3f02865f390c342b53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8099f34de1d648fd948c45dede685e3d

SHA1
566bfb213c14d8d72fcb2ba19d4f0835b1796137

SHA256
fc030220e50390076ce0aa5bf50489f6d9fc75983d61c63555adc29ef1f961a6

SHA512
fc29cf19d44247cea0148391503bb755b13281959a6082deaf4052f56a741c2f2f93a0402b72687488d54f12118a630091f9fd72c9db6c46263bf6a55fc1ce02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8a11b952c3d04d0e20d578ebe581806b

SHA1
371e5db6d83d649982b286f5846176de3fee933a

SHA256
ac101287da05453b636a1e5f5640c17604b89ecff48f22ff9402c7a45d4ca8ff

SHA512
2ddb1e178acd5867bf25bbb3a5713371001543fd5a99531bb563302df2df7c0383a1d4617f5ab7829b9abf2fae718a5be58e8e0beda8cb489728f399b8b0d207

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
deea5abfed4e61d187a99a5cbb52145a

SHA1
76f85e509e4d8f83a398656f280adbb51caf5359

SHA256
b5c6dc15f1b0740400baf616209b442e9cebd107361556444f26e56702efe0f6

SHA512
460a8d2ab3da7e0f01133ab187a844ac6f8c3db29429900b7a5fedac615d2afc4e3987ac4ab165607f8167bb83dc05fdf046a8c1c9c9c8476eb1660c95352a6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
233ac9baf4b9cfcefe95fdad31db1007

SHA1
62acbc9737cb086ff3e0a15ea2c8d1ce4ac9ae6a

SHA256
401d0a3cb2af052818e086bc1a326a34683812e826a62c0ec5df899e7a34cd34

SHA512
41673b7792c1a6c80900cd31da550694d041b34f3e5cf03af522e714738b8e2d125678606dc239a9f6a8445ebfd76f1388b77b0aa3fb1e9a6136c3abe5b3719d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b1e122c8bf8079e29e647813af1101b7

SHA1
5d28717622e6b7647b80e58d8522ab26e3c9cd2c

SHA256
f226f1fc0f9fb40e6392b50cad1d09560d16b7914d114dc13739f4414f3dfbd4

SHA512
c83fb7a697b2f4893e441e62e5b66392fa05e359514472b2311fe4d765a3affbb36e1b7b94dc31d53317757497fde4096e7f2fdaf75d0ccdbf5be4c89d5c26d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
424cd7341821cce79bc123e6495481ef

SHA1
9d9a802d4362300f8e8e4f3520c896b436356dc8

SHA256
a5eac0c3941b7fd13c3b6416dd1aaee3b54a7e6daf125cf0cae7997ace7f2c9b

SHA512
de0a3189dcb2857f161852b96cbdf9de93778220ff504592b881a2d128e1da4a738b57489a7893c0a75b38f2b6ea40499d797b1e882d39bf0bc4f53a1baee72b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
af69a4880e50b2ac581dccd65e992bca

SHA1
20a7ba576cc5b30173cf9cd52a7312d32b4bd5a7

SHA256
02aec65eb9b7650fb48b9c3cd02c125dc11e1b56066e6e8c812d0c374064a583

SHA512
91dd753e130878e3c7582b9dba822d61ff34ae09a952f9df854b2b68d7ef91a78207bf6a2933b66ef9b2dbe980a848d75f361bb59e90066cf6d3d9ec8f9fc0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb138796dbfb37877fcae3430bb1e2a7

SHA1
82bb82178c07530e42eca6caf3178d66527558bc

SHA256
50c55ba7baeebe1fa4573118edbca59010d659ea42761148618fb3af8a1c9bdd

SHA512
287471cccbe33e08015d6fc35e0bcdca0ec79bebc3a58f6a340b7747b5b2257b33651574bc83ed529aef2ba94be6e68968e59d2a8ef5f733dce9df6404ad7cc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b526abe63c73410933a60ce908d09815

SHA1
ca545ffc29e67f246d6e31e72716046570c64efe

SHA256
8c8597973fc203a6a4c1b1a0491e2b2236f9cce478145cb51790fb2e2a63dba8

SHA512
b5f41ad949aa05757690326b6a29aa47905021680950ad8df0e0043cc58d9f384ab8a33724cd24d450859b7d8a31b3d844c908f858f9f6d2adb45d21ea6e81f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\52e12e5d-6c31-4add-90ec-003953e96891.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
36KB

MD5
373cd53c408180c939165335e627fdb1

SHA1
0e0978e79b93bc3df23d73c042f6b5f8c20ecdc6

SHA256
c884b19162a6f5a0cd8fff61c5ba35729a2bec074dee7f1b514f60a5abd77909

SHA512
906c2ab56861ab8a0fac560c3b508f69275eeacf294bc4afcc20c40fe1a0e8cbc16c7535b17ded0f3f8bbe4a336f2899139411708103a2f6c0d8bfe1be4d2a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
1.1MB

MD5
1f557ae943b3a1e823b56cf9d410e7c3

SHA1
1340fc7fa2cf9fade7bebcc8b4dc62a1686aad54

SHA256
40f47bca0281df7ada22465ba6c706a9ccf9580288915aad5d42c2949521a7bb

SHA512
32d8f83a30ed7179a74ebc7bdcd454d2f5895592f078910564c8bf40490d92c24a836f50b359345cdf4f0288f9a922b0185beeccbc4007205ba50f585de20169

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
32KB

MD5
bbc7e5859c0d0757b3b1b15e1b11929d

SHA1
59df2c56b3c79ac1de9b400ddf3c5a693fa76c2d

SHA256
851c67fbabfda5b3151a6f73f283f7f0634cd1163719135a8de25c0518234fc2

SHA512
f1fecb77f4cdfe7165cc1f2da042048fd94033ca4e648e50ebc4171c806c3c174666bb321c6dda53f2f175dc310ad2459e8f01778acaee6e7c7606497c0a1dea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00007a

Filesize
19KB

MD5
d17d64e55067f5f164aa5dcab0e4eb6d

SHA1
e887b24c99ebf05cef7de818db18f17a82ccc612

SHA256
e010e5a62f6cfc598cbcbe4e0ba9b9f3aded1ae590bcc209cbb15027249cdea0

SHA512
72a77a0f04b05a29d40f9ce9ecc4aee1e74391d2ae632dfe4f192eeae7cb937a16a8dc38c2c0b060daaaf6916f7a32d2de6060aa485d2435583c40527d9496bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000085

Filesize
18KB

MD5
3a07758520b60a8322cf6d47b41faf49

SHA1
40a77c8e30729d25620cfb075ee176821c78f6b6

SHA256
dc9e3f56cd4d7398bc6cc15825e6a180be3d8c84e8420bbdaabd3e65d9e69ce1

SHA512
d6ebebbc907683c5bfce4153a5269503e850eae2263d5ecfca5e4a2f3560d363e372c6050e44a129d64c93870f232dd886bc3a44c54a3db5ec3ae6d978b17b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000087

Filesize
74KB

MD5
4e50354b2ac280d595238835a5158bc0

SHA1
e47707f431005bd18b5523c86a0ad35688dc905c

SHA256
4f3d3659e0aa2c07a6a0b818c3c106b93edaa8afa7898db2f83cbe73bcfa90bd

SHA512
e3f9fe9952df64206e2eabb734b564f0bc5afbcb646cad641bcb85a5b3d9eeeae1ff22b5c99361a5f469b85dc223a7abc537f4ccca85ae48f221504582628636

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000a5

Filesize
154KB

MD5
c889b43b2774ed53360932642de7b111

SHA1
ffd7da9817e7d003fa44cc46852c7df9396448d4

SHA256
067ecebe6e21ea0040359540a4780c2ed8973a58be42adf80f9a961fbcefe770

SHA512
9d39cf33cd3e11b752972c80c623b2c66ea895a64edc211c965a6501b748b8ef78fd929fab3e4f9b5bf65b337abd014878fd0d769859d39fc652e5c9ced512a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_0000b0

Filesize
153KB

MD5
fc99c97ce4ecdcd16ba8e80ff3d88bdb

SHA1
547da9f59db87c9934c329a875800bff66cbed1d

SHA256
68976a6ed555498e1396762e82d082da74b03047c7fff417c80b284f716ffb8c

SHA512
6104f53729dbcb1aa9109936576035690877144d943d16fe91f41071ad2f3998bc12505530194934f78fd1067dfc3cdded82bb0df03e5812c14eba23ab95b360

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
7KB

MD5
24d3cd3a2ca0b0acca0580dc906123fb

SHA1
a21af36bac34095b7a82373af1be70f5494aec04

SHA256
a2519670ddc3e7ebf7fd58cadebb0ab423ba32f94bb8062d6b6bb7538e70093e

SHA512
deb81450c97b85286169a5d7ea6a4ece027039b2d2b5b446d6c865729b1782c302e12cd341b60d5f51f66a3a8168eede293d2ae90150f50df5b214a748b77f86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
ab366f859ebc17da4c71cfdef02664a0

SHA1
f5dcf18979e420b478979fd858d9b8be1e8114b6

SHA256
22b27b482bc2b7b1d0060daf15f32696dffe2bbf9416dd2c45d51727877d909e

SHA512
e0f5042f6f61938ed524b5ad19c3ce5064b57505f49ff00e8757dc8889ebb72552b76a0394133e61e340ef0402643591842c4dbd656cd4d70b3f8a71245cf548

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
a715adfe1b8320911281193a6e44ddae

SHA1
8aa30d7e656cd94750e60145e512a52dd8d670c0

SHA256
76b2d4933e5573ac6e26ea32e11b8f21adf73d17a80fb7a79c47155a011baf37

SHA512
eddfd1c81b21a7063b55e5bb8c0df30b4dddbe455eacb56ab870a92464f8442afb1c2eb85db7b8ed3e8bee418625636f9559752931700e5981814aea5f36347e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
96fafdd5e4349e758a14b266f2cd9332

SHA1
e8513e94bf041bb72a046762488dde5d9793ce76

SHA256
d37ebd0f67284a41d19b0245d011f5e6dfeef36b3b26d345141bba3ce60709a1

SHA512
44fc65cadf4dab1a20d2986971df8cfa6f3f9b32167b6d5d1a09e162879bf4097ad91571bdd537899db748ac702a74da3c4e0586de225045161a067a3c32b67b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
94533f43cad10d266092ee9205f85506

SHA1
dda7de927e3532f509179b84fe3037ee5a9b2a4a

SHA256
98c998b89c0e4a3c2e1e94cc2dd882918a81334a6bc9e5881ace003d3ff4ec35

SHA512
c550b66cd0b574e535471994bed6f31835fb4e269b16cece0386c9441e9cbb08c92bb835878414d561f85b679032faccade5446be8059821ca6a9603a3b9703f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
f24003aec20d44332463ab3f97dcea90

SHA1
fe762c74792d3a49bd9bd14638f0e8ad6c0e090f

SHA256
4b4491023c23168221f9f39ef582e82bc1e7e2178a3691e9bcf71c7b900091d7

SHA512
9a359a227232aafc107c54382e7b4ff4806b049f4550e61b83b38e81bc718c5e2a5da35c2afecd968cf9288b318deff331f03d2eea4f177350d1fa2a6b829434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
c5e0ddc141e3351bff99a537e562baaa

SHA1
0c0f45d82634b87a39bdc773df3c7ea01fe517ed

SHA256
318ab38c5fb6b1817d229f2109733d94c5bfa538643cf98c8a5086c225b6d077

SHA512
03c2357a4ecd0bdffa41a3dac3796ba0eaf83b6c3e5daac29e841c8372068e5458e74f6eb02229ee513dd63e792f7ccf398c04050913922d6ab9c777fbd87b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
d852c04e890215c4f56b783ce316123c

SHA1
4acd7c3d96a56d5b08287b3d28d6cc76a74f347e

SHA256
ca9064d04e4c66df814098c5001a4318dca64f11fc09c19af76771473153c0b6

SHA512
38b4c3283d8df5fe17fa8956e7ebb46b44080a627344882f1e4218949aadc199f8fa14663264208e79fe627b5f70a1494a62f9327461b9a9a0911b957a178680

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
6KB

MD5
c3b0e220be7943226a3d8dd8da041333

SHA1
79f10379d93735d92242841c53fc66cb10904813

SHA256
8aa807849d6bdda2b2e8162c776364b26d85f3ccca7e6acf9a2fc53053c02862

SHA512
9d4ee476512a9d28aa4d3ef5df62b7c30f0048bb81ae6c42cc8a5baf35fd51c9bfe8c9b6741a86ad2e19c3cdecdc799a7db3186c0bb9efbb206ebd9e4c4d22c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
e7462f94b353f088a05918452db35e5e

SHA1
9ded5d7c2119c05c02e34557affe1c5ac485004c

SHA256
958acd681a25960f4654210fdaa344fde48aab8f314cd0f0c946cb6fa6e6d122

SHA512
18016005fd52178e5176ea59a7d75f9496406ca4e6c078bd2a48f808614b8ff6e48712c6386200bd5816be038fc87da8e1ace21b34a2821cbda4331236fb66ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
6577a91dff3d3c7546c6104164f9f34a

SHA1
503290f672af65052e0a66d33635ca1c63cf18f4

SHA256
c84ccc23567012dd84dade3723b3259ff6ecdc2685e20326171928df501d4d71

SHA512
259ae391532942dec3ad73ae9df4832c9440826d8c740758163a16d4601049aa5fb65699a4fbe2c63c0c01f10bf16895d3db1fc29117b4042a851a4690ebb056

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
448db9efcf0d4bd7a874c4e41cb534c9

SHA1
d0b50507e35fb05c1ef030b6f20be85e64cbd797

SHA256
df1f50fdf29e2ec416e916604f7e3d38ecdd7e8ef5933479c3741d9943fdb859

SHA512
4c66c599744ffe1acdb623e7013690895034994a707bda993c0a92595452a57469f0c24e360db849b6d90585e3060e64eb52c595a710668c4a0e366ebc076fd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
7KB

MD5
9b90b5f520c1657fed5b99941adecce8

SHA1
282670b8f255f71579acc170cb82afc7763bbfc1

SHA256
3fbc890d3e8e3492fa57afef151a2d3ffedd63333f0fd59f4ed2d6e94506e0be

SHA512
bc45fe5f55aa80971f3c3a8b72fe70cd4282e8f9e2411f05d0e83b1a87ffd17ceec734710273ef4aadf8209b7d84eefbc42442d5556bb53edc89f256cbedce9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
45KB

MD5
2a0637b6039cad555c18c8c8fcaa32db

SHA1
17b94e1931fd1ba3d201101d6812f9240cbf2520

SHA256
2549cbb8c5d0294d90bbf68ca7d3d671b40342e3ef57204490656eeb51c82b34

SHA512
e308522171d85c0ade71700a6c15201e55dd87fe7cffa13f0ba95ac419a35310f91d027dd67bdc21dae886fe3a5a46080e3ee703bfda06724f125ebb52f57e3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
68c396008297cd7480301a1b497d48b2

SHA1
62319d99aa57e060fd5cb2b2d2c7fa87e786e684

SHA256
1dcff087a37005d053511d3db83cbee9c0188baa2c988c61e2e5212807211599

SHA512
70068922c43aba06522660b4dcbb96dc845535e59ee3dc941638ff8c1eb0370c5cb0f5de8163ed49e0a472f9ee30d660ab73d45c4139ee518dd8885efabd56c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
11KB

MD5
7763dedea9cbe67c7183befd3004c56b

SHA1
1e845103afd4b0020c721e0ae4ddcf3df1ebb295

SHA256
b2cd515eb25941d3bab5d0db36b51daae1a879e82e4a490b125c0670be80ef99

SHA512
98cf307341e2e4c3920b69e39e6cbc6c2c245f9466029b05ef1eb4630e5fe6ceb82abb7438f897db49b984a4b7f8e1c1db0b30edf47cc240c563ea6c4b47ed4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
bbe519b949f6e80d25d8a9ec648c8b35

SHA1
136f1fbdc4a394109a2d86f6e4a3e97ae8a8baab

SHA256
0304d3584935be5586463262644926632603088a995505fab3d8f23103aef28a

SHA512
d0c41883c26800def12e61b0f36ad5daebe438c9e89f00deb33916a06d3e422219af5a01bfb23f875c7c1c09015242f310ba28ac125f096b6629c6253d0c91bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
3b26521ddb39bdfcd1f2048a98976abd

SHA1
e884fdbfd153cfc0de08448ca9154ae29ab54ddf

SHA256
b2fe85c89994ef69e0d847fe1f856731528454ecdd456b8ee7ecbe303a338c5b

SHA512
ec73dbd90b1350ee1841f3ca03b4b94afa1b7381069f273b9031c9ac9de6c2976e4789547d8a33b8586efabdbe80e174bd7724f3d260fa1410e9da8c26e44a4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
49466cc85d062b274069bc8106ebf675

SHA1
e3bb2904a5cbf5867ca19dd5c9981109b358eb1e

SHA256
0f6e15f0348a2d33c44db677fa0cf33dea09a997e170b5e382cf2504187da6eb

SHA512
c7a0249ffb3488d713d47f7b0895f8e6f1b27eab1ca0d43bc011d5d3046278dc0596f0d6b1375bf693d77efdad822b2fd60221dfa0e6e68e3e0ebd1fd8194bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
9febeb0ecbd90b52f817da56ee644d33

SHA1
d09d34afcd0bbedf8a1d5254924b809f9dd775ae

SHA256
db0960fe4c5930c11f45e500637aafb2337f60da77f39a2e74165ddf4cca7791

SHA512
44743b714630dbc167524c35fa3fd271127a0ddceb0ae9bd3a1709a84bf99eb31e6bd659c09a9975372231ddfec26057b54b0326cbf684b06f30df84e5fc979b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
12KB

MD5
c2d68a3acb3e8a9b90111f8c16fd81f7

SHA1
f247a50ad053d2ec33da02e5b6fb28b458efb71f

SHA256
0d83a44af9714cac24e1c1d2d324e5eafb4a993316f76579ce915b60e84540fe

SHA512
78bfe337403fc254a7abd4dddae9b897fd0f3a0febc730014bddad219ceee58467549fdf2dc612695aa6ca069895b4a8ff49887a4098fa637e361afb47d60e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
9c1157cf26c4c2576bb12752179df2fd

SHA1
1c42493b234a78ed66c711995c4c0494ee033346

SHA256
2a2deb9cd8cc215275b5deba4c49e6bd98581da16c9b75f9e4e6414d96f02664

SHA512
69ec2ae6717b4477d26537acb5eb57e109497c104f2ccb2114ebe9690a2d6d4c0e3e41814841472ffd09c09e9ab01809181106ca39b84a20af3390b06541d004

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
13KB

MD5
5047fc6eadf65cab6bcb685aac3e7593

SHA1
6b1ba092916db8a640cc2cbdf1a4024d47d3c290

SHA256
2452c2dfe95ac19497b1dcb41dcc58127edb9995d8af331c6460766aeed4a4c1

SHA512
5dc3d0405d010cc193b60f35af3dae6b3b5f9b777b7170cf64b967129ec1012b91ac24f30a4eb25f333996643ba3a1147e778cd80e03b4a296a74fc5adf6695b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e0d9be3106d1bdc9b97123eab3543de1

SHA1
633f2ef608c2a7424b46f5fdeaef9a229934141c

SHA256
34210c8c2a65fd9f1a07dfd45ff0759a58b9e56167b1683cc0fd68315f9cbbf6

SHA512
edb076e53268101bdac0300b1b7edb6fe24d230cac172b9ea06fceef53c20a8748789645aeab741519c10de37aa41c46a5962624f97074bc2ed47ac80b262456

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d6240f8a0f3db260115df4a81aef2e6f

SHA1
406276168bcaf9ed4a4a3ec6cccc70f3eb4e4ef9

SHA256
5643e039f0ac134da4a7f96198546273e86a2d3389172b25d690ef42c4edfc5d

SHA512
4584da56b362d3db1015d9b02b4a7294fdcdb73ac70f2adfaabbaba8cfc788664eba3cff29a4c810e54b663bffdd4630a82dff150c6e503b6503aeb3b179f471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
42127663ed67e781436d0b0d93f22e16

SHA1
80695dc46c4562313dcac0841eb23d16c74d33e0

SHA256
9f07974e64ca6530f9928c3eb92e6fe6b6a6483c5b10f77551879c422496eda0

SHA512
6e63e3b34f0736de02dcdf019eca4cdb04f1ff801af5bee5748ca976169c8c8edcfcab0fafbf28d92870f34a96a83eb200de65741c3793bd194bb2630f1a518e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
8efd6049621829a2f53749405ed50fa0

SHA1
71d5a6568482bd296df05730c86a4258c44a3688

SHA256
202f80a21db88852585c06dc37670832f852cd430375ff1696e3a1eb9cd2e1a4

SHA512
5a8c2f143f548c2e7c9fe9d0e5ef106b6b570bf2281ab751f188846bfb0f956e0728da93b70758e393781b103458d81447c375200166f980aa285e5510c1fbc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
0fc3c5bb6b6a3cf90cfe80020d42d83b

SHA1
3d96da934d319f9b6b8adf28f01410e64c0000c4

SHA256
f06ca4daf3f375bca28223b9fcf356fe6608723066be0b2457bd596f2e774e42

SHA512
fceffc30dabbd3eddf45341fea5b29e59c0f9bc645980a49d9f95f4b09976a7e5efdf5ff40cf13ace7f7242178d7ee047b634c50e3f0d6c42d9539b75b3809e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
1c135098682c19dc03a5ae4fe068f3b6

SHA1
5fdc406776defadd178d52d87011c72b904ccb36

SHA256
14b5fdb34e8187799e8b4e525c945e3fef3469969a1a986faabe6e754b872dc5

SHA512
3f3d4ae143934e603d516cf5f552ff840b989c3bb930dddf2e96a11732d54f340a3ed9e17b1452b56175556961b73935b1d1799d92f1afdedb035a20e2c3277a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
9e4f915cef153046cc5b4c4e9b79c9c1

SHA1
42bd720440cbef5ddf6b16bcf3e2e3ff5f5039cb

SHA256
80f65b0387dafd58c2676e0828cec0a51f1bf2bd9472b46fffecdc9727598c9e

SHA512
7aa34417710755a5ed9c58640d10adac07cf4cc117da6e0f027f11e2b413c4d27185116e5db80234bbe2e766e067ff0160aeb1d1cc0fb3b70f8ef9dd953a13c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4ddd08e911814b394981abca6536f192

SHA1
06d0c2e05b1c82ebbeb20f4e04f34e05dbdf3ee3

SHA256
4699733d98d68439f0b00a16618826511c589914b3e1d763d1e91ec29b403448

SHA512
d6a1f41abf4c23f816da0cba4d9739799ac248359072b820cbe40ff9ad2a34624ba65008694a50a23167713d040850a8b062be0eed1759b5cdb73817eef8feb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d2554e4a948976a54112ec52784627ec

SHA1
52f5dabc20fa4676d8d42bdc51df961050db364b

SHA256
e75f9b69494587ad58d80cf062a03fffb5df32570a4d9b564563c4c313fa400c

SHA512
21d2fcdbda1a9d8b85a70174df96206f731b9aaa39dd35afd4d3af4863c4bcbfc9e1630d603bddc778c040ce59e2b51deec624e00be8a541d312eb41a933460c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
13929dff218878e3536fab331e902f1c

SHA1
c51e5873a8214a8f9d504bd9864946ccfb3b69ff

SHA256
b7afeb3b6af08d5aebf1118fde22b5efe6062fa44d383e920ee0d22397a9e2d8

SHA512
723df4c8734f29f6ab52198bd21b242510e88429e78c8df53262eb153bd5f94da8d4a6ff2e0b39821301dfe135f17395d15323916e53ab734751422e53bc42fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
291164a6654efc900b020d03298c8de8

SHA1
fac6a19e8b5af7423453027a0b2cb7a2192b82c5

SHA256
261ce2248c88956ba26b73e503288cb0b0dba94c4cff3c520cd79f63bbfac90e

SHA512
5237a53aac12d8f2dc8991000c4a7bb5f92fc3bd1f86ac7a170341e14d670d527e02c774a96c867928ccdb8d1c28e46bd199ffc7b79537319ef903f5a0dcee16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
aa524f1bac82224b2943fdcbfda01df7

SHA1
647f6df91c4cf0f38eb2c13b802f4dc4762d6bb4

SHA256
727929e593f8ba3bbce27edff85296756dd0be7c75c19a74aaa2369fa96af08d

SHA512
76fcfab5fe28314b5f32b2d2971e1b74e3db429fb7dc686ae5f6a1b4bbd7ea3250554d8b9650c002febfe822bc9b1678b952ed7a238a347316f3428df1147496

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0fcd10cac14d5258fd70bc918ff7c751

SHA1
1d2450c5dfb8b1de54c8c91b77c1ed32ba9eb9bd

SHA256
4e36b0dc8201a6cf2e81587a62bea9e8ee8ac5fea96b4d89164f597be765a961

SHA512
478bd8910b34a0beb13f6cbe4382fdd4817f8ba800fc9423ea865b418466464320df7de1cbac519f473bc1a379b2d4ef49fab1f3f0372de7cc1309d268853506

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
7b9226662a598651a723abe6813c5fc3

SHA1
5e30a8b3caf247587b0b86eae68ae18ca5db4442

SHA256
d6cdd3541e69723a8e1087e999d82036807c7a6a0373e4822c7148b5eaa723cd

SHA512
b23d69c7ef19cb29968bb1dff7e708b874d5c5c0c13b586dbb5e8f69efc015b3932401245930c05a9af9e0d0a7e6609144a1c4b8c47f98bcd6bab3cd8a11c306

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
935a529b95cce37288729da52056aa8d

SHA1
fb2e7e4336d0b85e910558281b1f23c706282fad

SHA256
ae77e5e6ef1e347c2eabc23112356edc94275e1433ca1df273187b26ea10e8a0

SHA512
cdd28e33480877942c952fbccc727e0f3003d5b795d00426850efccc946ad8ce6af42c16fa65833058495b1b37f85f4e3b307f9ff041529bcb87d73dff262d5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
bb032c9ca1353a35bb07d2615d8a589a

SHA1
c1d4230b3e57ffdf71c7bdf5535fc01a1fbf225f

SHA256
5d89af981edbb523b160f76be70e9e7679d060bac07271094b65794dc75ce221

SHA512
fb83c987f579c7d6dc350e98b595707a57d1808f5241f3dc7652ade9c82577d6267dbe79dfcc352c6724b58d5cafaff0b804954ddedb9e66483d65aa08632cdb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d5758269555a8f455cdfd1f1bd6b6b49

SHA1
11cf515ec2053330e060ac65ee37c45d929d021e

SHA256
63e794bea44e3b4d323be1507724cb9ea568a9bcf42247630819457960e1f7d5

SHA512
f54a5650f8706d4059651c7d04ed614d4df5b376e74b47042e00bd8fa655c7f1659b24c1f7e8be1dde14156ea5942c23369239f0bdd60e5c5cf12823854a0914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fc06650136532ccfbcccfe59efa2b4f2

SHA1
12cbb867d0b4b0db96a7563672ed429123be6fc3

SHA256
86aff25e01368f863da2aa8b7b5dbf575a65fbbd4a4b05690a55d2d0c632ee46

SHA512
85ddd30d9dac2c142950d89cd41ed21b770fd098179d7eec7f9b1938d68155182460e6b84008df2e3e3b592cdb32261a146caf0f1f37e7e872b6ca64a993ceeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
082ae43a4d48fb5a66350d8ec4ea848f

SHA1
4724bb46b914df78e3f0d3c12e3ea91ef1bc33bd

SHA256
a976def130f581ef61c8b0cdc4d963043bf982f88a60cd171329a74979d55a35

SHA512
4e6324670e7ea68bb940da627a2f04c83245ffe0168107871542c7825cb0f63b60d52f62c8881f6cddfc182e5af51fbe52bca10d323cd1ea4d0a20f01b79779c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
bc58509760c2056e5453bae2ccca955d

SHA1
7b99be4bcb7e741551321b3f49146ec039ca237e

SHA256
d12dc650c4aec607387652781b573566b4f1caf5c968b0359b9d744ede1d5e69

SHA512
91cec10ba18e60892ce084983a323b527bacd4be54c3c010a38ec624e4bcc5046d95b64aa70745451cd5d7a4da86a8820a02e9120f0165910bbf87f808afa0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
08c0b825da74f9d1286f1013601adc60

SHA1
c759abaa9bbf16c8c910a5b9360172be61fd1507

SHA256
96f549badec222256e7c0a8ee1cb62ab253a6a3699e38edf3d26d52f3e73c4d0

SHA512
0a067a067a76b222a619c074422431411fc43457c5a8b9e9adaa37bfd2dd7b811886f48341b20d3ed1842d018941a047bebd7ab0df93fa8e629c176695a1cbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
930f669b76f9ae3a1252c982ec3bd64a

SHA1
4262c7cb2021863dd7c40df04bd900f6ee666d78

SHA256
fdce8e41e1a52b7a0ab4bfadaa2d5c646d8ee836c9dd04f3f0f39872c24c71a2

SHA512
57d2ea7b8b4a3793d7c4c2c6e5175cf9dc0a870ea270be429a8afec9a1b2b6cedc26b27727025d1c8a4de1f012dc1ffb7c86efeda8c3b6b2da26d8068c8d8bcf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
12ded2a43b1d1cb9b10535f622929861

SHA1
b98ba1c380952770f52284c6125926765d5700f5

SHA256
996ec68e21ebcb4bf3cfffbbff0eef4e58845e178187888a5f92a6e0787d0aaa

SHA512
eaa5ce90a93dc3d9090cc86188269a0d0dd4e91f3587cf56ae8120bacc532ff13fad25d6e786433cff7e90ab29ea2cd658b9552acd18b32fcf3286aa3f611773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
7ff766a01a24ef6bd9b1489d2ba6d015

SHA1
f5454995bd78161ab30d946c9c717cb6c264de0d

SHA256
dadd9aae6e3e718bd75f7e9140c64c016963248c2bacec9290a45c1c1b2e6481

SHA512
d64f18373d0268abfe8bba3ec830566d715570632457b91ca839d48278f4d19ae737658ec863a8146100243b60eb5f6ee638f8a66b61a4aed7f43385175c7bb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
f3a3cd29ac093ec3cb2069b5c518f174

SHA1
89fcf11a81503cfcc913b72334276858782e1111

SHA256
4b78d4480ea04bba50fdbd001d5c19cdc5186c211cbf544979749bebc127a1ee

SHA512
c3f453d1a7bae11d03ab69b569e64ffc4acf25efb3ab3f644c61c29bffc05c9fd77f2075d7f76d5652bc6f53607c6c19dd92e683e2324e3091fe9776ffe3d44b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
d975116898c688134cb0657f8cd61ab5

SHA1
7770dc46fd18f228f6fb12cc19e8d6085469f34a

SHA256
28e389985185add9e859901ca13b2bf2c3f41d7fa50a3d48adfe45312b2dd489

SHA512
55d3c2e3842ace924d39ed750908c3f156cb2612ce34f8ce492322e6f73015e5f39946e106386de8dd7bc33d5d5acaecb31b2f926275995c2fa82f5d2c3b33b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6c6b96e66fa6d69aab37e20d8feba2af

SHA1
d4759184ed537dce4fc411fcd103cb664e144977

SHA256
b5bc52ef7d73486000ce33637cb471b50256cc83512648a74734abe4befc0488

SHA512
2b78201378063994dd6ad4bad6d066149d705d3b8d260b98ea8a4737e16781840871ecea935c0bdceacfc3a8ad0adc5cbe758bc313b9f75302cd17d73d020595

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
42f27d2ee396f2afbeac9c54665c0be2

SHA1
f487e9a93e463903c80d7d8273da5605c07221c1

SHA256
6e88d3c324afcfcc4cea3618bb2f0c4a5241927c6b8efdfefad9ed16bba5e07d

SHA512
f958d150774e2721354f67ed0b1387bbfee42781c301eedbb62482282b25ec153eb5dadb72cd40cf923f9725887a199fda47e4cb87fc4131214da81f33bc328b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
9599dce8ab54543d9be879137a844241

SHA1
dbe28c279cc0d863bcd11d1d5cbeb269fe520a02

SHA256
dfdda0085c282419750bf24a49b95d6c89fca9ff4e83fa399a0662523e42aaeb

SHA512
e2589e048b0417b6691d5ba54eab3678c9e9b27d551608efaef3f480b1ed27580aa0489a74c0fe24558d2286987b602b1d60dff13ba359c1bc6033c5a812ae7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
ed240168ba8c41a6b76aedd11d1d31d9

SHA1
db63d510d32d5cde1aea0b8456c3d57578ead280

SHA256
105fd6ec257c3da16ae9efa4a14127a1639dda4b7be45c3983862d6e9a0cf29d

SHA512
70276a9add356efab810d9c4e249dc056c46eea5299f53fd6dce938d3272a7db922ccf0217009b4b7bd7466ba9fbb770c1957bfe78b4c566fd36c8308a86836f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
19170a1e2008b43264aa654359684dae

SHA1
4dc7c69d8d6dc69e0e6a3944673e4b6bc4143f5a

SHA256
238401f48839f2ba2cc0b5d4cce53b5b355ab50e869455166d09f2aedc11b417

SHA512
1ab575c09245a3cc4d266f37c0f9b298da3b671f8437a9c5b857604bb6682faf259f7e03f81f0c753e20ed2ec879a096830aac6356809bf228da765d0a99e0b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
6ea7923c7972b9b16089b8e57592c730

SHA1
59c49524470b43d5decce49c50f79cd259c2d89e

SHA256
dc269a99b69a8091232f726eef1c07f2fc9199d89e7c4971ff8a0d97bf169f69

SHA512
b94ed613270b1ec43d8160e3feeb6521b05c3fda9fac007db0991f33445f4fc05d43d14a2fd8f8654f9c23d7e66812929f2c47cc25822c70165f638b2e01b924

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
c1743cf5a7a5e87c7669c66f6322bb9e

SHA1
36b1601fab3b2ddf5133808537a4321bc7616f06

SHA256
ba74606308ca8b61f21d44bd486c3ed04f50078df0d8316de1710011244abf5a

SHA512
d3f5fde42fc48c31b32e139a653667adc416dccf212e0ca2dcf24549c3c1ed3e739b4bd9cde014df08de3f24af89f3e18722eec5ce1a1d38e51a153cbfa07d2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
42d27b366cfe3dc5b216fdea9f4f7ce6

SHA1
e931778468c3ead9c879a6d60ec24e88247d481d

SHA256
dcec8c61da16cc1d207d369bf4dbcec49b3db39ce24ced6140e3511a7690f006

SHA512
049eceae72ce58adbbd59deaa5a2ec71c9ee7ba1bd5f04b25e42025cdbade24cd863a21eae3ed556cee4ccdd4744f514368b3c5ab236b7cdb010013d69535ff5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
90876150da5d8e8552b3e8db9d0e4969

SHA1
eb42073124face5513c03f7e58a29aca71c6a9f6

SHA256
27209d71250959f92704f6de5fd53ff97f11b2cc0594ec24369a82b6cfcc041b

SHA512
9546e6127b83282eede688cb5c73b40c933d9bca3c6a6b4fea575e180745f4326861e6662d9871f436307e41670ab519bb4dfd278d9d99e5ffbcd7762e859a7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
56962e7345dd8ca8778dbff5304424d5

SHA1
3f203c9a83fcb532ce0eddad76b2869614da948a

SHA256
6fddfc61847c5cf4450401dc9381b9d81b3f49a109edf8557b36b591e5000f5c

SHA512
382a4da16cc629a4ddfb80fd170c9e5c24807631499e12d33666f00c14176755bb87ca80c05ef30445c3d0a337e252660cd90df8111b80beac0b8737dda66cac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
3d7bcb9039e62bde9e1f492e19614a00

SHA1
b140e350cb47092dba9f13df98a54967d68ee6b1

SHA256
79c3fdf3892040046fc2089eb571b200cf1dfa4f2091f6b1621bb5f712c49ab2

SHA512
3d96010313958abbc0c2ac5283ecb0aef1f54226aa542420c6b93da4deef43d78dcbd61fba8be924cdc057a03c3c5769cfe4ad75c6ee261427d1cad0c1287d07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
12KB

MD5
fc99c92360fd61587e2de800ed8510bb

SHA1
7558ba7039dc9856a52a1e2431143bfd159cd357

SHA256
e1220db6dd34d953480ce71a073ee41e1f6dd3aa1e884859f0875772647416e4

SHA512
8e789e88aa84b2a647cb38b255eea70281fd06ab5046eca0e870ffd8e7d310b9f8573e24e46941e9db934b5481b19647654eed12f5228160eb0b98031f4ce875

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2399c602-797d-4afc-9959-8521d5941d6c\index-dir\the-real-index

Filesize
624B

MD5
d6094af0961bd53f953c35d54f09db7f

SHA1
ddf28e8e5b1769bd3c7ba28795129211ff544293

SHA256
c0daf10b1cb8087033a1f314e72f7d6ac5986f386e304d3aff91a0f532d8ea5a

SHA512
767e3aab0f3fc4e271f4cc6e9db3ca6e8ba40dd2f64804b81c729b9d82e74382fc86b517feac066c52a6ecf4a8bc5e11574686e5f03b7db2e4c33adedb833cdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\2399c602-797d-4afc-9959-8521d5941d6c\index-dir\the-real-index~RFe57ce6c.TMP

Filesize
48B

MD5
05695c99d0827cd40345ec31ddd6bff2

SHA1
f1c6d5ab1c37f70677f4b98d2ba05d59f739a271

SHA256
8b92ad37ef1dd37e2b85a5bbcc3477b689bf3a15126e1f21275db1a47c338556

SHA512
ef5820fddb8efec661e161f75a9f51d4827789750498522f82d4479be455a02cae68ba2db9cf7c2d23b9031003d8f9fc6e4d13164130887c18876761eddb99eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\27942ce9-6ab5-4e48-9db0-f2f9a5cc7f82\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8592e28-b173-4775-a6c7-a34237199ba3\index-dir\the-real-index

Filesize
2KB

MD5
24f790e21d16b19c8d220a96017082e3

SHA1
e8f5de518f6df11a73af9829110eb7631f56504c

SHA256
01234d53afa70920ee2c8d5a6c4ed53f7a8ad81472934a2a92c9c1fce414ea1a

SHA512
da173f58be0293783b13c9084f0e774f31133573493134fff62f5b9e736ecf132b0f001f69bec412fd06a5729ec5bc8d3bc43d0574f7c9024d5896b89594d3c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8592e28-b173-4775-a6c7-a34237199ba3\index-dir\the-real-index

Filesize
2KB

MD5
c60006735e6f0d4b613cf30dcc8d0d64

SHA1
4d9de3d0db5e1183906ae4255fd25245612dea22

SHA256
bf8922943649c9b98a873c943d4cef7f6dcf70ee75dd9acd423e1fec7497ada6

SHA512
541eb65bcf116725c90c96f2a75235af78af0d6f3ab70e270ea861a64a097485411b984cd2e826571ade16347c80a95b330bbbb9eeb033c65e9cf8febcc5847c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\e8592e28-b173-4775-a6c7-a34237199ba3\index-dir\the-real-index~RFe57bdd2.TMP

Filesize
48B

MD5
064e0eac08e2ee6de54bfeb3150a893e

SHA1
69444d89ea03f71bcfcb45a03bb6d79d3e4339dc

SHA256
feb356bebdaab1759dfc3cbf94c8509f7a4d22e386d43b119b6e400724372478

SHA512
7b2994e26533b7ca659553a383d33915c6622e317e296ac693ad81a5f23fda5f9fedaf731860f2815f9f9fe24851b0f56838ffd5b17fd49b648047c959304fa9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
5696b5e9e0d00af1c6527d035081e8c8

SHA1
a52ae5cc5504495d7d6d70570d944150599a88bb

SHA256
500ada2c03e668e4021e9eaf19e35aa9e4694b3495435253cd4bcc25844160f6

SHA512
33162dcf8d6a2f64bf81a695ca660a12b96d62fe39aa202c1afc202c9973d70019d9160435d33e58b06027151e05ed2c8f62613dbf51880f3433819213200f57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
3771550fbdda143ae69590d4b11062f2

SHA1
4c871c14984f802cbc2f7860cecf4f687aa5fdb4

SHA256
4d46a460d0abde08ab10ec2206ded85b4d34af873251445be3e94d0b8dd9a6ef

SHA512
6aebbcb7ed9bb3301183e336ff886c2448e2484c5b7448d0e52b09255cffa6bfcd32bda0df0bc34ac9416554e8b070b90e7fc32de2eec053eeb76bee76dac943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
1d59e45bd15a93bfee664aff431c6e71

SHA1
6a09e35cb1498df9c51c2c0cb51873ee717863dd

SHA256
ce9ed847df2b2dafab3171b763e89992729e0dfb3145da1822a93ebb7f5b23cf

SHA512
e6d82f3af61e802939c1e2834435848047a09c391a35412f54272c96ee24f2218c4eb8e83ad13e999b5a7d23fa33f8a8382d5dd7997bd22ab74ea0722a2e5818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
155B

MD5
6058a296e624dd704529b1f7c8cc7c20

SHA1
9e05bf8c6c67e29dc384c51b48d6ddadcc8f632c

SHA256
e6c3903ea5a0eca7b0fca84af205dec0e8f185ffb3b7a6b9cb6bc4705b5ac8e6

SHA512
a518af193ccfb95830881c2e9476880975eb62b8102b753fa65333eabe61d313c494d18ecb30fb5b56904ab9ae883d3baf4c7316e05c746faf791f912d914dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
11e76edeb4a6de6873b4bfbb4d1219fa

SHA1
7a15daae655e0460cee33a738952d606bb589a23

SHA256
c98ec2e16289ef5c6fe1627c6d7c94fa915d82771f0e321031d4c7c7e8a48cf7

SHA512
0dd0ca967c96c14692c0245898af164e2b791793701501eabbdb85291a31c7e6691edfc84e2669ef91c7966963e9490ac0940b385bbd948abb6558ae96296396

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
cc057e098993790777590860579a14f0

SHA1
480f4e0e051b8bee5279b112179d3a282dd26125

SHA256
c12a04c6c765cd0f7b263a9926bbe70712fe2a53121641cb8db15fc824197646

SHA512
20da25b3874b5851dc798394a54e95dcbde6abc55b94a9933cea2f8271c49cb4b399e0beb4bd1ca1f3674b76a611ec62d6c30ca405a115c7927e2242dd8a07d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
597683a6d310f5eaddf48bb27056f572

SHA1
2b73e6e30dbe364bc67028f988df5e6d96322cfc

SHA256
3d4368f2d26e205611c5c9885d6a1c7abca1250b3e59cebf40fdabb479d4ec12

SHA512
d8a15143fd890ea8e3880a93b1165bd6c6de7068d0ab44c951b7c444f1023f19ee461db9aa1cb9234d0c5ea42e7a7a18e974a0bf0ed1c14abd712a5fb1b6b6e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
9c3e0929ebdc69484b3545c83a58631a

SHA1
91beac97139ab188d3ccc763192c67f6d78f370f

SHA256
1b4bc7fedd1bbcfb9790f7cbf5d3cf624abed98f97039e0301e0522a5778a615

SHA512
8b1c266d54d5ec6aed0779d99cb90b8159d3b64fc8d1267ca23f90ce9a64672bbfd04f652867ff332be1059911712c6046ce2ec04338045a73050987e20fa6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
920eeba14ac6ccc36fc8fddd765624a1

SHA1
ec9bf481f3d98b785040c77aee4ec560779499ad

SHA256
9f0be7e2100ead99fd1c1d0b9eaa710c36eac233ef7a53f31a44608c8c25c21c

SHA512
c78a57b86cde8fd8aaa2d7b2dd84edb896a53bd62b6ad58f2a2ee4298c4505dda750367091297304dcfee6ea951d1721f0786f7bcd27eaa7afbf246148f430b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
217B

MD5
9b15963012291f4dfbb40344d443b75f

SHA1
2e81520c6b4b29952046e10143990afa45911086

SHA256
c6e4cf04545b16cad72e2e8572eb80d83504b82f50b355ee2a1a6f42d0683dd9

SHA512
1521080e14006dfdd14d37566db31d44e99d2fb6fc640af138b9f850528a29fd2ca5d03249db444d7e3cc05a6c277e7aeea6b0951bf6e29820a86c49f012bb0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
e452532792b2e27fb14b78013e19be4f

SHA1
74c915edd292af954bf47c52566ff1384ede9eed

SHA256
62f6653e9ece151d52ed9751d5dbf7a3a619408ea91c6f4daec726a3f1a53d54

SHA512
d9486d6a190ad7cea904852f1ef4913e20dfaaef156cf988fc5e4d63244c437495eb4211616b5573d7a39935222fd9dcb656f172b2656c66b422ce14bb5a1c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
ad2e52aafd5255b8b31768224abc01f7

SHA1
a37e85f3f4e00cd995072ac016de0c31f3193050

SHA256
1eed46525cdca550105671cf63c2074c3c1cec9e7dccd7ee55a4bcb9b41d946c

SHA512
a26b09d1049d9de9ec1a9bab0ad305884435a1666e048a963814f8ee14086d6379338ee557bf928b7c7d26fcd97d1b54168bc0a31e884bab09d0597e55d733a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57b44c.TMP

Filesize
48B

MD5
6751014289af33f3dfa294aeb72608b4

SHA1
70482044fdaade4e755595f0021d495ae62dfe4d

SHA256
fb8915c0855d29dc92c98a8cc1c4db53ae66e4204cf82f13e80cbe737448d57b

SHA512
ad72352cf252d909f003b8945515b0328135e473786fe4bc4f30b4540d368e33f21b93d74f078f317fdb681d0aaa970139527ab82aa0eb022ce261122fc8b316

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
12KB

MD5
1b2ad4edd3948f652a1d824714654cfb

SHA1
a87e55499ba6b542269610694c48fac924ea2e24

SHA256
046a4ce6595bb4af973668711b1de0be3f3f85cbfe98176ce80b5a86d2dea8be

SHA512
b209718d92a6a609ce60d9faa3291e078362aad621eaa9ef8877f887ad18128d3c809d4d5d972183c6792c7af8ca5bb31c90620a37d39ca6cf6ec429e720b16c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358113529724791

Filesize
144KB

MD5
bc7fb88b6fa94e60130bdef7709f3711

SHA1
e781bf1cd52d9957723f3fe47cb621214bee7059

SHA256
d053321b3c016b5a1dba623e80c7b5b49bd08e036dd959811192736e203a9122

SHA512
7a6b2e10e07d28859ac6cffe9609f35c60a714386f07bf73ca6686a5f8a46984f5ad1b581e581fea16ef2bde552d84d1c6055f6c75c694965dbebf63224a1d0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0473d75cf1054f1f41b0169c4b5d5381

SHA1
28f4729fb8fb28292841e5424411d9a748201efe

SHA256
da19b607b5d4f44b7777d494cb22a4672118870cc97457ef008281b383e1601b

SHA512
458e116d32424bfe0b7635f0eab46533833443e70c084fc3e2e1375f6e303f3dd35e98443af3365151b4555a468417e28929383a7ae6079a0c9da29cd60bc48a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
68410859081b8410a574a07cf8db2cf1

SHA1
9665770212e4bba8c073385ec88eb70bfcf972b5

SHA256
44401548c70fe1651bb85a62e53dd1087d4fd46129bd31845523a0383a4d1e28

SHA512
e3d3473465e01276fa1907cc11a8761f18fdb3b5c53c7a19d24550c6da67933374a19664f1c7110c9a3b1f5af51c46022b8ca8ab0cfeadf47f5636ce06967546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
18a329d8b9915964c0ffc8f85d1b65ce

SHA1
fa14ec51cf728ae0414c5decc258f2cafa0c10f9

SHA256
917e673760f4edaf4fec40f023c2b6d00fa849ca7c9943b8e510dbe5b625a5c1

SHA512
69a63ba3f0d93ab82150c190216b5330fef3e4ec1eaa80271493b5076d6e9fadf94748e55d8d66859325961e62d70a33a43f7c9f086ad16e087f0103d834118d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
089e277ec60d5985085c2469ed8adb4f

SHA1
99a071dcdb665cd8135510fd6dccade52360c4f6

SHA256
0390e2dc52dc93bdc1d20e26d743bb9080965edb5f914ff9c6ecba1334f24e24

SHA512
126635a14dfc0af4ae9b88d910ecb4ee2b8a950232328a7cf164108bc350b17b73eb3fa711a2a6366602acd24ca44bc6884ef0bf22f4b73c5d1e17fb3de5be92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
21d90e64dafa47adf49df40efaa84cde

SHA1
cc54c011e3f7d67b6f631cce709827b15f07ae28

SHA256
793cb8663e32366470f25c69ddd1315a0dd5e0942eba842f7b0dba9db2536004

SHA512
4987d6e92a3cde76d9bba41edf62ebbc5d9c3f0ec0e4f0005770fee349b02e2ff2f299253e9b4f4ea9d48773b8f95a56fab3281644354c88264682f15aaf19d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b95a9968b0c4cb013985e751ef714023

SHA1
d0b7869c5adaca380076fae39783c884d0e089c1

SHA256
a94697de72c66f42e8917964fce693ac12ba184758db5ffee206723ed2d36e75

SHA512
0100d79e0c141fd35400d711dee7110e0eda60f2c7a49e2610d43f5d4a55ef58ccc71773392e58cf4062a89a9c2788a15b9bebb15acc64e64fa83cc0ca99760a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
75213681fab59fe77933dacfb8a11a3c

SHA1
a6b4b10990b075a36ae202ac2f82f40ec27e8ffb

SHA256
e98e15f1cb80889b001b3fe2401b5d2e4bb96dcab590ef3b3ff24882c66050da

SHA512
d7af57a410b62ee4fe0e883644e83962b2f8444ac9b325e5d344a42a2c3d06a55b908432be1d70f168fe9d3a49687ddcc385c1fc47e93e5ce92604da2ad18e5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ce1ff2fd2b953cf5747eedb37babe806

SHA1
498a1212a6c3c8dbae3577dffe75ee07c137b440

SHA256
c847a5704c3c41266adc74b2e7ad5c4a72e09d4681b21b443dada1bc6f3404f9

SHA512
42948b67a5683122b194b59c4d750340687d01911f83501cb04437755b84b8056258d896278355cc5d7c19ce1975f9cee607fe3d4a83ed5ff9b3dca206882123

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9fc7d86d3d488d3415b346ee0c120b3d

SHA1
5263986fad8a8f6e6d4209d562802bbdb31fdf4d

SHA256
43b049c3d58b36de1bb8d7ed6a539a3b21ac02f06b40abe58985d464ef86e86e

SHA512
86fba2b82b07181946c4e65d9e44da4e1f80c9b1d5a8073b9b473035f1e46afa587a51396d54d2568fa80a04cfa933f570c2c74aab402ca5fbd0ca2b1c6521ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9cc217406ca39575d5d3a7235561ccbb

SHA1
5f32861c600c65a5faad12cfe3d65d90b1399692

SHA256
12d164ed3e2a59444a6165113b356108abe438f9c7419034e7a51cc0c9a56e10

SHA512
f6a8dbe146393daebeab097427ac43094d43c975ae8d26e5b29be65ef192f47298b65a8c6de03418e4127abf4389ef690d6b3fd2f3861ece9a42e098760f87c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
0b062c38cc70c9e226ac4308cbf6a728

SHA1
7c400b26bcf80c93027fe0414b86b0d8d31b98ed

SHA256
77e35f8323c18229fa38cedfa8c7b10d26ba9b031ab3631afeccec8b344a709f

SHA512
99fa3e13521f114808aa2a8781760125974590a4e37fcf8b30cea0e95c382e85e404f2088090bd1f342e159ce7cbcc25808038ea72af0c203b38415882c39b0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3c459d2cebe4d3d55bfc5ddb0b79afff

SHA1
339aa93d307238ef72ccba267abc9ecba24cb567

SHA256
9218bece222c83e62ec3fcbed48b9d28a250d345d1ce8bec396ab1854031b6e9

SHA512
925e07ca79440508dd98f8fb7cc94ee056477ba5d9dc67f1bea436b825557cc25975abf752c21a62ae1e28a9b2887fad753ea392900afc7514c7e014af265da7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
61a929b644f58c18428942e9f2d7e0f2

SHA1
b2d043a69ade365c8aea8c838422b1c9807da181

SHA256
fcddf48abc5430041af3942a18f160d90c9762b1b497fac0d45d6eeb2501ea53

SHA512
9af1e2acd20867b72b2342a07e30a2d4dba29b11e0808fd29dcae3efc50e60563755c3d55be20ef857f5bd9fb9e8e4fc7cd741073a099f8fc389ece4fada7d50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
26992ddb87fcf9c894dd285477e806c9

SHA1
ee57fd7f394da2a8129b5bdcab7e39e52657df59

SHA256
8bac496b5c0a0e9dfd4cbd0f43984d5c1eebafe54f8cb40e20ade5cb803fdfcb

SHA512
bd149a4986e1538db5f0565e9af93a9fc9222a1858ca3ba1595375745397fcaa03425915b618d16d533b285aff7bfe8fda63d7027a5016aea98226f182e83ecd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
88df2c0b40b23af4d1792fdd9f7b8b53

SHA1
7f60e5a2ab04246c350266392fa00f2b506ecd4a

SHA256
27b511cdc3657e187d1b08772f6a4a5a35038782ad538161b3c652ced863bb4c

SHA512
ab3c90a81597476bf759b201d51dfe3a06d482e72850ba1b55994e44fbc9ba613773293767d2b7904c58f05f9423212f566577f42287a8f3ba0de7751237f33a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
6e4636d04010481aedf29d55240f709c

SHA1
14063e605e8af0b569de6c016fa654374016f737

SHA256
e7b52502361e8ae1056985c0b35b31aab8735735c1377f36ff3ad32c448f0802

SHA512
acd92060d6353e5c6a929db7efe722fc9dc350de6df6c8ff05595168fc172f3b8f86a3617cd5fe2fe37b06c71c54db9bdfe37462be3999cf0330f7de8edf8dfd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ffff7cfd35cb56d95103e9fa08803e7e

SHA1
6984a522ee86e6e9ad2b7d9687afb95a4e1c1b6b

SHA256
9491cacf7282aa9b66ba6801144d5abb5487ba2bec31bcfa3fdf75cc5ef38a98

SHA512
c2fb88c0076f4f6060470966e545c529d584229b7ed1e298ed5c54bcc85bb4e309d6c5f322fbe10fe7b92959686337d6ae7e69d0b139cb5fa0ce281d885ce038

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
be03d80ab4db79a156909c79e4ade2cc

SHA1
95a5f4c042598c990ef96d8c01a7828929e855e7

SHA256
50d62e8c6a7ea8a589d953705be54156300e155d21f33ece986ee000693665c6

SHA512
71cb99a1f68ba2061b7c237a67fa03cc1e61d30b5cbd93beb3779d8588908b3b427a060bfd50955834993d9aa873b92404908d2c0648df7fb8e35c5e0baac70d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c8f480ff715bbc3dcc796be037628a9d

SHA1
64dfbb9021a60ba8e613139fb9aa8ee1132f515f

SHA256
3b6af26bc767c66f75049a6d404650fc907917d2280d22f998f0bfadbee9c9b8

SHA512
81c0480ccfe78b8ef75dced5348b0306c86e67a75cd3175c371cea3d521a828bdcbdc3047f1b88a5050950ca98056c40e67479d2e89b3aeba44cf747f7695eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6930b84f72d1e64126aabb6ab85facd3

SHA1
71f7e6e545f52d7391e7bcc29b129d460afed9be

SHA256
6baab8f083a868667a5dcd0a1c318118dbe6fcda7fd8c856761be072ca0e2ca8

SHA512
e0c0be8c3f5b54bb5b9d6787860c1c0af9849861530ec5102f26dd7293424e1d48685ae84a2160c086e243c89166d8573f16957ede281b37c2042a9ad394ba21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
44cc56ac9ba6d6edfd39473d63e83fe4

SHA1
8dac833204b2aec2dad809022916838383c8fa6e

SHA256
2b8d7232898f2aed0596b961d94f1312408c024c6327d844e76e2bc2833f71ad

SHA512
ee4bf4e94ccf2247ef3b7ea53071d10d3e98fc993eddeec59e72918a14ba5d731a0ac3965da703d814fd1f7d679f981bc430bb712443ec23049ea598e14a056f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57a151.TMP

Filesize
1KB

MD5
777e2ba6297e377d4d573e1162fe3d41

SHA1
b090968edb3f28c6fc67d307a999413bc796d606

SHA256
c4d21cd9aa0ce960608c8df7fca0308a5c95e978c7517483e0d085493dde44d0

SHA512
bd6394483f654543ead3631b1446b261ece9aeaf709b56012d7dd65afedceaa06b79bb12bf774a414ce6d2f0b63160c71c0963cf1f97c4611a1ba4ec1e6aaf20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
60e3f691077715586b918375dd23c6b0

SHA1
476d3eab15649c40c6aebfb6ac2366db50283d1b

SHA256
e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee

SHA512
d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
ab6ab31fbc80601ffb8ed2de18f4e3d3

SHA1
983df2e897edf98f32988ea814e1b97adfc01a01

SHA256
eaab30ed3bde0318e208d83e6b0701b3ee9eb6b11da2d9fbab1552e8e4ce88f8

SHA512
41b42e6ab664319d68d86ce94a6db73789b2e34cba9b0c02d55dfb0816af654b02284aa3bfd9ae4f1a10e920087615b750fb2c54e9b3f646f721afb9a0d1aea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
bb446081bce9c9b5766812784b2ca173

SHA1
3a79e284b2d32ec1ee7c3396b45a34bebdd2cde0

SHA256
a6b03da5bf457d9e0621dbd2c34df2d427a11b0f60091fa7323259747cf33322

SHA512
2f8991cad9f2421eb54c35bd6cda0460d26878af99d996082d28dda52b40503eb20d417aca18b5ea91fd412b37173ac245791f589f5767e403204ec44c7a9c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b96b05d8506c299f17981fa5b0f0a318

SHA1
306387bd8da8fe4c22a78d02fc724cf1ab40f60e

SHA256
2103d19b561e14460abbf87545c5619612ab2f94efe5583a72e21decbfe3e74f

SHA512
cfdf6e6fecf02fb8ac0e6c35ce4623dc47c3a0663f31955e7c8632e48c721ec084f16bde3ca6a5e488ffb826a93ef174a0d13107f84edc54beb672f04674ff97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000016

Filesize
17KB

MD5
aab2532f8363e63359dbf0c31981f57f

SHA1
a21523eb85636a0455977ffe525260a1a8568043

SHA256
a6abef5f074c67b1f9fbee679151a4c705b71f054c98f720dfabdc65786d5d13

SHA512
7b3c4ce6574b36bf0d4e05bba1063798b525744fdb37b28ad6fc78456ef7d704677795ae4dd0d0eda0954d15b3776395fa931abf82dd4b64583c360dd9916f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
24f4e4bb1c316287117777ef40125b09

SHA1
0a668fffacd517b1d3794e5133059597012cfce6

SHA256
072b3e89f6bfe79cb7fbb1001339adec0b203fe6a54e20fe873817507a9804cc

SHA512
bce3cdfb14f7bce64e882e7fda94eb63965713b8c7c56a7824981e1d47e133619a16594c8020f124b057fd71c73736fdeb8a5e17297d12be1e96ce4481569059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ede489350d502fe9d6b7266d53b61fb3

SHA1
a96c26f55f26dc31acdf4a5b708e01eb1e4a7c05

SHA256
8817135840b452e8ab6fb8c93f692dd99133c513845c85daf9881f6f542fbe83

SHA512
56e10aca9fe8683cdc1f59d7e34aa722b92b68ee15b5d716c94d9cab7a7e52511c1417f05e1d22d2514d880958d4a429eb2e46de4dceee640d8ecc862b6d30bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c1bf72b02e0a4d8d4bb5a31d814f0926

SHA1
c7f809c15169a8553c11d3565d6a2d6305582aec

SHA256
8f46cbd665a7cf1d54fd8317f4f4579b596672e51fb8a6b9b83bc24e6a973c82

SHA512
954d99930dba4798695f58e49625d7630551a71459fc038c8daa9a01d396d390a6fae7552b5bb623950bee3c8eb80fffc6d659b348c2e608fdbb31a6d7f6570c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
82b8dc21a514e1297daa102160b19c00

SHA1
f8db2e9b60b06f9ec456804b5f7c71e7fce2e6ee

SHA256
7c140f06433939a4c9bac78e387daf5758a2bcec5092f3a36a9d3fe71e38309a

SHA512
5967794652f69a024f08e469ab6a9c3bdfd2aca05e58ac5a59f57d43ed969a181358a04975acc893f027750975bcb937574f2fa131fd4fcf912b9b15da633b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
52c9485a48ac92d345d0b0ec96d6f348

SHA1
0208e7c7f6765616cebfebab18e8a2d351e4e9e3

SHA256
0d1864519121ac9d66cc241bf6d306fc8397fc1bb7a53546ff3a18facf2e6999

SHA512
7a8ee73dbb8a7285e4fae53c9dc797033e262ded93c57c531e2b08e8e09ac4e28e8ec8c43aeb0b5d21572b3df31ca894ee02d1acf15b45aec9cece1e8af9a850

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
20a3a776657d9290848440f3acd56c08

SHA1
0ce2f129eb844167cbc3e66e4b244308fc98893e

SHA256
92d7faa7bbb2f1f7b1c4fe29a4446749df5a59b4f986afe2f35f2d55e6e6b25d

SHA512
f34db5d64f743960d43f38fd82b5d554e2cfead3d500b9538da243b09734148da79f692755ddff21643b185d956e8d921ad2b9fdb87ffe23840805cbf5399a9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cd2973ea6f7f45e5c7f58bdc542cc0da

SHA1
d6a0689f10b6f60f40cfabfb9512683bf26366f9

SHA256
055585c873f2169c07764cf7e776064545751f1c82cd2e22f658e83b37a777bc

SHA512
08cc31520fe4df75f7051634a14e765362ad12978c7a42a77f26b349b5d85501aad5f953c0b739c820bb58792bb167a6c1c8094661383e2059b7c539b9c619b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
e8a8036d1a0b305da467f0bafc874f77

SHA1
98d9ee7c12b56a509a484b7ae43523922ece69bb

SHA256
1d1dc688a208ef7fd6fcb2e636e4a9db32da38482b109efac80c6337eae74b62

SHA512
6fbed6d44838b91aeab5ba5c8c12c61983bc4173740f0aaa68859719ae85dba2afb758d993fdb635778c3b9026dbac036c446fa5310b96e2478ef269ff959d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2b24ae6e0d14ece72d49ba067f31f37a

SHA1
665cd275b7b3a69d7a9574e52d0aadb08f032914

SHA256
8f50fe57b2b6d25c8b8564ee658894e0a528a0b58a91d23a159ae78ca4afcc2c

SHA512
e3cb02021e8edb4535f270353c7ae458181c9abfc40c83a5883a4a43a25d6f2d2c4ba31c947e982480a34e592abf5e3cb9bad823a8f356ed059dc7ad2acde4f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
0ba055f378766297fc72188dc496fbdb

SHA1
668a8bf5c0bab289476159f9606809ee740b0d75

SHA256
89d01725e8230804126993b89219b898a5525fb367f2ce65d01bc6197388dfd2

SHA512
0e45b17d8409ca041d919ec738bba082f16f1b6e8c4c6f9abb5d5f5ab3de9274006f9381874a3d0ea0becbef016d732cb6e830b0b514b8080ab26c3f218a1d19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ede0e3667db058204a76821fbd2deb27

SHA1
bc154915272de141949ae19a33afdaeb92081a99

SHA256
61c6c045a09d4df07225cf55aa459dbe3d8548cf360c3f4d6992f91ee3330048

SHA512
a27faea3f5cdd1c10e05db1e2a3d335ef5ffdee6f9a84a5c55fb6c0564ec0236f76c04e924092be7d1a7d707efd99b3cc36bf5b2fc1b835d4e6fb7cad4e793d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
e2979586a06c321a43a16be8d5558e31

SHA1
f8790d72e0b8b65378652e96d0d9ccbd2071de3c

SHA256
8cf7bb477d2f702156f754d6295a5deb430ec114b8c7c899de31cb9cf03833de

SHA512
016c96e3f19ae8994923697584a19ea99ccb0ca2900189dee4a7e6675473358cc3431bb5a7777fc4f8ed0351f5b9fbc4a26414026af072e2fba451d3049cb3d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d4025a77-c29d-4939-b70d-d1857e8c86f0.tmp

Filesize
12KB

MD5
65136e90b2dbf516df68b64ca87426c2

SHA1
e4843224bed266478bef3e35814b49558b5dbd67

SHA256
89104688f4b079a1c644e916bcd6cbc0eda2d339080567fe190353eb289f8de8

SHA512
07da2e1483f5001ad9316ab3c972b46c981b18fdda0595e042efa01df1f87c20f958d2acc7103766b1df89d29bfc55cf0da7b6ed1db140d163ed9161808893af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\d663f4a6-f3ed-484d-965b-8647fb2e55e6.tmp

Filesize
12KB

MD5
9d030df002907be9ee7399e252390be1

SHA1
f496db9eacd65029bd9f5e4de9fa87cb66c8c1f7

SHA256
a81432d13347498dd5b9175cd5491c89bad6c3a04108fa39a58260f06b0c742b

SHA512
23efc88a48ef20db074e3566609e72d88327f7e0ff30eace93b488c77251b45d5fb95d4fca9a0899c96140b820794680d59658690215304447a5192e8ec8c1f2

Download Submit
C:\Users\Admin\Downloads\Memz Clean.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 690395.crdownload

Filesize
9KB

MD5
bbae81b88416d8fba76dd3145a831d19

SHA1
42fa0e1b90ad49f66d4ab96c8cca02f81248da8b

SHA256
5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c

SHA512
f03ac63bbb504cb53dc896c2bec8666257034b1c4a5827a4ad75c434af05f1cd631a814cc8689e60210e4ca757e61390db8d222f05bf9f3a0fa7026bdf8c4368

Download Submit
C:\Users\Admin\Downloads\x

Filesize
4KB

MD5
20e335859ff991575cf1ddf538e5817c

SHA1
1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee

SHA256
88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf

SHA512
012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

Download Submit
C:\Users\Admin\Downloads\x

Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Users\Admin\Downloads\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\Downloads\z.zip

Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Windows\Logs\PBR\ResetSession.xml

Filesize
7KB

MD5
fe6df03970f2e7e69e7f50aaf6dcf656

SHA1
bd05531240615b89251d392da342c5af777e84e8

SHA256
341c355030cae684d3f945a08fb39982fdacb970cef5a25d9798ed7d7d215032

SHA512
989d048b8207093610643250a605b8b0208d443d98657036b668cc4e5ae36cac05c889e38f0c35bc75effdeb7ee87378afe22be96a7455948fdba0d7c191abc2

Download Submit
C:\Windows\Logs\PBR\SessionID.xml

Filesize
106B

MD5
5b022b2850f384f1835a1f152c716d48

SHA1
b60de26595adce15ca6d77f10aa7add058e5d19b

SHA256
1e73b95b50697ca0ffb00d68b44144b193d190f0afe29c3bcdd548b2494b9d0b

SHA512
ecf7ac80dfae386e72797db6a9a07ae6307be9d9a4ee2a1ed3fcca167869340d1723e8569ddb37ba7c12f2c6051775dbea3ce719af0147621c50735874bd45b1

Download Submit
C:\Windows\Logs\PBR\WinRE\bootstat.dat

Filesize
66KB

MD5
3c08dea20e350ea34f7309e856576428

SHA1
d7a048ccc07b4d16afc4d778d5601a067fb151b9

SHA256
b7bbc3f2463000f52eadcce2e262512dc79bbbb3355c62c734f18db57e0fba82

SHA512
1c1cdd554cbf98dcb7358808cfa2682bd09a596e24a3708ab73e379e5f8ae7dc394b8e88824589327e2f67487ca19dacba9e3288993e2e92463dc32aaef67f9d

Download Submit
C:\Windows\Panther\UnattendGC\diagerr.xml

Filesize
9KB

MD5
93b1c083aa69bbf9f65e21e32512c001

SHA1
8caa143b5d058f20c4489add4c42668ed1213bb7

SHA256
0336f4900b861f5a416eb2b391a7032306b6ef78b3bb4da7915cbddf5ee45bbf

SHA512
b076b6f2d79be6b7ec16a9722bf3a63f6d200fc06a967b6318ebd3304444e5d3d1e86689a9705fee7f140279b60e5e917d0fe4c65c31dc5b359a7214afb47172

Download Submit
C:\Windows\Panther\UnattendGC\diagwrn.xml

Filesize
13KB

MD5
ddb3068996b4536252a1c04080d8447e

SHA1
cf2d16dfcc40753a0320c28ca8666492aa9a1cce

SHA256
21dee0a68ee5186696b9eb05c3ef83fd175009fa9201b11d08c6025543273dde

SHA512
2de17a62f08293b9ea202cf67d5c0bad3b807cc42696ae49acdb7b1ba35cf6d77bd36d5c93a231459c98ee425b744204aeeffcf8c66025766a550d3077483657

Download Submit
C:\Windows\System32\Recovery\ReAgent.xml

Filesize
1KB

MD5
275b5166ab61c0ae3730635dfcb0fc8a

SHA1
9d03ba9011f7dafed3e92425a2eb38886b534581

SHA256
4b7e822e5df5c10d8b821c726a9859bbcfa688e4071994c0f5b5270b0d9f719f

SHA512
07d8aaec6fdd9162c6ca97bdc2c2f542c56003271b2b2cec321adb03c206f5f09c2853ed19b68c29f3a7144664fbf9e73d19b25c2dc3c3193dc26d858b9f8a95

Download Submit
memory/5572-2677-0x0000027F5D420000-0x0000027F5D421000-memory.dmp

Filesize
4KB

Download
memory/5572-2674-0x0000027F5D380000-0x0000027F5D381000-memory.dmp

Filesize
4KB

Download
memory/5572-2659-0x0000027F54770000-0x0000027F54780000-memory.dmp

Filesize
64KB

Download
memory/5572-2672-0x0000027F5D380000-0x0000027F5D381000-memory.dmp

Filesize
4KB

Download
memory/5572-2670-0x0000027F5D300000-0x0000027F5D301000-memory.dmp

Filesize
4KB

Download
memory/5572-2663-0x0000027F547B0000-0x0000027F547C0000-memory.dmp

Filesize
64KB

Download
memory/5572-2678-0x0000027F5D420000-0x0000027F5D421000-memory.dmp

Filesize
4KB

Download
memory/5572-2675-0x0000027F5D410000-0x0000027F5D411000-memory.dmp

Filesize
4KB

Download
memory/5572-2676-0x0000027F5D410000-0x0000027F5D411000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads