5b1bcbd8ac2497503833493c6566df7417202975968edd0825ca77aefc9b26fb

Analysis

max time kernel
1523s
max time network
1807s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
26-04-2024 20:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

windows-malware-master/MEMZ/Geometry dash auto speedhack.bat
Size

13KB
MD5

63c6ec6b042bcb00d2d832c0e4f25dca
SHA1

a904a7c3fc89ff497e91384a63db3282e00d31ce
SHA256

dae968f47476ef79b122e771ccd0a2bacde2ac3535f68047239682fefa3dfe50
SHA512

1454cd79a59f0603ae083abb7f3b1438e18c7858ab04dfc3df1a725cee72be48274c289d5c0a44ce415f4bdf8a2c316312453862381fdbf0f4af97a62234e41a
SSDEEP

192:E7N3ODNPiwc205VjF+Ijytxd+7yxpVtLoTKihWn5hhHxGtHfzf+H/0Nz6hcbXR:E85qwc35O1+7y/LphxxGtHAhubXR

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

MEMZ.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation MEMZ.exe
Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

3460 MEMZ.exe
2724 MEMZ.exe
4104 MEMZ.exe
4052 MEMZ.exe
4408 MEMZ.exe
932 MEMZ.exe
4572 MEMZ.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Control Panel\International\Geo\Nation	MEMZ.exe

pid	process
3460	MEMZ.exe
2724	MEMZ.exe
4104	MEMZ.exe
4052	MEMZ.exe
4408	MEMZ.exe
932	MEMZ.exe
4572	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 2 IoCs

Processes:

mmc.exemmc.exe

description	ioc	process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 64 IoCs

Processes:

mmc.exemspaint.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exemspaint.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeTaskmgr.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exemspaint.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exemspaint.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\ramdisk.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	Taskmgr.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 43 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mmc.exemmc.exeTaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_QEMU&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\vice.com\Total = "51572"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.vice.com\ = "10"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9acee35c1d98da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "62572"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 7d0aa70a1f98da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$MediaWiki	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e70654de1d98da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.vice.com\ = "4897"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d77d2b081e98da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 0a6ebf9e1e98da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9f7e22041d98da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "51817"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = a60400c11d98da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "4967"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = f0ea51c51b98da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "51915"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\Certificates	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 00cb354e1e98da01	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.youtube.com\ = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe

Runs regedit.exe 7 IoCs

Processes:

regedit.exeregedit.exeregedit.exeregedit.exeregedit.exeregedit.exeregedit.exe

pid process

21772 regedit.exe
8340 regedit.exe
9192 regedit.exe
11144 regedit.exe
12440 regedit.exe
15624 regedit.exe
17576 regedit.exe

pid	process
21772	regedit.exe
8340	regedit.exe
9192	regedit.exe
11144	regedit.exe
12440	regedit.exe
15624	regedit.exe
17576	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2724	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
932	MEMZ.exe
4104	MEMZ.exe
932	MEMZ.exe
4104	MEMZ.exe
4408	MEMZ.exe
4408	MEMZ.exe
4104	MEMZ.exe
932	MEMZ.exe
4104	MEMZ.exe
932	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
932	MEMZ.exe
4104	MEMZ.exe
932	MEMZ.exe
4104	MEMZ.exe
4408	MEMZ.exe
4408	MEMZ.exe
4408	MEMZ.exe
4104	MEMZ.exe
4408	MEMZ.exe
4104	MEMZ.exe
932	MEMZ.exe
932	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
932	MEMZ.exe
932	MEMZ.exe
4104	MEMZ.exe
4104	MEMZ.exe
4408	MEMZ.exe
4408	MEMZ.exe
4408	MEMZ.exe
4104	MEMZ.exe
4408	MEMZ.exe
4104	MEMZ.exe
932	MEMZ.exe
4052	MEMZ.exe
932	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe
2724	MEMZ.exe
4052	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 7 IoCs

Processes:

mmc.exemmc.exeMEMZ.exeregedit.exemmc.exeTaskmgr.exeMicrosoftEdge.exe

pid process

4496 mmc.exe
3624 mmc.exe
4572 MEMZ.exe
8340 regedit.exe
10620 mmc.exe
14332 Taskmgr.exe
2640 MicrosoftEdge.exe

pid	process
4496	mmc.exe
3624	mmc.exe
4572	MEMZ.exe
8340	regedit.exe
10620	mmc.exe
14332	Taskmgr.exe
2640	MicrosoftEdge.exe

Suspicious behavior: MapViewOfSection 64 IoCs

Processes:

MicrosoftEdgeCP.exe

pid	process
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe

Suspicious behavior: SetClipboardViewer 5 IoCs

Processes:

mmc.exemmc.exemmc.exemmc.exemmc.exe

pid process

3624 mmc.exe
10620 mmc.exe
14592 mmc.exe
18552 mmc.exe
19116 mmc.exe

pid	process
3624	mmc.exe
10620	mmc.exe
14592	mmc.exe
18552	mmc.exe
19116	mmc.exe

Suspicious use of AdjustPrivilegeToken 41 IoCs

Processes:

MicrosoftEdgeCP.exemmc.exeAUDIODG.EXEmmc.exemmc.exeTaskmgr.exemmc.exemmc.exemmc.exe

description	pid	process
Token: SeDebugPrivilege	4744	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4744	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4744	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4744	MicrosoftEdgeCP.exe
Token: 33	4496	mmc.exe
Token: SeIncBasePriorityPrivilege	4496	mmc.exe
Token: 33	4496	mmc.exe
Token: SeIncBasePriorityPrivilege	4496	mmc.exe
Token: 33	1772	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1772	AUDIODG.EXE
Token: 33	3624	mmc.exe
Token: SeIncBasePriorityPrivilege	3624	mmc.exe
Token: 33	3624	mmc.exe
Token: SeIncBasePriorityPrivilege	3624	mmc.exe
Token: 33	3624	mmc.exe
Token: SeIncBasePriorityPrivilege	3624	mmc.exe
Token: 33	10620	mmc.exe
Token: SeIncBasePriorityPrivilege	10620	mmc.exe
Token: 33	10620	mmc.exe
Token: SeIncBasePriorityPrivilege	10620	mmc.exe
Token: 33	10620	mmc.exe
Token: SeIncBasePriorityPrivilege	10620	mmc.exe
Token: SeDebugPrivilege	14332	Taskmgr.exe
Token: SeSystemProfilePrivilege	14332	Taskmgr.exe
Token: SeCreateGlobalPrivilege	14332	Taskmgr.exe
Token: 33	14592	mmc.exe
Token: SeIncBasePriorityPrivilege	14592	mmc.exe
Token: 33	14592	mmc.exe
Token: SeIncBasePriorityPrivilege	14592	mmc.exe
Token: 33	18552	mmc.exe
Token: SeIncBasePriorityPrivilege	18552	mmc.exe
Token: 33	18552	mmc.exe
Token: SeIncBasePriorityPrivilege	18552	mmc.exe
Token: 33	18552	mmc.exe
Token: SeIncBasePriorityPrivilege	18552	mmc.exe
Token: 33	19116	mmc.exe
Token: SeIncBasePriorityPrivilege	19116	mmc.exe
Token: 33	19116	mmc.exe
Token: SeIncBasePriorityPrivilege	19116	mmc.exe
Token: 33	19116	mmc.exe
Token: SeIncBasePriorityPrivilege	19116	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

Taskmgr.exe

pid	process
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

Taskmgr.exe

pid	process
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe
14332	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MEMZ.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exemmc.exemmc.exemmc.exemmc.exemspaint.exeOpenWith.exeOpenWith.exeOpenWith.exe

pid	process
4572	MEMZ.exe
2640	MicrosoftEdge.exe
4684	MicrosoftEdgeCP.exe
4744	MicrosoftEdgeCP.exe
4684	MicrosoftEdgeCP.exe
3436	mmc.exe
4496	mmc.exe
4496	mmc.exe
4572	MEMZ.exe
4572	MEMZ.exe
2304	mmc.exe
3624	mmc.exe
3624	mmc.exe
4572	MEMZ.exe
4572	MEMZ.exe
6012	mspaint.exe
6012	mspaint.exe
6012	mspaint.exe
6012	mspaint.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
7372	OpenWith.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
7992	OpenWith.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
9168	OpenWith.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe
4572	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeMEMZ.exeMEMZ.exeMicrosoftEdgeCP.exemmc.exe

description	pid	process	target process
PID 1212 wrote to memory of 5052	1212	cmd.exe	cscript.exe
PID 1212 wrote to memory of 5052	1212	cmd.exe	cscript.exe
PID 1212 wrote to memory of 3460	1212	cmd.exe	MEMZ.exe
PID 1212 wrote to memory of 3460	1212	cmd.exe	MEMZ.exe
PID 1212 wrote to memory of 3460	1212	cmd.exe	MEMZ.exe
PID 3460 wrote to memory of 2724	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 2724	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 2724	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4052	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4052	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4052	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4104	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4104	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4104	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 932	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 932	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 932	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4408	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4408	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4408	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4572	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4572	3460	MEMZ.exe	MEMZ.exe
PID 3460 wrote to memory of 4572	3460	MEMZ.exe	MEMZ.exe
PID 4572 wrote to memory of 2600	4572	MEMZ.exe	notepad.exe
PID 4572 wrote to memory of 2600	4572	MEMZ.exe	notepad.exe
PID 4572 wrote to memory of 2600	4572	MEMZ.exe	notepad.exe
PID 4684 wrote to memory of 1480	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1480	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1480	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1480	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1480	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1480	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4572 wrote to memory of 3436	4572	MEMZ.exe	mmc.exe
PID 4572 wrote to memory of 3436	4572	MEMZ.exe	mmc.exe
PID 4572 wrote to memory of 3436	4572	MEMZ.exe	mmc.exe
PID 3436 wrote to memory of 4496	3436	mmc.exe	mmc.exe
PID 3436 wrote to memory of 4496	3436	mmc.exe	mmc.exe
PID 4572 wrote to memory of 3244	4572	MEMZ.exe	notepad.exe
PID 4572 wrote to memory of 3244	4572	MEMZ.exe	notepad.exe
PID 4572 wrote to memory of 3244	4572	MEMZ.exe	notepad.exe
PID 4684 wrote to memory of 3656	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 3656	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 3656	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 3656	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 3656	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 3656	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1204	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1204	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1204	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1204	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1204	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1204	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 2952	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 2952	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 2952	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 2952	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 2952	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 2952	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1092	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1092	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1092	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1092	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1092	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe
PID 4684 wrote to memory of 1092	4684	MicrosoftEdgeCP.exe	MicrosoftEdgeCP.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\Geometry dash auto speedhack.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1212

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
PID:5052

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3460

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2724

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4052

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4104

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:932

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4408

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4572

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:2600

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3436

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4496

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:3244

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:1400

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:2304

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3624

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:6012

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:6936

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:7660

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:7332

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
4⤵
PID:7368

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:8876

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:8200

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:8340

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:8196

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:8960

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:9192

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:848

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:10644

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
PID:10296

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:9304

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:10620

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
PID:11132

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:11144

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:11944

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:11388

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
5⤵
PID:11456

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
4⤵
PID:14232

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:14332

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
PID:14224

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:12440

C:\Windows\SysWOW64\control.exe
"C:\Windows\System32\control.exe"
4⤵
PID:15164

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
PID:15040

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
PID:15044

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
- Drops file in System32 directory
- Checks SCSI registry key(s)
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:14592

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:15624

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:15484

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:18044

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
PID:17856

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
- Drops file in Windows directory
PID:17824

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:17576

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:19124

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:19344

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:19188

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:19440

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:18500

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:18552

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:19120

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
PID:19116

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:20236

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:7144

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
4⤵
PID:7732

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
PID:21008

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
4⤵
PID:5672

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
PID:21772

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
PID:22232

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
PID:19980

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:15312

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
4⤵
PID:18520

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
PID:22644

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:22748

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
PID:23140

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
PID:23480

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
4⤵
PID:24500

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:23740

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2640

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:3888

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4684

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4744

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1480

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1552

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:3656

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1204

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1772

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:1364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2952

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1092

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:2248

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5364

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6080

\??\c:\windows\system32\svchost.exe
c:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService
1⤵
PID:5148

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5644

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5344

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:5860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6956

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6456

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:6756

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6952

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6536

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:8008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7580

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:7372

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7892

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:7520

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:7448

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:8964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8356

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:7992

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:6524

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8200

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:9208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:8656

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:9168

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9160

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9496

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:9984

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1040

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9856

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:704

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:9848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10156

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:9356

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:1840

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9816

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:10680

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:10984

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10488

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:10400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10840

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:11216

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10804

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10780

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:11560

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:12044

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11448

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12200

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:11976

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11648

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:11436

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:11396

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12744

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:13192

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:12928

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:11692

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12880

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13100

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:13400

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14144

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14288

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13204

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14704

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:14420

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:15280

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15116

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:15796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:16284

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15632

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:16136

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:15512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:14540

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:15964

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15944

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:15580

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:14468

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:16772

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:17224

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:17088

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:16292

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:16864

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:17404

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:17584

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:18080

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:18324

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:18172

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:17916

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4184

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:17308

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:16072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:15408

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:18736

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:18584

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:19016

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:17592

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:18704

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:19656

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:9744

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:12444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:11796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:13208

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:14868

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:17432

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:6412

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
PID:14800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:3616

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:15608

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:4444

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:14644

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:20644

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:21072

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:10512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:21368

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:9832

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:19352

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:20276

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:21976

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:22376

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:21848

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:20008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:21800

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:19512

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:5664

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:21796

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:22776

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
PID:23204

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
PID:23784

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\B4U56X23\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\wcp-consent[1].js
Filesize
272KB

MD5
5f524e20ce61f542125454baf867c47b

SHA1
7e9834fd30dcfd27532ce79165344a438c31d78b

SHA256
c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

SHA512
224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\get_site_data[2].txt
Filesize
200B

MD5
1bb570d9a05cf0e3fa675fbc88f8c2ce

SHA1
ad7aa8439ac486c8aa96319e3bf81af6eda41802

SHA256
651da516ef90c679e51baf59036c29ae6d6387bbc766065b4d7c1bba724de2e5

SHA512
356294e22c4093157bbc4a3d0a6f6670b05b85d6551f0bbd3b00631a5f672f5815336c49d2eb7c2837fb698859c3335953607c13c854454e03854be0ae0381e6

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\iframe_api[2].js
Filesize
1KB

MD5
dbe7f04e69a669b4c6004d9c3e1facbd

SHA1
011fe0912e41e6805b2fbb8ea97f167c321ca413

SHA256
58b5dc860e534eea49f5699b8c57c053ce73458f9d39b6b8697756ea71448fbe

SHA512
9f084847d458bbff5ef7d7fe0a748458e86ad1ce39b8379447693788e99dacee9824d214c601d057b7c73bfa1497586723d0daaa7632d6808b3d6fdadc178995

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\savedusers[1].htm
Filesize
3KB

MD5
d1aa658e556f3cd3717195b83f0ca8c7

SHA1
fd258ec5c8613d7bd81343f8759cd7fb8f67250b

SHA256
dcaa484bd8f5f93d1d0274114fb57e07ad22ae4360214e0426ad6d2b87b52476

SHA512
13ff997fbb6b24ffda1f03b0b090dbf8bb4cbb2ac21353105473f054627e02850e995b4ede47b6ed31ac5cff2fe153adb44e67eb2f24661c795011597b65c6e8

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\76H3E016\www.vice[1].xml
Filesize
7KB

MD5
e5b2f1480e61ca72b0bc4648be48d047

SHA1
67c97ea50555183cae7cb30ed407f2f38a028ab2

SHA256
9e5c26f92ebfeba2292a9af07d00dc85a96dda59b26eb882e80c448cf6459c8b

SHA512
ab875b31767cd86f3c83d87251913c7fc37620fefffed6c1e72e75ea63280578b90dc4c63e1073f51cbb0f96ab9c4e832c4837f2bfeaabfb641db01ccfc7ce05

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
228B

MD5
5b75b0173312add92d08961aaa9f2ab7

SHA1
44ffc96671f93a7f8b6943cb853c24edadd64d64

SHA256
504dffad6de3e942cfa0ec1929258bc48d0e820ed271d5472a4f2295474d97d9

SHA512
cba773b55acd6dcc3f48eef9f5e9244e835aff7d1f7d144cff3135057c127949879e047d3d7bf6d503fff6f886ebe487ac4e6b68baa0c18655780ebcc9887570

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
446B

MD5
ea373f5ee9d8f1612eecb39348e34034

SHA1
8e019adda07b4965c9c66b6308996fd53dfa7287

SHA256
9f7ade99dd3e57f5deec5467b1f8fcd2965fde8c9ff33727e4e6a5e304e85540

SHA512
c88c980bdf4e9b286c34a3fdaad9f514ff98f9925934a5cee7dcd5fa0098a34603a6397d10e5f05ba1a47484b25158ebb4c98b44bd34cb124a9ed8017d8b73b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
16KB

MD5
f3cedba754eabfd48c365b02a3e766a3

SHA1
aa0bc8664a10dfba455b6e562170b4ebaf882f26

SHA256
2f4cd8dfe31426d252f1d429b88156cb3357b6054d6b1932d510379b83b50534

SHA512
4983ca181de405f49ef23e197eb36a8a458b9ecf52bd5848b3f0a7b8b82c3ce4a318d1eca5ef78bd9e0594c645663fb84701ceccde7281d527434d501b11cdb9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
985B

MD5
0d7122a53a2f84b3044ad3808ba74cad

SHA1
ded840ad61bfcdca04990fc60bbe638c5fdb3265

SHA256
643f602ecb1a26fe596f996a823d21d8ff6d3144bb35b919b6e89645baff39ea

SHA512
dc099475b4391593dfe6593eefd331f4181a4f0ea5def4a15bf37c60341ef349a2093b39c21c90a52bb8bf93dadc04256449fe92e593c9383dd50a622faf5095

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
985B

MD5
b1dfec829e970847f1aa4f5824f5fb0f

SHA1
6c0d3ef1a24a7827a40115f586f971549fe39536

SHA256
eb3d1aa5065f5d5f2156dd4e6e6db733bdaa41f42e0017c7fc0ae5d9f88216b0

SHA512
06d541235bc0d70dc22d180fee2426b44345f4e95c57919d147b51ce0c65a4b2afae3c6136762550a30d3e1b5d841ab3df77ce603a59a93715f22931bbf4f569

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
985B

MD5
e5cea7b814a68a3e9431d6b1298f3533

SHA1
8d9bb5134045c8eecc1145f72fdf8f18f2060ea2

SHA256
7921dd5f6e64d6ac0058f8ab7a1a55c7b7808c1ee8ae836e527d26f34ed2e780

SHA512
098e82bf115883057bb8f84a57a2624ec6d13b7af85c04cbf6e9a1d17bf630a648f26cdb90447e48234268589d7768d95bc22ece05bfcb9641a8f5ed4f84de6f

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
985B

MD5
1b315c6d637d057f1e75e09829a1b8c1

SHA1
4dfb3124e95c924c8c130a4a8863f92400358401

SHA256
5fcec48f62e1ab9062bd136a9db6f01b73ca6949a32791a929f12e87cec953a2

SHA512
f0f9054ba8df0a21df40822af8fb65ef83959c009553134b7ce44772930f0c3525dabe8f742efd1b72d587b0dc8a919f44ca2d08b2744b1b236301edcb07d870

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
986B

MD5
b1701c34cec47f9ae88257bf098fa103

SHA1
4cb442630160de515f1dcec7d7f953eb7927e27e

SHA256
84000587cf09a6baa0801b3cd60daf56003d49934537db326fb3fc12f347bc21

SHA512
01b57f6831fe11500eed5478ae28ce8641b43c858da99b16a4961264270e4dd9662f435dbba942e7d3ac401990c1e7a829bd8527b7afb2e703484224ce8d96a3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
16KB

MD5
84765597742ae29bded66e1e716dea53

SHA1
e23e28f1de2421288075157e6d1d7ea004b9fdbe

SHA256
670a2b9c18bf45a5d357b9ba0b581539c43b8713d9e463629bf21511d13e1faf

SHA512
e8eca2cfaca8f36cf7fcd870b95fe94d372fa9ab8ee75a8db97a9a41c7330d0343db2eb09e24e4c661cf099fa31e0384075518caa3371c731d4e14c63ef67024

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
989B

MD5
478e1208947d604adb165b57cd16d244

SHA1
58812e13df4acb846b3a344731157fbd20fb1231

SHA256
7013b32a18d9f1c83d03525be724551b7f63c745a34f534c720f806fd7ee86c7

SHA512
39df4ee27688d08687aaf7627e165132db8b96a4d19f1de5a0514e6192e36171af02adf6e811c3f8f7c3c8d3bace0da1801d70af7583a6777b06fcdf3802a8de

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
989B

MD5
9f77d0c03e49346b04bd0952261ed097

SHA1
a7e92feec2b6665c9962a67bf1f51c4d525191e7

SHA256
796ecd69780b06aa57daf8c7250902b4bd5f9a1cd685761c958ae8d366525044

SHA512
f19b1b1bf1de8bd543968d875461f0211346292a8ea8d48412e8f8c6a23f71f1d76f68b593967051bb8a7f138b56d219b2b7a02c5c7fab015eb8a573cb5280e3

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
989B

MD5
48307371082ea9685f231e709e63e913

SHA1
204b6cf5fe39d5b4532d16a5c322b5083c913ecd

SHA256
94c3b3c2fd66473a18952a407058da8caf3b4ee608468973bc06881a69974757

SHA512
420d7e6c3b46f90fb58566d09356a03ac358739308340581d71e7f82c1c6e4924a31927662a0852dbf23c2a8d0844fd0a1ee3f20235d9303d4117a687fa86787

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
988B

MD5
6dca7ea9a6c78e212d1b2b9bbde3574b

SHA1
5b3a437300a07900a024fc992452db18f2062508

SHA256
cffb19c279b0a26cab92695f1dcfdef8b32e0bb1ae1b109af7998d564234042b

SHA512
e7c80b8b7e4565e78b87a3945d528116e3be46e1b9e399fb3652f1ca7ebb1e1fdfd0f70ba54b05b0fa9703e41d88bddfe5475e492679b959dfeeb41642437e15

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
986B

MD5
ab0d6ec91c6f86c1ccabac56eb8d2921

SHA1
76814052cabf5fcd86e5bb87585604fe8ca4f9da

SHA256
6aa2672404065c7c761f62ed5ae79316bde1ccb70cf8c20249629f8da238999f

SHA512
a4849e5a15b1f4a3595598df9ff87ae910d413d3f2ad348a35d07646bd899e64a7a0cc0e98370f7cc5557735dd7529665bcb6374b057faa66faaa68d32689df1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
17KB

MD5
47ab0f7e95a4ad3cb43c2882802795cc

SHA1
714cc064d035878a039d2b46b367ad7b38055167

SHA256
3d6209084061c56e706bccc562f38ef903c6d104603178497c8c58bbd9693218

SHA512
620f0a0a969b980d191a822125c4be67a31d5b7ec96a6e50f2cbc0ba0c4fd5617a7fcce73b740c93a3f9982c29d63b9d12ca2eeeabbb577231878784c09e84b1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\N6BTEAVR\www.youtube[1].xml
Filesize
985B

MD5
c9e7cc209fb0cdc65c4eae2f453e0bac

SHA1
f201c6e92b6d6c9c388a5899f460c012bca7e02e

SHA256
798bca560acd3d66e902a6ff30bb8b1e6d5054f35c5338378659db33df8a5247

SHA512
f011bb70ef8d828da1f7059bc73db4d00347845b08f9a7f1c5824a86e1f326977f1c6ec9a140095e29a583e162bee49e176345b369d7ed5445102ba0345a334a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\QFT3UYEA\answers.microsoft[1].xml
Filesize
13B

MD5
c1ddea3ef6bbef3e7060a1a9ad89e4c5

SHA1
35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

SHA256
b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

SHA512
6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3BHWYYDD\b80692[1].ico
Filesize
1KB

MD5
ac0cd867e03ed914827807d4715bdfe7

SHA1
4051a8c23756c10d9cc00fcde6f7215c780fdf6f

SHA256
b50546da121186fbffd2aec430249cb21c7c2e2c85e561a393a9df9abfc4477c

SHA512
fa11d1d76c39719c218b4ffa34de8dd44d398bdcbb236a666f0be6eeee96bcbe4da9ac65a89441ad284c0de21788c135dc4fd21f6f82c7039f00c8a7c705c8e2

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\3BHWYYDD\favicon[1].ico
Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\9LCNOLQH\coast-228x228[1].png
Filesize
5KB

MD5
b17926bfca4f7d534be63b7b48aa8d44

SHA1
baa8dbac0587dccdd18516fa7ed789f886c42114

SHA256
885cf4c748081f6e569c4c5432249084eded544d55f7c85cf47ec1aebe6bdcd6

SHA512
a99269cc3c0af6a291e5373c4e488eaa3900e66bc3342933da3a18caff5401a4408aa1cb4463fac649c3cc5d88773f789fb120e292ed956188f1f5eda8ca7633

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GJH6VGN2\favicon[1].ico
Filesize
4KB

MD5
b939aee911231447cbd2e3ff044b3cce

SHA1
0f79060358bea92b93ded65860ffbc9ecae3dc14

SHA256
f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c

SHA512
8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\GJH6VGN2\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\f4ynqhj\imagestore.dat
Filesize
20KB

MD5
af274a7b8505d8d1348642719185094b

SHA1
0ae567cf924c3ea5a0cfe288068e462b69bf57df

SHA256
e8efe8663c321f8b6aaccb822f7d30611bb34a330ed2d90e27e90bba09fb8316

SHA512
73f23c314658ea0b1b21b92ebbca1b6f90eeca7c5d23c8f858050445c5d6a0a7de5db05d92f99d9cc3ebf2b11fb0f032f140c8a189f9db37ff8b214dd22559f6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\avast-Avast_Symbol_V2_Positive_Orange_256x256[1].png
Filesize
2KB

MD5
06d2b62f46d039cff41e8923f130b871

SHA1
86449566cf477703e083edc919741ea9acbc1fd0

SHA256
2dce3035cfadf3932bd8bd977f5d9c11e1e49df39092c4de36968fbbf0d81a04

SHA512
be7e08b0bcc1efa6dcd4adbe1fccda3c8008ab480d395eb5eb36d5382654e84f3cd70c698298f703c8ab3f803e596376179bdd5dc40ee50d52e438b505d628d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\capcut-logo[1]
Filesize
734B

MD5
2d13ac4bf00951a5082a9279a196b1f2

SHA1
7bd338b85643772ced36f883b3204f4b9a1fcb80

SHA256
9072bf9109de0a2dba428cef314d89aa2780cd58b9004c63368f1850fff1baf4

SHA512
9b57366294e026bb188a9e010893f020e0eacd82470956b8d582d8eb0d99594c24384a89fcdd980496949fa78c4629de394afd6cd05ae45046d16b7f67e96b00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\cheatsheet-mac-logo[1].png
Filesize
1KB

MD5
6d68219e6d77563722df3b6121b89d98

SHA1
310452f6121a158673d1a879796d2578b3155f4e

SHA256
3bc8f3173e78af05e604e136534dbc140cd9fed0adcadf31b96b80b7ea0889f4

SHA512
24ecde2db8b2320db0383cf69d49e196375d6e3ef42874bd7a1b5e3f2278644c7875fa0dd328672fb0ea094732ed4b7696d382ac8636b04050c0000023578dcb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\fortnite-Download-Fortnite[1].jpg
Filesize
2KB

MD5
e43956122daec9e91b77485813bfbcf3

SHA1
d594dc531afd7ea6e6b122b0000f69ddecd491b5

SHA256
bbc87f16b408bce6b9b4838395fc1f2b9aacf7f184a2ed6f1895896f47c2dda9

SHA512
486216a90be988a558550a3c4a05b3ece9ed09819cc117e634c95d1fcf1daf64ea7cf170c6d06610fbbdcb17f35c68a0a593af27066c2ffb2fcebe62df7136bd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\garena-free-fire-max-logo[1]
Filesize
3KB

MD5
3ca268726d278da7faf29e035221d2c6

SHA1
9e84b8f20928417b2c1a0393b66fde4db1279624

SHA256
eae9c24b590ede8a019c9962fd88868bb7b49d5d7f2a399afe0ee63d38e1f51d

SHA512
63433285a42bb684d0115e66bad0471742e3d496e32c98f77c30897262f2d7c95c027fa946973cb5e30965b91797513af9d4987e62216cf25e17be69b0eeceb3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\grand-theft-auto-vice-city-Download-Grand-Theft-Auto-Vice-City[1].jpg
Filesize
5KB

MD5
e5af589fc7e2094cab6ef8a3e0dd54ad

SHA1
88760eb071e254c7a15cb129b5afe4016aa6ce7a

SHA256
d03dfc37741562258418cf90c56f4d370f0edca576eaee2cc359020db54d8846

SHA512
b3c5c7f3f3645d5b458c696714ca2348a7418ee82f0bac6ba206aa9aab8ddb472c337a368839321be7e8de4e7c86380c90abfbf5095b16a5e0beedf7f606bf61

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\microsoft-word-microsoft_word_2019_16_icon[1].jpg
Filesize
2KB

MD5
c905f9b3a430d1c630dd0d17c455b6bf

SHA1
9e8f81ef1040f10bc88298ad89ac1fe1c3503d9f

SHA256
1f7bbb9b576c481dfeb2116f9a32b90c4e0f19ff1504294ab2af1b4662058d3c

SHA512
df55113b8bfc0fdae41303c33b29087ae1a35f01d569e9c7a140b0f652caf1bd86501f976c974a6d6e499e8ed64d6c4b5d47aef332971b6636c7a39cd9fdb11c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\netflix-Download-Netflix[1].jpg
Filesize
618B

MD5
84d1cb8553c1c400ca8c2edb8d1455fc

SHA1
f89191a2731da84ceda6a5d091b9c2cfe061aa7c

SHA256
829e8d5826bbd062a9162bc21737fcb4f37b58127d970993c1a962abe707cc24

SHA512
a074a4a9f0e73ce5908eec168a713a00cc1ae3f85e543c4eeffa206441e903016bed84c8bbc0ecfc8bf82cfdb0d2e9a91bdd9416257c4ad764c798fa66ac6488

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\soundflower-Download-Soundflower[1].jpg
Filesize
1KB

MD5
108f2470ca0c446a4c533df0829b63b1

SHA1
7e8f8e8e6e07c3c07d8e6c4f400acccb0a95e082

SHA256
dd4195243d64f59b67222af3201d043bc90f25182a9ab12a78633c1733a556ed

SHA512
9f0153067204cd9b1aea937696b9c04bdea8d0dca702e20ba3506f78facafe7148fb8ffea86c8ce49876b20f677f1b08b4d6154994c38f5b748cc9101c784a38

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\sportzfy-Sportzfy-icon[1].jpg
Filesize
1KB

MD5
30ebe15f58002a75f3f8fad7adab32f4

SHA1
6e8bd5da1cc2d1858077adfe982f6759c459c381

SHA256
6da1faf9b4a3d4ad4bb3d1aa1733368611a42db1f4b6d8f44818aaad69a54362

SHA512
591e171decc437559284f5db6dfdea9333e26cba0904090dcda8bd9e11a67733a3096f0a7dd78b9795de1b680da1ba3aad02be716b774be5b17c139e80fbadbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\uc-browser-logo[1]
Filesize
2KB

MD5
77f210a3b90641b0316194a1cf41c104

SHA1
94b37920bcc2c393789879bc7a12506a3673bcee

SHA256
5efd85d54ec4432f8787de06b8c6e92c199919fff3a54262d73f19f4bb386693

SHA512
5a03001f73b67a1d02ff3fd997d0d7dd0228d8def6d63d3da38f7f7922cbefe1a50fb1e71465229f4fac977756e49a8e153411d8e101736acb5c36bbe9555fc6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\KYT8S32O\vidmate-logo[1]
Filesize
2KB

MD5
81fb2be7edf6546119dd34e37e3411b3

SHA1
2c9c76136d951fd2f92f5bc580989b123cb33a04

SHA256
c8e529d03185e5925a7997a1401fdf2b1f33c77b00334b1acaec51fe7390b4c9

SHA512
c9a528e3a8e989d7681b3def1417e2deacdebd6517a3b453792e9e9d5f051c6504b87fe95048132a9b8b2968df167a761aa29e26c416f9a31abde1200506407b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UIRRHESB\Blizzcon-online-1[1].webp
Filesize
16KB

MD5
b2eade93719ef9297d4645c61dea41d4

SHA1
d34076c565307021a37a164c3dbe56851704ebf1

SHA256
1ee17ae6ddc103deaf78e9bb24351ea271739e128f92448914b9e7bead5c08ab

SHA512
c57f052b7e7afe5f480eeb4cb087804eb9e441774ca8f0205ffae792910e79bda56773c0bde652c305d27df15f94527b13b78100188aeb5c4d58a895b94c6ef8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UIRRHESB\facebook-lite-icon[1].jpg
Filesize
632B

MD5
592dd1805a17b50569d3b61b172c7ea5

SHA1
4ca6c9d42202e269da8c9ebafe2934b47095a37d

SHA256
ce4814910adf186cb297cc742ae7102dedbc844e8ddd0e9805cd6f647cacb537

SHA512
2532b2d0a39e05dd2be0f6d6e75aa1f6e09249449a7bf945723d8583ab1be2a1122ffbcf96ebded2a26e997276c5dd5ba9ee020b5a827474839e5416dd88af68

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\UIRRHESB\gta-v-download-grand-theft-auto-v[1].jpg
Filesize
3KB

MD5
e2669fdf6c05646d3168e9f65efcf92f

SHA1
bb942b70c056ec40b445c01b633da639094d0fec

SHA256
9075eb571170a4d6a742a0ddca74c985e97f40c1adc33afc39846cb82396990e

SHA512
252f2300ab74fe8804d1fcd4cc1e14d27f3d456239f8d09a58bd3ba70364abb05d92fa6d402ce01963a3e1b67219d6f29eeb64c18747f874d8c2d8b5ee1d6f63

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\Home.13d668[1].css
Filesize
43KB

MD5
d71bb1a7cfee2ba3f88e22a3e93aa74e

SHA1
b90a2666f75e8c40f3ea659496957ad10ec07b17

SHA256
d7d997bea7b76fd9bfbd6e1e49bf57f63f11b35528291c5089b8e6a9a888a7d2

SHA512
9c4e1138fb13a76b6680d93e3faf312d63517f0e3392d5b701cc26bf9dcfbc2386c1f61a4927475913b0aa49533d73cf440aed661ab432fb90d87b8fea4f138c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\be7cb1[1].woff2
Filesize
16KB

MD5
68c477c4c76baab3a8d1ef6a55aa986f

SHA1
4af50379e13514558dd53d123db8ea101ec5e24c

SHA256
0364d368abf457d4e70dbc7a7a360f3486eaea2837b194915b23d4398bee91ac

SHA512
92b34fe3b7f82f10cf6de8027ac08f4a5b8764fb4e0b31c93da6e3d5bd08e0bc83b79fd70b8207a1066b689583e0b6976fa3c885b0c067ea343e6f2031d55d25

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\c72c72[1].woff2
Filesize
17KB

MD5
0627ec86dfad171ba217bbc765326ed7

SHA1
d83f8aac9cb272a8825602735e3766f4975d5c68

SHA256
d53336707c39d1ec20a2b1f7399ca9f183c45592e215a42fd596dfa2dbb8ad7a

SHA512
a64bb605c4c4a1d3a3905155e9f52b4c59abb95fffc61aa1405d6d4e4687ac308ef4104f897770ad8c7001e40f91f68eb35041d693367a970aab2a86e80150e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\free-fire-battlegrounds-logo[1]
Filesize
2KB

MD5
83af62c19e9105883da190b8c9c2841b

SHA1
f0b92eb45a27715059d11036164eaa2394a6d667

SHA256
2bc1d88a62c0ba5930f160eebabb553f9b8d4e325b85de1aebe23073ad7c59b9

SHA512
cee17af17e63cd27e0f4d8a3938859e36a44296aaee21d7e9be97d6dafde5c889c9d16afcea9cc27eef6db79f9761c21b6c46caa40bfde953c389cfbd3f606fe

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\googlelogo_color_68x28dp[1].png
Filesize
1KB

MD5
c4a931d597decd2553aac6634b766cf2

SHA1
6ec84fb4a2745b4b71520241be77db1fd1013830

SHA256
f56402b127698db4b4dc611a97a6f081d04c4691c60522c5912d189e37c94a9e

SHA512
4932e0f7f38085a7c52539bdd5c7f470740e560a4471bea30d12ef9e3efe77f6bbfac28d26c62a245c43d98ebf74c824b2b414843080a27edf1563a5f874ac84

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\grand-theft-auto-san-andreas-game-unnamed[1].png
Filesize
1KB

MD5
49962169620ee4be3b64ae4e78ef3497

SHA1
057200e182e0a4771f8ca70b4e6ff1178417ce66

SHA256
4a51e4a1e0c5ef3831a03dffc2984a4d258d0627358dbe852e93dde0241c3a68

SHA512
13fdc7af70e3d73f001a50c27071d290243b5f312cd27175637690a8cb6be27ee5c209508514576da6e9860794281951710a92c2a0b78c12b5f57979aa2d2f09

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\itunes-logo[1].png
Filesize
4KB

MD5
a98cc549e31874db030f72b5708740fb

SHA1
3d584185456647502096ce3f072b1b4d962a3125

SHA256
df03c4c3f777e655045fede44cd39ac7578d97bc2c0345eab7131c12e0ebbeda

SHA512
550b1510b0ad34f9f0c6b9bddf649fc0261f2a43171faff6291276982eee8be06a4c964e74159247c4627689a406f9ad4c544473ad661fc74349240fa2de007d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\microsoft-word-download-microsoft-word[1].jpg
Filesize
2KB

MD5
d490f03b116c015bb09634ad56298f99

SHA1
367cf9427bcd6fc9028a46a02f7d07e8d4431428

SHA256
dfc013370df4e381484f538f653f5b51ecf9958992c42316e3d22b1f828beb19

SHA512
8ea646270ea1c5036e4ad4e8ced33b779061fd4dad142144fb56fcd6c98897f2c43237769f4c36662ef63ecfd279ffd8c3dd6cb4f385a8d5ecf7090e82ae2852

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\minecraft-pocket-edition-logo[1]
Filesize
482B

MD5
19a2ad0a4e8a556613b27c20190b29e6

SHA1
27874b07162cf1ad875d515432db8d32b4fcd3de

SHA256
4c76663da3d8d1f163107599f2f17504567b8a6cc5984f688596c9d068a2f977

SHA512
19f2086adac66dc83201e039e0ac44deefea316337b3885be89faa5c1959e49adf4358b5ddd984a1bfb313fb853c1431130155ff72c34cf20222aaa451db4af4

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\mobile-legends-bang-bang-logo[1]
Filesize
3KB

MD5
9cbc558a9d2c27b2dc2f0f192b7b20b0

SHA1
0fcf34f022dd7f213a27e7e1b78b6313f25d1e9e

SHA256
f8fb3cf13ecc3c3b9174702e0a4c0f2c05cfa6fa828b4c41df056d2a5a1fc5db

SHA512
b2c2b558d5b1571ac5a84b1923f40d9bfeabd3a62152cde7ba1a20f0746d52dc0953215682049744ee8f58309355b559b7468fb5dbfe73d13be4489b75628864

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\mobile-legends-bang-bang-logo[2]
Filesize
3KB

MD5
a4d71b26d82c2d2c7739832e82bfc2f6

SHA1
6d654a3231d5e948ad9c24c52960404004828cf6

SHA256
f7028e99c794a7d1dde5efe525c0b6ec75b802c8a02206553406c6b13c0ba0f1

SHA512
b34f4fa7b55b27143e7381dea3b20d1f0a154c1254414a82cdd1ce0f1f5fa25ccf60863328d6003fd839c00fd52bc8fbca825f9d4a2b5257d51f849467ed8077

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\vlc-media-player-145px-VLC_Icon.svg[1].png
Filesize
1KB

MD5
8bfb1fc6d77ac924bf5e76356b61f7d9

SHA1
6f9d2e69e4f6095dc0cb6e1f1183fbfad0ab2f32

SHA256
75e32543c72d630f4edd6f647fc3eb02eb4a7cd41be226d06debfa4611f40a0b

SHA512
8fa29ffaf84764203c9b0fffb7ad363f88ef5e5b1b4b1b53ca9dd4dd9bb289fe4ecc6bab78eeb39412259ab65aa61c57835a06c6c51db695ae8bceaf02053c80

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XXTODGSV\wink-mvq-logo[1]
Filesize
650B

MD5
1645349ecdf902c08fe8bc28f17dfb1b

SHA1
ba425589dcfa2652c8d28d9d02a9e7a8c1761523

SHA256
adce148abc586951a0694d9781a04d8124d5195003d220f640c1d0beae62c295

SHA512
7eeebc1915098db6cd052d6c8edff1818f29ee4fcb17861f0594757fb1f688ec156896a711d3d5c1f0a5c47cb791a53ff805bc459757cd5b231e913fa109faed

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\3_[1].webp
Filesize
16KB

MD5
4017f43d8c87ab956a2a9de3f9eee65d

SHA1
43fa5e344bf2bc27f63c20186d63f562244b6c0c

SHA256
56282953b66bcb589175ce607931e59d22cf977d546184ca61b50a3177a0abc1

SHA512
6cd35bf06e311b69c2074b7462f077ccaa77b2ec65d2978512f84a0695b5d938dc0a2ae1d1c736920d3140b3fb75cc3755a95debd606003b72712da234e60440

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\EZMKK6R0.htm
Filesize
438KB

MD5
7ca10d5ef26c2d78b696dff9d1979efc

SHA1
7705f6bf2c9bba151554557d788ad8e2b98a4769

SHA256
e6d8a4cdf4e7882aec18bffdfec03d5a1847175e8475087aa0bb29c202c36a39

SHA512
54ceabe4f718acb06da0a4ea8ba5962ce19b7ba1bf2fc57c2aa56410f4bc616676a52739657219ccef9d6833e7ae5fc93fbc92bff2336b0c618fd945af1bae00

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\adobe-photoshop-download-adobe-photoshop-for-Mac[1].jpg
Filesize
1KB

MD5
496e5ede2778c9ee5c5dd07ad555ff92

SHA1
92e0161ba5eced62772825f12f1ec26b371c3314

SHA256
2e567d32f47e6480e40aaf8034383391b2ca4a7e36cd635ccd4237687ae5fcc6

SHA512
c801678412ed613b559ddf706c44209c585a333abb144b11571639da1206977c441f9b5fa90dda4dffbe7ee31a89ec8ba346dbea17533cef8828c46b3dc4abbb

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\adobe-photoshop-icon[1].png
Filesize
760B

MD5
be292fcd111b86e4c8f6570ed958e2f9

SHA1
927620c94332ddd768e3bfb6a00c0e3070549e0f

SHA256
623df63615488ec80c96db33694414ce590b3e3a8784a5cb13108658680272ac

SHA512
b44dccb3d57bda26432d352052f4be681083e7942eece2758baf498494cf83fd7eaa0cd8e828c8d7667a7bd3207f8f30386223f17a1f76252530cafbcb584f0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\boot.5125bf[1].js
Filesize
115KB

MD5
0c9b76eb9d4b2899a612ab6cf8c5a090

SHA1
564c88b4474b883d50bb3ee1c952f5e7b5472fa5

SHA256
568632c947759567f384fd9fdeaf8d2f6fb758f8173a7b91ab7b9e6026609bb0

SHA512
1ccc07586bdb0c0fa3f386efc5b222ef9996d1e0317cb2b9ff7751c27f6c1cf9b2fe4c96d2699c414577af9795845005e4c869d6112a40d1afe2324c548980d9

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\capcut-logo[1]
Filesize
552B

MD5
302a18c403fd238ddd74688fd2e40654

SHA1
b74024d159cde91e1d983933797b47f0235fd197

SHA256
d1de63d76608a2626e8dbd42f5f1c622936de9bbe2cb49986c313e08065a0251

SHA512
040c50bc8f26ee80d155b59bba3cd8f710a372a3c2a563d288bd17664ae1aba4ee47bd5fbf9a6a0ec51fbc373ac47da6ac87a1d0f60b479b5b366a9de242fd44

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\gtm[1].js
Filesize
459KB

MD5
dd0b33cdd47659a47d889a89504daf6f

SHA1
706175bf4513ee0435f3b9216325a4beee844d3e

SHA256
47a7a5a83de4d91b90eb57f911033ebffd4ac77154976af177bfd221c1b52fc3

SHA512
5a09f189759e8ad07f9ea9ca0b8dbfa7566f4b8dc0aca5fe9919e87e9cb3c30f4b3312a0aaa9d02c5a2ee09f2a9b4f72c408323e7295c2b004bea017f06d2fa2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\microsoft-excel-Download-Microsoft-Excel[1].jpg
Filesize
1KB

MD5
e10dc4acda134d558a0a57c1cf8aa614

SHA1
95bf8f407a3fcf3d85f7911a2a2d30030e2bab1d

SHA256
ad074dd9bb029912ffd12024063a3e6f579a9aa0dd7afd28e3dc6ed9d7d0afde

SHA512
0b2df34fe0027221406b9531d94d62447633040cdb13f5821ad4cecc50c3beb84df50054763383c962c64093f1fbe5d86cffd3717a55c83717c53250bd112096

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\minecraft-logo[1]
Filesize
2KB

MD5
16c4daad995a142c6989ec7722bfa65d

SHA1
47d4e8fe7fec1838e81ac1ca2b22c8854c678a53

SHA256
f7c141b84ca8c64d3ac0e042e805b4cbf741f0f2de77e594a95aa703ea87e6da

SHA512
ee0e7f817bf3304eff6b61850fd65cfd4603909bbcef8d52b35478527124464d1aae8a24bbc4154cd5585f8829114ea2c4155596372e0c7cc0da3356568cbefc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\ZCX4KH07\twitter-1-1[1].webp
Filesize
8KB

MD5
78bbc6da129b79dc4e9ad9151e5737f4

SHA1
5af7e1a28056f80813be2012ebe1070f1fd1384f

SHA256
7117f16066853d67a50e9377524e867f424d1a0623a31d67ea50c57bf6235bdd

SHA512
0489a43f061be3c0d1d3a6c5a21e31fabc780cdf9d26edb2fa80831df3707f16b5e9a95847e11963bd649bb453be1fe26fe1c2190bf3e0602c3a6975ca30e1f2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\07CEF2F654E3ED6050FFC9B6EB844250_A3BDBA792161F0ADEE935E6E6327D8F9
Filesize
2KB

MD5
234bd75fd529f15378158e1df76a2914

SHA1
9a934096b54a16eada31eee7d07f34ce75ad82c2

SHA256
42ba08412c9c1080018da7093a0f88c5488bb13564073a4ea7bd559bdd04eb59

SHA512
22bd394457603b1080ac707a0e3ad7b96e9e0fc0567181d4c7eed7c0710e2900d671484bb42def224633b85f9aaa1686240f8c02b9f18b83d86d8b4f6a5a9b2d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\103621DE9CD5414CC2538780B4B75751
Filesize
717B

MD5
822467b728b7a66b081c91795373789a

SHA1
d8f2f02e1eef62485a9feffd59ce837511749865

SHA256
af2343382b88335eea72251ad84949e244ff54b6995063e24459a7216e9576b9

SHA512
bacea07d92c32078ca6a0161549b4e18edab745dd44947e5f181d28cc24468e07769d6835816cdfb944fd3d0099bde5e21b48f4966824c5c16c1801712303eb6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
1faa26ae52cac819bc42e2ee6f6ef61f

SHA1
4a06963e3a50439e0a23dd8977e7856a1c3ae579

SHA256
bdf3acc2946bbc6cd65df5af28acb5f5155d13fe2d2f889a479c2039413c2c3b

SHA512
fb7551568671c946a3882b9435955624b01fc14fccf80c3d2554582d478aa613d9ec07b86e7f2b4f250933d5eb805bdf3c57239bc26ff854e3f243381e33a04c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_9F4E274B10FF02E2E61EFF961AEDDC4A
Filesize
471B

MD5
75b881f5956178bfc25d8f9a909f2980

SHA1
6cdfc61bcda89c6502246ea39e1ff5d4eb92d5e1

SHA256
282e57efca9e972779af119bc3a8cb8edbd2f2adc9a2cc4530bc922911576fc6

SHA512
d0fabb092ed5b6133629f7bb9e72795a53f788cae3ac22f71aad183e1059a41105e2b414f7f86ed69d1b1c56d9f65215bcb8f4375363843839de268e0265e69d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_9E57962407F9525599575A43BE833E07
Filesize
472B

MD5
411467d84d8d3e669fcefd0cd5a1e147

SHA1
8d5783c35096950f4e78903545df0cfcdf8cb652

SHA256
bc75aae6fca989709bfdbafcd8603b0f9c049ff3a0bf22aacae6380c5618f49c

SHA512
6fd99fa972c33b189cb10543dec2f3ec63754b21c214cd3d1106bc2643932c522105f94f9ac7befb993c02746e2e778778864fe1dc473f22cd35d70fd9381383

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
1KB

MD5
8924827a695cc57c5a2140ced1debe3c

SHA1
7af9caadbc6c0134ab2bf4a2d09cf89b4c9acfe8

SHA256
02c57d9f60945c549356c38376b0852bbc73ee8d8ba1b5619fb8fb1e189f8dad

SHA512
1b468404c536ce0f8f15e0e0ff89d2862b08b90a0573ef4fc0a9212617b75eff8127312aead4d43dedd11a7f00ff8316d6ae94290531dff43f5106c21d80f42d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\07CEF2F654E3ED6050FFC9B6EB844250_A3BDBA792161F0ADEE935E6E6327D8F9
Filesize
488B

MD5
c3d11af06aaad5a446b8439f2c37707a

SHA1
28017cd1efd8420a2f22f5d9fc47a3a60e764351

SHA256
2fc865ab7ed959b5c770739f2aa7b3a5703d27dd32c2dfab1b826e0d125ef7d1

SHA512
3a07f39d508ee3e1c4c69ac8ab28f06c7f20d8bcb090b739fb37678a4aa696866a7def2160b252c6321af18f46305f01c62d76dad4c69701b37b9cfe1cae8ea6

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\103621DE9CD5414CC2538780B4B75751
Filesize
192B

MD5
4684cb2616f788b20bd59376ddeddc38

SHA1
bf6954c6c8f2f495147c75c976f531e3128cdd48

SHA256
f677916bf5a8fa8bd2c41d7857b7904ef7f57901c7e17c35e879cc0131a72f0d

SHA512
675e26fa4cedffb20384dd4d4f8ff3e2d99681dae3293f53ed8fc033fe48e66c4555dfa9a16da1790577fad1a6e309ec4f2721997acb3366cfb260b13bb3c978

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
8fb3dadab35d34a0c3a9d95885392a08

SHA1
78aaf7c1f7b4bac569468598a5860e807eaf3442

SHA256
6078f540738864d4896a30b6ecebff2c28d0d18641ac50ab7dcd89e7bc1224ad

SHA512
47191b389c8e2cd84458e8bae29f13bc88e35d914fdb82603cdacfd63e09cb538fa4ce597157149bf2f8c64cbdf06de819c40d8ad88a5924b58ad20984bb4417

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_9F4E274B10FF02E2E61EFF961AEDDC4A
Filesize
410B

MD5
5455a1981216e87baecc860ebbac2460

SHA1
cb82708a80bfdbf1e6d1a794fae9b10658a016c6

SHA256
9e5f41e50925c7dbf005693e5076847db99c006966356b898450b36cd3247718

SHA512
173a72a906541c13d90b51b323083bb971fdd93c450be63cfcc3e538a14eab2d41b00a27d9cb63d1f5a16702c05f7fa44aac4834f26459f657bf362bfc86f1f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_9E57962407F9525599575A43BE833E07
Filesize
402B

MD5
301156daa5a509b99af06f0e4d42f3f9

SHA1
fe56a3deda7387f680b7d9861ec83a2e5040d90c

SHA256
81f8e53936978e1c5ea50a611b98b39eee18c77c56cfa9bbe689d0f75ab8ca93

SHA512
1ce36a88a242151979663f80d1ce3464fb5d8e223f2cfffc02b4fbf007efe8404a13352187e6a6925f94a4f22e8afae08156af48da9b37959d23932b0527037b

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B2FAF7692FD9FFBD64EDE317E42334BA_D7393C8F62BDE4D4CB606228BC7A711E
Filesize
482B

MD5
9960b9240d2bf05b56e5a8f9e4002a5d

SHA1
2485f2faafbf1649c271db66def8c5fc662afc99

SHA256
0d250c6110b5c704d305ee65baeb9d5e50aae847e7eb660f40d45261bc58db03

SHA512
27cf803b7f4c317ebb26417555d17ff694426713fe8c59e28edabd6a66ee1f0027c87c10b3726f2f459a12e881f9abe5002da044e822afb0d91baa32cf631886

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
443a35bc195a454d23e6014a313913e4

SHA1
838ae6032d0ae2d164aa83b51df3211798e491e4

SHA256
d35861be254f1f1999b00bcd9d1d553befdab13c97ac72c7b59c09954d7089e4

SHA512
035644146ae42392503ac03681d979017863db1dd861c0f8a7aa17074c538cef802f76005bfbbb00d918211b77ddeaafd638bb73a59ad8150dad9204cdbebf01

Download Submit
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\x
Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\x
Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\x.js
Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\windows-malware-master\MEMZ\z.zip
Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/1204-420-0x00000277CAE00000-0x00000277CAF00000-memory.dmp

Filesize
1024KB

Download
memory/1480-253-0x000002353D900000-0x000002353DA00000-memory.dmp

Filesize
1024KB

Download
memory/1480-254-0x0000023550CC0000-0x0000023550CC2000-memory.dmp

Filesize
8KB

Download
memory/1480-257-0x0000023550CF0000-0x0000023550CF2000-memory.dmp

Filesize
8KB

Download
memory/1480-263-0x0000023550EF0000-0x0000023550EF2000-memory.dmp

Filesize
8KB

Download
memory/1480-265-0x0000023550F10000-0x0000023550F12000-memory.dmp

Filesize
8KB

Download
memory/1480-259-0x0000023550E10000-0x0000023550E12000-memory.dmp

Filesize
8KB

Download
memory/1480-261-0x0000023550E30000-0x0000023550E32000-memory.dmp

Filesize
8KB

Download
memory/2640-285-0x0000021B8BFA0000-0x0000021B8BFA1000-memory.dmp

Filesize
4KB

Download
memory/2640-226-0x0000021B89510000-0x0000021B89512000-memory.dmp

Filesize
8KB

Download
memory/2640-191-0x0000021B85220000-0x0000021B85230000-memory.dmp

Filesize
64KB

Download
memory/2640-207-0x0000021B85320000-0x0000021B85330000-memory.dmp

Filesize
64KB

Download
memory/2640-284-0x0000021B8BF90000-0x0000021B8BF91000-memory.dmp

Filesize
4KB

Download
memory/2952-442-0x000001A518C10000-0x000001A518D10000-memory.dmp

Filesize
1024KB

Download
memory/2952-443-0x000001A518C10000-0x000001A518D10000-memory.dmp

Filesize
1024KB

Download
memory/2952-444-0x000001A518C10000-0x000001A518D10000-memory.dmp

Filesize
1024KB

Download
memory/3656-398-0x0000021A27A00000-0x0000021A27B00000-memory.dmp

Filesize
1024KB

Download
memory/4744-236-0x0000022131E80000-0x0000022131F80000-memory.dmp

Filesize
1024KB

Download