ce537d6a75dc8eaf70494907770fdb780456fea1dc37947bd458481608c5939f

max time kernel
169s
max time network
202s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
07-05-2024 09:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

v0f044gc0000clmruo7og65lhh8ne4g0.mp4
Size

4.5MB
MD5

45b2647eadad13f8cf3137858fb0c3b5
SHA1

2d9b8f5ebc8dfb991eecadf9f85d62bfa6cb65ca
SHA256

ce537d6a75dc8eaf70494907770fdb780456fea1dc37947bd458481608c5939f
SHA512

d40f1d85507f0cd155061c9a95627523293b09005c914fdf9a5aa117646c8e1952b6cc420721daeffa2077e3098ead309b8ffa76d45c35310798d5b167fedb8c
SSDEEP

98304:4ju52Pv5pTpB4WuQLTyxZO3UUpTzFXRzeXwyqjq73zBOQcMN1H4nu9KC/GTG/:ULPh5QWuQCy3dpTzFhK7qjqvN1kuWTS

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.

Query Registry
T1012

System Information Discovery
T1082

Processes:

MEMZ.exe

description ioc process

Key value queried \REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation MEMZ.exe
Executes dropped EXE 11 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

4328 MEMZ.exe
4524 MEMZ.exe
4296 MEMZ.exe
4340 MEMZ.exe
3928 MEMZ.exe
2540 MEMZ.exe
4304 MEMZ.exe
2152 MEMZ.exe
2268 MEMZ.exe
5392 MEMZ.exe
3052 MEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Control Panel\International\Geo\Nation	MEMZ.exe

pid	process
4328	MEMZ.exe
4524	MEMZ.exe
4296	MEMZ.exe
4340	MEMZ.exe
3928	MEMZ.exe
2540	MEMZ.exe
4304	MEMZ.exe
2152	MEMZ.exe
2268	MEMZ.exe
5392	MEMZ.exe
3052	MEMZ.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

unregmp2.exe

description	ioc	process
File opened (read-only)	\??\L:	unregmp2.exe
File opened (read-only)	\??\S:	unregmp2.exe
File opened (read-only)	\??\V:	unregmp2.exe
File opened (read-only)	\??\E:	unregmp2.exe
File opened (read-only)	\??\H:	unregmp2.exe
File opened (read-only)	\??\I:	unregmp2.exe
File opened (read-only)	\??\J:	unregmp2.exe
File opened (read-only)	\??\W:	unregmp2.exe
File opened (read-only)	\??\G:	unregmp2.exe
File opened (read-only)	\??\K:	unregmp2.exe
File opened (read-only)	\??\N:	unregmp2.exe
File opened (read-only)	\??\Q:	unregmp2.exe
File opened (read-only)	\??\R:	unregmp2.exe
File opened (read-only)	\??\A:	unregmp2.exe
File opened (read-only)	\??\B:	unregmp2.exe
File opened (read-only)	\??\M:	unregmp2.exe
File opened (read-only)	\??\O:	unregmp2.exe
File opened (read-only)	\??\Y:	unregmp2.exe
File opened (read-only)	\??\Z:	unregmp2.exe
File opened (read-only)	\??\P:	unregmp2.exe
File opened (read-only)	\??\T:	unregmp2.exe
File opened (read-only)	\??\U:	unregmp2.exe
File opened (read-only)	\??\X:	unregmp2.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

65 raw.githubusercontent.com
66 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

flow	ioc
65	raw.githubusercontent.com
66	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 8 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

browser_broker.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133595489224484471"	chrome.exe

Modifies registry class 64 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "21"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = e05cbf1164a0da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DomStorageState\EdpCleanupState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{CA0D5D4E-3C55-4F62-B5AB-69D288C61CE6} = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\Total\ = "99"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TabbedBrowsing\NewTabPage\ProcessingFlag = 5052ec0864a0da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9ba60ef563a0da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DeviceId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ce6ed21164a0da01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = cd1b24f563a0da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.google.com\ = "21"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\Total = "60"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\Total	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\google.com\ = "0"	MicrosoftEdgeCP.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2172	chrome.exe
2172	chrome.exe
4524	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
4296	MEMZ.exe
4296	MEMZ.exe
4296	MEMZ.exe
4296	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
2540	MEMZ.exe
2540	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
4340	MEMZ.exe
4340	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
2540	MEMZ.exe
2540	MEMZ.exe
4524	MEMZ.exe
4296	MEMZ.exe
4524	MEMZ.exe
4296	MEMZ.exe
3928	MEMZ.exe
4524	MEMZ.exe
3928	MEMZ.exe
4524	MEMZ.exe
2540	MEMZ.exe
4340	MEMZ.exe
2540	MEMZ.exe
4340	MEMZ.exe
4340	MEMZ.exe
4340	MEMZ.exe
2540	MEMZ.exe
2540	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
4296	MEMZ.exe
4296	MEMZ.exe
4296	MEMZ.exe
3928	MEMZ.exe
4296	MEMZ.exe
3928	MEMZ.exe
4524	MEMZ.exe
2540	MEMZ.exe
4524	MEMZ.exe
2540	MEMZ.exe
4340	MEMZ.exe
4340	MEMZ.exe
4340	MEMZ.exe
2540	MEMZ.exe
4340	MEMZ.exe
2540	MEMZ.exe
4524	MEMZ.exe
4524	MEMZ.exe
3928	MEMZ.exe
3928	MEMZ.exe
4296	MEMZ.exe
4296	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

OpenWith.exe

pid process

4328 OpenWith.exe

Suspicious behavior: MapViewOfSection 12 IoCs

Processes:

MicrosoftEdgeCP.exeMicrosoftEdgeCP.exe

pid	process
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
7008	MicrosoftEdgeCP.exe
7008	MicrosoftEdgeCP.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe
2172 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

unregmp2.exechrome.exe

description	pid	process
Token: SeShutdownPrivilege	1780	unregmp2.exe
Token: SeCreatePagefilePrivilege	1780	unregmp2.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe
Token: SeShutdownPrivilege	2172	chrome.exe
Token: SeCreatePagefilePrivilege	2172	chrome.exe

Suspicious use of FindShellTrayWindow 34 IoCs

Processes:

chrome.exe

pid	process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe
2172	chrome.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

OpenWith.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exe

pid	process
4328	OpenWith.exe
4772	MicrosoftEdge.exe
380	MicrosoftEdgeCP.exe
3152	MicrosoftEdgeCP.exe
380	MicrosoftEdgeCP.exe
5092	MicrosoftEdge.exe
7008	MicrosoftEdgeCP.exe
7008	MicrosoftEdgeCP.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

wmplayer.exeunregmp2.exechrome.exe

description	pid	process	target process
PID 2588 wrote to memory of 4744	2588	wmplayer.exe	setup_wm.exe
PID 2588 wrote to memory of 4744	2588	wmplayer.exe	setup_wm.exe
PID 2588 wrote to memory of 4744	2588	wmplayer.exe	setup_wm.exe
PID 2588 wrote to memory of 5088	2588	wmplayer.exe	unregmp2.exe
PID 2588 wrote to memory of 5088	2588	wmplayer.exe	unregmp2.exe
PID 2588 wrote to memory of 5088	2588	wmplayer.exe	unregmp2.exe
PID 5088 wrote to memory of 1780	5088	unregmp2.exe	unregmp2.exe
PID 5088 wrote to memory of 1780	5088	unregmp2.exe	unregmp2.exe
PID 2172 wrote to memory of 2692	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2692	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2136	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2028	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 2028	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe
PID 2172 wrote to memory of 872	2172	chrome.exe	chrome.exe

C:\Program Files (x86)\Windows Media Player\wmplayer.exe
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\v0f044gc0000clmruo7og65lhh8ne4g0.mp4"
1⤵
- Suspicious use of WriteProcessMemory
PID:2588

C:\Program Files (x86)\Windows Media Player\setup_wm.exe
"C:\Program Files (x86)\Windows Media Player\setup_wm.exe" /RunOnce:"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /prefetch:6 /Open "C:\Users\Admin\AppData\Local\Temp\v0f044gc0000clmruo7og65lhh8ne4g0.mp4"
2⤵
PID:4744

C:\Windows\SysWOW64\unregmp2.exe
"C:\Windows\System32\unregmp2.exe" /AsyncFirstLogon
2⤵
- Suspicious use of WriteProcessMemory
PID:5088

C:\Windows\System32\unregmp2.exe
"C:\Windows\SysNative\unregmp2.exe" /AsyncFirstLogon /REENTRANT
3⤵
- Enumerates connected drives
- Suspicious use of AdjustPrivilegeToken
PID:1780

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2172

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xcc,0xd0,0xd4,0xa8,0xd8,0x7ffa02be9758,0x7ffa02be9768,0x7ffa02be9778
2⤵
PID:2692

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:2
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2024 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:2028

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2116 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:872

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2892 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:1
2⤵
PID:1612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2900 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:1
2⤵
PID:4520

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4488 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:1
2⤵
PID:908

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4648 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:2636

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4640 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:2920

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4944 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:3144

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:3432

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4624 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:1
2⤵
PID:2020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3476 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:1
2⤵
PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3024 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:696

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3092 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:2660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5592 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:1988

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5756 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:1344

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5584 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:3260

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5340 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:2428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5756 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:1684

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Executes dropped EXE
PID:4328

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4524

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4296

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4340

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3928

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2540

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:4304

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:420

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
PID:1844

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --mojo-platform-channel-handle=3132 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:1
2⤵
PID:424

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --mojo-platform-channel-handle=5716 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:1
2⤵
PID:1380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5720 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:4772

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5912 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:8
2⤵
PID:2052

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.15063.0 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=948 --field-trial-handle=1784,i,16113354878312646110,45230545061053599,131072 /prefetch:2
2⤵
PID:5220

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4608

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4328

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4772

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:316

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:380

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3152

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:3276

C:\Windows\System32\DataExchangeHost.exe
C:\Windows\System32\DataExchangeHost.exe -Embedding
1⤵
PID:5712

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5836

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:5860

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5092

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
PID:6836

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
PID:7008

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:5164

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4456

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
PID:2152

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
- Executes dropped EXE
PID:2268

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
- Executes dropped EXE
PID:5392

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
- Executes dropped EXE
PID:3052

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
PID:5176

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
2⤵
PID:4012

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
2⤵
PID:3664

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:3264

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
276c09c180d61d8756fd8ce0b30aee62

SHA1
2ed2c89cff650e6657786c89993818ecbf684b8c

SHA256
89f9efb4a500ca5930c764d5b2527539c7c7fedcd8ad957ce4eb7710bf7eee03

SHA512
da18c14475ecab5adf797292665b29cff88fba36301a1cbf63b64e68653d2aea8d60aaea758316492b4679cc2c720ecc35f428ff02947c4b45fed618ba4288ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
56b83496d0651bcafa1d086906143987

SHA1
76f25871fbc0aaf487889f0692f504fe65f718f9

SHA256
1769263af363639212513cce671ede6aa5af7f32e03933c23a7bf729c77f1831

SHA512
711b59c6cc253c9098b4bb9e0b0d360aacb6e971b3c79effb0881c877e047678ace0e608e0e8b5c595e002f020db07a58a90735b513f322963044343a9176456

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
a4de45cad6a24afcac20f94b272f8472

SHA1
3479f31184d72fd7eaa3a5cf362a3b0a5b502bd8

SHA256
4d1a698e4e5cc64d17996a00e31980a30b1ec3fdbc0ec8d37fbd639bc6291aa0

SHA512
682801985ce74e14430bcd63f534f29b2e0c93e6a90e777f051c21413d0e8a9229e314b458589d11199b8cdb5880d327cef7e48a1dfd79c77a4abcf0c867eea5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b57d7d50842fbf3f7fb5dbd3c52fcc5c

SHA1
38a8f32a28132d1c2cca07c6b3c5c97e8cd98007

SHA256
aa59f8c9846523947ac65d00f20ab5a2bc0b6c53d5e09fcdfa842331ed58880b

SHA512
300cf8c099c3a83d7ed6aecca735b85dbab5b2959f2324636df018bc03edae9a644d7afa6e8c2ed7a6188860e6c23e7521a84b4ed9d4e55db2238d4c85c2ee85

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
d88adb5337f1060eddbd72ace3f18049

SHA1
fb24567caf7b688e7963e0a638451522570ecf16

SHA256
d463e89c050eff6e1bd0e9a64e3b6c1f153605d6de3132cf6fba71fe8dff53db

SHA512
5af7b42e08dd0bc5b22ce814be5af95dcefcfd77363ade839ae42d0f12564b0d1c94ad9e159a28d918e8cd51ff0a27b512ea93db3cb76b4580af2a757d9453f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
cf8f6b21bf165aeab7caa271b521c5ed

SHA1
3290f2cfcdb305b548a3693c459ea59ac4373e7d

SHA256
a950cb11b4aeba3b57c3023924ace17d1edef769819fd3f5b3b644f262b6ae3e

SHA512
1f8b2a18b9f987fb4ca57d362de843c337044f893ff811ab0327ccde1d7e3649ae899180d91154bb03a8ef1ac51ea44b51a142380bd7ae9a8c17ed07fea358a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
c3a381f136891a4b5272adef13c4fec2

SHA1
460688212d4fdbd94e8b1972c32c61aec13ae763

SHA256
3d5d3e5f8e4f0a6bcec81594efef1fbb90a577a6ccb1696ed0396d5e7131bbb7

SHA512
1c30bccbc4a8d7dddd4d5fb49263bbd53bb77dda64af3ff655735ee75d6d8003fcb844a7e4d4a1940b25ed7ee5f05cf3ff810b88285314f527bd3db92107f1fb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
b755dd160b3e1174e950465a6961078f

SHA1
7446a0fb821cdf9801b41b2ce4623122ea05cd8a

SHA256
c38c527ff33fcdfe5161a4e81c4475d8f84b7ad85039fad0b9f2f5798ade6937

SHA512
afc0e4736f31019b22747710667d23f843c91a6ba5f2c505d1641222bc8705db58e3614e85cbd4d99a798af53a7f9f79c28c323bf0cda26cbd3c79f46858099d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
38aec93d7bb9eca999a8feffb17933c5

SHA1
6bb578e088d2f07b30ca1cf225cdfc7fcb2af6ad

SHA256
ebee1dc1d84b3ec74f56429767692b78a43a359a59c446ec85b0936547a5e722

SHA512
484031c5b8ab0fde4112d4905c5acb4a509ad33c543592f4f690ad05aceddbeea18a39ee3bae30f26b155daf30eefa14de9131aa6434c1b7cf024fd062497d4e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
52f2c989a866bcda0be184e9f8a92d43

SHA1
94d9b356e854bd8c631378796ac902805961a725

SHA256
e322d21e2f61be65ece342de810cb80bf5198d5b90886b283ec95832da3da5cd

SHA512
b7a2fdc268fae18efc6f3fdabb82319cb35d9f1423eec5da1254a4a97c5e2c029b01b0364ddc478e83c279ab646150868b47c1f844965abebaec0af0537f19c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
8c12fc00ad89100b3976e0d8d37233a9

SHA1
e5276f15bc002dac03b5b77c88cecfbd4790c909

SHA256
e3e20eeb0874d7c7bf59b4064ae64365ca46e91d536e4c049b99f7ccaaf8d305

SHA512
6b95e16ba68091d6562ba36b0517a9934883c39ce6ae912a006bf9025da926ff6dfaca820fbb5bd67be9720016cf06b22d307dcc7ca6603507c7d67905dc7d3a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
12KB

MD5
b19efacc8dc9049f17b5dfb0710cdbfc

SHA1
164abd79e36778e81f5f4ec884277270c138bc87

SHA256
b8ccc99422e4573c23ba12bd5d82ccd502932520ad84c6155087beada991151c

SHA512
9ee3061b467d23f4833714f90caa17b62d849b2c0ab3c2041eaa498ca3a6bd4120c4be06e80c4b769eaedae9c4dd3ac6cfc64cb8d92e715a2084b4e416fe486f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
7b84a80c84138b1f74f07af5c9cd9b7e

SHA1
2e1c34d2247bc92d2779f978a461381139766b37

SHA256
4ac25e0cd55e075b26eee1aa95b7a79a5b3ebaeddbcebd73919107622e029b42

SHA512
f4e267630e194dabe2063a4fcc1d9f13f16a20ff0fcaed0efd8ec94873abe9e956277af6aaac4cc72d90990f9fff10334aa7d292110d2dfc4bf4b6168fa03b93

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
272KB

MD5
ff83105f66396d4e60fc80b7899b9966

SHA1
4d7ade4a7b111d8cf44efb7d08d54950ecf3284e

SHA256
199a94605f4c01b6872bb54290acb8fb034e60f075fb1301f08964683294c91d

SHA512
0586caa693301ab1923f0b44f36fcd7727961c67c938efd58c9d5a15f6ac52fd62cda5542a9b2204ba390888775338b1576ccfa716deeee1ca058a3453dcb838

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
111KB

MD5
d8964c78c45e9d8b2716d344f8163c43

SHA1
0ac70b40c1ae56c0cdaa54b83cf2b6b79b0b0e91

SHA256
4b07ef921ec2bc3c9961535a7b938a3544bb6ef13d0c4c2ba17f4165cbb44e55

SHA512
19c1882e7b7c743055057d7bf3da585dad9365233f3fe05bb781a377b5ca9b4ad6629d1262cf7eebc0fe578d3126e7e8a89308a95d363a80174ba1683d42869d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe58388f.TMP
Filesize
92KB

MD5
444d05ad68399aa403afb9dd53f3708f

SHA1
6dd3160437fe20c2a6aa861d961104372e6701c3

SHA256
19778bd35810cc7857c8bcaa5fe4a3b2573d49d84640513d630bbd2209fe6eda

SHA512
03716b1f95ce0e4c5a1b2c527faf0d8d17d66a5ed91ad4b6087e153adde8ebd0ab5c23f6b5bca44ac6e32f8762c3a055b621c744c7783b58adceecac47c14d79

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Media Player\CurrentDatabase_400.wmdb
Filesize
64KB

MD5
0e807656bd86f2aef7ccf207f963973b

SHA1
27052af8d103d134369e356b793eb88ba873df55

SHA256
c509c498682bec50142782a51785655020bea27652f46e104e07a530c2ff5162

SHA512
e6c7d5e001e8322ccb1abd101d47e7f1401597518f45dd8da1d757728147262bcb3b1f96128f291e0e367c5b34026b401468e4219b27cf3c37a8d434180cd8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows Media\12.0\WMSDKNS.XML
Filesize
9KB

MD5
7050d5ae8acfbe560fa11073fef8185d

SHA1
5bc38e77ff06785fe0aec5a345c4ccd15752560e

SHA256
cb87767c4a384c24e4a0f88455f59101b1ae7b4fb8de8a5adb4136c5f7ee545b

SHA512
a7a295ac8921bb3dde58d4bcde9372ed59def61d4b7699057274960fa8c1d1a1daff834a93f7a0698e9e5c16db43af05e9fd2d6d7c9232f7d26ffcff5fc5900b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml
Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0FWX4E5M\fyCF3lmo_OYnC_9rGWUF-CeQvtOEKKrTUK_XXS1Fd1s[1].js
Filesize
17KB

MD5
040162f6da25c64feaaed69abc0ac96b

SHA1
818d0d73c7efdeafe6898255d407c519173a5131

SHA256
7f2085de59a8fce6270bff6b196505f82790bed38428aad350afd75d2d45775b

SHA512
a1f8da6a8b86ba58fb172c0c23fffebda940fa52219c5e21a64c694feeea66e5e536a266433ca8a1af6776e9a90afb1a8e285cd070fcf1951130e2b798ebc7e9

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2SUNRBZB\anchor[1].htm
Filesize
34KB

MD5
8407b9e6a4f91d0c2e9169aa03e9464f

SHA1
afdabe3d2c1fc77c88c318f539ea4659ff02c67b

SHA256
a73904e0bad5f5100dae5f436d3a2979b299d899f17c716f36974db34d56c19f

SHA512
a49b9377897e98a9f58056ea1faa35dc53c7da90fa1440b71b87fa8c5fb258d83027b00e24a3bd1427d95e8ce3f440a1dadf76c063d120aeb90f4695a51ddb4d

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IOI9YHVW\styles__ltr[1].css
Filesize
55KB

MD5
2c00b9f417b688224937053cd0c284a5

SHA1
17b4c18ebc129055dd25f214c3f11e03e9df2d82

SHA256
1e754b107428162c65a26d399b66db3daaea09616bf8620d9de4bc689ce48eed

SHA512
8dc644d4c8e6da600c751975ac4a9e620e26179167a4021ddb1da81b452ecf420e459dd1c23d1f2e177685b4e1006dbc5c8736024c447d0ff65f75838a785f57

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\recaptcha__en[1].js
Filesize
505KB

MD5
e2e79d6b927169d9e0e57e3baecc0993

SHA1
1299473950b2999ba0b7f39bd5e4a60eafd1819d

SHA256
231336ed913a5ebd4445b85486e053caf2b81cab91318241375f3f7a245b6c6b

SHA512
d6a2ed7b19e54d1447ee9bbc684af7101b48086945a938a5f9b6ae74ace30b9a98ca83d3183814dd3cc40f251ab6433dc7f8b425f313ea9557b83e1c2e035dff

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\4E8N8QJK\www.google[1].xml
Filesize
95B

MD5
af7ea83355f58459ba78c3d244183a69

SHA1
1b832535b420e4a3b791cecb410807f59976fd06

SHA256
07d78c5402214c80102c95ff5d638c7319260c0940e89bb23c0141867a9aa51f

SHA512
1a1448de4f23e9696febd94d1211278280e43c11438ce8676cd7314b87d03b88299b001ae4eea804d8ccf3336f287628baf67d675e26adc701e5578da6b9bca4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RXWCW5PK\favicon[1].ico
Filesize
5KB

MD5
f3418a443e7d841097c714d69ec4bcb8

SHA1
49263695f6b0cdd72f45cf1b775e660fdc36c606

SHA256
6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

SHA512
82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize
512KB

MD5
9930fe717257f9bb0b002c8318e8b390

SHA1
aa1ba8977f65735472b9517af05a6b0f16f33f68

SHA256
96a73d25ab620e963f9d3b29923ac833e505334bb30ce88cbf9b9195fe2bad03

SHA512
3c2d73cf00c4f2cc3889f6fd5e65856d8f559b24a7425f64944c9fbb751e553d81ecbdadf93ae4567deff8ea69d85ec92169098dbe9a75274d992f6babdfb1e1

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFC7791BC48BA9BF92.TMP
Filesize
40KB

MD5
fe1e490d1f24075130049b024e94c3eb

SHA1
77b2eb50a37b6a22df06ff9633b5746545134142

SHA256
f3b0a600ce5e5ac3a0cec01100ce7bcec513cd6e65bc6f10effd80633fe768d7

SHA512
f1f6e9f9dd5e63123b699bc422dc146c622029e837894d14e963b9ca5101ebbcc41cecaba97bfad22ff0a6a76dc8d940c068c4886ec7ffe5264b5dabf84861a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0FWX4E5M\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2
Filesize
15KB

MD5
285467176f7fe6bb6a9c6873b3dad2cc

SHA1
ea04e4ff5142ddd69307c183def721a160e0a64e

SHA256
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

SHA512
5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0FWX4E5M\KFOlCnqEu92Fr1MmEU9fBxc4EsA[1].woff2
Filesize
7KB

MD5
207d2af0a0d9716e1f61cadf347accc5

SHA1
0f64b5a6cc91c575cb77289e6386d8f872a594ca

SHA256
416d72c8cee51c1d6c6a1cab525b2e3b4144f2f457026669ddad34b70dabd485

SHA512
da8b03ee3029126b0c7c001d7ef2a7ff8e6078b2df2ec38973864a9c0fd8deb5ecef021c12a56a24a3fd84f38f4d14ea995df127dc34f0b7eec8e6e3fc8d1bbd

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\0FWX4E5M\KFOlCnqEu92Fr1MmYUtfCBc4EsA[1].woff2
Filesize
1KB

MD5
7cbd23921efe855138ad68835f4c5921

SHA1
78a3ae9ec08f2cf8ebb791a2331b33a03ab8cc76

SHA256
8eaae4c8680e993b273145315c76a9a278f696467c426637d4beab8cb3dc4a3d

SHA512
d8a4db91d2063273d31f77728b44557612b85f51143973caa3cfd60ab18f8c3e4b8cdaab43af843fe29441cd1d8299bf2f139a78e47bf740277b33a377377177

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2SUNRBZB\KFOlCnqEu92Fr1MmEU9fABc4EsA[1].woff2
Filesize
9KB

MD5
df648143c248d3fe9ef881866e5dea56

SHA1
770cae7a298ecfe5cf5db8fe68205cdf9d535a47

SHA256
6a3f2c2a5db6e4710e44df0db3caec5eb817e53989374e9eac68057d64b7f6d2

SHA512
6ff33a884f4233e092ee11e2ad7ef34d36fb2b61418b18214c28aa8b9bf5b13ceccfa531e7039b4b7585d143ee2460563e3052364a7dc8d70b07b72ec37b0b66

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2SUNRBZB\KFOlCnqEu92Fr1MmEU9fCRc4EsA[1].woff2
Filesize
14KB

MD5
79c7e3f902d990d3b5e74e43feb5f623

SHA1
44aae0f53f6fc0f1730acbfdf4159684911b8626

SHA256
2236e56f735d25696957657f099459d73303b9501cc39bbd059c20849c5bedff

SHA512
3a25882c7f3f90a7aa89ecab74a4be2fddfb304f65627b590340be44807c5c5e3826df63808c7cd06daa3420a94090249321a1e035b1cd223a15010c510518df

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2SUNRBZB\KFOlCnqEu92Fr1MmEU9fChc4EsA[1].woff2
Filesize
11KB

MD5
16aedbf057fbb3da342211de2d071f11

SHA1
fdee07631b40b264208caa8714faaa5b991d987b

SHA256
7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f

SHA512
5cd45dfb0d0ee44afd9b3ffd93c2942c2f04e359d067d4631edd67a2ee09149766294b29c75aaab7436dacc775a8ca02392c5e4cfb8d7fede19c028448507e0e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2SUNRBZB\KFOlCnqEu92Fr1MmYUtfABc4EsA[1].woff2
Filesize
9KB

MD5
797d1a46df56bba1126441693c5c948a

SHA1
01f372fe98b4c2b241080a279d418a3a6364416d

SHA256
c451e5cf6b04913a0bc169e20eace7dec760ba1db38cdcc343d8673bb221dd00

SHA512
99827a3fab634b2598736e338213e1041ef26108a1607be294325d90a6ba251a947fd06d8cb0a2104b26d7fe9455feb9088a79fe515be1896c994c5850705edc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2SUNRBZB\KFOmCnqEu92Fr1Mu7GxKOzY[1].woff2
Filesize
11KB

MD5
15d8ede0a816bc7a9838207747c6620c

SHA1
f6e2e75f1277c66e282553ae6a22661e51f472b8

SHA256
dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

SHA512
39c75f8e0939275a69f8d30e7f91d7ca06af19240567fb50e441a0d2594b73b6a390d11033afb63d68c86c89f4e4bf39b3aca131b30f640d21101dc414e42c97

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\2SUNRBZB\api[1].js
Filesize
850B

MD5
ee87fd4035a91d937ff13613982b4170

SHA1
e897502e3a58c6be2b64da98474f0d405787f5f7

SHA256
7649b605b4f35666df5cbcbb03597306d9215f53f61c2a097f085fa39af9859f

SHA512
9e27179bdedb6fe008ab8dc0827d479c674e7e21ad44081c78782f29dd5b91ad2d5bf4f6912d6d1ad3275eedce659e26ace02f769c6b7f4b1f660a3c628feab3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IOI9YHVW\KFOlCnqEu92Fr1MmEU9fCBc4EsA[1].woff2
Filesize
1KB

MD5
52e881a8e8286f6b6a0f98d5f675bb93

SHA1
9c9c4bc1444500b298dfea00d7d2de9ab459a1ad

SHA256
5e5321bb08de884e4ad6585b8233a7477fa590c012e303ea6f0af616a6e93ffb

SHA512
45c07a5e511948c328f327e2ef4c3787ac0173c72c51a7e43e3efd3e47dd332539af15f3972ef1cc023972940f839fffe151aefaa04f499ae1faceaab6f1014f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IOI9YHVW\KFOmCnqEu92Fr1Mu4mxK[1].woff2
Filesize
14KB

MD5
5d4aeb4e5f5ef754e307d7ffaef688bd

SHA1
06db651cdf354c64a7383ea9c77024ef4fb4cef8

SHA256
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

SHA512
7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IOI9YHVW\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2
Filesize
9KB

MD5
efe937997e08e15b056a3643e2734636

SHA1
d02decbf472a0928b054cc8e4b13684539a913db

SHA256
53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

SHA512
721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOlCnqEu92Fr1MmEU9fCxc4EsA[1].woff2
Filesize
5KB

MD5
6bef514048228359f2f8f5e0235f8599

SHA1
318cb182661d72332dc8a8316d2e6df0332756c4

SHA256
135d563a494b1f8e6196278b7f597258a563f1438f5953c6fbef106070f66ec8

SHA512
23fb4605a90c7616117fab85fcd88c23b35d22177d441d01ce6270a9e95061121e0f7783db275ad7b020feaba02bbbc0f77803ca9fb843df6f1b2b7377288773

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOlCnqEu92Fr1MmYUtfBBc4[1].woff2
Filesize
14KB

MD5
19b7a0adfdd4f808b53af7e2ce2ad4e5

SHA1
81d5d4c7b5035ad10cce63cf7100295e0c51fdda

SHA256
c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

SHA512
49da16000687ac81fc4ca9e9112bdca850bb9f32e0af2fe751abc57a8e9c3382451b50998ceb9de56fc4196f1dc7ef46bba47933fc47eb4538124870b7630036

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOlCnqEu92Fr1MmYUtfBxc4EsA[1].woff2
Filesize
7KB

MD5
585f849571ef8c8f1b9f1630d529b54d

SHA1
162c5b7190f234d5f841e7e578b68779e2bf48c2

SHA256
c6dcdefaa63792f3c29abc520c8a2c0bc6e08686ea0187c9baac3d5d329f7002

SHA512
1140c4b04c70a84f1070c27e8e4a91d02fda4fc890877900c53cfd3a1d8908b677a412757061de43bc71022dfdd14288f9db0852ef6bf4d2c1615cb45628bebc

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOlCnqEu92Fr1MmYUtfCRc4EsA[1].woff2
Filesize
14KB

MD5
e904f1745726f4175e96c936525662a7

SHA1
af4e9ee282fea95be6261fc35b2accaed24f6058

SHA256
65c7b85c92158adb2d71bebe0d6dfb31ab34de5e7d82134fe1aa4eba589fc296

SHA512
7a279d41c8f60806c2253cba5b399be7add861bd15bf0ac4fa7c96fa1eee6557bf1ebd684e909086d9292739f27fa18947af5c98f4920fe00da3acf209c6260a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOlCnqEu92Fr1MmYUtfChc4EsA[1].woff2
Filesize
11KB

MD5
29542ac824c94a70cb8abdeef41cd871

SHA1
df5010dad18d6c8c0ad66f6ff317729d2c0090ba

SHA256
63ef838f895e018722b60f6e7e1d196ff3d90014c70465703fc58e708e83af64

SHA512
52f91e02b82f9f27d334704b62a78e746c80023ee8882b96cb24cb4043f9a256f395d24830b1f4513bd7597f8c564af20db9c715ab014eb2ab752fd697156591

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOlCnqEu92Fr1MmYUtfCxc4EsA[1].woff2
Filesize
4KB

MD5
133b0f334c0eb9dbf32c90e098fab6bd

SHA1
398f8fd3a668ef0b16435b01ad0c6122e3784968

SHA256
6581d0d008bc695e0f6beffbd7d51abb4d063ef5dedc16feb09aa92ea20c5c00

SHA512
2a5a0956ecc8680e4e9ef73ec05bc376a1cc49ddb12ee76316378fe9626dccedb21530e3e031b2dae2830874cc1b6bfd6cce2d6d0dce54587ff0fc3780041ace

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOmCnqEu92Fr1Mu4WxKOzY[1].woff2
Filesize
7KB

MD5
7aa7eb76a9f66f0223c8197752bb6bc5

SHA1
ac56d5def920433c7850ddbbdd99d218d25afd2b

SHA256
9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7

SHA512
e9a513741cb90305fbe08cfd9f7416f192291c261a7843876293e04a874ab9b914c3a4d2ed771a9d6484df1c365308c9e4c35cd978b183acf5de6b96ac14480d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2
Filesize
15KB

MD5
e3836d1191745d29137bfe16e4e4a2c2

SHA1
4dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c

SHA256
98eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd

SHA512
9e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOmCnqEu92Fr1Mu7WxKOzY[1].woff2
Filesize
5KB

MD5
a835084624425dacc5e188c6973c1594

SHA1
1bef196929bffcabdc834c0deefda104eb7a3318

SHA256
0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

SHA512
38f2764c76a545349e8096d4608000d9412c87cc0cb659cf0cf7d15a82333dd339025a4353b9bd8590014502abceb32ca712108a522ca60cbf1940d4e4f6b98a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OFPIONJY\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2
Filesize
1KB

MD5
57993e705ff6f15e722f5f90de8836f8

SHA1
3fecc33bac640b63272c9a8dffd3df12f996730b

SHA256
836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d

SHA512
31f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
d20676b0dd6566b50f78338b8d733de1

SHA1
25c7ea06f4209eec8c2f5bb90805f3c25b3824fe

SHA256
5516bad2830e983e64294381be174156b13ddf67eb1550f73ea5d1c7e81b5a01

SHA512
c3a210b285b5bd8d2295d1dffc8f7502ecbfe31dc2d64908d247b4670ec4811b14e13512f17de599e7841a40acb995961caa1eda6dd318a1e4af56ebf4b263fa

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77
Filesize
472B

MD5
a0c91846281a2431c29bfcf0247658f7

SHA1
5b8fe76da65c672e0e73f14b3efb0f6473a6733a

SHA256
df6f35a75d2d400873345e02346d3a6bf6a2018982572726a50e5c8979fdb7e7

SHA512
e8a37369db2d9e6246e670c55e161e4df9d9eea85f1f735f4e845a2cee34447f89c0b7f57943f23bd48ca8c16bdf6bf2ecb51c7fce4ffd70701d61713e55ce51

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
ac89a852c2aaa3d389b2d2dd312ad367

SHA1
8f421dd6493c61dbda6b839e2debb7b50a20c930

SHA256
0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

SHA512
c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
ca555008822311b427ebec1bbafc9ddc

SHA1
1b0551092ec17b222a800b0ad2839d4f85ea16e6

SHA256
6c78a94df3c0a483116e05247c5af8d4e9da9d9ae085db8ff4263e533c0d5d37

SHA512
78c62cac0630bb9222ab3f9dec64f6e965cd78d7d0df229e338709df3e07af89ada64910308f75417248f4e4cc55c63ac6dcdd63f0c4515f5752ab279c6ad59a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\A16C6C16D94F76E0808C087DFC657D99_685A755F9E99B4D751E9D861DE8DDD77
Filesize
402B

MD5
54a7fa3f60c4af55ce4c27ce93f523d3

SHA1
37521488bb4dbe6d51e1087aab23ee21ca1d1457

SHA256
0d874b75920796b40c68ba6a30ca193c81f83f79ee8cb3f6499d50a8d002100e

SHA512
68bf0a3234b787350f14b8e22069c96a53d5e436fe52b4a797260e2328468d145ce62acca4bdae47ebc707dc587ad9b830cfafc9726f39f2b82bf7ab6a64bb1d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
48c2232c160c7866e022bd623c5e482b

SHA1
a0a40225ebf8f76646412a9b88eb3186e940c6a7

SHA256
ec1d41d5afe588dd6b36ab549c1a69e1be30eca3c097e63c44e18a3fb11bbd3b

SHA512
ab231fc3a225801a69bde04bffe5edf3bf50a21f1552e778eee09cae160edbc817d39826670202091ed34e9f09759be13135adc0030ae4726469178d0465bdf9

Download Submit
C:\Users\Admin\AppData\Local\Temp\wmsetup.log
Filesize
1KB

MD5
e5194c86cdb30017f508851c9f8cc9ac

SHA1
04e60d3b95b23d00e34a45d70cdffe54643ed779

SHA256
7527a99be533419c49ee2a266cf8827451b6d3647f7ba07f37d2279289ec02ba

SHA512
674ba92b01f8a1962d71dfb5774061d2a33466bcc01e38786785dd8abbaa7bc1e51d05291110c8476a54ab7d688726e7905c549a221c04d39e07c881a9a57dc5

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_2172_CTCPPDMQLKEJENVB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/3152-499-0x00000207E8480000-0x00000207E8580000-memory.dmp

Filesize
1024KB

Download
memory/3276-790-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-596-0x00000265FDD10000-0x00000265FDD12000-memory.dmp

Filesize
8KB

Download
memory/3276-796-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-795-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-794-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-789-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-791-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-793-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-792-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-788-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-787-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-786-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-686-0x00000265FF0E0000-0x00000265FF0E2000-memory.dmp

Filesize
8KB

Download
memory/3276-797-0x00000265EB9A0000-0x00000265EB9B0000-memory.dmp

Filesize
64KB

Download
memory/3276-583-0x00000265FE300000-0x00000265FE400000-memory.dmp

Filesize
1024KB

Download
memory/3276-509-0x00000265EBDB0000-0x00000265EBDB2000-memory.dmp

Filesize
8KB

Download
memory/3276-507-0x00000265EB9E0000-0x00000265EB9E2000-memory.dmp

Filesize
8KB

Download
memory/3276-515-0x00000265FC750000-0x00000265FC752000-memory.dmp

Filesize
8KB

Download
memory/3276-517-0x00000265FC770000-0x00000265FC772000-memory.dmp

Filesize
8KB

Download
memory/3276-519-0x00000265FC790000-0x00000265FC792000-memory.dmp

Filesize
8KB

Download
memory/3276-511-0x00000265EBF60000-0x00000265EC060000-memory.dmp

Filesize
1024KB

Download
memory/3276-513-0x00000265EBF60000-0x00000265EC060000-memory.dmp

Filesize
1024KB

Download
memory/3276-504-0x00000265EB990000-0x00000265EB992000-memory.dmp

Filesize
8KB

Download
memory/4772-521-0x000001CDC90A0000-0x000001CDC90A1000-memory.dmp

Filesize
4KB

Download
memory/4772-522-0x000001CDC90B0000-0x000001CDC90B1000-memory.dmp

Filesize
4KB

Download
memory/4772-491-0x000001CDBFFF0000-0x000001CDBFFF2000-memory.dmp

Filesize
8KB

Download
memory/4772-456-0x000001CDC2A20000-0x000001CDC2A30000-memory.dmp

Filesize
64KB

Download
memory/4772-472-0x000001CDC2B20000-0x000001CDC2B30000-memory.dmp

Filesize
64KB

Download