hxxps://archive[.]org/download/malware-pack-2/Malware_pack_2[.]zip

Analysis

max time kernel
366s
max time network
363s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2024 01:58

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://archive.org/download/malware-pack-2/Malware_pack_2.zip

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exetaskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133611623482996236"	chrome.exe

Modifies registry class 1 IoCs

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	chrome.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exechrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
5024	chrome.exe
5024	chrome.exe
4396	chrome.exe
4396	chrome.exe
4796	MEMZ.exe
2924	MEMZ.exe
4796	MEMZ.exe
2924	MEMZ.exe
4928	MEMZ.exe
4928	MEMZ.exe
2924	MEMZ.exe
2924	MEMZ.exe
4796	MEMZ.exe
4796	MEMZ.exe
2956	MEMZ.exe
2956	MEMZ.exe
4928	MEMZ.exe
4928	MEMZ.exe
2956	MEMZ.exe
2956	MEMZ.exe
4928	MEMZ.exe
4928	MEMZ.exe
4924	MEMZ.exe
4796	MEMZ.exe
4796	MEMZ.exe
4924	MEMZ.exe
2924	MEMZ.exe
2924	MEMZ.exe
2956	MEMZ.exe
4924	MEMZ.exe
2956	MEMZ.exe
4924	MEMZ.exe
4796	MEMZ.exe
4796	MEMZ.exe
4928	MEMZ.exe
4928	MEMZ.exe
4796	MEMZ.exe
4796	MEMZ.exe
4928	MEMZ.exe
4928	MEMZ.exe
2956	MEMZ.exe
2956	MEMZ.exe
4924	MEMZ.exe
4924	MEMZ.exe
2924	MEMZ.exe
2924	MEMZ.exe
2956	MEMZ.exe
4928	MEMZ.exe
4928	MEMZ.exe
2956	MEMZ.exe
4796	MEMZ.exe
4796	MEMZ.exe
4796	MEMZ.exe
4796	MEMZ.exe
2956	MEMZ.exe
2956	MEMZ.exe
4928	MEMZ.exe
2924	MEMZ.exe
4928	MEMZ.exe
2924	MEMZ.exe
4924	MEMZ.exe
4924	MEMZ.exe
2956	MEMZ.exe
2956	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exe

pid	process
5024	chrome.exe
5024	chrome.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
4464	msedge.exe
5268	msedge.exe
5268	msedge.exe
5268	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe
Token: SeShutdownPrivilege	5024	chrome.exe
Token: SeCreatePagefilePrivilege	5024	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exe

pid	process
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exetaskmgr.exemsedge.exe

pid	process
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5024	chrome.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
5104	taskmgr.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe
880	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3620	MEMZ.exe
2924	MEMZ.exe
4796	MEMZ.exe
4928	MEMZ.exe
2956	MEMZ.exe
4924	MEMZ.exe
4652	MEMZ.exe
2924	MEMZ.exe
2956	MEMZ.exe
4796	MEMZ.exe
4924	MEMZ.exe
4928	MEMZ.exe
4928	MEMZ.exe
2956	MEMZ.exe
4924	MEMZ.exe
4796	MEMZ.exe
2924	MEMZ.exe
2924	MEMZ.exe
2956	MEMZ.exe
4924	MEMZ.exe
4796	MEMZ.exe
4928	MEMZ.exe
4928	MEMZ.exe
4924	MEMZ.exe
4796	MEMZ.exe
2956	MEMZ.exe
2924	MEMZ.exe
2924	MEMZ.exe
4796	MEMZ.exe
2956	MEMZ.exe
4924	MEMZ.exe
4928	MEMZ.exe
4924	MEMZ.exe
4928	MEMZ.exe
2956	MEMZ.exe
2924	MEMZ.exe
4796	MEMZ.exe
2956	MEMZ.exe
2924	MEMZ.exe
4928	MEMZ.exe
4924	MEMZ.exe
4796	MEMZ.exe
4924	MEMZ.exe
4796	MEMZ.exe
4928	MEMZ.exe
2956	MEMZ.exe
2924	MEMZ.exe
2956	MEMZ.exe
4928	MEMZ.exe
4796	MEMZ.exe
4924	MEMZ.exe
2924	MEMZ.exe
2956	MEMZ.exe
4924	MEMZ.exe
4928	MEMZ.exe
4796	MEMZ.exe
2924	MEMZ.exe
4796	MEMZ.exe
4924	MEMZ.exe
2924	MEMZ.exe
2956	MEMZ.exe
4928	MEMZ.exe
4796	MEMZ.exe
2956	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 5024 wrote to memory of 4356	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 4356	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2552	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 4392	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 4392	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe
PID 5024 wrote to memory of 2380	5024	chrome.exe	chrome.exe

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://archive.org/download/malware-pack-2/Malware_pack_2.zip
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5024

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0x9c,0x108,0x7ff89584ab58,0x7ff89584ab68,0x7ff89584ab78
2⤵
PID:4356

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1656 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:2
2⤵
PID:2552

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2032 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:8
2⤵
PID:4392

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2088 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:8
2⤵
PID:2380

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2924 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:1
2⤵
PID:3664

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2932 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:1
2⤵
PID:3048

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4584 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:8
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4864 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:8
2⤵
PID:2464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1680 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4396

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1552 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:8
2⤵
PID:544

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3528 --field-trial-handle=1896,i,8966995204726999465,1015987642710141878,131072 /prefetch:8
2⤵
PID:3716

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4348

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1212

C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3620

C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2924

C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4796

C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4928

C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2956

C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4924

C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Documents\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:4652

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:2420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff881c646f8,0x7ff881c64708,0x7ff881c64718
4⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2168,16729207085812273448,17603471795264183041,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
4⤵
PID:3560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2168,16729207085812273448,17603471795264183041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
4⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2168,16729207085812273448,17603471795264183041,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
4⤵
PID:2392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16729207085812273448,17603471795264183041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:1
4⤵
PID:3636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16729207085812273448,17603471795264183041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3376 /prefetch:1
4⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2168,16729207085812273448,17603471795264183041,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
4⤵
PID:5340

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16729207085812273448,17603471795264183041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
4⤵
PID:5560

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2168,16729207085812273448,17603471795264183041,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3688 /prefetch:8
4⤵
PID:5684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:4464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff881c646f8,0x7ff881c64708,0x7ff881c64718
4⤵
PID:1980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:2
4⤵
PID:5424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
4⤵
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
4⤵
PID:5368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
4⤵
PID:5728

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
4⤵
PID:2444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
4⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 /prefetch:8
4⤵
PID:3016

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4416 /prefetch:8
4⤵
PID:1256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
4⤵
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
4⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:1
4⤵
PID:4992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
4⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
4⤵
PID:5348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
4⤵
PID:3172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
4⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2260,10125675951727126709,2590537595806987259,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4220 /prefetch:1
4⤵
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+remove+a+virus
3⤵
PID:5360

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff881c646f8,0x7ff881c64708,0x7ff881c64718
4⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff881c646f8,0x7ff881c64708,0x7ff881c64718
4⤵
PID:2032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,14041003109278744675,3365079508850114212,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
4⤵
PID:3296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,14041003109278744675,3365079508850114212,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
4⤵
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,14041003109278744675,3365079508850114212,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3032 /prefetch:8
4⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14041003109278744675,3365079508850114212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3428 /prefetch:1
4⤵
PID:3888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14041003109278744675,3365079508850114212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
4⤵
PID:1680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,14041003109278744675,3365079508850114212,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
4⤵
PID:6124

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious use of SendNotifyMessage
PID:5104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3812

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4564

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5164

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3468

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
PID:6072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5392

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
797de629fdd2200fa3ae68fa78f62643

SHA1
d3694b8fe7e972dcb917ad758e88050bbc143d3a

SHA256
6a51c88f35aafa9b11ad841fe51875dbdd1f78f3a343083a1ec1dd48d7463cb5

SHA512
9404862108f3db0c5dd0d528811f22d96d2294e1ca02af6e48f67ac4b9e21c191b1ec4c786d2f973fc1c9676d0caa25f8b03d6fffb720838b0471ad51edc1b11

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
afa08d2c46ab71e651b5a9baa6e46595

SHA1
4705b69b6e5c487f29c45496b4389975aa13525a

SHA256
b14f534d3eead4920ec3e3fd7e5b3fbbce2b7ba5d5829c60ca8b998766ea32d0

SHA512
87fe3672942486893f86d41a8aba32fdd476cd1d9ba7c7ede0c3df6f306d9c5b154e79e4faf00e7227109421f291bc4917ed88ef48de818048d3e22bce98ea63

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
692B

MD5
46f1c50bd1f7f036151f81e8e49c4700

SHA1
d6071e37f77cc41ea54d5a1f744408d4e0187d6f

SHA256
e87f26ac2c5a246d285b7ea61f7ba1e7b83aba5629c427f5776953c869deba90

SHA512
9fcc7256eb7014f90bf2d9c40a864700a6a8ab1f1c854396859e351d878d4aad875ae0fb89c216c102dff62a265620b2e803eeb28f722e7b7f079136e4e446f8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
ead6d8e0f46b05e5cdf0ec1fb3e5a03c

SHA1
236cf5d54d8e57cb041dcfb7590d06d5f7d4df88

SHA256
34650ccbb0ca10c1ccbedb39176719642faec41b2e4696f785c9382c0267dfc6

SHA512
680ee0d09403ab9e3566e050aaa0859247b1431f15c1a4d51c50e69917efe157653542ce9405b8fb725d41caafedd8fa76bd2435737da487528ce0533b8e2e9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
fca05b4e0e509679169ec5beed753ca6

SHA1
94fabfe8bc19ccdbd821c8658c5314b59f23d0d3

SHA256
b30c5ce70dc77d955ddcbde278a17d3449ab5a0ec5bcf5117a5a9cb96722bc6f

SHA512
963e1791ad6ed6a3460068338d9157a9a49cd4f906fcec3ad5c3bf9c5e15c655e6993583f1107bc9925edf4f9148e9cecb99c206b6b5185c667ccaeb7df4a23c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
a613b6c4aa0839472bc1edb70df7996d

SHA1
05c89c530bdae527bfc7b5947a4db83b24f5475d

SHA256
c65c3211a413204ff3aef29080827a3fc790320a8c05caadb09ea462bc91dde4

SHA512
df079dd541d06a9e85d5f21d6b524a498260c547d52e33899904c3855abd3752293ab0b534ce4f3e98ecf6229f768c05b675dfdbb95bd858c69c38e55dbd89f5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
6b408488e6e691ab3fb270ae4054bd7d

SHA1
f1fb04a47a28a0dddf3a74772ded01302e1af9f2

SHA256
1d606e618b82841af505c5f7c5363c25b4706664aa3a269e1917b4ee2864b41f

SHA512
5de3ba70a1d713cb53663635945360b566af0fd666707cfb14fd27f8525a0f578827f8c2eafd8a5f7206f4be998b59c416a2b163db4185fdfb9cf7e28602c489

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
97KB

MD5
f73cd6740cc6eed241600c69eeb1cb63

SHA1
ab9f5fe7c9d960426da26782bf326aabaf510b34

SHA256
c8de1f44a112b38e6cb34c2332d529868bc4e7ef95bf971c58822998d7557bb2

SHA512
d0146916ca1b3a3130125cf82b64713199a9a1ca1cca2c537f2f3e25674edb712043325c420161c8d9f7da8f7cc8f9bf747ce4eb2d38e872258493fd2a3d7661

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe598a83.TMP
Filesize
94KB

MD5
a7e49f351ba404c046df9482cfc398a5

SHA1
36705a492e52f1453e11669428154e79f04d0cf3

SHA256
c68b6afc5fdb744c0c4abcdd8d55a413d92129076b129d95b61830ced506892e

SHA512
5469527b3c502ff4ca915cb2ce572aed0e974a8ad910d9b8e1556306ef5643e7587cdcf81e2ef08cc084da6f742abd6ec51d6b331d2d66e92afc4a5200266e6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4ae558d9a60b658bbaca0fea1f96e6ed

SHA1
fc97b01845924cc27c43d658e6f068a1ef17bb31

SHA256
f76c65d0fb316e5e0245e4a320a352e85cb97ec168e742e6f95bf7b70cc89a83

SHA512
450f406c52a3088e59923fc717222891a7f257b5b5864b4811de23e8ab7b06f9155111662052d5c4a92884a71b6043805190af2e1d1b3572e8507b4ba5851f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f345a055b63637a2070e5d80f4558d10

SHA1
ca4d09a1090cf4abe52cbde996f0849113d0a82d

SHA256
184d496618ca7cbc36a786ea6bd50eff2f4f7ba1fb18104540ec892665fc311e

SHA512
13c8b5cd04aa8fe3ab7d8a85cf77b53e8a2b4f290d2011f4f5b6633bdc10c6c8c1b7ebbc5db49988786f6aa812e5eb95c7fa167d7342b99e04ec9285384cf270

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1fea96098a4e92d250993d43be6a3f76

SHA1
3ccab45a8cae59f5622227c4d896e50a560bf21a

SHA256
3051f260473a9140b5e204d518890944a0fd36203286402ec607cc6b1865f1f1

SHA512
6c91d324c2c4c4d4c420780abc238cbaa0bc7926cdb06a5948b44a5f5b611e0118e1e1d4eea55c598dddbbfcb1e1b9554418d25cdaa681ce3326a586f208d5ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\732e3c71-6adf-4320-8d41-e5bfed2156f8.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
1fcb13eb2929c0982c0da346033ea2d4

SHA1
187c21d241c1c0ed51c12229c45d7e31291dfd28

SHA256
ab94bf9770402bf0ef0bfb4d03c633d94df9dcb454e76e0371d9116127e60deb

SHA512
983f3f94d5911ab06e5f916d8211607b52407d49978a08229c312c10d3b224756e17a6b0b6ddcebabcda9787b1f5e8ef9889955b76afea4accce550ec011309e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
02eb2b386adade8145a1cbf2923e87a4

SHA1
7e05a6d65306c2d233e9c0f3a65f01974b94782b

SHA256
574d79341046ade177cf4fe53c0418845a4716fc7487e2641d852521d3b46ad5

SHA512
cb1185fdc83efcb0d367d91ef8de7bb63711a4a7d34ba56ecd80b2248519bfd5a4ba5d2dad464ba0963df8fb30a3ee800f99f532b89580e4928b4021631b741d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
7498baa02fff5ddd18522be66ac7d841

SHA1
94ae4edb7ead66d9a977078bbac65d87a7b7228a

SHA256
47598d55f1421229e28ef320618caffd3196efe21ef2d07af2a10276b460b888

SHA512
f0396474a62f59893b1bca6459f52014b8a3f318010a4946441a90c18fe1c2a0189e83ac2bb397581c5d34211497475f9a6a2c44bb4ec214878e696b4865bf5b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b256339490985ce1_0
Filesize
334KB

MD5
e86209c60ef1a71f3c1f390790fe0232

SHA1
16f0bd682c6722e51b24e60e31c73e5eefa1d7fa

SHA256
5200573637e7943572fe679d4896c2bbdcae88e00686481a7bfa3a07ebc734f3

SHA512
a973b0030f60869d9e9b0332dc4ca9d6ee0b4c2cc781f31689f06a874fbda5d2b7505fd2b7d3f4840ae9634811228e9f24cac05e0d57cc3e6ef700cc31f57f63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f8aae2cc087fdba3_0
Filesize
289B

MD5
1fee694aa5394482717d09ca49ce569c

SHA1
d8a898ce99e62b0e0e98856c53e1502322ffdc4c

SHA256
402a40bd21569fb9bbada1cfb6c3b41226f6ac96480ec90718e5ff4e1bca14a0

SHA512
9789f60e9e45a46388dc2fd1c491a13ba1a9eeb47bfcf211c66b249a832bebc883303d23993fbe44815e6e6a46c3108ac2a605699a1272661e6b1f542dde316d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
120B

MD5
e75d3bae0a8c1fe3b16fb4d46cfb6823

SHA1
40d9c697f004135ecbc08a6ecb83a14173c65388

SHA256
2684d8d7433367b197d793712ae520f50e2620ed9d0210ac83ac488931b0311e

SHA512
e559688c0ad65025a7591c03cb720bed8a9b3acc485a349e5933253a309ef3e0e53e780424f08fd1506127156ce70c71b228105bda17873afefc95f91f43f1eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
768B

MD5
237cb95051719f8780e28e693c4a308b

SHA1
96e33ed5b6ecdc951545db1d3630a02013627802

SHA256
9260cbdf4809189e89182fd7e3831f5083a526cb992886aeb8e7d9fe0fb47aa4

SHA512
c8a446f56bef67de1fa8bc3a9a74a54682700ef47113118db43055e45ac9555d7da43c078ccf7802623381480e6d1fd274b59947ab4488b7a9df607ea8f4ca06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
960B

MD5
12f805b2e984be10c3f210fbd8d3c67f

SHA1
f6ca92161fdb39d25f03da826109ccd94e4dfe8b

SHA256
7a60b23b5ccb9553327859e364e4776ce9f7ea7b7b604e23fcd816fb6e747189

SHA512
7b6489df51980746fc86438a4a0b0019269510d7581c29929a3981fb0e2ef5def4666b650448b21cbb285dd0655ec952b43ba873378babeb3183d997e770f2e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
c2380de53cc559baded474d6a9bb415a

SHA1
5f8941eb0eced258cda68b9ad4a4d0726e7a68e6

SHA256
8a710a6d762eb42ad80b0977de0368d0d7206b01de7bb4867cf4c1b012695385

SHA512
18e15ac1542e90e9def677db5c54a91c7d6b3ecdc95fe7e1075c7390bec161ec35caf7ec89ec23b98000bf4ebad791f082a9683326c79d52e433cf456987dbf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
Filesize
319B

MD5
a4b272fac03c7c5d1a391063cef7dbe9

SHA1
c6faa53c470c8ad19c0569d244b5e1ccff4309f8

SHA256
55d574c803aee24cb3b58900bbb68372f56cfdeed9e805af864a6fa2d8d3ce86

SHA512
9e3058050c2cf0e0f4d22fac61632036b7aa599b4cf515f29997a1643d20baf07b5e5380e756bd70aeb6169fb4d80406d2d55f16b12af47940e75d49cdd2758f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
c6c184d111b795a7f24f09e40628670c

SHA1
5ceb12def86679d34138f6330f1ff282fc4fc45f

SHA256
73f7812d6d354bd3ff45ecc8ae4f297ea7a48df128ebcef1f3ab937321ad08cc

SHA512
857194c498f0e8da70cb43dfc3ebb6cd15f6c9e1d27790c841dfb3e22e3281d3ed7903d0c7f7b97c38f646087f78984dcd521a913870bb6ee8d2c023df2de7b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
4902a5bb2724a4fb692c33bc587df066

SHA1
c8a34f36b8b440ada29a730a5c58a4a4729db639

SHA256
6db674e6ab1f1b12ab1d04ab64173125272a1ba565b57b8e3827ddb2e2ea2c45

SHA512
441093032ac7b44ee818c0b03de2a0052de4cbf0f621f2cfbff6cf40efff26caaa4acb6b58f82458ef95111543e8907e903a56bd6f296ad70a44f02195b4442e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
Filesize
28KB

MD5
2eabb4de427c6bbaf7d0b23efab6d9e3

SHA1
e9d631e9ca809332bc9435c5436a301f1ee99fa3

SHA256
5287d285dd25102bf3ab06831806c0e44050a0eb38c22775b3a463f54957c526

SHA512
4ace3c4849383372988cec5a45bb14aa169c4ed09dcbd9fd6f0a0095356a8f8dfdd6152d0f54982e017e2ae7ccf1d582bf7d14cdc05d6cbed1cd71a4fa7b8a4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
125B

MD5
9abdb3d07ed647df66752f9ceff45664

SHA1
f7367be49f0865033f7bce9db8c2d9f12fd0863c

SHA256
e7e5605484f5b68058be7eb393d2120839e7c8aa06aa0650df5875fb34f365b8

SHA512
0490bd271f97f1517f746cec14ea7b8bd3f6b189fbff65720db6d72d4f9c21528deb61542c0f444f2bc7ffba8c2acfb6ee01a580cfd67ed31bbaeb70bebe4c5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
981022317fc7110ae452f300fcfeaff1

SHA1
3817178d985916f7cd0cc2ca23f2396c3573b899

SHA256
cc593b19cd3f3aba896e90ff58fb036d424d391306065fac9d6c7345875f8463

SHA512
0f4adb1cdf2a25c5232dc6e1db4a8da235c1dd494514707948ead52c54e5de73538af5f5364ad40b0a8975fd3a1960a42dd20547947115ac313be66bbe6c24ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
163b3e7b363ee9b3cba1e3843d762b15

SHA1
67b84c74ebe9a3f992dfc37da509e6e4c100bd73

SHA256
3bce12fcc5878d044413e3e6b41f863470c21e576214cfee3116d0b4be1d42af

SHA512
e10e8c877fb930100239862d74dd390f753ffa710bd6436fcdffc303fc2699894e02a27a9a6515026f197247d04e99b96edf23288636b488219268c54bbb0085

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1006B

MD5
c1b96ec4c4b27044cedc1e30db926b56

SHA1
556b3ac4d2dda72c65bc75ec4624d5d938284e7e

SHA256
f453a1c6cc8947494ffa92fc538ab165e76c4e01fb46c3584137eed73aaec227

SHA512
15343db7ce12ecf67dbab64de4899fe7e65d01d7ded6f82e797b7c4f802be19e23db328248f15f94f3c86646343795f53d8a39f667a83107e4fed9b67913b434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
c386dcd26737454fe7d16b233ef1c341

SHA1
daa4b44c1a273e7b599295c8dd9d05523346c363

SHA256
1878bfa621359754655cb5ff0a2a3ee8f943b2e0072e9fb0ff6cbffd46d9186f

SHA512
5d8f6547a381de01d6c530da33f94df353c1bf863de11659567c7afbfd89cdfc1eb83551f6a63b9ed6c2f87f6068eb832c7b14301b0b0395101e663f364341d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1f6a626354999be94a3973a61d482c5a

SHA1
56cd1bcc43063842bdbbf5216db21d5f00f642e7

SHA256
2e59907bfc3165040701dc12f1d0ca3e0d323bfd7813a5dd6abe78e0a57dedb1

SHA512
b6488d446b5b1630a513041e05499ae1080dbda3c842e5dc464a67c55d96c1c07b56bc1bcee14cb3a029a7fa0fe9ac3ea6a7181cf14b233993e0ea71fcc7df93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
cc2e2097709cf9f39ddf186ce694dfa8

SHA1
0208c66cb7a8b909fd9988c3c47ae674d77b5559

SHA256
1df1e92e08513b34cf3373fc4fb94e42982019902ed1b7ea9d3e2c12122def0d

SHA512
95aa7aed82a3778f07f36c4456a64d56e9b6519d7f3927006a71e2d22e5c92f562f158a100343b8863d4d91e2a87bee81b21b823e52272bbe30a62bf060b91b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2d2ee5433e496a2ce7e5df187c8013ee

SHA1
492842c3f9e516ac5b32eaebadc1bac5f0f6d47a

SHA256
cdb509bb28a16bb6f9e827478c166c13fcc3c94c06990df7fde6f9eb10f69de6

SHA512
b8ce074290901d522a8781c009f2b46344c046920a7e6dfed54fa745d67363446d67eadfc16f9d98fe50a2e8b8d0162a774ce5b4a48cbb3d9dcf26ba710c29e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c1cde0080a931b2c0e7cd2f00590103d

SHA1
4492a3cead4be3ee42dcf309801821fbd0b492bb

SHA256
7b17a86b316d798a7b545395ec306263902cf11c03d577b73cadf98774a9aafc

SHA512
47d60abff21559b3e697cfa85d6af6ae5bb67bfdf9a1846ca88467b4527d70f1f21e4ef9961d4e30b63ae221e90cd6212c1e2ef85a24eb81430843c57aeea425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
25b022a3f8c024418bfe204860333416

SHA1
703a5da82d0f3814c392377c4b8579d959389e50

SHA256
eb1c8ae9102584cc3b693cefb4d36cfbc0ccfa125dcc92d9ae662ee089ca8fd0

SHA512
6d8f520dda87f0e37da494ba4997c0bd74d02852a80cce266a10ba2003749eec1a030bfd0534c75e8f9d1f2658a11f0f7961d66a25ece670657634c9f7095dc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ab4dbd9c296938f4269af2b6be5a3a0f

SHA1
020bf3a2aac20d9a0f189495d78162001097a58c

SHA256
e242de1e8e6b85c298ae1ba978ac8c9bd49204d9e22c2c870d63efad5a2ad7b2

SHA512
9fcfc39a34a3cb7a2ee94225e6081d698cbc4df0ac05b9b9da7a244c5932f64c7b9da4828d2ddfd6eb73c88896307703c4f61ebf4f78ac4d0c39f018374f73ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
2a226de8ef540596acab35f4acee577a

SHA1
2dc3b6554c2405277ccbf8b2c869ac505e81b22a

SHA256
a0ff35626c921e214d75aa39e43a02f85c70a62a747646844f1f62f1e61c8f49

SHA512
174769ec0ced084b4ecb1e8bb4af52e75a6f978927849d3907b4111bfc02b2bb9dfafb8bf1265d2f2e288780d51cf3480afdc3d87693f0ee7a310f6eec66d8f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
00d1e32e6cdf2a5533042af16e816035

SHA1
5053aa40b6659da9d7758295a92a40f6378207d7

SHA256
9409d8e4658245b79d1554ced9f3d34d58134ae18874caebc01e73b81656be4a

SHA512
61e1b77d3122bfa411d90b6659d2be1ae39375895f2a91036c5a28a8ecdc217427bb50059e4e4ce61e76aa2e1844919a5d44011d4f0055f38d555f288e6883cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
0f7a2ec491834afe799804cb878643c4

SHA1
3866b822997675337274f658b0341750869dbfd5

SHA256
d3b9db8def053407eadafb212ecb3a93da127581f91d319d8f62990a3e194e80

SHA512
65dc826220b38706d8852d29c39e870c0120e1e032637a3320cacab5230ceed17f576b5d2c8484bb329c11a9c03f30edb604e19fe2913f3b544c6146ae585c48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
Filesize
36KB

MD5
a9ef20780285dc4635832891c1c5b73f

SHA1
bb5a478e0d69d0354c92a9d2b535e0858763b09f

SHA256
a78aa15f2bac93d55cd2fc7e84a0d56975c499c07383f039e7f534cab5fdfc9b

SHA512
d0b19517ade8e1ae0357bbaa5788ef796d62631fc8bdbc890ad811868b45af4b93d6b4b4a33f9f79444a892145a182b3e6e6f99ce23e4c7979e60c7015d923a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5c4ffc.TMP
Filesize
90B

MD5
acfa8340143119fb4c992bca7277de29

SHA1
2f6cc4ad77819ff4cc132fb7a88f4a693b76caf9

SHA256
81bbd10851214330ab265cbfd5fbb325c90a545a9f77ed0de99c78c127d9b3d7

SHA512
230f023de6d433d66c7a407e6ffc5b049d74a846da4ef9cdc68c1d46b278ae14d0a9bace2ea6f9c9e38c39efc326d8a23162245fc2af0bd09d07eac786d73ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
734B

MD5
db7816a726eaf89e09910c4ecf0127f2

SHA1
8797c240792e61bd75ffe430b7780b530e5b0e15

SHA256
d410cb7e0539a681d60b5ae78d2c80547b0f769117944d6146c0b6ccc8952084

SHA512
2d8fef8353b9fab060349a0795945fb361eb509bedf55c083c15d894ca28e3e8adce81ce45851c7ddfc8e0d7aa09c550b043f52d07826aec5ca27453651baecc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
a7ae1bc4ddf941b41c5c288b98c939d1

SHA1
7e23fbb21bc9ca6df5d9d8482aa410c106f85e80

SHA256
00038178cf68f9146a8f3a0f021bc8104af4c5e040babca6b10b01f1573d25ba

SHA512
1a6f187b641a58d14f808c5a130532ce3a8729d788660ae6ede385f546c332238974a40e092b6e0808677f4d6251ea67609369f69f7562a8e6470d1785abcc26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361162629435889
Filesize
2KB

MD5
cc96ed49b38480672638107a6375001c

SHA1
bc199544ed2fb59fcb792bd731499b4ad9fdc3cb

SHA256
b032b6ec1e4b86acda09c1671e400fa36b40442d803ff3d0ad8e3991f04e60d9

SHA512
713776e7b5b868cc1e2c625e9471ac5c2d10d8f5f9fd78bfb2b79c6d534291700364024326f12b908e9b08ef34d0bd74aacd16689ecf46f8bf177bc3648c12fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
5ce40cca0cf6d99b0672a138f7df384c

SHA1
d338328729973c84cb06a9f3c28e29c219daa5ce

SHA256
6422610b632bbe35a748e33645e14a5fe8934028ca0dfe09096bc417e26e0692

SHA512
f2613b48de1e33a074883dfe85af6b8ce95d0a376b9305507110dfe6473363c7e585e73423d2a44ac04142196f777905a949f9d5d9932278b25695c82dcd9c58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
63952b71bba9d2db3c2cda5234a98b9d

SHA1
027dcd873775e162f673d7227ebf6e137d5a0102

SHA256
acb25150ea5e60bbe58141f11cb5ff5580cfe2e87dd2d36f9c56aebcb3ea193c

SHA512
c0beb6bee7a3b2fcdf3840cc099b9c0217701bc43ce255e33e3ea3907277d8c3be0467712b9c3b5755565944e29e61edfc6c35260f2deeb6fac1a737811958e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
df1a87057c3a1d418fd2a9bd446ac988

SHA1
c08f1b4b772ca4d82487cdfb22221e956772c661

SHA256
f38f561b18f99220ffdf0b7e3dd94cf9c73bafe16cb260d245518bc88f049349

SHA512
c341687d195be6f26bd2780e10ae5ac885a5a531899f515f7417924376f91d3179c7e6a1231f0d3573d66aebc2e7ca8b7abc6723e13f13e369cc79dd2a956fa6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
917ac757a658fa0832df9774693cb1ef

SHA1
2028faf54a377eca0d18caa881e18e383b2f2969

SHA256
cc97b8ea9731102bb0924625948617209e20fc502f2e8bd1f6e6a31ae60f9d5b

SHA512
260bb32609cf7990d6248c854bb1294cffacc95770486f9b759a36e95f20464a5ea8ac79a1e5d49a20d2da5165748fc80c7feab18e8c5be7a3fd36c632604293

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
5cb02045e37065e99478fbb8d9343474

SHA1
2f53b47f84ca3252dc69af1d4308fc025f60d8e0

SHA256
32bfaf5a55da20f5ff534da940c30c083d75a5e3ee231034066d81339f0a9110

SHA512
750251ffc51770f6b79c576a508f709597901918455fd27e1ab459602ff379c29ac2af70420d5fd4663d3780ec2610e5b24566585ae7912f455ec0b32305a8f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
1e4ad187ffc71a9609d0b1b8bde26908

SHA1
aecabed1301adfeb41f5e22faade69f34d4ca987

SHA256
44fe73b088691c199a1b130f3c8c9868318ed3aa5cb5d8e510aef965a92525ec

SHA512
e71aa378caac53089e4fcff5f07f4307f55ddfc8b2a8f57dbee9be0cd61e88b80318152b48606ec618e0a9b254f5803280ffdbaccda202e846fecac6f46a721b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
bc3952b12357b3b212758af5e50b2370

SHA1
c77915a74b3c247aea8e7925510e917fbf205872

SHA256
a3487ba920092a3c692e8036338a0781f4121f9b8cd9243ea837d3ad8ff4c34f

SHA512
4980d731c14641efb3b2a39fa5afbe444fb8d0d1157236167f617e67d2c770270acb8ec3132a391bf612ec1fb65b8a08eaed3538acf2cd63b227f5152d235d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
322B

MD5
61200e362d2e9b54485aa156a9bd3c3d

SHA1
b5839491fd2ea283add9bdb75b3b90da9b117619

SHA256
2b976d159054c0ced8976ba32222f427270b066fcc539cab18889b3bcc6233f1

SHA512
5f2b432e07140ef4cf0e12b45fce8a2aee95eac3954ac9f10836489c2a0096985690660bc223cdcc3ee7560fdabd75b7e1a3683608a352b51eb97c7e5638b1c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
565B

MD5
817fef8d28968a36dc2cfbdedc94f3a0

SHA1
97a698ba796574d32ef1144c119429f3f4fd1d64

SHA256
01548a95593f9083348257b3faaec223626f608bdc780831758b83015d18fa1c

SHA512
b3fb5bdba3c124ff5ee40f3e94efd074d2d34add33826cae16fdf6c630f80abe749a97500963c49581c3adbea1b25c9cbea11bb531917137bf2db7e0cd58f885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
340B

MD5
93025bd36f1ab0b6c3ff6252b407bd34

SHA1
54c56696ee9416d658399a15af65f24aa4459095

SHA256
63d2245c62345447ab8954235367e67248c19d9def16df66496d3bfa921aac1a

SHA512
741abd5987b49cc85028c7f71fd63f6734d27eb2046d98d1ae5aa743a03c426802a38400043110aae8f50e4d6cd13924275177b6447b1abaaed30cd9470ef1db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
36b8b9f27fb09a5b6f73c7701723ecbc

SHA1
93b96cfe1268bd8d7b4281f47f460f5be21f9196

SHA256
84bd39bd03c09333e354d0f73835098c70ec6871433204f23876521c9f382ae1

SHA512
74a16e4137cf5b79e6486a2191455a3f3a842aa460cfd974c7f3f8db7766722caeaccc421d20b2938ada1b77532087961fc4fcb08b95cee38ea619701c3821a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
446c0637c6b2debd877e24dbd0eced45

SHA1
cf138b99c00fd79efc0296146898aedc50e012c4

SHA256
09c9a75c1043256acc2ec038b782aef7af18ab023613ecc7925cbc76168c0239

SHA512
2302395f6a70e847250eb3325c06c03008022445e9583e2f36b189f35fb766009305bbea5c216c22c2d350d09d1d062e002a093937a31f097eb59c2210768b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
Filesize
4.0MB

MD5
2d6aaec38309a2da5515a19066e17df7

SHA1
fddb6a1c0041708ae809a086ee26fa3517c7d3f8

SHA256
e847b286a61c0842087288f397317f1cd9232bb64a118b19b5af4f94204f7a9f

SHA512
34e3f0153be53bc89c88e4f0f78cce54363703b246eb56267bc32675bf3dfa3f57b1d16532b14fdad6e153077c54f9e5b57f43f2e915a4ded460eaf744b94b01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
1023a05af1c553f60eaaec9b3876ec61

SHA1
a44928aa9c008121439e176fced8c03ea6ea9c53

SHA256
6df349c48277d7ad505cfd60809d648013dd2c287979e5f0ef409a14e68e786d

SHA512
6eac17d194b89672b163c87220bcb7507ae97b93c02c9bcca90c9557f3c29b703d4ec7681014c9b5ba4eadec8fb68fade76624a93ff1ffd491c6c0a787fbc1c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
dc36edb1f76dd5a4634e7347b2d7a8fd

SHA1
6c155c2faf3e1d7ee094abc18e214028591127c7

SHA256
22ddfa63fe4be46554c1510ea8fc8a5e52bb750072b87a6d982969235401301a

SHA512
737f295bf719c2bffe5b5d869c6ae5d9da67c0d707f0fe8d9bd49ec8d3d74763ddfe9c2b6f11980ac0018993123963cd92c3df946876471f1e14048a87d9e7bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
ba0c125ed0d9b75bd203436de1ee3324

SHA1
e736ca3ed5e934fbf75f87a49ebda037b34851d0

SHA256
a1bb01da9127697945d27aefa438917ba642b852dd8f3c6a18d79a7148f89ebc

SHA512
f7fe5e2991defc5ed061761bc3e86a49986a28ef8defa5cd20122a67ccaac8a97cc192ef3281ebe63c4726f877483574a94e2a0a015f11295515fb0bcdd19921

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
a61a2cf6b6af64b528cff3b980a1a120

SHA1
a9146706b9d8337aa23cd9fce5f6d55a89377c94

SHA256
e24322dafccfbcc756d74f66d2229fd32c435fb96b1e7a2dbc0ce21402be9097

SHA512
0bdf747a814233e6c9cf36c5c7280e3aa6cb4e0b3209007b8e6ffe252a4090a240ec6ea556e1f37316df2d40440c04cdc45b970ad929882af851ec817320afa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
Filesize
4KB

MD5
6fe5fb224bb8c5b8f06d3b8a064490da

SHA1
641230323f7ff0303e10b8af350297d74c5718aa

SHA256
f72e26b033f382319475030dcaedd5215e6ee6ae3bb9c8e52baac859cf086cb0

SHA512
a93386715155cb1724285e6e6f1a3b36c5757a21bd28e1b108b1b9ad729b63c42e6d61285b7e200a1a9b5bd7451fb5959722b59a8d1d1efab2fe9e5f81a4480a

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_5024_HISRRLAZQBTPPZRY
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5104-108-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-106-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-115-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-112-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-113-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-107-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-118-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-117-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-114-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/5104-116-0x00000260AEA60000-0x00000260AEA61000-memory.dmp

Filesize
4KB

Download
memory/6072-719-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download
memory/6072-723-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download
memory/6072-725-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download
memory/6072-726-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download
memory/6072-724-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download
memory/6072-727-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download
memory/6072-728-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download
memory/6072-720-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download
memory/6072-721-0x00000258BEDD0000-0x00000258BEDD1000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads