hxxps://github[.]com/Endermanch

max time kernel
173s
max time network
172s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03/08/2024, 13:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://github.com/Endermanch

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 9 IoCs

Web Service

T1102

flow	ioc
27	camo.githubusercontent.com
29	camo.githubusercontent.com
10	camo.githubusercontent.com
26	camo.githubusercontent.com
28	camo.githubusercontent.com
32	raw.githubusercontent.com
65	raw.githubusercontent.com
24	camo.githubusercontent.com
25	camo.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	[email protected]

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	[email protected]
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671671001527000"	chrome.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings	calc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
4948	[email protected]
4948	[email protected]
3940	[email protected]
3940	[email protected]
4948	[email protected]
3940	[email protected]
4948	[email protected]
3940	[email protected]
4948	[email protected]
4948	[email protected]
2528	[email protected]
2528	[email protected]
4948	[email protected]
4948	[email protected]
3940	[email protected]
3940	[email protected]
4656	[email protected]
4656	[email protected]
4116	[email protected]
4116	[email protected]
3940	[email protected]
3940	[email protected]
2528	[email protected]
2528	[email protected]
3940	[email protected]
3940	[email protected]
2528	[email protected]
2528	[email protected]
4116	[email protected]
4656	[email protected]
4656	[email protected]
4116	[email protected]
4948	[email protected]
4948	[email protected]
4948	[email protected]
4948	[email protected]
4116	[email protected]
4116	[email protected]
4656	[email protected]
4656	[email protected]
2528	[email protected]
2528	[email protected]
3940	[email protected]
3940	[email protected]
4116	[email protected]
4116	[email protected]
4656	[email protected]
4656	[email protected]
4948	[email protected]
3940	[email protected]
4948	[email protected]
3940	[email protected]
2528	[email protected]
2528	[email protected]
4948	[email protected]
3940	[email protected]
4948	[email protected]
3940	[email protected]
4656	[email protected]
4656	[email protected]
4116	[email protected]
4116	[email protected]

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
668	taskmgr.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 17 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
2408	msedge.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
3276	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe
5236	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe
Token: SeShutdownPrivilege	1680	chrome.exe
Token: SeCreatePagefilePrivilege	1680	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
1680	chrome.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe
668	taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4636	[email protected]
4948	[email protected]
3940	[email protected]
2528	[email protected]
4116	[email protected]
4656	[email protected]
4680	[email protected]
2884	OpenWith.exe
2528	[email protected]
3940	[email protected]
4116	[email protected]
4656	[email protected]
4116	[email protected]
2528	[email protected]
3940	[email protected]
4656	[email protected]
4656	[email protected]
4116	[email protected]
2528	[email protected]
3940	[email protected]
3940	[email protected]
2528	[email protected]
4116	[email protected]
4656	[email protected]
2528	[email protected]
4656	[email protected]
4116	[email protected]
3940	[email protected]
4116	[email protected]
4656	[email protected]
3940	[email protected]
2528	[email protected]
3940	[email protected]
4656	[email protected]
2528	[email protected]
4116	[email protected]
4656	[email protected]
3940	[email protected]
4116	[email protected]
2528	[email protected]
4116	[email protected]
3940	[email protected]
4656	[email protected]
2528	[email protected]
2528	[email protected]
3940	[email protected]
4656	[email protected]
4116	[email protected]
4116	[email protected]
3940	[email protected]
2528	[email protected]
4656	[email protected]
4656	[email protected]
2528	[email protected]
3940	[email protected]
4116	[email protected]
4656	[email protected]
4116	[email protected]
3940	[email protected]
2528	[email protected]
4656	[email protected]
2528	[email protected]
4116	[email protected]
3940	[email protected]

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1680 wrote to memory of 1860	1680	chrome.exe	82
PID 1680 wrote to memory of 1860	1680	chrome.exe	82
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4912	1680	chrome.exe	83
PID 1680 wrote to memory of 4600	1680	chrome.exe	84
PID 1680 wrote to memory of 4600	1680	chrome.exe	84
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85
PID 1680 wrote to memory of 4888	1680	chrome.exe	85

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://github.com/Endermanch
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1680
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fffdcd5cc40,0x7fffdcd5cc4c,0x7fffdcd5cc58
  2⤵
  PID:1860
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1980,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1976 /prefetch:2
  2⤵
  PID:4912
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1576,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2112 /prefetch:3
  2⤵
  PID:4600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2208 /prefetch:8
  2⤵
  PID:4888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3108,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3152 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3116,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4904,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4812 /prefetch:8
  2⤵
  PID:4520
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4812,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4608 /prefetch:8
  2⤵
  PID:3052
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4948,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3864 /prefetch:8
  2⤵
  - Modifies registry class
  PID:2408
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4952 /prefetch:8
  2⤵
  - Drops file in System32 directory
  PID:3036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=1140,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=724 /prefetch:1
  2⤵
  PID:4568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5464,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:3960
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5200,i,13246892564543986409,15511103012841773765,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=5512 /prefetch:1
  2⤵
  PID:4132

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4476

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4972

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3172

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:4636
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4948
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3940
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2528
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4116
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /watchdog
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4656
- C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]
  "C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ.zip\[email protected]" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4680
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3724
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:4896
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:1384
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:2408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffdc9446f8,0x7fffdc944708,0x7fffdc944718
      4⤵
      PID:4876
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,4934012622351783,12653168926393921652,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:2
      4⤵
      PID:3480
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,4934012622351783,12653168926393921652,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
      4⤵
      PID:2956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,4934012622351783,12653168926393921652,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
      4⤵
      PID:1724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4934012622351783,12653168926393921652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
      4⤵
      PID:3152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4934012622351783,12653168926393921652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
      4⤵
      PID:220
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4934012622351783,12653168926393921652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,4934012622351783,12653168926393921652,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4144 /prefetch:1
      4⤵
      PID:2936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:3276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffdc9446f8,0x7fffdc944708,0x7fffdc944718
      4⤵
      PID:2920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2188 /prefetch:2
      4⤵
      PID:3012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
      4⤵
      PID:2676
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2820 /prefetch:8
      4⤵
      PID:1744
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:3116
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3252 /prefetch:1
      4⤵
      PID:3068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4340 /prefetch:1
      4⤵
      PID:824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
      4⤵
      PID:2628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
      4⤵
      PID:4652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,4850680192840847695,9594199170271554260,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
      4⤵
      PID:2020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:5236
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fffdc9446f8,0x7fffdc944708,0x7fffdc944718
      4⤵
      PID:5252
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2172,6416680924218930472,324895929042219426,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
      4⤵
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2172,6416680924218930472,324895929042219426,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 /prefetch:3
      4⤵
      PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2172,6416680924218930472,324895929042219426,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2896 /prefetch:8
      4⤵
      PID:5172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6416680924218930472,324895929042219426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
      4⤵
      PID:5512
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6416680924218930472,324895929042219426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
      4⤵
      PID:3572
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6416680924218930472,324895929042219426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
      4⤵
      PID:5276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2172,6416680924218930472,324895929042219426,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
      4⤵
      PID:408

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:668

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2016

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4668

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x510 0x518
1⤵
PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3392

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2812

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00001e

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5f77df1f9da32d4014d34f8d72011fe0

SHA1
0044b4efec58019fa0c71f4aa1e7c1b1f7c9f4fa

SHA256
f746e081757c09b00431dc84234df9a4e8f58fefc2fe76628131370abeb3074a

SHA512
8b8a9d3ce5e026ee7ef1bca58e6db116820a6583e291e22564ccb8ff1403974589c781db42016def01d0a3ad9c1086e91f9d7127da9d11720d0055bfa11f3b55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
47f002a19f9b3e57592e33b6f2bd5cfa

SHA1
e110b069d97c4c0f18a5a2e7cc0136eb528d2299

SHA256
b824e83cc5882f6359a7ed665e19f030c1cb429630948b69a603104ca36eaa6f

SHA512
773637abafb2fa661e5c62dc03b46bf22f15fac0c9174887b103d77c908f36659a03aa2a8c8cfc05fb5ec68af18f2a3a36a8104d191de4fa1e8a39e1a04f744e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
8a29c012cfd05ac9d977430bca764ffa

SHA1
32955268a04236cc73eb91cf2104c31eeca1f9df

SHA256
01506ce373195ed87d8a7e3965f7626be406f49ef0ba1d470dae7a7e6bfd5bd6

SHA512
4d317fb937f028dd4feb4ee8ecb9ec6e54c30cbdb39b45da8faa93f9d75e799bfe1434f827dddfc766bb4b874ca7767abb700368bd45771a444a8b9990dd6006

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
22d78c68e930b4a4da832611461ea195

SHA1
4b6a9f0c685115ef058097415befae3ff874d93a

SHA256
8520d44fefac6d0c1b694e644a081010a7af4d366fd041ce5ae9baed6a1bcd26

SHA512
11166f59634ffbc6a9fa07384a7aa9cd8aa17841b439f1b15ae5cf5603bc815055457add6de905ad2e239bc0b31cc9d6d8115044e215b67697e6ed9014c17bc8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
c46abed2db526db3f809c7d37fa720e5

SHA1
0842231980fb5637dee418bf56eb425c8e11a2d7

SHA256
e285b54cb9ae22f8d43eb3a45bccda9e699d5e21fac1aced762db591357a81d4

SHA512
ac96f463674782d4bc48d08d5828bf5bceba367c584d21ee499183b31b7c3847d1b8cad0dbf3ece2251ce1f08262508df1538ff8a49fc5079d7a359d84b7f303

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d6071abd6537167766a791439673c5a7

SHA1
27e92741a5d891203f9ac19d03e6d4de2e9f6a4d

SHA256
3f30b50baa06462c4fed08c6638a9b98077c6a8ac71a7c13db58ac09b0da361b

SHA512
bdd4d2bd02491fffbb9e39419e2003ecb16e29b70eaad2e127aa2c28f744de4f29ccc594778cd7691b756362d2dabd6b91d699480c486895ecbea1741e726023

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
cc377a4011fc2c7cd4bc0462d6b03f16

SHA1
23c858a5c109922205fc8d20711e2cd86f3859c0

SHA256
2ee039dcf08645de5c334c7b2d62e1a012b506a5205d6c4c96cdbec850555c3e

SHA512
d2398b634e3867c9a94bace8a64f11c100c4c60ae61c0ea09519cc559f9fd17d851eb3a712b308228479b16fb0222a54cb3eac4957cc93945e92d328b6667692

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
e804ec572f000a2e16a9159bfb45fb02

SHA1
af357731b0a2b41625fadd510c1c5365b0b0453b

SHA256
cf5a766e57cdb2bc6bc835cd0bd7d4cb99d11754e126d112c933de77d96dfd4e

SHA512
5a155541c3a7bed0e1f9c3707c609d7ee31affeb423d76a751a4e8537345d0de594b6db50a6352e3f4337febbc49cc02eb2187c3c8267c4bf956df41938ab71b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
3e99c28279665448c48dd5a9d9abf35b

SHA1
4cc38ed67270f929e54514d45a90656dfa4a876c

SHA256
622abeb211708245b0d264331603369e635cb9fb73025a117da41314dbb99953

SHA512
6da2038e648c0b0984d9b881bfbce7b387a4cf37fd63e655678b08048d6c787e4cd56b3f8072d4b831af3712ab00689737be650a5ea2841854ff0b8e5ef2ddb1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
bc5a3fb1e809de8c3231d65f9c54a06b

SHA1
7ea6775089b935ce57e0790751d69629bb448f41

SHA256
42e903176a7da86e7cb577cdf0f0a86bed7b51d56515026bca18cd6299b4d124

SHA512
36813ad28ea4b1412030c80f9aa18748b0a2636a6af2365ee31d455d367800a20a865146af1e9e399cf0f8f368bb2857e96bbb64d4a3dda12da3e5a0376f9e7f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
423f99c0b3921cf75644fe54763beef6

SHA1
887c67f39da4d09a098b6eb99f9d3f4bfb2be177

SHA256
8fca2720a4db7778a4dcf37d4ebab05a9c63a15a65a75b96153c035de020c0a4

SHA512
ef99f6fc36da29290767b71c474eae2469c34a3a6c6bc446f36192005ec67ddd618991598c2ce96eb57196a6730a5458e9cc6413a29cbeba4019f917078dc101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
50ea200c64e8578c377d9bf4cc11f578

SHA1
9e21c92363bc5bcebc5a129445d42b227657a32e

SHA256
e0efe96cae63506f5fd51ace28ab8f4ab15c09a7b9051a183837a897b0c32b82

SHA512
2d80947461cc7cec77ed115b1b69477f9294e99bb7337f869a0fa8be84341c1ad53d5e42683dee531617f066320e67ad4d78d9e181d7f9908ca44fd32d50a55c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9ff88dac2f1e8be6aacb7ac863ad1f15

SHA1
accbca9330cd265b8af728e6fb2d813165e8b35c

SHA256
a1db76284dd6c19ea27dcd6355cb339cb63852a52c1b19f5bba28b55d06b7e25

SHA512
c8d295d2f9c6ec5a7e22e1a8ad7d529dec1564e9ae7ece1787c69592cb0fe1658c194dbbe09e0c4dd3d5853fb5041cb0c7bbcf70eacca334faea5198bd64a277

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
019c1503673d413a9cccc9147e7bddf1

SHA1
b83f619476b15238fd305cd755e8df4707f5aa67

SHA256
460b4d4aea8045d761790cfa0e49e5b10066c37ca0a0ecf1efed8b5ecc53bc92

SHA512
568a0a40d30044e2df8a78c1694ea595327823403f22e9a0e52c01d5b3386665ec7ae24387c1911a4a275d11abac26ce4f84b862d6c47b35ceb78d99dc767b0e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
2c3bbe7c0595baceee2ad278069db31a

SHA1
002546d6038eb755d27a96342c4f3b9480dec15c

SHA256
08e6fde86948b8d7ea362d0826caf888321e5b6b8c8f7005b9675bfa8bb89614

SHA512
56e5805ac925ca1b5de3b14fe33a1c07262d8142f99a4afad8e578efa00fcc9bcf9950297e3113f58989789f6ae4f0fb441f56c0dce369b20df87003ffbe3961

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
eb5b0005a653d0a222d23c2f7bb92370

SHA1
f4496486bb2405a73415c56ca447beae9b865d63

SHA256
7096825923fa91f5c682c4e89eeb80ec83f1e4ac2cc8379e59e66d7ae99a4fc0

SHA512
39c2e07c315b7617e2536549db236aec2cded5b908026a702717c818d9bee9d5ebab2879c1a93d37b8bb0792c7c34e9fa62be37ac35e59199e10f9525538f533

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
1c35ce45a1a7dc6db999a8d11602188f

SHA1
0fb22a877ec03c0c7cacfd43b755b76b1e01939e

SHA256
e4dd1f483c49966724c3ed2f60ba7ac533e15377998e0076d41168f60bd9d494

SHA512
ca4b24eb7d0e6517ebdb9045130913f9fd3f70e62132070f763f3adc550aa7e1a028f9b96b8df39c4292750577da1bb3e0677414f185ade00bca531f7b8cdbbe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
5fb99acd5392b67aaf57faa5682cbd77

SHA1
04bc71212acee5e29e695d772f41c2f04921458a

SHA256
d2e6ab41befcbb0a5f6ed65ae37ddb44543171e03ba2cb21c455ba61f4c6f4cf

SHA512
6d15358e01453e675bab1e3ce2aa71735b93daa824391d681934bcd2a4492c9abb65a5648c2e17b113ee27f0dabf3fd10452251c948be2e4b6d9fb09edb213ba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
d18414d93ceaef98cfb318cbf9dc86a7

SHA1
d9f88d1ca947fc24a0bfdbb5bb5f2c04ecdabcc4

SHA256
8c7c643fc1d008a06805164415178cf169c01ceefede9187946ec9a91e7c3c83

SHA512
42ec99db62595e1cb0ed760ce306ca707c46dbddaf78d5952e96899aa6cdc888b867da7dafa6a7507b57f85555f879f1c5e2f6695b42c6e31d12ad465356acbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
f5f92bb727fade3d3209e2e0da137133

SHA1
9e0fe93f6706c2a60d2c8e658109f7748c28fc45

SHA256
95acbd72ed0848cc9730e4f6e59f173b605aa2478a9052a5a6b27e798e36fcd6

SHA512
289e4c15597aed17878a61a2f1929cbd0c92d78a8255982b1779ec6b7ea8ff26351316d5ef3414da3998b4adcda0984d80c96091df4ef4f9b366d6ebe2b30e47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
51b360910a32da85d345418c4d4baef9

SHA1
27953f85e95c32e4d7d4c5864c2c788b71338bb9

SHA256
3498e2a8fd98cd5470e1bc42709d40c251d959a1c173d0ac95aba3905a894de6

SHA512
05da519877dc889c061e7245ba2fd27c493f1b77e7e724190d3a6034fa2f32c3d22f7e9aefb87612e9ce37b1536c0721075b20f6852f7a54b7180253e04268ea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
01dfd3e98c4c51af79b1f0ba3b9af857

SHA1
b037b2b59e0f84d6ffa65cce25bbd3f0f88e12d8

SHA256
b414e6ead1a80c5f0ad7e7c27d85a0ae295a5eed6b024b998abfb5b2263ec3f3

SHA512
5b5743cbff94bf097fc8f220b275bc9437e2503d5d1bcbc59895abcc31c05c73089510955137e2c6ebcdbfc069994ffa2dc4ace1bc104c0d80ddcdc6adc4024a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b9569e123772ae290f9bac07e0d31748

SHA1
5806ed9b301d4178a959b26d7b7ccf2c0abc6741

SHA256
20ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b

SHA512
cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eeaa8087eba2f63f31e599f6a7b46ef4

SHA1
f639519deee0766a39cfe258d2ac48e3a9d5ac03

SHA256
50fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9

SHA512
eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a76745234e7210bfa1bc7f7e0dd81e18

SHA1
7c992e766a46bd9c50344392ebf364a6082ed432

SHA256
b009e7e166eca34bf9fde5f5c2c00c37b7420c6376eb09e452ac5f7349713bf7

SHA512
1a82078584740eeb89f6b25e77d85ee4a0883bba4aba19f9c7ac1667f4708ffd4bc4a79738df6ff02ab7dcea0e24408d147f4f1b401d67a736764455d0174142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccebc371e3a30f0b4eadf60ee704789d

SHA1
e54d0530187451e0b2213e5f85a87a2243b09369

SHA256
7346939a33ecc26e174aa3c99d0cafc8b3c3bc048c09802543fa70731a970161

SHA512
3b174bcd3848f406709e059843e62d00ea4b0aa3d21fcf60a9bb513d7a95250165b5859a687ca36113225d2bff437e7371bb54d33467d24a16504b4a9acb344a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6943371f51a65a28c781092922200178

SHA1
9f125e5aac500776f8f93f0a9cb3c8fa35a3d700

SHA256
01ee5c35e468649c4d3108d4a23c021126cbbdc1525c40cadd94e0216cebeaaf

SHA512
050dff91af32c392d3866e011bc7f905befaf5cd71a90c832a6d8275b6f18dbf2bb0258e6e0e4f476eb830fa3194e44671e5a334fd2470dcb6d62ad7e2f41b52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\129dafbd-a7c7-4bdc-836f-b8ecbe1f99c7.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4899ed81-ec3a-4f4b-85a0-bbf55157f9dd.tmp

Filesize
6KB

MD5
6490a1ab03c020977a3e56bc48c48eaa

SHA1
69b49267a62270678ee51bfe1a9550f0d793099a

SHA256
b13ee0e39449b76bf54a9a3fcd64f18ed30b56bbe0a0ae447341730d07d52d71

SHA512
3676c1bb709a7f91398c8b11cf007254116d756042273ac980c914f11cdce1f9e7072cbc310c42eedef83f9caf812f2bd80d029440e5d4660454e257bf735801

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
b32ce2fd991cfbf08ec5604760972853

SHA1
e8375de86f38a9ddfa09ea917ec6e05f72baaffb

SHA256
b5b4889407da7a5af32aeae1642837fe5ba6f9532363048a452e103ac78e472c

SHA512
cfcceeeafb3a6d30120b0f9782a6c236d952cd3c5e089960d04ff76fa66d02fcb6dbce2718d19c9649dcbaf0d284ec8dd76b4be1c7f42e020882c0c3a5fc6e69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
69f0317ced584fe2551020a1e2e4580e

SHA1
7d4ef8a266674b3a3c19a0130d873d2dd04db36d

SHA256
ebb4e5c5be23946d17e337b40302ce599a0915fb4ab5974fd7685ef45b4b9f4b

SHA512
620fb1126889dd28f8af761e26e5b4b5606ababa1ef2d3a35e4af0e2fdff5c5352899de33c6c35dcca5dd4d1baae91edb0873954e836deb180e4f2c367ada9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
a048de26f9b63d4d1d6d5b9a4b9760f3

SHA1
8bafbb032207ac37fc6ea643fc222738f4001196

SHA256
0488cbc51ca89dade37b6091e70ee1ebf869ba2cbe5f6a779cb709c951cb4e5d

SHA512
11502a60a3fd8b98492e816bdd7988a47e4412f82fa910491ddbef60f868185bf6b2ab81ff63ede0ca4ae6b9e6b667dcc9d97d1c6fe0b5ec278a1990012a73b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
89b09a092bb8ea669a54251f8e969d9a

SHA1
93261f112a54a84bf68e85dd2ce61ab148d34055

SHA256
cb69bc503df05ac4c0376f14e6d03be6494c88d59afd46b47ad094a8ace6fae0

SHA512
ad584aee2ef76dacc83687a4487722e8d82a5bf291bbe6ce0cf8b722b9abae45babc8a180206466f45a9193822ca796145048a1c69cf97c2a65f2148430dabab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
f05d67bc4df3b67c8b07bdc9cc06191b

SHA1
0f19b1aecea48d46028041dd0746f5c12fbbe932

SHA256
6f8e392093b90cdff520ce813e54a58d41ae6f14b8c5abf92e6e4e751af8344b

SHA512
9c9c53f68eb9fa87e5f8a013e16966526f24a818e9358374702aaf5b11f5fb0ad0bb06a204e6bf0ecfa1b592522c54501ad82dfbc37cbcb1e9408ce3d14ce7ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
870bd7da7ba2a9a08c723deb398618a5

SHA1
da535de00aaba1f69c2f5ac67b0681f4168c7b43

SHA256
7c69ab0a9f3b4156e4c9feeb18ade2a65edb0fbe90d46169fb6d7650edac1cab

SHA512
0a9d9bfb9441a2cee2d7e6b46b7963def959481a7bfa02070386ac008facfe55e4c3370d4db739e17f24ad7dd1411888df2fc7711bae090e0f1bcda4b7d5090b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
70f5492f85537b7ca11c53783c129159

SHA1
3198f2148baaa2c25d20d4fdd23e56eedbfd54c1

SHA256
cbe868bf6ec699e4d9fd3d05b145474d728d11e2158662cb5b15521fe8240fba

SHA512
eb6ec3c6349fa223a3c21032a7ce5e132d3983dda7fbf5673318daf9c7b0c71a3bbff2fb172d5de2897f09772e6abad3536aab39dade4baec054cd4994221d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
76384660d54ad40e36572e1047efed2a

SHA1
d161b104ec9207444f7ea8571deae3292524e00c

SHA256
d06a9d6a9c662210ba6156c4bef7764160717d7bbc0ba2449e422db3f9f520d1

SHA512
29b3d0d51014e565baf11177b08e39d504425e9d586fb30cf22579707ae676437c65ddb8a105bbf3bae323134280ce1165930ce2dd69caf1ccf01c2822e7d705

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
49f5b07699d3ff17c378d84478c1952a

SHA1
4b91556893cd6dd53412d090d93ca89f14bb9541

SHA256
57e2f2a929c28d19272e8383182880eeaeace88c2bcb942c8944a8db1ce11c0e

SHA512
b7eff9744757382a3e126db3cade7200e44fed94b91bb66e51d812c56d20d6a16cada5d505ca20a9a25b79d3ff9afccdd1cc393bb03c938957cec024dcf5cb22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
588B

MD5
7c91680f050b916e57672a49e734aac3

SHA1
e4e2a3895160081dd5cba91a82a21e4d20ed794c

SHA256
e216a57681ec0b62f2a292e381026d6debe406ddb986393152f5e76455e10515

SHA512
42f3c011c4a6573d225b86e0e865498aa3e419ba6aeb8b24fd2002d044fb2d0f8e66e4e98de3a406a55a2de3feadde5649bc6754e4502de9b7aede03c1e8204f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
6dbe18092bec3733ff1007fd0bec3e0c

SHA1
3d982ffa64190f3b5e54f436cf98303ad0589518

SHA256
835d5730758464c547396c0f53950096640d254eac331e27d27b637c111ee412

SHA512
8f4afd1991c6bbf0b8be247c206cd7bf202f89b8476ee8817dc0f6c1f401ae40e08050937fd4fd7ab6d526d0901dce29e9d216d8d32a0747e66fa71d5459e051

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c4e3fca0c9ddaa6d592fc4cd7ffb03b4

SHA1
d52b86754483be263f51aeca267a8589f00b0ef3

SHA256
f2908af7741d830157075f4465227dd29128d204396f5a0585b707b7a98cbf35

SHA512
488ea5b6517e316f7164da99a8931defa16467304fc7a77341b986fff6e1827e625a08ebb435de27446b623bb636c1eddb79396bfebffbaa9fddb8c3f7963ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1dd691da3a37b5e6f91ed099d70fe63

SHA1
4ec2401613f60221597a742837ff6299db3826ab

SHA256
2799d50da4f54f761ff0d78bae6ce3173a4309c96c118121bf2c170a21c16e8c

SHA512
4a2a29647b469cf3af25852428e8b495a5815589decb8a4e06c1c2854e6cb3f4ef4f8c4f0ba5a1d3c84661a79b798399ace57f607beed0b7cbf16742d283ed63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8ca75e0e68c943b3fd873733373f2b0d

SHA1
efb394c62b411f2db19b71c517fd871a018622c8

SHA256
d529c7f829a9bb4a0dd053aecbdb840609143ba0fa7232ed6a237ee1206bf01c

SHA512
83be25961788f9c4d1c60238db991a9aa00b045d9a7f3cfed02967103ee890fe1737b856028c1bd3dd02e77e815f51c5739dcd1c48d92705419cf93ae3d1841d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9880fd3991815f5aaa7b1dca33c838db

SHA1
7d094e3059bf3e9c2db8be4c4c8a07735665ef47

SHA256
4c7c83b3009d0b4b8e876e8260513e96c30355ff98cc289468d8a0b63e3bb236

SHA512
21f2179644cb2ffb0a9b42cd872f5d4eb284d07236d3a2b87cf392f626de551467874920097b974008aad2badbbb72623f0cd9357203cc01e59fa9c670a0edce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ac65703348d6ccf6ff74ae7e4d90546d

SHA1
e209bd309386b1b4e38f1986bdf0392fb24f0bef

SHA256
5b01d4aecd7c954235f102351a26ea46031a91ec3f4104c3465aa1888c9f0ce3

SHA512
a31a585b04f97fe5414b013e200ded229f887b1b410039e30c0ea2a5bf927e979a4fb58ab988b2c80872b66498716bc3e51780bda447483369cec310fb31191e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
8d24a4c1f17f03ead724d9ea8bf57371

SHA1
93fd42a0d02b9e8a330ed3e7ea7eb37bb5aa7d4b

SHA256
cb76c6c525aaf830c69f74c2d1ceffd99a6b73c0f454a8654408712a40ac206f

SHA512
698a52351c2d4650571d035f55e831aeb808778f7974e4966f7e3f92f23d169ee903decbb92bf064a296fc591ff09f8c8ed025ae336ae09f41d6bcc5c3a16a1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
137B

MD5
a62d3a19ae8455b16223d3ead5300936

SHA1
c0c3083c7f5f7a6b41f440244a8226f96b300343

SHA256
c72428d5b415719c73b6a102e60aaa6ad94bdc9273ca9950e637a91b3106514e

SHA512
f3fc16fc45c8559c34ceba61739edd3facbbf25d114fecc57f61ec31072b233245fabae042cf6276e61c76e938e0826a0a17ae95710cfb21c2da13e18edbf99f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
6d3a148b52626f411467686046e14328

SHA1
9bb3cb2dec5f1e3f48e5f78436878533c9df7039

SHA256
4629094ca073d8ace39da28a2ca6f4519fce5db59fc17cc70f94ea4de2144b06

SHA512
cbf71714aaa3e1813f940365e4d7f9a4dc60f7f1283a00ae382758352ee7a3bd0974477ef24948d1ed80e69fd154fbc9b07f09461cb9dab4d5637f2e823ef3a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13367167210343364

Filesize
3KB

MD5
45270061baaa352fff168d1909d42fea

SHA1
8e5bebe0bb584f4ffe8d80b9b1d0040138ed249c

SHA256
2a62261b7b4ef625495e7b3045751451b7b4e59aa594191d07b086073cc77c39

SHA512
c8fbe1367281e8f39b45e49f78aebb3a6b62bd8b8e7754bfef6d98131f58a1fd7e1c89528268bc14c9675d3a866f577867943e84be2c379b02fed8d5f8269e82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367167210509364

Filesize
2KB

MD5
04a39c9d9846870124b1adbdf038ef29

SHA1
b2f9ef9b0780ab508906f916d905313a7eb516f4

SHA256
3eb00790b333822d98e77d16e61b77fc5dd5839bf35515baa5d1ced84fd019ff

SHA512
0b6c4505802c9bcc8172d887319b48e258136d784af3b81d3cd160a2b576be3dfff95f5569b64d941726b7794794d6a6dc9dcc8822f765b0842871abe7afb94f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0383f2cec2335be4bcda984ed3a76788

SHA1
49a5529d6b799369ca01e50322ca5d78722e30e3

SHA256
8102a0f671e0789a6b5f278d3d0444e35cc279535808dea6d6d129e29f166257

SHA512
a5f8df840a3ae43cf002e26e343ed1fef316cb890c089aefc5478631627b6c84cfb5caadf326661ff80ea14915a8672768a88691c1bca5527d20dfa41d618c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
51296aa033cef5656226b2561767ac06

SHA1
297ae5dcccad20d39761dea37b5cc833d60d234a

SHA256
914221476a5eb715165e9ad048ea636cb96f77c6f25fe576b0115e5690e7f1b4

SHA512
c8a1f8e23e603c379a9d0309b65ea7933e5fa9a17cba53675e8328d2af2405ea160aab13f26c58ee4fccf2073f45d175ee6115ab88bcaa878d0f905415ea2a37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
7cbb1e802541b6d103f7ebe17a8daead

SHA1
2c9d1896ac5bde855de698b4a58b5f9f7ddf4d24

SHA256
67349c2fada772664dd287854158474307eb6f3881b69dbe37c7bd455f99b59a

SHA512
d10f099303c162a597fa0e034c85de451d1d32dbb0711b782c78d3c7a40d45e2eced7cc7733893f32e08cc130a5352c429fccfce88baa1e81939d79e424ba716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal

Filesize
96KB

MD5
de917c2c44fc5ce87d5650415e7b9623

SHA1
11972693222187645eeeeb848796d6e6b1c3b618

SHA256
39ac3613bd1dc7f815309f1aff5f94e26a8ef3007623cf49234d1b75b387b713

SHA512
7b7658d67a2b56b2ffdcf83eafe113a0ce8941ddef6468a099bc1e8bc70f7ab12b74503601629be15f5a8ac213f1fed60ea64e80b8e1e555edaed2c4e00c75c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
97f66a9b80f254adf6294eeac7749fd3

SHA1
e0b01784e4c6e4db4bdb617b4862299b9fdcf288

SHA256
4e26b20af7d88db8f77dc6652200438620e974414d5b22bd4acae90372ff0972

SHA512
000485da2c381ae25b97fa498244d92c0c388e52d1ed25771541220834934f35e4629e9f8439ada14b835165f9afc35f315134d74b038b485da000c8e01b9493

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
0195cf9be29515f4fdcb3506ed540675

SHA1
8050c9b357715442f3adde538dd7a20465c92c81

SHA256
f74ffe47633f1a624e677ab90d9a52c7be978c74ce77fb83394b25d4b0bc70bb

SHA512
f615f48415e4c3f2c11d38dac7a25f1e7a71ad5d93df0c1b1c9975165b094e8aaade8d42870ef757c48848834a43c3fe4a0287d5b10433462ae972f613b81529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
9612cc41776d297e7e5d9e099833dad3

SHA1
796b0d2196eadd91ebc3fe532285fadacaed2d43

SHA256
da3835a2790d47295ce118144923084b4d3cb929498d473ffec476195dbabc5a

SHA512
902011eb379df6a0611fbdfc5e2ef824ccac8bc3034f954045c4ab5d9976922f8805122a1503f04e5cd665ef41589fc776353ac3714af2b324a4c6b86b930812

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
502f38ebefff8dab899240edac2087c5

SHA1
ebdca1b78fce2798332cc1ffbe2fab042b376611

SHA256
a256aa4984def50a6d1ec8b8c087070bba67c1f859806de5e5cd1b846fa742a7

SHA512
7bf9f0c8be7046d6049abaff252a090c62492168d2b3a6343d926a8e6a19608f30dc4d26c994f033ebd08de8d9ea4bb4728f17dcc5931da7a772a421382d6aac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0275d254bf6e0138ce78fd502ded01c7

SHA1
0d84c5cff892b9437dfb26150e2ab2c1a8db19fc

SHA256
db8af65952f7abe9feac1d893f5b0b3675c2d69899dd8900ce37d2c3d49ea976

SHA512
c3d0d16e601e63698b18ff4e69907ed1e623bcba8a94ebab9abefd7b9c6fb468b837ae6376f61a1423330933e27e84c37c5d171cac344ca2b69c0f1736613fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
2025b16dc076d0e289824c703dc84b18

SHA1
c4e54c04550ad575f2f91060166502eff7391468

SHA256
e05d753d214f5d52ad3653f1bcc50ebb3c86ea9bcd5076a28fe0a8bbfcfc1346

SHA512
9fac102c64c66ecccb8a3756259481ef0187cc0e0a8e5625c45fd3b2d97b8a9bae9abd7416eb5bee4aed51c90164b2e53ea78a614a35bf3cbc119f59482ebbf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ff3972acdecbd0688d6a28f2dee3bd5c

SHA1
45e29e43f42832424515e478af92db5a0e765680

SHA256
2d828c73253354b393bf968ab873354e6309158b64eb44583596ab416c78cd3f

SHA512
382f85487599985db512f151c2722896cf52912699cef40f0f3167d8cc720f989f1db24f0d887c1e314e4fba77d91e91d1421feb95525c4f6aa93bbe0b9f1870

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
60a714a4ed0d52ce92bf68fcfe2fcd23

SHA1
e23e903e2e5dbbdc2542f7f3ca34f7257003fd2b

SHA256
169635a8d68327a87624f067ce242bc4d83ebeb6ae915096af0c5c64a60e8650

SHA512
e9e916c2ccb54d75c5c68dab4094f9ed8aa061b3994f8922ce8914992952fde5dcbd8198efa9d41a9dff218ac45b2fda321c2a337ea6d391c3845585f99c26dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
2a5c9aec016c65bc668458f14536d75b

SHA1
9b054cf7d5621828a522d371ddd2cc4a51615a8b

SHA256
ef381116ab55a658d7916ace5a0dd9b944d8b71ff9b11d279d5d7401e3d33fb6

SHA512
a4bbd957f74c84f38e4a9d6c0e19848e4d0d80a55cae97c4122d154e029b15641715c0a020c7a75ab0af7daf91daaa3223d276db302ec3ea41c7de4cd2348f2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
a6cb34ee908577108bd9c0c30e067aa5

SHA1
1394edc3ebeefde401be7184c962f60a8f2a2d11

SHA256
849452b16bfbf5fc3f9e9a613d380349734a31c0791aefdc1b2c7b526b17a4f8

SHA512
41a12fdf5edc820147f7a5cb8852cbefa0f9d918d47ea7bb49742927d47a50e7e45e24d201fcf7f8f1b1814b8081296e6a4caa1e8983f72d34cedb00f43d626f

Download Submit
C:\Users\Admin\Downloads\MEMZ.zip

Filesize
8KB

MD5
69977a5d1c648976d47b69ea3aa8fcaa

SHA1
4630cc15000c0d3149350b9ecda6cfc8f402938a

SHA256
61ca4d8dd992c763b47bebb9b5facb68a59ff0a594c2ff215aa4143b593ae9dc

SHA512
ba0671c72cd4209fabe0ee241b71e95bd9d8e78d77a893c94f87de5735fd10ea8b389cf4c48462910042c312ddff2f527999cd2f845d0c19a8673dbceda369fd

Download Submit
memory/668-420-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-419-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-421-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-422-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-418-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-411-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-412-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-417-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-410-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download
memory/668-416-0x00000214EE300000-0x00000214EE301000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads