hxxps://github[.]com/Thathip/Memz-Download/releases

Analysis

max time kernel
407s
max time network
414s
platform
windows11-21h2_x64
resource
win11-20241007-en
resource tags

arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
submitted
21-11-2024 12:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Thathip/Memz-Download/releases

Score

7^/10

bootkit discovery persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

Processes:

pid	process
2180	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
4308	geometry dash auto speedhack.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

geometry dash auto speedhack.exe

description ioc process

File opened for modification \??\PhysicalDrive0 geometry dash auto speedhack.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	geometry dash auto speedhack.exe

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

calc.exewordpad.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exeexplorer.exegeometry dash auto speedhack.execontrol.exeDllHost.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exenotepad.exemmc.exegeometry dash auto speedhack.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	calc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	geometry dash auto speedhack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	geometry dash auto speedhack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	geometry dash auto speedhack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	geometry dash auto speedhack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	geometry dash auto speedhack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	geometry dash auto speedhack.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	geometry dash auto speedhack.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

Processes:

explorer.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000\Software\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

Processes:

msedge.exeexplorer.execalc.execontrol.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\MRUListEx = ffffffff	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1 = 14001f706806ee260aa0d7449371beb064c986830000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 020202	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Vid = "{65F125E5-7BE1-4810-BA9D-D271C8432CE3}"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	calc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\ShowCmd = "1"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\WFlags = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupView = "0"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\AllFolders\Shell\Microsoft.Windows.ControlPanel\HotKey = "0"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\1\NodeSlot = "3"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 00000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\3\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings	control.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2253712635-4068079004-3870069674-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier msedge.exe
Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

explorer.exe

pid process

3000 explorer.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier	msedge.exe

pid	process
3000	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exe

pid	process
2924	msedge.exe
2924	msedge.exe
1716	msedge.exe
1716	msedge.exe
3020	identity_helper.exe
3020	identity_helper.exe
916	msedge.exe
916	msedge.exe
3028	msedge.exe
3028	msedge.exe
1664	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

mmc.exe

pid process

732 mmc.exe

pid	process
732	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

Processes:

7zG.exeexplorer.exeAUDIODG.EXEmmc.exe

description	pid	process
Token: SeRestorePrivilege	2808	7zG.exe
Token: 35	2808	7zG.exe
Token: SeSecurityPrivilege	2808	7zG.exe
Token: SeSecurityPrivilege	2808	7zG.exe
Token: SeShutdownPrivilege	3000	explorer.exe
Token: SeCreatePagefilePrivilege	3000	explorer.exe
Token: 33	2956	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2956	AUDIODG.EXE
Token: 33	732	mmc.exe
Token: SeIncBasePriorityPrivilege	732	mmc.exe
Token: 33	732	mmc.exe
Token: SeIncBasePriorityPrivilege	732	mmc.exe
Token: 33	732	mmc.exe
Token: SeIncBasePriorityPrivilege	732	mmc.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe7zG.exemsedge.exeexplorer.exemsedge.exe

pid	process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
2808	7zG.exe
1716	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
3000	explorer.exe
4992	msedge.exe
248	msedge.exe
248	msedge.exe

Suspicious use of SendNotifyMessage 56 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

pid	process
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
1716	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
4992	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
248	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of SetWindowsHookEx 30 IoCs

Processes:

geometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exegeometry dash auto speedhack.exeOpenWith.exeidentity_helper.exeidentity_helper.exeidentity_helper.exemmc.exemmc.exeMiniSearchHost.exewordpad.exe

pid	process
2180	geometry dash auto speedhack.exe
4700	geometry dash auto speedhack.exe
1664	geometry dash auto speedhack.exe
4580	geometry dash auto speedhack.exe
2748	geometry dash auto speedhack.exe
3464	geometry dash auto speedhack.exe
4308	geometry dash auto speedhack.exe
3104	OpenWith.exe
3868	identity_helper.exe
2844	identity_helper.exe
4716	identity_helper.exe
4308	geometry dash auto speedhack.exe
4308	geometry dash auto speedhack.exe
4724	mmc.exe
732	mmc.exe
732	mmc.exe
4308	geometry dash auto speedhack.exe
4308	geometry dash auto speedhack.exe
4308	geometry dash auto speedhack.exe
4308	geometry dash auto speedhack.exe
4308	geometry dash auto speedhack.exe
4156	MiniSearchHost.exe
6092	wordpad.exe
6092	wordpad.exe
6092	wordpad.exe
6092	wordpad.exe
6092	wordpad.exe
6092	wordpad.exe
4308	geometry dash auto speedhack.exe
4308	geometry dash auto speedhack.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 1716 wrote to memory of 4712	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4712	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 1892	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 2924	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 2924	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe
PID 1716 wrote to memory of 4976	1716	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://github.com/Thathip/Memz-Download/releases
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2012 /prefetch:2
  2⤵
  PID:1892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2064 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:4976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:2752
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5292 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4504 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5964 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,14784692197693062744,3506189366747042608,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:2672

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1536

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4940

C:\Program Files\7-Zip\7zG.exe
"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Users\Admin\Downloads\memz.by.iTzDrK_\" -spe -an -ai#7zMap12776:92:7zEvent25507
1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:2808

C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe
"C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2180
- C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe
  "C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4700
- C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe
  "C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:1664
- C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe
  "C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:4580
- C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe
  "C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:3464
- C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe
  "C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of SetWindowsHookEx
  PID:2748
- C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe
  "C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe" /main
  2⤵
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of SetWindowsHookEx
  PID:4308
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:3108
- - C:\Windows\SysWOW64\calc.exe
    "C:\Windows\System32\calc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:1224
- - C:\Windows\SysWOW64\explorer.exe
    "C:\Windows\System32\explorer.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    PID:1480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4992
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:4780
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1872 /prefetch:2
      4⤵
      PID:5044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
      4⤵
      PID:4568
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2844 /prefetch:8
      4⤵
      PID:2948
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:4892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
      4⤵
      PID:2028
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
      4⤵
      PID:4916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
      4⤵
      PID:4452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3944 /prefetch:8
      4⤵
      PID:3812
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5728 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:3868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
      4⤵
      PID:2624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1856 /prefetch:1
      4⤵
      PID:4156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
      4⤵
      PID:2332
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
      4⤵
      PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2516 /prefetch:1
      4⤵
      PID:4156
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
      4⤵
      PID:232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3076 /prefetch:1
      4⤵
      PID:3364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1844,16842862612040257531,14567768868055559856,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
      4⤵
      PID:3996
- - C:\Windows\SysWOW64\control.exe
    "C:\Windows\System32\control.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:2752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:2624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:248
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:3520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
      4⤵
      PID:3492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2084 /prefetch:3
      4⤵
      PID:276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2580 /prefetch:8
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
      4⤵
      PID:1492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3164 /prefetch:1
      4⤵
      PID:1936
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4844 /prefetch:1
      4⤵
      PID:3024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5048 /prefetch:1
      4⤵
      PID:3836
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5504 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2844
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3876 /prefetch:8
      4⤵
      PID:4896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4876 /prefetch:1
      4⤵
      PID:1612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3852 /prefetch:1
      4⤵
      PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
      4⤵
      PID:4104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1960,17943821361285413670,15300703019792110764,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
      4⤵
      PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:1612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
      4⤵
      PID:1412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
      4⤵
      PID:764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
      4⤵
      PID:1316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
      4⤵
      PID:4684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
      4⤵
      PID:2788
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
      4⤵
      PID:4216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5128 /prefetch:1
      4⤵
      PID:3468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:4628
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
      4⤵
      PID:900
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:4716
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
      4⤵
      PID:388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
      4⤵
      PID:4892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3248 /prefetch:8
      4⤵
      PID:916
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4416 /prefetch:1
      4⤵
      PID:1912
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
      4⤵
      PID:3748
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
      4⤵
      PID:5152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5724 /prefetch:1
      4⤵
      PID:5216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
      4⤵
      PID:5524
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6332 /prefetch:1
      4⤵
      PID:5664
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:1
      4⤵
      PID:5792
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
      4⤵
      PID:5988
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
      4⤵
      PID:6064
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:1
      4⤵
      PID:3728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6192 /prefetch:1
      4⤵
      PID:5540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7080 /prefetch:2
      4⤵
      PID:2548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
      4⤵
      PID:4724
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
      4⤵
      PID:5864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6952 /prefetch:1
      4⤵
      PID:828
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7336 /prefetch:1
      4⤵
      PID:5440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7640 /prefetch:1
      4⤵
      PID:6216
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7696 /prefetch:1
      4⤵
      PID:6356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8148 /prefetch:1
      4⤵
      PID:3008
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2016,17220806425313020079,13530935332296954092,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7900 /prefetch:1
      4⤵
      PID:6512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
    3⤵
    PID:4596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:276
- - C:\Windows\SysWOW64\mmc.exe
    "C:\Windows\System32\mmc.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:4724
  - - C:\Windows\system32\mmc.exe
      "C:\Windows\system32\mmc.exe"
      4⤵
      Suspicious behavior: GetForegroundWindowSpam
      Suspicious use of AdjustPrivilegeToken
      Suspicious use of SetWindowsHookEx
      PID:732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    PID:5044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:4720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    PID:4520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:4680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:2456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:5956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    PID:4060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:3960
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
    3⤵
    PID:5740
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:5528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
    3⤵
    PID:5040
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x124,0x128,0x12c,0x120,0x130,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:3040
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:6092
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:5864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
    3⤵
    PID:7140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:7156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
    3⤵
    PID:7136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x12c,0x130,0x134,0x108,0x138,0x7ffe99803cb8,0x7ffe99803cc8,0x7ffe99803cd8
      4⤵
      PID:4416

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1684

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:3000

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1624

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004E8 0x00000000000004D4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2956

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3624

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2252

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4436

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Suspicious use of SetWindowsHookEx
PID:4156

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:6224

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e1544690d41d950f9c1358068301cfb5

SHA1
ae3ff81363fcbe33c419e49cabef61fb6837bffa

SHA256
53d69c9cc3c8aaf2c8b58ea6a2aa47c49c9ec11167dd9414cd9f4192f9978724

SHA512
1e4f1fe2877f4f947d33490e65898752488e48de34d61e197e4448127d6b1926888de80b62349d5a88b96140eed0a5b952ef4dd7ca318689f76e12630c9029da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ec618c8c5adcf03e5e21455e43303967

SHA1
f11ba5dd40e5cfdf084ce4a4de7b7e3c05a23225

SHA256
ce0e01010d44b5bd8736349409d5a4ac078b1e2d5718d783a3c424be401ae4c2

SHA512
4ca2a24872f25e96d6b6df1114372dd8dc18f6701cc143ddf336be48ebe6f60e22d52acee8333da0b415ec5c707d7c620dcfeb820209613d7464e208be36de3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e2312d2d3de5fc9fd9dafca91944a6eb

SHA1
e54dbd925e5aa48dbaa0f53ac964fc983945aa4d

SHA256
b5481c10ef65de9fae7d58aafd83150b4b249298345c02b8f3232beba85d96f8

SHA512
0540be86db5fab4b17fefe42e5ad336c7d95032861d903a6a4940cc8a9a70f53477bfbb023391cb62c08b9cd9465c4a9513578f9c0ed43b1754cd93693581631

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9314124f4f0ad9f845a0d7906fd8dfd8

SHA1
0d4f67fb1a11453551514f230941bdd7ef95693c

SHA256
cbd58fa358e4b1851c3da2d279023c29eba66fb4d438c6e87e7ce5169ffb910e

SHA512
87b9060ca4942974bd8f95b8998df7b2702a3f4aba88c53b2e3423a532a75407070368f813a5bbc0251864b4eae47e015274a839999514386d23c8a526d05d85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7a71ef1bffb2da475848b64a70be402e

SHA1
b589d3d30f9f04e99b7f8ccfc732841b42949249

SHA256
edff457825879c6691006833ded39a1e41eec045c24cb0cf6fe4df23e7d664f6

SHA512
ba9d19327030cb6dfbb7dcccf1314f7284e9a6878ec98ff94ef0f98a3b01d6089aa18421872b5681e49f3fd4c8efa520bbf3f69bb85e04b614b59b3d099f9240

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
479502afec361096bcd7da08422e4b1c

SHA1
cee364ce38db17f116af5ac1554d380945dbdf8e

SHA256
e1b7d10fcb46c643719acf396e0b699d65095e45035fe9d3a98cfa34dc0d53eb

SHA512
9388e784110d5a28e7687f95f5d7b41a1914a4b9abca3664242f542ee9980053b639dbbcd502b3eb1b89ac4b9a20988e7b8ee7de0b608a738022ef8a7499fd61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
fc3d954180ad41c79dae6d6c6f6a6c17

SHA1
60bcbd3a6c50213036a4a717e02d6bf1a45788d3

SHA256
2d8d2158522dc561386bf569106cd01b90c96c072e6fef3527922a9be8c98950

SHA512
384f0fcef6e76659db390ee9b7e0bde4f7b57e0e45123eaccf19c9dee3841b81f95088930d5a15217144ee8baad06a59fed3cfbed284e9a7753dcfa1f0c2f555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
c489cd19afb0522e85244c8ae7c8af28

SHA1
e7208f239b6f0f81055dee7901470df63b57accc

SHA256
1abd72437a2cec4f3d48b0e54c73c60625776e67b56426f521e2db845c9022a7

SHA512
d5ca48294c8ee662dc271017cf89936ce72e07d46df29c050ca9fc850bc40cbb34e5df9c88207ccdd15300e572f8bc6dfadfd0493617a288d6b897e0ef0627e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
c6daad395d1c0152054131ad79bbc4e7

SHA1
f4268608379c899b2cada37f2fddcc27168d43d4

SHA256
f996c2a3411a98d587841c5a5363731fcbbfbb802e18a49a216a64bba97b7d53

SHA512
6c838941f595562efa06c737862f3b0dfd69da7619355a2fbf47e40e8f7b96348f8c2b73c21b5d32782ee5d73fa3f36b879c98b2e9aa251eb8a80616f2018f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
32e8474cfcaf0de0510a60bac12c1c99

SHA1
c70140e237d0c6ff688183cac2b8e874cd990f6d

SHA256
abb1c7bb7b549c39a04920a2e5efd0fe6e0964b9008c4191edf4da36ec0c228d

SHA512
9a578a611b0186b0ebc84da69ffd05d6c9f6ef23060aef0de3a55bec0064a3793f0f5e500fb93bc0f2bdfa1069705a34acaf980dafbad9cd8385b7876d20c604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
215KB

MD5
e579aca9a74ae76669750d8879e16bf3

SHA1
0b8f462b46ec2b2dbaa728bea79d611411bae752

SHA256
6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

SHA512
df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a20fcb17904ddeb8f26c0a135176dae3

SHA1
2209f38be24d3e0500d3079ae8927819997b6398

SHA256
a9c01f359ab1a5e552f0b2cc5966bd5d36c784d196df7a1a70ae4d67eff4c232

SHA512
729e86c762cb07bbfb56c2df3c5df69287224c16996a8d32350fb14cc84985e1760193ab2c721b25a4a2c817ee1fde0ac5efc73cd7c6af35ae3443f6dd3a8808

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
7a5dfd8294918edcc65cc6a0c427a87c

SHA1
9c945748a9604d401aaf00269c3036f9853f2385

SHA256
f782dd2e7a6a0daea64b0b386a909bf2e733040868f647f6e10b48b42c289153

SHA512
01c170f3652fd1a1847116041cb8ebbad3d1972ea69200af557b063b0980be50363ddc590b7add7be30f877ae1b1b4b6b5de434b985f41b3f4f619068c73621d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0965f1a70979b652ddf537a518bc1cd6

SHA1
e6acc0b6e6fe007e0239a1a231005aa35e43e5a3

SHA256
70b9e19315147f181a43051afbca3059da2bdd6f2bc390d099432be4f8487e98

SHA512
7c41bc26735c2a72a0f933fa6d6f993596201d91eefe0fdc079ed1595dfcf9c6aa77c0e9734fe588d8fa48c6007faa564610e4e5122a15447bcc7cb7f8b2ee31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
6c93be9f77b7ef65ecad4e0789bff6db

SHA1
d32fb453ac462392138ed7ec51db1d42afa2c1b6

SHA256
965af467b0973284b14251d6c4ff3aca5723c0125ddf83154a5a7511b8a70047

SHA512
b2cda118cf5e6b5c4c33d04f08fbc5e366fe2b7f140e3f05b6ebf1b25de83e257663603119981d14740950f555589b370650b8edcb6a4d0bfb9f33ff6dc1c669

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
67d289af3f4dcd4fa04a08f2a380bb8f

SHA1
51677e11cbe59e34c560f25a98d85d8514742ac8

SHA256
fee05427c60edfa1a7edfe46168e3135c42a599ae32ff9a671e6bb25eef60ca8

SHA512
657f5c4d935da3f4883cd3d463dcdb0997777f92a1884820ecedcf1728c8f862b7f33ee465b3ae45a4422291b1ca45743fa8d99a0c2c58282adb36669faf841a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
1787ec9781daf4ac66500d157b33bd8e

SHA1
e68b6c53e180a82855aa68f03c42b929b26684f7

SHA256
0ac5e71ce85bbbad86aa610a265c7b2c5ba5e160d11ca81b585e39dd0820b1fc

SHA512
a2afcf8dc63adf37d7ed4f154acce5f870bf46307a1e88b6a23a4e6de438c0c0be35ddc257d9049b84d56cea3f753bf3d6b105d08f9914ed3072045996c691fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
d953a699025ff7792fb3317173f5fa25

SHA1
c85b2f1e87a445a32a2e34a03b82463376ae55c9

SHA256
f06abd88f68ae9f0a370fb6b6fb3603e32114ab14bc7324450aacd19a526a670

SHA512
d15f837f704b6a7c1d11f7a525291c47e1570d057fa2a63abd99b9886901c4c6c92543826cea9843ce5dc33858ed58b94bfd52a621e34769b5a00e07f36b0dd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
804e14db2bab2a8ce046e1d4c72f2fcb

SHA1
7f3c7b04d6672d50881131b8fafbb0264d0e4f5b

SHA256
3dbc8405ad9062c800edfa6e4938cde115f745356ab57925a772e81c1577bd0f

SHA512
bd61eb7a65799f4f6c267ff0ea6e1523a0dfbd6db7a7e192a7d13f6caf768313e0d76cb8b9a5c8eeeafdb994cec1767df75468fa7386e679a11011cd1e2eadeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
cd189a0c7136874bb337d8bbacb2ff45

SHA1
7bf63da4b15324f76627790f84eb2b558f14921d

SHA256
0cb420d369a39ab2c3a89a75308c49cc2fa21f0811df9f1e17d8c644b43cbe2e

SHA512
aa5f59ab78f9f92e9011081d437d03a1478295e474f5c194550ef8f1ed44a3cfa4e00481970ca201549eb1c36d9657284d689a318ca4baa5f5ac5d036a8b87f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
cebce2b72026d5ccea7e437554f63cf9

SHA1
a7647e7226783f74b6a6603aa38e31406c80e2d0

SHA256
23d1e8c0235a5bc66a0b80863313bf1acbc77fa7367f5c02474a492f9c0b186d

SHA512
d9f7c6b9f3d725408cdeaec55b2c12f4eb9e4450fe08bf822057905682c78be19f3e5b0fd396f5a45606dbead25065e33a9a483ea0963274bef36acfc8ed2a66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
608B

MD5
9d9fb7632b87b48bb7efc9e0c32e01f4

SHA1
fcf91bd8345071ec0e8647577ab4edff8f1428b1

SHA256
34750c64b4a6fc469ba82a32caea45527ebcf50878941a6adafd36ba8c0f8bc1

SHA512
4393552913e9eb98b12b23d29d78252d27ed81cced5da377867ad130c4edb2969a0b458ecd14a0e4771eb91db031dcc34ede16c9e559c06df24266ca9ba6b492

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
0620ebb56b9a30785d0cc95224e77c46

SHA1
8957ba6243c5738f3dc8e52961e8b5096b33b965

SHA256
e1617be9113ead00b8809f8e4ffb88a55c84335737936be4e5dd3f12d3a1f430

SHA512
22b6bba26eabbebba9d360f2ed3779bcfc81c405eb4e1a7beb2195ade491efac2b01d641e65a985bdfb9310f658bf900cd3e9ff7a67efc230447d7d008e91833

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
10KB

MD5
37fd56861a74a1bcdc41b1db0ae35f7e

SHA1
f1d2017c96e5b55720b487c8b351ec76b6969c4d

SHA256
9b7f51479130d661531b73466dd74e29032da18b17f0b43ab3dedcbbbeb78dbf

SHA512
250ca0ccd7fc9d2e9b68eb08b68137c51cd447c4142eb56713020c37da086b064e378b13c5ff380c506758285a453d5a37e8e134cc1c2d98a26d9b9496dc408f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
704a17ffcc232a4b67d53217994bffb3

SHA1
350f36a7482bc4a1d4b246b06783b93554175734

SHA256
eb332ef451b09a47aeb7f0fdf9ab77e7affaf1a373af9dd9e33b9e45aad78437

SHA512
114eab1b472547e30205b63afc1887ea42962bab4e756fb92b9489c623597ffdab59a2c9a0a6acf8b3f58ffc4de366bb264cecf59c09d8748cc0d5976c762238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
70b885794beefad6657386493c87ed5e

SHA1
fd368830ac6256f622416d70d4c49ba83c541bea

SHA256
8396c92dc9099aa34eb256b9b264dce40683c42d7643c6c5423cf42e9366314c

SHA512
2cdf345c6d5f7a18f39750750b9a2b68009c6b6f28f6d3dcc415400c702e236cdde22d73dfaf31f8d033dfad19f9383432a76057ebf3c7f26b1a31a48ca4c064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
fb847661e4a6c0f4af34211376811f91

SHA1
e2993bed27c46b960610ded880e95642795f6026

SHA256
94fc4aa8d2b27d463f5291406353db43fd4852aa656008bdfd32a13bc4449f44

SHA512
8ed78474e1131e9adbabb62340f3436d057e5995dbcd20d4350f001fc67b94f469987df7647dc8270ddf29c7b9e75ff0f7a7813ef8274d2a13e3ea51c20b0831

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
d92a20ce23cc120dcf3da2f8bb7f874a

SHA1
843ebf4756c68ec139da2fd4959f209058f2f6ce

SHA256
7acfb6b334a53d7f4d9d32429111227da658b1787c8201f18f151807b4922977

SHA512
efb84cf2ddb16b9df270bc419ff5e305abd9ba8b56fb287fd4415c2aec6797742515caa2a2a5bbbef932bdb1f70ebec43c701763997d858b76898730d26572f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
496B

MD5
1b92794633aaa7d8ca83e408ef516a36

SHA1
4ae0678d6cf8abedb3e9819fc9d7d715d3f72bb6

SHA256
0ff76dc871bd6e59abe386781ef988b4c8d734bca726a4d1eb556d3d78f1e7e0

SHA512
698bb4adf1932dd48fbffb344b0053b9dc753b97a92d88a26341e0c3b0fa2e03481c5193bd2b4a1caaa2aa2f00e41eae73c53aaadc1ac6bb8be17d0f229a61bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
8c13e08725f9c725ea48d66a5ba47966

SHA1
96728065cacd5825cbad373a0d94da3c312eba57

SHA256
e88d1ca70d71047b02d1b417dc50a51946a39324797b6179ab244eb6e34470ed

SHA512
f3e7408d54516ca9f2820df4547891dd4e8d2f00ea35ae40b1d9136e3624f782f8ca38d5e9036bc5c20c07cd24ec6eac05a4023aaead5762c765180a6862179b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
013bbf78452c4a320321ff684921a85f

SHA1
d2f972d21de64a86142e4f943bf46b815b262c37

SHA256
16534a99d4052be0388692469671c0485b50041b149b9e97c1fcf62a8797baa6

SHA512
1aa107399cb10fba8c8887851892ca514833eacfe11322fc24edc92458104a886ac280bb43b93e9faa97e302546ce3b9d412ece2de9c8533f87d7ebf2e6cf4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
aeb1ec0ccecfbfb033cae31ceac60113

SHA1
65d92727b6dff2c229ee420de932ba1d9b055b0d

SHA256
e09e8df061d5cba63f75a1dffd3d16caf6a735427a9a3819706df54863c0de15

SHA512
dfad69c4111e13c1799ec8f3453479c749b99518c77db7240fbceebcd4f022cf6133f3cb958a6144288e1f46ddb7fd87d7dad2d43d0bacaf370dd8e274f46fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
adf389e2d86d3b59c323b4c2ebb371ce

SHA1
f4ae34929743566f4a2c06f999674b0e30c6f73f

SHA256
32463f6bc8e575bd8e5661064df8470f3aaabe93936c9a4158bb967dc4f8953d

SHA512
a1c11b64259a1a8ba39c03e2082f31667f8349944561f64bd8b59338ae10806517fffbbd5c4de4c826920e0b0cc3fc58067e73a32d4452165ac3c3cc7205d9f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f604e517bf7579ffac6026aed56b4630

SHA1
7343557a949a4915aaa1d7719e4625266ff1be32

SHA256
ab09ef2e49f42f36b48a2f486d26865f014cce44e77fa3fd62d597a9503adcfe

SHA512
3d3daeae6af5d9f9808a1c845656a8a87437b967362d207bac75d58b317d54a9943fd4702705166a6f9c9593d6ec782cb2760af0543ab8b874fe071f9904387d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3d741e73c8c6642ae4ef5bc7cf0e06c7

SHA1
5de10696aa2d2c92fa35a92239ccef32e184682a

SHA256
b2e62f0fdca47655c2ef7c18025af91d739d6be12cf3128fef4e388e4d8d3533

SHA512
09af90cdfa106fb421cbd5907626a52ba87157baa2c7e3083520c27327d34dd3441570be9e87e7c1a8d90711cb51d1588d67904fe321b0bdfaf019f60ef76623

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
cccfd6f1e31226510174592b2f7fb4ca

SHA1
8595154a68ea7ee8ec97d56bc0b29e40676d90c6

SHA256
2061c910843e0837f5f6459ea45e189315bea9d540a1083ca11c405c5ce2956e

SHA512
baa82f8561bd1183dc406d5fc182a9d6c2d7b70332ac8857d7a3eb78b6ae80954815725feefb71c355d59bb4abfc2cc715e6b333dbb33b683148c8ba5459f742

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8a53619076a5f676f12a8096a7420250

SHA1
a3e823b09204a65b96a3aa219571f1e9ae5c10d8

SHA256
f4bfb165dc2bdee4069729c4f76054c69854eaac7d982f297332024f7e9346cf

SHA512
0f4fbb9aa6eb1b6b90d498e11a001a2ba664f639cf2965f645bcfa484124c3a7cdaae3c317b1abdea77d722713d948391dc9a878f26296ee7e1b8c3971eae06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
417850337272c5c12083271b28eff715

SHA1
41957c83c52c4c9851b89537c8961be1a18657e0

SHA256
aef04e72ba701750d83a61058e0a807e30714c36edebc56f1e1b2b7880c39fd5

SHA512
758f12fcc8ed79841c3fab699320232d6bde498eab9cd37ddf7b737b9f119e8846e1b8c2d1b0e23879c7e240223ba31d49b7fb0fe657593f4163ee164532432f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
833e698e6d217730a8c6c1214236fa8f

SHA1
b7721a3325654e8d28a52221fb8a5928eddc1a67

SHA256
471c3b7ee2d6af610a1dabc40a03039d1e7f23f9362e84231406898c0671c024

SHA512
88fc623633aeab65eeeec19da06f57ba6d7af2dd8acf51c4466618d251336379d7ce37e8a045ff32072fa1dc6f9d43d2a10bcf8dc104a95ccc4857eca196ac4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ee5c3c0f62881c78a0ed74251f2c623d

SHA1
fdc95babbcbf96bc883aefc23cfe86967f288a80

SHA256
14e284863121bacf5c254fa170e4aa553086aeddbdb6246aa10714d894546e1c

SHA512
0955b77b297c92d1e1b32c58e6413c518d631ce5d8393377b13768f5e3a3e926d4e8a9cabf1c159dcb365cb4d3e7c4b9ed2def71a3a7d58ecb74684e1109ad06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62ed82995810553cecb12dbddef720d5

SHA1
6c06e62a87bf7f2778f476ae57496d21a96e20b4

SHA256
db7e9eee21c4de68f531613f36856ec167c4e4023eeac4f79dc257c219a3d78e

SHA512
ee9eb33ced2bc1586d12cdbb2506da93958eb1bdc6d5e47ffb56e2c8c0e711a9956f3e9e673d857c2ec35ca6d604340972cac4a5bd3b57f7acec6a5443c44667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b447ec35f56544de1553508d9b30b39f

SHA1
882e596ea4d4a64ab1bef3bd43e38c065814cccf

SHA256
9b84f8d9a114273d5ef8abc4c5c642e164049ad755eaa783e43f24672ef3a5dd

SHA512
9ccc31350822aabd0189e9a185f6439518a78b4814ca69faa0079aeba91b618154468c6a65921f213d8716635b3d622bb060fc4adcb5a917dda1f34b9fd062d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d76a8295640ae8d63155d373892b1e8

SHA1
873d4f7be497a8fdc713fb45509152f7256c0a0e

SHA256
2257cb79fe4cc4d3d18f2efe2c2842f330a56a5df47ecef3565e3495009ef61c

SHA512
ba22e281b0f8eb95b8b09153568b73a0f099e7857659d90380382a8cbe4c6f7f06c235554a10f8f0c1d33a9e75ee366a65b473b6c992b7c6c743be8ce99e4e72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c3a907409259fa069473f0eb5755ae14

SHA1
0ee762d968952aec810e2556a7a7c81be8addd74

SHA256
91bbcbfc64bf8319098989ab4024a613a3ce1ddd55f996081c8b1e45d9674d6a

SHA512
92270774a3fca5b1d954a9ae7422a44c7c10aff62d2c7d05782cda24506d214051f627062b614e3ac2117a3d44f3141569edd86742f523b2864d3b752e865ee2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e85d6be27f68d5d8c27d373541e199cd

SHA1
73969e8eb80016604fcd5cc9aca9e7591dd68cad

SHA256
c1d3dd42bf1fe2d2c3106fceff6d7e3e044b196896b0b1ba7a6435c1ed6a55a0

SHA512
a90505e08381113fc33a5e225fff16ed913befa5f531ec669e42704b466b5568106093e1d4e6851ea0b9c3b6590b9c067f7ab9c6f9959d59e5b27fdab27304b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
85ec2d1933be5b16a45deb064dffc719

SHA1
7772a4168430aa73d29c15d6bd8ec825ad297560

SHA256
294c7777ddb7000ecb3a78e808e62b4dbe86c8d3caa7322a0452d094ea47e567

SHA512
84f5f5de826788d094e50cedfd6e61c4216706a066f2451a61ac9512b5a839bcf6d0026ac0de0b7025db1769a1b6f7e1016936b9c5de21cc9976a36f7830a0a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3ee24ad0aae6546d4c9c3ceb6ae98d4e

SHA1
5027d9ac5f534d9c3a599196d3f0ab715d4282e4

SHA256
01ed36107de69cb5925b4fe10c9881dd491e0a06e5bfd7314c5245d2518e4a0d

SHA512
4090710c2279b04289f27dad6914c37ee77498775a522b8e105b6190d0b8743066800b6a76c55585fe837d5205df48b9fec239109694d33f37de7111604ccce1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
78af5a08c52bb680d669dd1d8caf723a

SHA1
e8924048ecb854959b44f0c26ace7ee9e5c0c6e9

SHA256
49145bdf8af1059b6246ed9a679ac1aa8827fbeb429cf47efde9fd782cbb2512

SHA512
13162b1b05762ae35b172dda47511891bc34f4a108db9fe722d2f1a8f125918e4f3c2dec375dedc1db7295b9a00b3e331c41dfd1c4fbf470c7e5d4ab0be77b20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2e43768834da668715af577959a6e32e

SHA1
011805e57bb20924aab3c8c7edb2d83c7c59a060

SHA256
726db297b8986c7bc809d48268400b2c0511b48c3504717557330c00b1bdc452

SHA512
8da8856c1fca642ee69b24e3d85b81c0e723667b6f3a0996298f1692fe442176dc9ed1ff8980e17aa0ca03ec7284e92201b75b4b8a3381ce15e7d1934057e5d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d6eed2d91b58727e12528f7d19bb5372

SHA1
40514a1d633c17eb7e417145f37b57cc18813307

SHA256
287cc2c0dba50014e8bf82bec39a6a944b1c6f3333647cdd1f4bc00c9acc2511

SHA512
793476bf6319748d04d91fdbfaf7e6e3894deb19615d9ff2743d3095e5d1da0ea50890f718344d02e1d58cc4bdc096a57e728ca5e099375e32871c1ab135224c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
85abf67e495f52902754d2178356babd

SHA1
ee22e8c71be369a9be8a437c40be5eceb6676547

SHA256
505cb5163c80266e95a9d351974a23b120d01a70d30315edd1e31e7611dcbc97

SHA512
fc70364ca9f3bcf46fbfb3e7519341c0ce3c74c9c01edc7c5366c5de22748e38cf289eeb4c530dba149f19b8a810fd0877459bff0235d18deeb682b24dc94aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
5efebd42893a8b01cf5ff9b643d83023

SHA1
7810f58d2d926a2332e6e18c151d98d3730ae3f2

SHA256
e7b2a377ac7a6b12eee717bb08961528f35d4b93897a5fe082ebb641c27b8eda

SHA512
907fe195fe8cbb36ad5fcf1e10462cef8359899922165a81a3696d818507003104c4990f6bbe6e53d4ef426b61af8018859826611ee1bf784e114268abcb14f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d75d06e69e0d54b17145d88457f98b26

SHA1
66d04275d67a873ee104aa49067bd8b68bfffed7

SHA256
69e56716d9087bcef1e987ba8f6cb5a2f5b0bbcd12ce589514e99e7e7baeeb3e

SHA512
12e9661e8a762620ead74984ea7d33c5d12205284a158b9d83c907a74f9e6a92bf4fd2e8fbe80e3eef3827e58f612b7371cff2c2620d9d8f508d16b31e67d077

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5bf7da.TMP

Filesize
48B

MD5
93803def3b29f9e2fb07ad60f62fa7b2

SHA1
ee5d23ccde0e21e02f98008fedc608d017b59669

SHA256
6e3c2081a302dd25335482d39b9945e72823d13c383a597a24db0278bef7ce6a

SHA512
bcc2dbbda579cc6dc0360faa0f15f770a191ea1c1cd379909d1f9989f38c7498f28945a01b33e8d6d7e50561ecd9b2d617f13b40da75630ca90791839e4fb1e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
605B

MD5
fb3fe245cbe07b71bed47fa74f3afd5b

SHA1
6d002bddc016bba562267681a0d6bda5801f5a84

SHA256
bf44bdf2e725cb9af209fb6b7c771dbf10baf46dfa30f67f4826bf6079aeef17

SHA512
036acf6dad2275b23d7dca8cfd1a3893ad310aacc8948ced9a51900c665c9e546b8ccf0d4ddc984a5a10edecd9bea4e378683c54fdfe0854c8c9e02b8b25b545

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a2a07083d9ea60d3c97820bbb322ee6e

SHA1
037c3e927eb87b729d15f8e419114668390ccb0c

SHA256
064e72a9e992e5e99e72ad1f3a227abace4b3930b2fc64c8747c014264425729

SHA512
561ba4023550ffffd6560cd8969deb0f26f817f9c081516e69762e5a599e0225dc609522614e1056f3f8c16b4b978319189a06af1111813bb4935d39090811d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13376666952797935

Filesize
2KB

MD5
b7bb2d8b0c62957fe6759f434b7ddfa0

SHA1
792f574dc8d6d6f4ed2011a2649319c82b65fd46

SHA256
30928eaed9562d6ec7b191860434e2946549d3cafdf2448c93a112d4c7a33e7e

SHA512
da2502b60a608f0f4986323d722caef3fc46dc4d27587b17532f5724b2265f7252c1c0ed8329555d09ffa8d84883d9c9f16e28e7719d88774c614db18980522d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
578f2cb7374db06594a58c3b1264cc3f

SHA1
1da3b989e5abd7dda1f0aa0cfa7b8912b398584e

SHA256
175b1b75e08cb472b6e08fa46e07f1a01c07898b4ec566c43b74b1e3b1805fc8

SHA512
090c05f8383a7c60af3ec41dde7139a835ba1c80361cc47682fbb010f807ed20e256181da958fd08403ea709347f19cf165d0a64b56664a8b15e66fda489c7d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
f87c15cb6876498d7041bee5e548149d

SHA1
d5033f8fbcf79f11a7331bac0ba0d1b78fc92a32

SHA256
fc72840c20e1b89fca053aeaa94e58356512130a795e870a70befb91537062df

SHA512
d06f9023fbea727f77efbf1566552eaf3536dfb0ee23ae341aa26a3c3113a82eeb22258c7b9894feb1bfc1416f1c5eea0ad783eef2e80bcbc71c21024113e6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
fb8932b06324a05f36b99a46abc03f15

SHA1
73c24daa78185be486d99d540ac6b1cce6817e34

SHA256
ce019a232fc5493f50038992a27322f89edbbf07be97f55e3401e508c980d515

SHA512
0c78b94cec87bb57f27cba3418faaeebdbfe5baadd6baa9b02e53bb92cb4b77601bc27e3cc68952eb351af08dceaba30dbd78e66234ca7cd7fb10a017f2f1075

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
5d8db7dba7b7dc706d6042eee7fcde9a

SHA1
9b9dbd8869b319db0023ad54c505f840effc36d4

SHA256
6eba4dbb8e867b0f027de10f8865a9da4c1e75bea6cd8bf94c6597d9b668f037

SHA512
62564380fb09594b8e6e4a191c681698ec67d4ef6f19c8d77531d1dbed9763ed3608c7733a1c2883fc98b4634d384b1f28761bb319ef30660a027c7366d46e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
864B

MD5
bf12adf0f77a0d809c02a0c41b866954

SHA1
edf993cebb09a9d99d2d3d582f31c8aa6daad0ec

SHA256
c50ffbc724db0fce0790248a286a10205709549a0439d9775e512db4a1e4ff61

SHA512
41f2d8de29454b8649f55606c11a9e8ee8345f9f7710581bb56e7192d473c0e7340ca39ac79d58e97c3c366330a02462d9a7c8abb1d1854c44bc7fb93469c20c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d36d.TMP

Filesize
864B

MD5
37ecc460d579216d1a1f545d7f79d1af

SHA1
25bff1f1f061bd7ca3a03e99da759e7cf5d78a53

SHA256
3dd82aa13f7548a6f8e216a003c9f4187664c888d75282e1c65f6fd1e020bf71

SHA512
1dbd319f2a5da42c72517dab79af1129eb907e189b80291ab5e0f711dfdaedc4089d20a2df5ccf2858c67321b8daf54fcbbbf9069bb3d05ad2b7570ab9138e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
c55ccf05fcc23162d476e2245baff31d

SHA1
dbccd17a93035849fee2c790ef9dec2065ee1f67

SHA256
10f9be8d5738609677c414e78b0a0fd457f106834f421baace4a9d3391f69468

SHA512
e62802562b80f0c2e4fe696cf9deea97007cd7daee0bfd7fd46f843913e45dbce75285646dfb89b314ecd645bb313dd6b347c941d3e0e55a28fad350ab5ba2cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\c1584831-c030-479e-a4ca-0a137b8fb723.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
60KB

MD5
4fb36fc6c9a650cb7e32d1af21a62d5d

SHA1
ea792d737377d8a67eb79b30411ef0726cb27966

SHA256
59a5477e784687d7c2211eeb291dc998d08961a82c8c59e33c97abcdcc15c0b0

SHA512
937868a5ee674fd81def466870d8291a2ddd27f68051c9f8846b47690aaf95cbfdd026f35549a981852582379d1eb59002dea372a9b87b72597b6797c2924aeb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
4KB

MD5
452fb6d4d7059d68e41bc950ddef2bfd

SHA1
8db04f80423d2b48db2da7e1cedbcf07cc69bb05

SHA256
75a4057da9a46f67b5f33727c2172ea1252c6527a920e15c9f0b8508e337033a

SHA512
1569c7f86bf7df98fc19f260ef4a788e598558add198dd8aeb6567ffa2d5663ec0ab91a93eea1a50bfc45d27c05247d0a23e9bf321e9aee3f7cad4c91bec5bba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
03af3937ea3bf1f9fa6b16e1ce019aca

SHA1
5dd38f2b4df6a2f1d89d724814d5115ef4650c40

SHA256
32911df6fcc6d9cf831563939f32624fd6e659d55ece3a3ecd637a0ff018223c

SHA512
c95cd26d5ad9c3ffbcc508dbc6cbcee86f05bbdcb1d3d209e956076f7ecb8e41a862d35bc715190b196392c163c6dcf909ce83fc2133100ae4e855dc94f00c4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
7ce0db5e153a7c961fc6418067c08261

SHA1
200caa9d7b10888d357ca802905504a322b3b45a

SHA256
974a717dec1b37d657e588fd57c2baf056fa910ed7ce8bbdca4af44d9fa95537

SHA512
94f4d56d774709fdb893d6afd731321eeb375b041da60c8a8c39935fd53697e290420b1be9c01c67dc025dff15999e97c0ba22de07a33780cc681f92f431193f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
bebd83355851298a11f082fef44a71d2

SHA1
d2a876483dde96b222378329e81f23830bda219b

SHA256
8bb23227b2333d237f3dac2f89407da2661cb4212c3a912d3aa9fb3467165105

SHA512
2f840d034e5e641122669ca93aa134ee62d012a6a666ea82bcf3a5f5954abdd85ca4c9263c7c8cc2eab7fccd3214f3c343d89d20fc8bd82df39a932159c07023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
f3e205e1ab3f68d98e8ca9d2d57204ac

SHA1
bad58f8459d89b847e8d90b14c123fc24dec2639

SHA256
e73a5b01eb98e637da1ddb274b19b2aa10bd25ad9f866053f9a699a6fc49d0ed

SHA512
70ce0004abc011c62f5b468e7f40b2f187cdc65ae254d27a1bde586eabd35bfc016756dcca754ce8bd486739a1c79ec37a5c59f99341166dd12687b6eefef8d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b5be9fdce65bcc4662ada97125011248

SHA1
b90dde02dda82fd41fac2e2b876e95a276500be0

SHA256
33cd50e6486e80066888663078046697097c0333f68227dbe99f48b851fc6c1d

SHA512
ad69e25e2ec2e314b580834026038306e9e562a8a0a761590716774686d7e3a85e93279388e929f227df7bdb9b720b4a80b8b85559e1ef3c4afa7cf90fa5c119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
5624882531727a91d0dbececbb7e0d58

SHA1
19ed01ae6a55da8ba170be914b78a1459e1d4e20

SHA256
75d0a6fef7a3e7c564eef06d996c08da32136e7a57cddd5056c03dde03d89490

SHA512
49a6735646c435739b1018993debef1b0ac3905e99c1be22d0612c1295bfb8e815ec290e84c78cfbc5243c7537b689a470f744683f35875052c2591ab7c0a0d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
94914b56fade053b2ceb6388e1f1853d

SHA1
cb23e390ba15115f9d1c6158f458866abed6339c

SHA256
842aafcbb0add2e8a15d9b18c1593d591a1dfa464c3df2a7b7873061d144269f

SHA512
227280cb65503bf66ce6d37094f845303deabb93872288e428e05ce152a947356e3bfeab0dd39dbca410400f9ee171bda16628ff00860166c56466e46d85e759

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a3e462cc2f0ad37123ba4223b57f36b

SHA1
92fb790d9a5ab7721df47fd4be902b76e6aafce7

SHA256
d3b3f388f5330c08bea8da3330a56871efc55b1b8b7fdd0387925050ea24ee70

SHA512
ab7f729a97afb890aaec283273507391f82098b31b10487e61ef3651ea2ee2c47569af47a30f196f5788be3240dfada6d623a7fe967b2a6177ecf232ef04355e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ff5f7d2a27fee505b5e5a19b6242b240

SHA1
b2435adf1148828596c46801a17eb588f2d8b600

SHA256
490deb63dfe199421b06816918781b26260dbdbc61fe66de0020568a0f32777b

SHA512
132253ab5b3a36029ce55d881fe9fea73402d695772ad551e853375ee623bfbc3134678b35a0bd36780cc2ad8e012ce7c32c353c3dccce484785bb3dd829d198

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4799b4f081db8df340297a5f60ec5423

SHA1
f6c8f2ff3cab85eb93c1d0f03ab4586b3db8ecba

SHA256
6649d1b14ea4ee9c31323f568de09d7822c150d5aa10b296e43c1a5fb8e946c6

SHA512
aee619e325938c64e04a47d4dda5fd1cc59da1bd58a3f7eabf69f17a01baad8492fc35a4e3ddb979cea9efa7452b949444e5e1c9b10ef8fb06bfb5618556eb48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
9be1b78b4b0e7c7fcc7b15c82dbd76f3

SHA1
c185a5cdff420851a7c0d75e90fad04d21b11c97

SHA256
0d3f1dc41c56d988b5b8b58461b7ca04809d8209fc0018fc6256e82ac175f237

SHA512
54954d0a5d5103c0fb390fedc573b15c96a53b5dd75610bc76479df283f3f42a5e42cbef2318aff3c6b646a3e78bf9ab428f65bbab4aa8af15bd9797c51b688d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
1e9389d1c8a01b6a366ad4eabe44e0f3

SHA1
6405781b2a8ddf40940b04deee6fd294fbd69664

SHA256
94becb716ea0483e607fc288eeffd96075f6c1f92737acaf31baabde173fe968

SHA512
88d4ca2a8dff830769c25dd52a125b5a7593d52fa50072b056edab06874b3bb98c53c4d69517c2d5536ef54b9ebdcfa79ac2c965d79fc7548e20bd29ca4f6d4a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
005740309f0ba93d6312015843eb73e4

SHA1
cece5b142ef8ac51283744ead13fe19d09f60bcf

SHA256
b75cf955a24e2475d6d42d922ac4e7a286e45b0dfe25b8deaf9365a578979acb

SHA512
9196285d1697e62eaaa76203f47c9f7ad72967f42bc1b09d0ae95f11afcefde17d66a78040d49ea365b6238f2bd1d591745aff4d50f69502d4cb4f01081c2b3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
10af5998b66f0ed7b95201bd58862ad3

SHA1
7568af4e7d0a96c0dc31d3f4507f12d5c4047b6f

SHA256
4a0f5e69dbce409bfdabb9aa0972b13ad942e83e43a0563bf84f3ab654e875b4

SHA512
eb3990a56429de1b3602ca205394078f7044e0d749e95f1c499d0c7cfb97b14343396afc6f88d9ba77d6ff4628e3bf1be5fee25b7a4f6a0acc4330688e94dd68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fab331a036ae942f00f2d5801dd6dcba

SHA1
1001061dd154d9cbfd225cefacb7d32631a7eece

SHA256
646f6526bcedd9d18a6b308c59a4d7b9f83a693c574405591d4367cc42adddc4

SHA512
be7798ded574d39bca52915c9fea3f4cb2b5dd17159409b36e80e9fee7b175a444afd52f402d1b3afc69f43b4cc0359a512b65fe2b9262a119390bb272ebc4ae

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
77a8b2c86dd26c214bc11c989789b62d

SHA1
8b0f2d9d0ded2d7f9bff8aed6aefd6b3fdd1a499

SHA256
e288c02cbba393c9703519e660bf8709331f11978c6d994ea2a1346eef462cb8

SHA512
c287e3ae580343c43a5354347ca5444f54840fba127a2b1edc897b1dfea286fa37b5808f6e89f535c4022db8b3f29448aa4cc2f41ab0f308eec525a99fac4e5e

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier

Filesize
615B

MD5
4cd72e2ac222397d37bcf33a062a2f0e

SHA1
d21232b1e17265652176ea3b25f11a2b0736ed1e

SHA256
7a61bed96698829a016f2828ce00b1ec431a3e919778fa8c478af8c0d2d7df9c

SHA512
febee516e871afd0e14fef4d954920d05475c4c016959d953a8f38405a6e9dbb08bd124929f8be534242e5017b811cff730a057025b84bcd47155caf5e324d5d

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_\geometry dash auto speedhack.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_1716_XZKPCTHAANTCKPWR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit