f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
30-11-2024 20:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Size

5.3MB
MD5

fbd9ad001bb2719f574c0705c5de05fb
SHA1

d07e77a490ad677935ac8213b88237e94440e791
SHA256

f0031f9d7f25d4d29581879f62565a5a565995899adc60213f9e218147c78593
SHA512

5724e3f858ae7ea92ba4ce325f3f8f4b90ecc6d7c19476e2888c4b09f0913463191b977f71314300918cceb0a6ae0b80e29d3c70891e8aeb9314da233a929e96
SSDEEP

98304:oeZOuRuvqAgef1ndGaX6tJJQv2FKA75OpVclc02vDRZTEB:1ZOPNdo3u0jc02vVZoB

Score

6^/10

discovery

Malware Config

Signatures

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	nemu-downloader.exe

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-4050598569-1597076380-177084960-1000\Control Panel\International\Geo\Nation	nemu-downloader.exe

Executes dropped EXE 6 IoCs

pid	Process
2572	nemu-downloader.exe
4444	ColaBoxChecker.exe
1936	7z.exe
3416	HyperVChecker.exe
3756	HyperVChecker.exe
1776	HyperVChecker.exe

Loads dropped DLL 1 IoCs

pid	Process
1936	7z.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 4 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ColaBoxChecker.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	7z.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	nemu-downloader.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5712	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2572	nemu-downloader.exe
2572	nemu-downloader.exe
2572	nemu-downloader.exe
2572	nemu-downloader.exe
3864	msedge.exe
3864	msedge.exe
3264	msedge.exe
3264	msedge.exe
2808	identity_helper.exe
2808	identity_helper.exe
5436	msedge.exe
5436	msedge.exe
5028	msedge.exe
5028	msedge.exe
3572	identity_helper.exe
3572	identity_helper.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5712	vlc.exe

Suspicious behavior: LoadsDriver 10 IoCs

pid	Process
656	Process not Found
656	Process not Found
656	Process not Found
656	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
656	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 23 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeRestorePrivilege	1936	7z.exe
Token: 35	1936	7z.exe
Token: SeSecurityPrivilege	1936	7z.exe
Token: SeSecurityPrivilege	1936	7z.exe
Token: SeManageVolumePrivilege	4504	svchost.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
3264	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of SendNotifyMessage 63 IoCs

pid	Process
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
3264	msedge.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5712	vlc.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe
5028	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5712	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2288 wrote to memory of 2572	2288	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	83
PID 2288 wrote to memory of 2572	2288	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	83
PID 2288 wrote to memory of 2572	2288	MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe	83
PID 2572 wrote to memory of 4444	2572	nemu-downloader.exe	84
PID 2572 wrote to memory of 4444	2572	nemu-downloader.exe	84
PID 2572 wrote to memory of 4444	2572	nemu-downloader.exe	84
PID 2572 wrote to memory of 1936	2572	nemu-downloader.exe	88
PID 2572 wrote to memory of 1936	2572	nemu-downloader.exe	88
PID 2572 wrote to memory of 1936	2572	nemu-downloader.exe	88
PID 2572 wrote to memory of 3416	2572	nemu-downloader.exe	90
PID 2572 wrote to memory of 3416	2572	nemu-downloader.exe	90
PID 2572 wrote to memory of 3756	2572	nemu-downloader.exe	92
PID 2572 wrote to memory of 3756	2572	nemu-downloader.exe	92
PID 2572 wrote to memory of 1776	2572	nemu-downloader.exe	94
PID 2572 wrote to memory of 1776	2572	nemu-downloader.exe	94
PID 3264 wrote to memory of 548	3264	msedge.exe	99
PID 3264 wrote to memory of 548	3264	msedge.exe	99
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 4936	3264	msedge.exe	100
PID 3264 wrote to memory of 3864	3264	msedge.exe	101
PID 3264 wrote to memory of 3864	3264	msedge.exe	101
PID 3264 wrote to memory of 4408	3264	msedge.exe	102
PID 3264 wrote to memory of 4408	3264	msedge.exe	102
PID 3264 wrote to memory of 4408	3264	msedge.exe	102
PID 3264 wrote to memory of 4408	3264	msedge.exe	102
PID 3264 wrote to memory of 4408	3264	msedge.exe	102

C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe
"C:\Users\Admin\AppData\Local\Temp\MuMuInstaller_3.1.7.0_gw-overseas12_all_1712735105.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:2288
- C:\Users\Admin\AppData\Local\Temp\7z780E18F0\nemu-downloader.exe
  C:\Users\Admin\AppData\Local\Temp\7z780E18F0\nemu-downloader.exe
  2⤵
  - Enumerates connected drives
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of WriteProcessMemory
  PID:2572
- - C:\Users\Admin\AppData\Local\Temp\7z780E18F0\ColaBoxChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z780E18F0\ColaBoxChecker.exe" checker /baseboard
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:4444
- - C:\Users\Admin\AppData\Local\Temp\7z780E18F0\7z.exe
    "C:\Users\Admin\AppData\Local\Temp\7z780E18F0\7z.exe" a -tzip "C:\Users\Admin\AppData\Local\Temp\nemux.zip" "C:\Users\Admin\AppData\Local\Temp\nemux"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of AdjustPrivilegeToken
    PID:1936
- - C:\Users\Admin\AppData\Local\Temp\7z780E18F0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z780E18F0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:3416
- - C:\Users\Admin\AppData\Local\Temp\7z780E18F0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z780E18F0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:3756
- - C:\Users\Admin\AppData\Local\Temp\7z780E18F0\HyperVChecker.exe
    "C:\Users\Admin\AppData\Local\Temp\7z780E18F0\HyperVChecker.exe"
    3⤵
    - Executes dropped EXE
    PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffeaf0146f8,0x7ffeaf014708,0x7ffeaf014718
  2⤵
  PID:548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2088 /prefetch:2
  2⤵
  PID:4936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
  2⤵
  PID:4408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:2432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
  2⤵
  PID:4660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4716 /prefetch:1
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3404 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:4476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:3668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:5052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:2044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2064,10035415338381382220,4667360967087500757,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4184 /prefetch:1
  2⤵
  PID:4064

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3272

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5588

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\ConvertToStop.mp3"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffeaf0146f8,0x7ffeaf014708,0x7ffeaf014718
  2⤵
  PID:5304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2100 /prefetch:2
  2⤵
  PID:5664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2440 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
  2⤵
  PID:5916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4508 /prefetch:1
  2⤵
  PID:4816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:5208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3384 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4160 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:3812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5684 /prefetch:1
  2⤵
  PID:4296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1316 /prefetch:1
  2⤵
  PID:5780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:1
  2⤵
  PID:3708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4532 /prefetch:8
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,12660135673222264621,3551166935628601898,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5428 /prefetch:1
  2⤵
  PID:2560

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2112

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x240 0x470
1⤵
PID:2924

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4504

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Comms\UnistoreDB\store.jfm

Filesize
16KB

MD5
926d098ab6101d51908367c67b431dfe

SHA1
36f02b5d60a6cd36970b41658339023b2fffc417

SHA256
98cf4c19cb947a6d73953c742027f9afeb483918a08c2815fcfd02ee7d14a32f

SHA512
bb73e8628d0b41bb68c45a531a2bd564e49fddbc09a1cf22777b59592d047ff048476801b3088c7bc386d430b2a791b6c26c3df97a22b8dc263323b3e03236ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
390c19203f97c52758d1dd26c828d666

SHA1
98b32ed9a10b61774d3172086a87890e7a4ce3e3

SHA256
a2e06dbacd8cd632b1d3f23ac50f2b5beea948c0861ad7aa7c0816f4811c4efa

SHA512
b88fc7b850a8b168f777954749bd739d0cfe129f397d56080c16e24a92a90877cc732b3fcf166bee46ee1ef822e198c237a37478e9bad14564a17b4fa6302f46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
74e31252bcf6ad202c5b9fe5df0659a6

SHA1
8c969a20c834098021364d1cc3293bbec4bfb261

SHA256
f4c9d4007bafc5eef25b00abd03db6e2a815dab96b9f2c1bfdf785c3db54e157

SHA512
b07a8d85a0a7025eba294f1f8862be7480e492e3bcbf49fd22a8dd4de0d2ee35c73471f4b575c34ba3ea82371d36fe8815d8432d3a1e0ebedb0fdf92f7b0b720

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
753fa4c758d82ddbc0dd67a1ae8354c9

SHA1
a3ea0e42318a660570acd623899b2de73af863eb

SHA256
422b8d203acd5080e8564b301149fea2750e4315ff928466c4efa56de4451ce5

SHA512
9c043d680ba0c120e64d99f92a9fc42d9d1062271f2c99d096572dcdca75c69e538aeb6fd2b47b2727d36f99c8d371f9536a38baf3c764cc6a339a1db7534694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
01caccbd60bd4810e03dd192b9acee49

SHA1
b2ea06ab83f407e9e9da76e3a40eab58c46a907b

SHA256
722fb5dfc4b2a2c369d5e56702f843b52cd10704043870f978da17c660328f52

SHA512
a249374ae186901a86230b1619a5e2fd108a7c0c3fbf0c48b704f21b7ab920be6f09c7a0ff649e8882c9d8d444b9d19556628af529adddd3a0760b33b994a7d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
fb72e002a166e6412ba88471f2bf0a6d

SHA1
a06749e6de01073aa48c594f7bd936fc5f6292bd

SHA256
9585e04b7b40e8985ee26e092dfbcd4e7115b18259bfbfcf9de362d0290382b7

SHA512
17ab50c60854532ed02d15ea62897344c32e000687fcd420c507fdeab048501f3dd786a527e0698d83fece70c0129d78a45f3bd76c88440a9b5beff39c016c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
ae15d2008ee89bffda080d4987ff756d

SHA1
2749e3cb2380579ef9ae6ca2790d95efa69fee20

SHA256
f6ed9a2d7cd50d5152ff46acb54f976256a80bf5b8af73ad68b84c61863d8646

SHA512
56672de5904e2b9b0229ca357772e431800879ff2d5f20dff565d08f8fda0396829a7c64828762db40bb003cc31bf927d2f3d5d1e0db83053b2fbd465342f15d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
e1caed8b652719a560fa037bc17a0dd9

SHA1
32c2cad24830e0e9ab65712ab902b3ff694e96e5

SHA256
5face97ccd3ceea5b5500cd8ec498a2d4df2c612d9823c9d6e04b45196f9215f

SHA512
da2e19b3efc07adb9e84631b3551d007b37de7bd4481d686b93c0641c8237cb6c0f59c10a13791f61befeade839ad06a70dc482116d22876f4726dfc4974b1cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
c382ae731d2bb8353753334ff75cda5d

SHA1
7916a896d263a43c7de5dfee51d1f85ad2e797f8

SHA256
1ba79866fb3c20fc0a1f37a8fbcafb8a40fba9ae9105de86093cc0eac88f416a

SHA512
f27deaf445ab0b96095c81ffbb99628d11f06511965c06cd7fe3b91baa45b5c66bd587f72c7226079ebd34722a90337a439693216e0d1bfb77a5d1df39cd0d97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
95b893c3276fd27d7aa94d6af8e1f2a2

SHA1
241eae4aa5ff00a71a57b403f8a3b3938f79ff62

SHA256
a980ed30ba12cce8679a3276fc38b55701deb9ad9a2c61a5c16ebcca9d66cd60

SHA512
c06ac17959a08670a5a9cebff99e3ca337636d39edd8ed8072055c8e7a4e1b46303459d104bc225bcc8e4634df2dc0182b3d7b5075d0272b2aaa051b163af4de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
9d654078ea5835facd88a02e3c235887

SHA1
80a90b2c55030ff1c697fc3bb0739e4e12ee3a79

SHA256
cb24011b59b176fa78ddce07a91e5758c739f585d7be2e3046c342c6a0656084

SHA512
fb1729611d91e62ff4f7536d3e6833802b738f2c5a48bf6821a9cff36bc295e675bd33f8a36b58e79686010078d586500d650de851a05ec4005c90668894ef7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
7882df9f8c5b3be4e20ada60e7968ad2

SHA1
3f243f69987a6bb464506a7e37ff0858d0c3db5c

SHA256
7d8241cec119c15732466ef8a57804702a85c35416875957ca4dada5e8ede592

SHA512
7dfc03bca3fdca7622118abc7c6cde742e4e7ed147ec6ded266af91f7252909ef2112dc58b5e52eaf075a93da9d9f7b81bbe11f9eebbb8110acc03a4922b3e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
c91e8e159a2905e7dcd3c22de6abd049

SHA1
c943ba73b7dd3fe832a6858785ef39dc6beceddb

SHA256
f9af27460574fbd68dff65c8b0f737fcad52b17f7d293cc8335b7ac390f5c300

SHA512
c16a37e1e5a1377ac71045003ce98dfbf0b3e5b1ffd779f30ddffa525d4a03f504522acc1784b15d0923484d6abfa1c02f6d1d6ecb9f49140805d0c3b41cd1e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
1KB

MD5
99a1bd60a9e4c4c1748bb7b5d8b4bd96

SHA1
71da14b05211696d99df7f526f9dc8915529c45c

SHA256
d40292ac34c0dbf96eb0b569a3e6f86a596fcdca22c35d55c8e70a7fa83a0069

SHA512
d347575fb3cefaac78724dff1ed2f918402386388b621cbcc4243e4d72645c402bca5879023de8d65ced676b0bb654cea3beeb6ff3c591e4709ee9955e227def

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
209B

MD5
3914cf6cc33d5308530dbaf41165dfa3

SHA1
178c5bb320b26b331d1ee5496701a83c349b5160

SHA256
a71cc5bb7ffedb20914d68048c7b7f27c55923cf8a96c7b988479643f365cb11

SHA512
19f4a94d864f693cfad32a83c58d99341704b2f48ee7e3d45c12de62e927bd25690e6cfee210de551c8c1c919442d8af5a23868bba3508cffbffceebc1a843cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
6ee7a327bb7079b9e8c0894e8b65db67

SHA1
608a2af588c116577b833007c724fac441b8c4d4

SHA256
5ae26d6acfa0558201465102a5a3d5edb4be5d7db11dffd0bf722880a091f5c2

SHA512
e0b6fb1713c5f3aa1754708b109d173ffb30fe7c7e3873b23fdd2b816c42d92a04dda87bc61b08c4264fb51fef15451cada6a7e031d56818f65a5b733881f5ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
471B

MD5
ac9c4a5ebd9f52b86dbc9663631cf1b6

SHA1
76f4f562d615af7c1fc6d63f96d1c8032d64f8fe

SHA256
fc9394a1a6e0be15f148fec21940e1dc1953180843af666bbd92fcbdb704d4a9

SHA512
67319654b32eceed63228b3ee4f6586f03669eb0b2361b10cd57c3362c8dcfce87e47d223aafad033ae21dafb27affdc014392ebde921419971f89b9050afd65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
a9724fd1df923178436571a70aa349fd

SHA1
397fa8b40926a1804ea661d0b9e9fd06764b1b74

SHA256
ab382e578fe4b3b04e9e186e8e4b67e66d85d815b27089a28aecfa0772248f3c

SHA512
0d286cbe0981a3ea62e23f9d7b92cf787b2c2c68cd81c3c647d0410b0fde57f35ec3c08542a669a3cef8422f12751b4e00d0a99f0fd26e283686f5b19ac68b9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
70b8b5c2e66c3efdf3aab268f25308cb

SHA1
cf4b69ba9ae1a4f8ff5ce440884cbbb13da783db

SHA256
d5684b826869cec8d7e4a785a0aa4454e8fa73fb5b2e9a971cf35ab656175fae

SHA512
e23eb36db39e706d828013aea9cc66e5af4d501ec715d2a93da1b866d139e4355eb9068115c7180ad19546c3e0905bb2648398385084220fb431c5397389693f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6c1e894a87b30da6955a516b3984afeb

SHA1
0b9110881db9face4648b2760c440aedf03861d9

SHA256
517e7e4200623b0be6fef77513fe4103c736f61aa8736097f6d6ee14190f9251

SHA512
0d7fa7aa894b6ae7b66b51257ac8401b1fb228dab4cdbd002e60da44dad6fea3aa82c632156efc7a72613e5fd984d0a479ff3bd9c244a275f05f5a1ffddf74f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c65273d414004c31c725a9e8346738a1

SHA1
eba838102609fe315591e96061b110826a1dec15

SHA256
aff9741109f95cb7b446ede23950fbb2590b569892f89b5beb7479ed91462b10

SHA512
a280a78429fff825580ae616fce45da20594617c1b50adbfa760d8518fea18f58560bae42d401a5d1751174f86055f5d67e98f8bce784ca468b4676a9d6be464

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
47dd06d63651ed7607ee8c295b630e7e

SHA1
eaee89368390c1071ea9d95ab49dccc2f4b31312

SHA256
a6509955cc4e09c540c986bdd6f76c816029a17e331a2012154b81efe1ae7657

SHA512
f2b20cf1d6a30b5520145d8e31d26f94dd4c821447701f26160f71b83fd97f5f5623decdbae03d91618c92b0344c249f31152d04857d807ce8760539d26c279b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3851bf511d3a47f985ef5e163bdd7624

SHA1
e35487b87f13d42ef8e1d5fafacf482275afa9a7

SHA256
907079a032565f707ccf0161ef0a3ba96fa8930c7ad66d302b80a82ee75b4069

SHA512
cf948d310f1364444a1244af337114f7c524b8d0e9e6547c2f75bc3dc3b7fe8b31ca7eb98fd9a3f6215fddacc4f2d4760628a919aea118e31987ba9a3140704f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0d71d3071f51538f22e698c79aa92b9f

SHA1
1afca70197a31915b1fa9cb8999f60a7d8779971

SHA256
654310c4a364195a1f5db0213aa471ebd04fd81901f14c40ce1f6e36c03f554a

SHA512
7cbdb9165e5d506403337d6033df3095988468ff48c0b67de9f7e3334e1efb419f820a4b0596d86ec908cad6fd98dc95d56b6eba279cb110c1c5d81099d446e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6b015d14e254dfb4f43b1296ab93bc41

SHA1
3d036ee24f17aff3528b9939b4b96019a11408d1

SHA256
d3e051bacb90fcaf645cbab2b27dcbdf7b68a191e8ba26b177347297f78bb79d

SHA512
6394718af052508fe6bb7914b6f13ab6cd2b4f5065d457413937bc77808387fbf131b71fc8896d99a35e654ad93d683ae420815ce7681213fc46a35b196efc01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
4ae508dcaa7d0bed4ff92a77b07c951a

SHA1
4f7a724c2d74a4197444977436367f9f8f6c16d4

SHA256
cfdaea9812f7b1f8fed88855b7bc1d7aeda21f525d855e5a7f729c00b5148a7d

SHA512
d92406610c699b086347f534ab255fe4613e4d805d934328d754e60782b1dbafc0efb8a325864c599ad5ebb1d5d89049c7549e9715e2044b7c07f7b7c45cf5a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13377470695197383

Filesize
6KB

MD5
871c97f5a82bb64f8d1f26dc9c32dbee

SHA1
0e669eec0647a25ec25adc265d713b688361b060

SHA256
a67d712cfce0b267f50780558551b57c4055a9d46d6d64ac50d904c312b61476

SHA512
f126ffb291fc2ed3600e2f8377ac9dd499458c73ba9a55e64bca4e129e8a8f4455b036e404fd25857a78858e67866a95d81e899fb6868759f2e5d0dc6a141132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
a35f3b7a44360d382af9bad25bc4e762

SHA1
75b58f36e255e574913612b54f8d7a7bdea6345c

SHA256
48ed8d3d7ad4cadb0ba87259a7fbf850878c47cafcc91185d3b7ca5472092572

SHA512
910cf013bda576d874ff15bb7a29ae028ab14ac56ed5053796a9211bc201f53d6043d22ab1dec55f3c5e14f4887e5b93911a280cf6b4c9c2f437d015611b16be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
047951245ca332887e0e84164bc05fb6

SHA1
f401f1f82f2f27b12831a6ce8c9b8b9a3310e247

SHA256
b3a04188d5b760406a0725183222fb8d4c3ea338289178b85e9b0ae39bef1cfb

SHA512
81f609079c5a2d2cfc0b7e653e398437e9873c16b735d8ef7159ba93db5ee2b51b884abc3c0ab491d89425c974ac9ed70e24bd485cdbb542dd454a3ec4c6289b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
beb788a84d24bc228a3871be4df79fb6

SHA1
52a02adf6706632387f184623a646ed94b8ede71

SHA256
05eee50e0645065e51e786cd1716cae96ba20dfa43994849b932ff824df527a4

SHA512
033e3258dfbb0548d15f078a8a9f96dc73f19c01b7c004b3dca238394caff1e852b9c70bcfbd9ded3c5f63cd4547413304f9a41213b3586d7339ad97b8c8f619

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3af8fb9dda645ad3184a2c0cdf9b65b9

SHA1
0b77b7b95e9a0d173adb7a7dde0233f9cd341876

SHA256
90ca94b516c5dd33e74198303f584355a6a749ca4b5f1afda233b64a163e1291

SHA512
cbf354a2d045aaedf4b39a9045b4f541b922e64bbae6796fffb10c361399f2d74a7fd713f901c3d25c5b29076358fe684add96f381adf5111f30813992404864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
1f597281125f91c22eee7860beb45f60

SHA1
a8d58f382f93b02535c049da3ff7e19e8e6e8a12

SHA256
807c297135c560f2ec85954e48a9664132cfe4b489977fe2a255ceef92d97dd6

SHA512
34db3e7ca745200c83c64b9f06bf729293ff888a6381258c574e33fe347558ab5dfb7fd77a345408850d1e741768cff7540f4a9ce744e2b66f7b8f65ecab5cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
bc5ac664a4bf2ffaa9317c6a68b1085e

SHA1
5b981dcfa752f5e02e1614c886a9dc238666b966

SHA256
6aa6ba823eced3877aa565d6b9c41cdc174455f176ea9e3065e29f5ef6640173

SHA512
4e4112f53f68e4f845b7eb7f5a5a608755559f63c1344792d4eeca56e3201d2dce57cc1578f40a40b10082fc6158a8459ef73dc3f5f2d2c3128f66f0bc1d0d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
3cee53e6f21f6c8fef880a3f54c302a0

SHA1
6e4349fd1194c9b1726f42e65dec1949649448bd

SHA256
dd15c4d9529d4299059f5dcdf2bfabf75bcbe19a32230d4966d4403f33859c2f

SHA512
1000064dab2bdd1ccb8cfd13b202e086b920e9e4d0ad9aca2332bddf45045328da96dc97545e91e6ee80c2e32a4d7af7c936779c89916681942b560f5de71a7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
c1241f2b9192e5a11abbe816d139f407

SHA1
c0e95716cfaab71a09c59e10f5e267870139ca61

SHA256
21cd1e87864c0e6ffb5f934ebb8367ac5c5721c80a781af97ed424803699da29

SHA512
a157aaadbb65309e88027a59bee74f814d0ce68b9f58be72e4fcf11754087aaffefe9211407ade82c4d75e9ba6397e0e7982316c7647e071585e88ade2312711

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
cc6a2a9e2fd0d6c16b1b02d308cab68a

SHA1
92c27a3ea5b8d6a0e13a237215a14accb30e5f31

SHA256
e5bbded5ad18e240d562f3c3cd5ab6e4f11664420bcc9d687ff42058fa6cef1c

SHA512
e657648471ef190e7b8aae83c8aeffd715c140bf3df4628ead8df0ff7f6d5577e775ecffc6accd07cc3adc70e99b5a594fe3f977fbfd72d5a46598b8369332c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
d88e52e1ab7de5534d63bcc441c98dd0

SHA1
4f65ec95ed377922014719d29a8c8fcc797f47cb

SHA256
94701232665923e258143e47d09f0f69a21b759cef1ad0cdf4ad5060cbf5530b

SHA512
28814c523f30aaecec58ef18f6cd0acc9cc57006aa9aa78c94ef17c7bedba2fb84e522bbeb1185c21df5ef55281bc87c9e4ab8c4217d1d4854655008b925483d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
f8118850648315b69df3059b45840a7d

SHA1
375abe5decc293247d29fbe9d18cdd1f1d6a3057

SHA256
460f8b7e49646bf1c68afa0f63a2fbf5e01acef3add6159f82cedfa85b1ae523

SHA512
1a124b3826c6e79222e9c819cdcd8d6238c859dfee99f0e392c15ec79e8e80cf7cf8a8ee8424d55402fe9498bdf9160cabbbfd40e990f48b428cf3042a9bde32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8069739971f2383f639f451692f7f343

SHA1
f1caf741a8d1221fb26af0e8026afd4054169595

SHA256
6a477331e03cb1530f8114963526907409c99b382208c7cf61bd658f41d21dd1

SHA512
3fe67b983dec001cff06865d8b59c180281a9b26a3e49733bd64943bed30fe96839de5bb2c8e6d8d0a7a71cf05eda8c48818a04322727e2e2f1187d5fe9167c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dcf023e5a6583abe56415a973e769987

SHA1
e1aea07eb360db3d8e71c15b43b5741cc8977093

SHA256
c73ad3bb5aabeae181b66e3704fd6ad4e8845807ee87721a362efbac712b8a1e

SHA512
7b3991724d139217a34211454e3a9f8592ed1f0b6beaf84bdfa58854ff0556e838ea591b971b7db22cdbe7e1ae9ac261a0d32ed313d82e086b7a13089b697509

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
58857685fad4543f167c764c52b879e9

SHA1
191aad287c2a9e92477b57a308403882e0549b4d

SHA256
d31b0527f6b0c8ffc5eb0a47365d29402f4b2d43277f67a9bc8eec0e30639cdd

SHA512
b774dbad6bcbc8bb891e416d41621ea06c4dce67bfbeaf79807ac9d459a8a465031f948737d2a0eb6b970b1d84c0fe75ac18ff17d74a51a75553fd3d72f2bdc5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
e5673181b1313ca1519a7e15356d68bb

SHA1
d83f0587602b03cee46cd7d8bbfd5ff52a20647f

SHA256
59bccbdf3120daf8d409f229f4c6d22231b1c2cf3c1ac628413869c4f0bec5a0

SHA512
4d9e463d99bfcb7b9a0f11710d0b73bd759e9838a00cd7279d2899db6c4b6110617274521174c8cbc4b3ac251dc80bf4d6584865f29a8dce56684825de6b5941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
75425978278ffafe3e48ba9b79772a69

SHA1
86b7ecc002d89c3a858b485894b949c1068c9a2e

SHA256
4266d1aeabc2c6d456b8d673fb9652fd2b94c99b9d54c286d3a06f8aff88d2ff

SHA512
922dae19f0e89adff4f258302a7de53789cd27b95abc4c7727d7cc730ea58fd4a9ffc5d42d5bbff2c11ef4509020dd351ebb17b6cadad27ba239269633d9db6e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\7z.dll

Filesize
1.1MB

MD5
0ffa2bff9e56e6122aec80d3c1119d83

SHA1
09b7eb124b8c83469ae7de6447d1b8a7f5c98c61

SHA256
609cba3a8704aa6f5e2623858402bc048de7198a3567a53183bf97de091a3e48

SHA512
42522bf850156577de397e527b8515b1bf0bdeceb170efae71d87c39a25c72c155a2fec6a88b5c3ae443752046f8840cd8afac9c42ed7bcf67aeb9e78aeb5f2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\7z.exe

Filesize
292KB

MD5
97b382235264f18a53eff8e891997920

SHA1
cc0f3ad9411f54f70a2b1a1705e24048b06ea65c

SHA256
bf42783c293279c65b00e4f8b72be39e1cb0fcbe14d6679151b0d5e27fd8572d

SHA512
1e780698dbc0963ccbd73976da6898b3c0dc4b4e655a80563585518abd37a1a5561a980d035123011213a83c76320de6c08541caa71bfd6582eb93ff57672a83

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\ColaBoxChecker.exe

Filesize
4.0MB

MD5
839708e3f96cf055436fa08d6205263c

SHA1
a4579f8cb6b80fe3fd50099794f63eb51be3292f

SHA256
1373c5d006a5dbcd9b86cfff9a37616f1245d1333c4adcefc7cd18926b98d752

SHA512
ece67e031e06a0442d935e7d81d0eed57ae92b348b5d104423577478ce226e4a4bde834c54e31d33bfe6f574fb7798ba96886d9e8edb738edee6e7c9c43054cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\HyperVChecker.exe

Filesize
117KB

MD5
dbd84c6083e4badf4741d95ba3c9b5f8

SHA1
4a555adf8e0459bfd1145d9bd8d91b3fff94aad0

SHA256
9ff467bc5a1c377102d25da9fa9c24dcc4375f456510f71584f0714fdfb2af39

SHA512
fb5fe74f64254609e07d6642acf904562bb905cd7c14c6f85ba31bcdbaf06686c0586609ec4f5d2f8f55ff90334dcbb774a3a6e78df74bf1b1d0cd03dec21870

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\baseboard

Filesize
116B

MD5
a1ab661a408ed1af94daa329b2c2ed45

SHA1
6ce25ed3d113310dbd1f5dd38185de6de329244f

SHA256
97655401e6518decff8bdad32888d96aaec1076a61cab0212dfc0661dd125ed9

SHA512
2402ffc93b3cbbe2e3135f6c3ff4c6f028bfecb5abb09c9b04d600c40b7b54b88cd29de5b098b6e20841983866d0ab0b34c108a9bc750cdbd93abc1f9692548e

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\config.ini

Filesize
346B

MD5
d00fb4c61a255b58ff09886c6c72461b

SHA1
4e4f7d7ae36f67a4d6fc8479f8400b3eb769e978

SHA256
77dec4d79e1e844a2156f101defc0fc81c138a989e8ba1c722c58feb91b3cd4a

SHA512
8494ab9fe0594f3ff7b0893ca3e25d6d0a706e546e92c5b662aa864affcefe5f9721a6a95f37f40cdacf39d27a23e2b3cd5dbca4d7b8909cd7c186209d4b46db

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\nemu-downloader.exe

Filesize
3.2MB

MD5
cdf8047ceae80d9cd9eb798a57bf6084

SHA1
8e7971401fada3099aed61849745fda37e1c0d32

SHA256
1f01a9abac64fae72e0a253ad9ffe2d62cd2967c1c2bc90fb956ac446fe2b11e

SHA512
ac366f38f39b935110192d1355147392ced5a21966cc22386804356dce24b2da7971a6a60d675689f93d74014d961bfb3b0c13cf06809b9f9feef580045e20dc

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\run-checker-log\baseboard-139522898881919200.log.log

Filesize
4KB

MD5
da765e43c5cae1023d4a8fdbfcd3dfff

SHA1
b37abf1f62be249cac6e93b14277f1e69eb5869c

SHA256
89b317b72354a35f760c28d2019394c0aa2520d2586b265a5e7478bacbb839bd

SHA512
c84b2ba7632dc7695aaf2012f2fe8583ff730a2f97de4820f33fda0143abfe3922a52683f1f1e81b07b68ced61c71e51a3d955885412d246baa2c4e0c0a184d6

Download Submit
C:\Users\Admin\AppData\Local\Temp\7z780E18F0\skin.zip

Filesize
509KB

MD5
ecb43530caf9566c1b76d5af8d2097f1

SHA1
34562ada66cd1501fcb7411a1e1d86729fd7fdc0

SHA256
a12381f97aee2d91568f44b23e866ccc99f0ae5e5961f318ed24b72f4f5da80a

SHA512
4a243c0bc4dbaf892bee91ea7eff9e6a7732d3aa2df5bebd9a4bea2859a30a8511945ce3bb823f7ef921f2e1a98906fb676fce85f25fd5908646b3a2f5d02563

Download Submit
C:\Users\Admin\AppData\Local\Temp\nemux.zip

Filesize
22B

MD5
76cdb2bad9582d23c1f6f4d868218d6c

SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33

SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85

SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f

Download Submit
memory/4504-789-0x000001B968740000-0x000001B968750000-memory.dmp

Filesize
64KB

Download
memory/4504-829-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-857-0x000001B970CD0000-0x000001B970CD1000-memory.dmp

Filesize
4KB

Download
memory/4504-805-0x000001B968840000-0x000001B968850000-memory.dmp

Filesize
64KB

Download
memory/4504-856-0x000001B970BC0000-0x000001B970BC1000-memory.dmp

Filesize
4KB

Download
memory/4504-821-0x000001B970E30000-0x000001B970E31000-memory.dmp

Filesize
4KB

Download
memory/4504-823-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-822-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-824-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-825-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-826-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-827-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-828-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-855-0x000001B970BC0000-0x000001B970BC1000-memory.dmp

Filesize
4KB

Download
memory/4504-830-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-831-0x000001B970E60000-0x000001B970E61000-memory.dmp

Filesize
4KB

Download
memory/4504-832-0x000001B970A80000-0x000001B970A81000-memory.dmp

Filesize
4KB

Download
memory/4504-833-0x000001B970A70000-0x000001B970A71000-memory.dmp

Filesize
4KB

Download
memory/4504-835-0x000001B970A80000-0x000001B970A81000-memory.dmp

Filesize
4KB

Download
memory/4504-838-0x000001B970A70000-0x000001B970A71000-memory.dmp

Filesize
4KB

Download
memory/4504-841-0x000001B9709B0000-0x000001B9709B1000-memory.dmp

Filesize
4KB

Download
memory/4504-853-0x000001B970BB0000-0x000001B970BB1000-memory.dmp

Filesize
4KB

Download
memory/5712-270-0x00007FFEA3540000-0x00007FFEA45F0000-memory.dmp

Filesize
16.7MB

Download
memory/5712-268-0x00007FFEAA250000-0x00007FFEAA284000-memory.dmp

Filesize
208KB

Download
memory/5712-269-0x00007FFEA9F90000-0x00007FFEAA246000-memory.dmp

Filesize
2.7MB

Download
memory/5712-267-0x00007FF7E7220000-0x00007FF7E7318000-memory.dmp

Filesize
992KB

Download