hxxps://drive[.]google[.]com/file/d/1HA_vbrZW6EEbwtkM0fQnpqOaj8Jql50T/view

Resubmissions

19-12-2024 10:25

241219-mfzhkszqhx 8

19-12-2024 10:24

241219-mflxgs1kgp 6

Analysis

max time kernel
300s
max time network
288s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19-12-2024 10:25

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1HA_vbrZW6EEbwtkM0fQnpqOaj8Jql50T/view

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
1392	MEMZ.exe
2324	MEMZ.exe
2276	MEMZ.exe
2504	MEMZ.exe
4640	MEMZ.exe
1232	MEMZ.exe
1696	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
4	raw.githubusercontent.com
7	drive.google.com
149	raw.githubusercontent.com
4	drive.google.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Windows directory 57 IoCs

description	ioc	Process
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	explorer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-3756129449-3121373848-4276368241-1000_Classes\Local Settings	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 29181.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
5556	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4676	msedge.exe
4676	msedge.exe
3496	msedge.exe
3496	msedge.exe
2336	identity_helper.exe
2336	identity_helper.exe
2312	msedge.exe
2312	msedge.exe
1880	msedge.exe
1880	msedge.exe
2324	MEMZ.exe
2324	MEMZ.exe
2504	MEMZ.exe
2276	MEMZ.exe
2504	MEMZ.exe
2276	MEMZ.exe
2504	MEMZ.exe
2504	MEMZ.exe
2276	MEMZ.exe
2276	MEMZ.exe
2324	MEMZ.exe
2324	MEMZ.exe
4640	MEMZ.exe
4640	MEMZ.exe
2276	MEMZ.exe
2276	MEMZ.exe
2504	MEMZ.exe
2504	MEMZ.exe
1232	MEMZ.exe
1232	MEMZ.exe
2324	MEMZ.exe
2504	MEMZ.exe
2324	MEMZ.exe
2504	MEMZ.exe
2276	MEMZ.exe
2276	MEMZ.exe
4640	MEMZ.exe
4640	MEMZ.exe
4640	MEMZ.exe
2276	MEMZ.exe
4640	MEMZ.exe
2276	MEMZ.exe
2504	MEMZ.exe
2504	MEMZ.exe
2324	MEMZ.exe
1232	MEMZ.exe
2324	MEMZ.exe
1232	MEMZ.exe
2276	MEMZ.exe
2504	MEMZ.exe
2276	MEMZ.exe
2504	MEMZ.exe
4640	MEMZ.exe
4640	MEMZ.exe
2504	MEMZ.exe
4640	MEMZ.exe
4640	MEMZ.exe
2504	MEMZ.exe
2276	MEMZ.exe
2276	MEMZ.exe
1232	MEMZ.exe
2324	MEMZ.exe
1232	MEMZ.exe
2324	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1316	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

description	pid	Process
Token: 33	1316	mmc.exe
Token: SeIncBasePriorityPrivilege	1316	mmc.exe
Token: 33	1316	mmc.exe
Token: SeIncBasePriorityPrivilege	1316	mmc.exe
Token: 33	2436	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2436	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
3496	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe
2332	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
4724	mmc.exe
1316	mmc.exe
1316	mmc.exe
1696	MEMZ.exe
1696	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3496 wrote to memory of 928	3496	msedge.exe	82
PID 3496 wrote to memory of 928	3496	msedge.exe	82
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 412	3496	msedge.exe	83
PID 3496 wrote to memory of 4676	3496	msedge.exe	84
PID 3496 wrote to memory of 4676	3496	msedge.exe	84
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85
PID 3496 wrote to memory of 5116	3496	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/file/d/1HA_vbrZW6EEbwtkM0fQnpqOaj8Jql50T/view
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff240946f8,0x7fff24094708,0x7fff24094718
  2⤵
  PID:928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2180 /prefetch:2
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2344 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2728 /prefetch:8
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
  2⤵
  PID:3268
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:1148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
  2⤵
  PID:1772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4108 /prefetch:1
  2⤵
  PID:4892
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
  2⤵
  PID:856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3876 /prefetch:1
  2⤵
  PID:632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
  2⤵
  PID:316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5980 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3436 /prefetch:8
  2⤵
  PID:4180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:4628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5952 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4588 /prefetch:1
  2⤵
  PID:4416
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:2772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3504 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2940 /prefetch:8
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2132,6699714135593016739,1760229505425447161,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2936 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1880
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1392
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2324
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2276
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2504
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:4640
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1232
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:1696
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:4084
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:2584
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7fff240946f8,0x7fff24094708,0x7fff24094718
        5⤵
        
        PID:4904
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
        5⤵
        
        PID:1992
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:3
        5⤵
        
        PID:4912
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
        5⤵
        
        PID:1388
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
        5⤵
        
        PID:1216
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
        5⤵
        
        PID:4792
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
        5⤵
        
        PID:856
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
        5⤵
        
        PID:4496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
        5⤵
        
        PID:5000
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5308 /prefetch:8
        5⤵
        
        PID:4932
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
        5⤵
        
        PID:3760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
        5⤵
        
        PID:3464
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
        5⤵
        
        PID:2084
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:1
        5⤵
        
        PID:184
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
        5⤵
        
        PID:4972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,1495619533257260793,8305654371387715139,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
        5⤵
        
        PID:4500
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
      4⤵
      PID:5004
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff240946f8,0x7fff24094708,0x7fff24094718
        5⤵
        
        PID:1732
  - - C:\Windows\SysWOW64\mmc.exe
      "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
      4⤵
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:4724
    - - C:\Windows\system32\mmc.exe
        
        "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
        5⤵
        Drops file in System32 directory
        Drops file in Windows directory
        Checks SCSI registry key(s)
        Suspicious behavior: GetForegroundWindowSpam
        Suspicious use of AdjustPrivilegeToken
        Suspicious use of SetWindowsHookEx
        
        PID:1316
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of SendNotifyMessage
      PID:2332
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff240946f8,0x7fff24094708,0x7fff24094718
        5⤵
        
        PID:4072
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
        5⤵
        
        PID:4720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        5⤵
        
        PID:764
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
        5⤵
        
        PID:3956
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
        5⤵
        
        PID:3156
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:1
        5⤵
        
        PID:1108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
        5⤵
        
        PID:3456
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
        5⤵
        
        PID:2772
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
        5⤵
        
        PID:4420
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
        5⤵
        
        PID:4972
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5540 /prefetch:1
        5⤵
        
        PID:4544
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
        5⤵
        
        PID:624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
        5⤵
        
        PID:5068
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
        5⤵
        
        PID:4328
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6008 /prefetch:1
        5⤵
        
        PID:4112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
        5⤵
        
        PID:3760
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
        5⤵
        
        PID:4496
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2232 /prefetch:1
        5⤵
        
        PID:3408
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2832 /prefetch:1
        5⤵
        
        PID:4960
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
        5⤵
        
        PID:1272
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
        5⤵
        
        PID:3148
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
        5⤵
        
        PID:6012
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,17796112252715009517,5446661758313194135,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
        5⤵
        
        PID:6068
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+download+memz
      4⤵
      PID:1040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff240946f8,0x7fff24094708,0x7fff24094718
        5⤵
        
        PID:532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:3652
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff240946f8,0x7fff24094708,0x7fff24094718
        5⤵
        
        PID:3464
  - - C:\Windows\SysWOW64\explorer.exe
      "C:\Windows\System32\explorer.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:5128
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
      4⤵
      PID:5908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7fff240946f8,0x7fff24094708,0x7fff24094718
        5⤵
        
        PID:5940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3504

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2492

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4420

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3cc 0x308
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2036

C:\Windows\system32\NOTEPAD.EXE
"C:\Windows\system32\NOTEPAD.EXE" C:\note.txt
1⤵
- Opens file in notepad (likely ransom note)
PID:5556

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6bd24f9b7c903ce5fb545e5b5da9cf0a

SHA1
35c14bac7bf8bd5969f7bd7d3a818e971880eb01

SHA256
b3d79a4f080071df9e9092ce67345236cf7053a6bbec1655ddee4afecaf59a76

SHA512
6d8f09fa0b7d1d720ccb1c31d8dd2259a07c61211a6d8270079625ee5c2fc1ef858245c90cb688c6f5b9be6058fe643b566ef7b84574896073f293d7d3b1e425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
dc058ebc0f8181946a312f0be99ed79c

SHA1
0c6f376ed8f2d4c275336048c7c9ef9edf18bff0

SHA256
378701e87dcff90aa092702bc299859d6ae8f7e313f773bf594f81df6f40bf6a

SHA512
36e0de64a554762b28045baebf9f71930c59d608f8d05c5faf8906d62eaf83f6d856ef1d1b38110e512fbb1a85d3e2310be11a7f679c6b5b3c62313cc7af52aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a0486d6f8406d852dd805b66ff467692

SHA1
77ba1f63142e86b21c951b808f4bc5d8ed89b571

SHA256
c0745fd195f3a51b27e4d35a626378a62935dccebefb94db404166befd68b2be

SHA512
065a62032eb799fade5fe75f390e7ab3c9442d74cb8b520d846662d144433f39b9186b3ef3db3480cd1d1d655d8f0630855ed5d6e85cf157a40c38a19375ed8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cce9e9f4b9fd8e0f9ef79f48c6dbaec4

SHA1
4fe453b717b00775adec43b84db8955e1108d8c8

SHA256
c4191c0180a10c00ab5e70dbb4c01173954a481f48c2202f59257b277868e637

SHA512
ddd6475da132aff41462af588dc4ec8702e2ca6e029f30f42f2410b061530cd535b559a4a5a3ab219e8cfdff388dbb3a25503a4d8d9fd155d9f7e80065fe5b49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\722674d5-98a7-4ec1-8449-0253d0a91708.tmp

Filesize
10KB

MD5
f4633bdc0971cd6fc9dc6566cb587d82

SHA1
575e6c0117e0b85e1b0c2d70e6436eb96d9cf96a

SHA256
88b7a0d783a6938033ad600a415d1fc825ebbe10f6bba9296dc1af8efb50f6e0

SHA512
72490d72b74045f69e297f0cac89ddeac85a84a52c9e6def57db53b4917f01272226577754589106393b89afb6f6653cef39646298b13d3dfc19e388fbf44510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9429e4a7-346d-46ec-9865-9c1f3b95c31c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\9bc42cf1-943b-474c-a236-f3898e79661e.tmp

Filesize
7KB

MD5
ef5ca10ff9b2a98318921bfafb7da44b

SHA1
214a6a2aa5d3736c89ce5f770eb26a3300b7ed20

SHA256
8a46419a017f251d7e649b028bab31146972b9f68e7744a49bf54110c0ec696d

SHA512
903d1fe1977acff18b4af8013ed86efab633bf3b7263912339cbf5ba1fb8c8e39023db8775211818088e3c9ad9a79fcc4a8ed415b02df593c2d936abccc8cb98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
18KB

MD5
107df3f63a8b637eed0a3f01c1181ca2

SHA1
6a367efe174a94850a9a60eca1b3cb9476ecca74

SHA256
7fbcf806307f836eebf78829d088e8cba825d711a42394f64fa7117271a878cf

SHA512
e4c2e6b6ca662cea6b74a70f5f40dfc9cca0b33de7efef339da815d3ee05cfa4771791a011ecee3e9537f77c4457744b1276d2ac4690cf621eae80f1011ce00e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
19KB

MD5
c734808a345916f9ef2676e9c1039c42

SHA1
70d25f0e97d5178b2228f74d7c4c1127cd1f076d

SHA256
3a144c340f7a5277ab97ecd65e86a9f6efaa4c19a6b6c886937df6f4acf6b058

SHA512
5cd9c258cf558fd8e89ed79d08de12c252600589ae7a01b201a9a4fdb1a2137180736a34b9996c78b2e7392b095435f0c67090603638d5ac08b655393c116aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
20KB

MD5
0370c8d4121a27393c57f51a199d471a

SHA1
b8307804cb860f7537347382715ed0f7fc0094b2

SHA256
b042e668cae6941870a96fd2a3be94c330ba9a25550e045de2f683c8319407ae

SHA512
f159f5039606aeab808021fc01aa8d359a0fd9be2a27cf32f978d00ff7e558d0129792fc328f8202395956d7a754149d93a1654af91f0fd0a00ebda8d6ff9559

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002a

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
98KB

MD5
892ebefddaeac6c490a38ed7ee37874d

SHA1
42dc53ff6a330aaa89e32adc7668b48537a8bb94

SHA256
70dff423d0089d96b452dda41a37f17762e40750bb32c7587b3271dd539d35a0

SHA512
dea272f1985bd3bbc8bfb1da86a1307e4ac7091a3bdfaa300edf4bfe1a3c987f575589a95fccdadc42b7adf95bd363084a0c37d12538b245dc606d2cc30c4ba6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003f

Filesize
34KB

MD5
6242c13ec6b35fed918ab71eb096d097

SHA1
691e6865e78afb11d9070056ba6cd99bdad7b04e

SHA256
b1c7566622f40bad557a6c5b7bc5b8ae25b4da191ac716cc7923282eef96034c

SHA512
52914b4ca7362e9ebe326ea89006f5cc096fd4d1c360cae33ca768af92fe6fdb5078d0848fb6dc092848ba0e3d3f51bfb20a292250c35e8bd2e79fd5a19dd7b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000040

Filesize
20KB

MD5
93be7955935adeb48b77528f2dc2e9ea

SHA1
58cbdc14353bbdc7e8457c4c6a305907eabb008c

SHA256
e334891b33bc300d351d94b78cafae565a30e80c5e52a4ddaa158a8dae64511f

SHA512
cc6f0ae67fe3a11c0dfcacaac2d3c8c00a51caa81994b9fb20c1f855a053cfbe17c0374711990ddfed39a38a138357e55a8d5294a920c2ef80790845520b43b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2d6576f078bae22ed716eba73d3bc007

SHA1
133b34847f264b2622dbd17150ca552479505e41

SHA256
cf98066959f9ae4b419559953f472e48d4445a53ca3d9136f860806f8c6aa838

SHA512
bd9a5b916d8efe87e9db83fc47f337a89082b359692901c7133713d9c1d7ffe174f37cc2276ab6f9782da9b1115c99a8bf0745f0b9a6d277dc374038e244d148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
a1db77be32a7ef6e19ebfd124e5a3be4

SHA1
ea88acf96b84e9f51944bafda0d416f809661ac8

SHA256
7ba77a582f5286e6aeaffb357bfbfde4369aea6c95b0b8544fe092e62ccb5b71

SHA512
08c222488180f38962ac2154dd16383694fa9ae097089ea621de3a1a3dbc52f57c61404a3c06d7168c3038060c7f3c7b2d1fd2031aa0b1cae4a1a8f63f44ec78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
8085eb00dfda1eb3a13ed9931b4101a0

SHA1
b7b3d30d952b5427c16be827592a3c31670a63f5

SHA256
593bd8aafdb5a2ba564928e5887b22815e52aaab33448c2af509c20d9ebea7bf

SHA512
ac1a3a01691b65af28ae513fb04a781a618cdc2343cba62ad4e2ecddd6f0972a74d0d1277c1d4e0aca0e6787a4ec94061dd9a787efc265c5b569e2fcbdc8a409

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
f77548f2834914090ffa6241e03d33a3

SHA1
7c545fcae9b63c75b385c32a3abad1ba8f447a79

SHA256
034828deb013e4a7afba2c6b4b3aa386da37039a89946d0431b0aa795625a240

SHA512
764cc5c9c46b510ec1968ad24f6681a42df664462973184d1e51ba104f52fe8a6a08f4025a374aa55a637e91a40c6886986851d84db35b70e10328c5ee3572a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
bbff3b19f06b0eee3ff34f0979cfbbf6

SHA1
d936da1606fe2bd8a00125003d39ae7e1c3d36d5

SHA256
428eb8c6cd96f233341bdb766d3b7406c668438530d29f80e7ae479c4f4fb933

SHA512
c55b62213fbca413e9677dca4e16e97a1d5c057fa43bb02599de26f0ae2af2c3f4a7e483c998cc133264243e4d077ae8315c3b6e789a634d6586b611624d4c9b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
af0374d39d4c2bc94436c48da76eedd5

SHA1
4a477f76ab7cee2d731bd1cc3294b736cf7199b3

SHA256
0382c4652fc9a71c00120dafbdb58d269a0831807096f673f2959d408f149cb1

SHA512
40e12be4d7922db54640670f21007efda6b70135be3ae76ac5b23fbd05931388e8c76eb3c9d5d5e8de6f53028567200ee45fe89a2747e1a33b444d4ca940fe47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
838965d4b39e3bff63aa44384d5addee

SHA1
e5c08e1be36efdec2690aaf109e19cae7ef78ee7

SHA256
8f97c9fef818b4240cf33a7136da7daf457cd58b30284d4e7c27e83224dd1aca

SHA512
334fbc4430264b695af3a1b7a52c77c3b6487965b77762ae687dc71982e92ee89b091499ff3ed6e6af8aa5b45b2f56eab4f4102fd709f6db67dbc85dd8d5acda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube-nocookie.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
a4135661ae997427e3ef8c05a3064a82

SHA1
b6f1c3f81983b85a5fd2a200fdc089e0dd566541

SHA256
7434ee026b0831cd3829dd5d73c08533d66582e982f77d6de2dc09246747d49e

SHA512
16e1259b8acd44ab804899129df180eb934820520d3eef02e0d7c385d862d8e43b51927c49c518603190f0a2bc5349daf2189ff852de625dec103e226a4b1e9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
4f4922e776a095cd7216b946574043bd

SHA1
df98ad852103fddc645627df820382510d4e2182

SHA256
b7371e3d549b3992bc6fefe859a80fd27394eb98010d3919323a70a19a483d8a

SHA512
b27c3deac7436e96b8419825315886919865081bd54323320ff513396483ab6614cc9ec01cedb8c06a43ca935a5bbddd15a8a28d7eddbee8966762113f8dd43b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
920664eccef0173fc1fe690821302500

SHA1
afc7e526cf1f8bf7fdb6b6a29ffb812e2b3c7581

SHA256
5b21c1d551ab2990ded1bb90898c8f46b76c375ba40bf05cfd3a0317fb0151b1

SHA512
f0ccad3427f4314d883ca9d1932b33ba27c1e1058c98c085b328f4e65fdb4387efa48492a1e5722ed02703622054fdb887ebff90d9d0c6516273cec71a7c9920

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
fb15be54df0d1c502da027a289ad31b9

SHA1
4353ecd30ee039e8a4b3c9fee2472b77d2729edf

SHA256
2bc215970e87895fe5f99994367de92d3c0717bcfce4d8bae8afb5219d9a45f4

SHA512
a2dbca0d7a8bc8e98dfb76cc46e45f948787d2160e33e0a73c92caca36493ae77a4d0a537112db8e430c412e8f457beaf9f57d110013ef603b4719b7540395ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
a751f5a1d7c45acbe5d13f828eab0ff1

SHA1
1ef735c02cf2c5cfab0db17b07dcb3b1084425ec

SHA256
4eeea4a20f3dac24a58e83a8d863e89c929a0233ac126692976060fa8f878176

SHA512
526f1c1299581c1a0dcd22f9fc27517bdc0f56c7e2b25e96bdfd01de1158926e4369589ea20d482143057908408318e360f52ba65251dd7aff5118b8dce31f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a3fb621ec05a6c54ce2c4a2faa461802

SHA1
74b7998b1ac751e3fb2b5ece50a6a2d45b0b2d7f

SHA256
9532a470739940347cdeeea6b8d60ce1841d46660245ba2e1b445d2fa2829adc

SHA512
2fd89dd632dd861949e58f88e0f1f631df4d4715bb7f8e21226423a86f40ca34938569c3283589af1704322238faef905e986dbd1ed3987cb175f255e5297c11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
21029054fcb450c4a600897e90c14d40

SHA1
d5370b42e4bfdb8e6b9928eee92231ebb406303a

SHA256
18b99e424106d70f429b7a245f408e7e486d9a5ffc41807da10f7810b6841cb2

SHA512
fa3c58449c219c85df13b655348f764069d7c3a5a855d851ed548873290c17959eb6389b3a815c88f65722d022878675c067346993a0605e89c648b89fd6127e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
695395d468ad45552de4e864053276d4

SHA1
46b88f8dd87af1de6be6cd6a84b4de19cd84b51d

SHA256
bd5ae3d53e82d2cb06b81075773531d02bff18ac50ba5459da01bc459456cb07

SHA512
c4f1bfe39e36287305cd66e043b65f92cb2c7c42c84f0b7006e4ed1cbdde5c58656ab13ee7f75a473525e9ae3b3e05a29398c84ebbc9407a5f0c4a0f121b72f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
941f54229b38424ceaa30d25200d13e7

SHA1
04d390c8dc9d33aa020167b7a023de3fcb109764

SHA256
ab2d40f5b73a0dbacf200e8d3d1757d8d22fcc97136f65ddf992a3c38097398c

SHA512
10fb468aaf0a7db448a184a0be3f7433821a14f2240f245408784cb515e17e52027a6fd82afed37ab4c06ba35724396d1463f79ddec577a3b4a7a6c4631878b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
905574e3c516de05262349e9f91ee946

SHA1
337196ccfef0d57b8aa547c466a7b8c3e83af0f3

SHA256
b5dbed5fd7ab4d281762fd87f4d794ec3a7c1948d9a7bffdfb7909332af0540b

SHA512
8afb194bfd016f56cccd003340bf298327be634eae63d1d46f705e8d8b02703e33750966de43e5a65cf0324f1864751cc9777ab25e32489de019339d8186a269

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
d35cb9737f4c94ed85492d7a0a4d584c

SHA1
756b5e65fab781f0c68013ee339b723cd756f9d6

SHA256
2fc46ce091af6b0a8e2cfda90e02e69528255e7c3d49ceb1b3908fa90e4ff673

SHA512
a5477ba82cfe38163f58dc3531bf064808b3cb5a907b0a4919126ce2f62d70b1b6c3f5862930c536d43e786f0ed541b827af785ef9a373faebe12b3c83e737a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
192343aa9c8f4fff83af440ebf9daccd

SHA1
118ceef098ffa54ed72c8a406c0025b54136d106

SHA256
fa82980172840c65d16edf53b8903c741cb0193fe813b10e0e0bf0de146c44de

SHA512
cf789e54d81c29a9ddaa90fc6ec7fb84e92734fa8e586992f5ad0f8eec3fcae31f46dfc14e8d18d692bce840681834cb113761160c51ba4599bfdd0de151932d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0e9e0fbc184ab426ef2b55f199cca92b

SHA1
6d4d2dc385a13c068faff4965d7c0dca094fc628

SHA256
0f59113b9c713f66a3a7a12beda88907f319f1ffe691474bd9282c38f9bcbb12

SHA512
b09ee1b174b852e59c8a6a3d12f5a236ebfceccd3e37e97b639c9d24551c8202c4630e8efabb6cd93dc0992918cecba75ea2125e135b13ed12e12d0930717946

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
c012ae1bdf632213b49879e818aa20bf

SHA1
4dfeb2489374124fd2020a5010e489315507929c

SHA256
c9fac900c576f4f8ef1dd1dfdd21e9aea6679ad621780ab4a50a0b442b5a7cd7

SHA512
b27c3c1b95c2850e2940239bd4a5fa4e5535fa385071296559d6b43e7074c95ea231804b71bf7a068718d5dcf3b400e5919f985847d511ad233d6bfa292c25d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
0dc46fe18d489a2fc9db7640636c9cee

SHA1
b8945db63bcc4529edc100696a64b5b9b44d34ad

SHA256
6b1a35c3bda9a8ca8544a585ea38199c231700267f39cfb6f031cede0bea4c5b

SHA512
31092eab7d803bb8451791c68760de3ca18eb50a55ba8d3204df5762ec0532c9115db2838085376608ea962a6c97c38d46eb030932d149c8df40bbb013858425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1ed985b6c97686566d8a53a56368d913

SHA1
cac065b4f54d6fc32cd2a9fd0d2cedb32df91789

SHA256
a430e1fdd962e1c06051e9548733c90c1bf209714d9cfa5adb3417835d2876a8

SHA512
8a7cb44a0d92a34b9ac71861c110f4f7dff8a47b0fcc63fd9f15c0be07b79f3d91ed85240a477bc5791d4fde75251b726f535a5fa6520d55e243551a1dcf0253

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
69e907aa6c04ba1fc3118e0073c55df9

SHA1
3d396808be40a104e74eb1f0cab1209face80aa6

SHA256
8a19b97b5db809438904d33524f8702a80774bbd241a7f725eb89d1bc4af1e87

SHA512
d34ec4bd683ce9d43e752bef36c8fcc4f10518d637d0dfd3358d78b001974d7f5b08770b02998e727dbabaf18ebd46e4fe46957b018c72802e0ac7732c8ddc36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
12d0b92dfff94d9cbb19456b9af41e2c

SHA1
724e43025ba7d5d53dcd7b329e0f492eae8abbfd

SHA256
f8bfd1542d8f1b8f029bbaf5a1e047b32ecae1fc39c3c0c407c8ecd22f8fc1bb

SHA512
b0b4d5ade2f56205b7778bc380b199d027aabd4e577669a2d6d964e8684680cf1e676c972265edf9fbf490969cc35816a864da4fb1424325ea93048aea1438a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
634027d6a6fda0894bad268198e4e53b

SHA1
dd1cb95e48aa2c550442bf1f39f114b2a358228f

SHA256
f7617d3e3a7da9a8ad5bdb8f82c4d0b9d3abf39cc15bae2dad7ddb3d2d203489

SHA512
d883f6e1a847059fc2c6cf009c6892090f1bfb539c35cd5d3b79ecec106adde635a471ad70456c9769bd215e5a083c7c3ac316615d5af416dfb605118ee3a511

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
24ff5f485adf8cf0798350112f66a002

SHA1
499a34a1528d6242a588a5317db6e0026e593355

SHA256
185f000e3dfbdaa30b679193a084cfd71fefa19fd63b6e43c063ffc40e4fb49b

SHA512
a977e6c293692fd8cb0d9a92c15b09432b059a759763c842c651399381bfc39ef1ecc84abbdfd74fd3cca53e831d712f426894477764421549348d3399b4d2e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
35B

MD5
343859b4ad03856a60d076c8cd8f22c3

SHA1
7954a27de3329b4c5eefd4bdcb8450823881aad6

SHA256
8c79b653c087618aa7395d5e75198da7d3b04c08654c39e56b1027f9ef269c2f

SHA512
58014a4e7f2b4b0d446fae3570196b8fb95d0d1b70bdab0dd34a74d6c62cd8d7ca494a486f19c1a829988a3af83a08d401f18d1769ce1799a02ee09807234254

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt

Filesize
99B

MD5
1cbcd7b854a358cb4b988f076d807601

SHA1
38dc696af259c026c8ebad675a93fbd7ff48e1a4

SHA256
6909b5af14921560849a995fe49f4516208ec3f31ff0561411bfacb823e4e209

SHA512
2140992a513b96825fd1ab88960a253984e981fbd92fa67a28887057f5b3bba37d3ad439a5bbbad86519238c0ce4b9d8b1410e6a4deb5b40b53390bf2409a927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\32cadb2b6d359d069dd3f3d132c212a43d223701\index.txt~RFe5b00f6.TMP

Filesize
99B

MD5
17b9dac3947a96ede5d031a49a88d76a

SHA1
d0110ab0d895c53f4c641693cc7eefe4cd708755

SHA256
01c7c8adf3df3f9adc0de92fbfde1255600d5138ea6cdd3b0fb4e411a2f7f0b4

SHA512
c7c64d1a49e199f01b187a0aae3a53383f7f28f6ea1eb25e44258d58a4067a2c40f10636d4ff8e1eb252fd4c2e896ca25d62fb5b7387d4826271ec6800672d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
aaabff46bed77296c61bce7a474abc91

SHA1
ca61bd8863d9a626b384a0a5fba5b606cc2f157e

SHA256
0b1ef4049d5eadfc44894607444060bd4022233f140c2656fecdc3edcaff8870

SHA512
f68bd4995fec8a2e2a4fa32cf4161a56e88815f4113ea29a013fa419ea2892dc050f0daa9d5025b10316edbf0f1514be70f4b39cc76967ee83c44d4306fb9d23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5ae34d.TMP

Filesize
48B

MD5
de2857ae31b69239bae98003b1a16585

SHA1
93754b4d3252d0049daac3836a170aabf2a22de3

SHA256
3a8ef8004d3e476eb120592ba0d66ff0335b9c03b40fede4bd119d181460532f

SHA512
94bffeb1fbcc03fe169d796de501a28f5cc813697c8d2f932b51a1747f9daf410e4a292518e4f1c3d0f95e722e5b9011ca144f408d19fcc1024fbd8e6dd63e8c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
df9db52b5a8627d4f76390cea54e9027

SHA1
fc83f23534cb05c899b3ae316b24566be4fe72cc

SHA256
63209dfee3890487b9410c952e208e4f41249632f3acf48f2d0cb43485aef7ee

SHA512
5159511a8e119c87159ff268564499ade0b07835211c7da56a01d60813c9545569071103a0ada36ad39651fa52103f2ae33a49d0789f1e95a5cd15e4d298fff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
7cc3281524ab00f2c84e4ffc4dbacdce

SHA1
d4341197afbfc8d160e246eb8ac790013b460c8d

SHA256
e7e26a12fdd5ec0bb0d1f1bb39fead2110634eccf057a895357c53073a41ddea

SHA512
8ac0797b36fdc963b5594758c85c4c861df121ba479a2132732cda3e86c137aed91cdbb65c94f9c71e5d1ddb6abe5fb2ace991fa1fd45cde65c31f633caf36cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3e61520bf9a45207e8f3d8bb9019a9b2

SHA1
b084d5e1f83609ac5dd43f80375f06f1863e456d

SHA256
d3d7f0882b2c13114f78c7cd8468f658f931a82034cf26dc277d478e4ba9ad50

SHA512
8688795b49f15a1d881a52de8036d2b356da902b5a2e1ff50a4a741e8f29d284ea45bc99f8979bce11dd0fe6162a5abcd39665722aa7de66e9bd5e4ef03de1e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
c576f4d27f7dc73699b0a7ec407adca5

SHA1
b2c0915492752bae72a0bb8addfa30f0bffe62ae

SHA256
c3ec386a110aff9781a8759883daf126e15a084d1d827a9a7370ee9a82fc8f34

SHA512
b50c3e2427ad18fc63320c08441d48c64a9ce046545d3ea81b748a187495300672f4555b91a1fdd361ee3a0861650144b7b039648f96e27489b21a87aa22b9cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
9a52d7059e3ed21c6e2dd109cb1cde45

SHA1
7f51a0862a7143f6489c09c635a18d5ce0d9e174

SHA256
976b66a10ec9da2547a3ef538862b2e584b095a7cc4b0f537b9b4e007361cc7c

SHA512
381a2a51e4146308a7b696c5f08d16c9acafbe1eec5533f0780229b1862c536988ce692629dfde21b6ff9786fdd9dff336111132d500b97e92d8610a7ba05f7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
885b373cbbe0bc9cb8e7c9b089d3593c

SHA1
3a23aa2c0cc1159bcd43842c9df2bcba723ef414

SHA256
a8f5a8d4207c7dd638d995ed53985f8493a3a9e8767c84867de306ca6fd9d2e4

SHA512
c79f48cc1fe057fb18df5969ccb4024dfd419298653955daad8a46d6bf6838384093e45cb4904bc86acdff7891f873006e87fc9f8c974efc0d45301632131558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
69c931869208d1f9ab24a36dc7b94833

SHA1
04ea0c364ff781fdd7e61523a9b2afa702429162

SHA256
4b92e76508ca9f8855f850737a46ae9f3c14137b5ca3bb6bb753437a9c62b1ac

SHA512
f453fd74ced375cf6815f66f222170b25b97240bbf250e57a09ef8e4e0ab99abea78679d811f41ef35666c2a453f11c06fe5bbf135dc242cd261089a707e842b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e030fe1f8b24c0f5e8b1eaf5b4a28f5d

SHA1
c9627c17a903fbb29ef855e86feb8b165254a7cf

SHA256
41d01fedcfca64f9a5174de64a2c3d5f49641153ecfffc00f0e620a0b7cea3b8

SHA512
39e1e1228aa2ddb06bd8f487a50784490a5f8ed76894b22e40b98c113e2e9db8d6e21ae931ddbd3c32eb36aa024598d86ceb53543a21f7ada741cf5712f793f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e222.TMP

Filesize
1KB

MD5
041bad820c831dc8095a62194557755c

SHA1
2055aad3df044baa56b9ba246e3818d8de520e29

SHA256
4c1851ed62abbb329009258b648bfaceb7f34ab914da16006630cc432aaf3d98

SHA512
c43834ecf5bbe5d5bd9a3064e1b029a2c430d07e8222d44b62af64ebb501b7b7fb01450b96414cbe275765f0d19e6e10e221bd43548f41af35a7b71b0f70dd1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
589c49f8a8e18ec6998a7a30b4958ebc

SHA1
cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e

SHA256
26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8

SHA512
e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dd33b175c4d637d3135bccae889e4f9d

SHA1
5abc621f63cac857bb0c9820c344fd8463bea7e3

SHA256
7ee6afbeba5bbeb8fec62c30c7c7bf113ee41d66acc2ef64e6fedecb36869616

SHA512
2ff09fca0e28339db558559c4cf0b545b9b090c1f672cbc20606c1868c16e628f89b43087b309b81b2dd8d2ef5af72facfa363bac3bf1fb7c5a8d039cbde83f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f73c6692179f5246c991673cc3e96536

SHA1
b435663261454ca6e5310ba10ddbf5714876f47f

SHA256
f5ee672f57a38e436daca33acc84f469df05f88a94b48ec28b7f11301ba1c7f4

SHA512
5f4a5f729b755f2b46abed61ed81c6329b98029e28db8aa9d9c9e52b3f965af41f3743e191b61e8d1c4b11f8fe864a075c485a75330547fb0bd946f4fa7f9ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
088e71230c3cd9958c505bce9a24d6ee

SHA1
76e3c19dcb760d020d1377147ab4391599344fe8

SHA256
d59ef7d56a90d48e721df36828a0614b7f27f6c147ad40fcb25a831a33c724b2

SHA512
6dee30b1144f2d109146ac5ee3391aaad3de09f864bf600895ddb7d96f4b91d70f98b4357398494428893746cfea9008951352f8c39490e3bc841759d2417765

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
896effc05b7dab6be6b61515be4a228c

SHA1
58ec4293dcd8088720d595be118566800578cefd

SHA256
b345e9b1aeafa8b9af8a16ae6303974239ac09af6af6596ff4e64ed4472a78b4

SHA512
fbca9f37de9e1f2ddfb579530d0723ecff6d262a8364f47845856265eda011f58f4c45c682a2ad3cccc209ea31b83bef0af00cbd96a50b4a5cdd65f0d0853ac7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
39bfd6d416dccc4d93b705b97df90382

SHA1
87138408efe972d1a31a223efe3715924310ba9d

SHA256
2858ba8a0823a11a1443efd592ca1313236e0e771b026a8be17c114e0b1e77b3

SHA512
72879fdaa2b0a3554b0f453d49d74a807b98e26a306273c393136aa242cfae7c02e1ddddd9c49d1afd54e2b78d89ff3a73d5d5d1da8fc9249fd16f4151037280

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ee0084e1cb496b7e99aa94a49e230fc

SHA1
aa18a750b31f4330e1245bc1b0cb90e4e08eb335

SHA256
7427788853438693768705115168864086c352cdfdfe596b366ed53cda22f315

SHA512
c35e8de560bdc8001df22ddbcb721b27096a1fa4f3f0affc01b98705c47e6213bedf66d64e8dd79d3fb7cd6396937c8291b45c6a77605d45c63737cd72b4a722

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
56576c6ea5f1136a2ab2606cd407c381

SHA1
91e0080743c756cbbf280eb6f580c605f1a79965

SHA256
b0e70ddd6bf2f248b77b13cd661bc72439e6e90e54645e4e97e6a25813178efa

SHA512
8e014caebd30d0aaaacc8da41234d78870fa16ef829e4af87a62fe7690e85a7efe3d80c69cc99266126ab87ffea0bd650454d4b74b9d2524e3e8b9d354a5d4b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7b55f951f548a9d45f00e67ee50dfe83

SHA1
f7c80a41944ad5a4dd4f9992422c46425704d605

SHA256
0420b6061033192077a6dc59ff9489c9d26c6f52815145084231fa1b3b8cf232

SHA512
5346c46ea49b90538dd348156e038a37f9f331f2556806a62261e165900d788e5677d356f30a263795747a4cbc76197448f36b95ddfc099b9241ea17d40fdc02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
209bb54f7ceb484d68424e1a25140be6

SHA1
acf629e29d01c3c8ad147b1cb001b455a0f20383

SHA256
0b4ea4ad1fbccd5bac2c5f7f96a31b3b012279686ec9f0916b1a0dd041877fe6

SHA512
7a772c425ea24e8bd360176d0887a8a9ce5e6037d6e6e48c6dfb02381fc295377f4d8eedc43cb76ad7e0fdc329f4e64380105cf4760b6cdbf68f98f0d41b72a8

Download Submit
C:\Users\Admin\Desktop\ConvertToOut.xlsx

Filesize
9KB

MD5
1e413c686c6ea82ea66f8660b32d6632

SHA1
a688d342e77390610d99784dc673ad31d4384c5b

SHA256
ac45eeca4ca0c3631d40d6ee1d554b14a93dd8702e7d2cf3c81cac2176aa78a8

SHA512
bda4d49a2b8151f6e7f2598aef1f120b7867a88e4c74dc946e8b39565f339dc48c2e2407564fea1ca3d4821c9bcf79871f4ada79e36cdde040d6efa046cde59b

Download Submit
C:\Users\Admin\Desktop\ConvertToUninstall.3gpp

Filesize
222KB

MD5
1dd9ba8a3c6051696eb0f6f4ff5936da

SHA1
58cd015ec656c1e8031ac634b8d9f444d1c648f8

SHA256
65dc0360d56fcb757b20968da0b22487f884b430887b2596e61e6958f27acdb7

SHA512
3b123972594becbcac5a9b8edd717f68949a60b07e3d8e3fcba824bf84d81392dcebd18972db6960e4a6c725c7c84cf1b655c8f5f41ec682baf303f1b5648bbd

Download Submit
C:\Users\Admin\Desktop\DebugWait.mpeg2

Filesize
339KB

MD5
0001b2274edc374f134a2e183516ae30

SHA1
6b58a35d07c546d41e3b7488056c8f450fa51292

SHA256
4b3dc3277d94281e9aad2dc354b5a828c715434b40add78d618f14154a787009

SHA512
6da5be249552e3c8132ca7d74bc1f212f13ea09b3da5cd70f9d51ad4cfbafffeab412af11568b2f328f35a91bcd31ffa635ff85b9645cf7eb522243d3ce06bb9

Download Submit
C:\Users\Admin\Desktop\DenyBackup.ocx

Filesize
235KB

MD5
70f762ea0add0347aad588b86bfd8b5d

SHA1
986b4a1bfb347849a1959576bcf4845ca2da2350

SHA256
c0f35d6c9d1721f1885e1863a0afc4839e3028bce794278dc05a1d6c938e3688

SHA512
3c93a82e94780d1177b63b00e2ed2fff137407ebdef679f5e1af6dd4025d9634f67b823e7115caf9cfba06b8c320dca257fcb6132fc9889728be4d203c373706

Download Submit
C:\Users\Admin\Desktop\EnableUnprotect.ps1

Filesize
287KB

MD5
33cdbfd37df43866a756e7c396311319

SHA1
f5b8685a424cf40b9c6d295a84508b8bb92fc157

SHA256
33f9d17cd24a20a1fb94be495cbb04c1284fc26549c709bbf2e33204fa9b0779

SHA512
fd852dbd5b252db0c93e2c85bc24d9ebaedae7a821d90733c2f787f3bc3b0c2a46ad13ba8a47b248beff9bb5320a143b7a4456da67c4be680df8ea7ded13c9cb

Download Submit
C:\Users\Admin\Desktop\GroupResize.docx

Filesize
18KB

MD5
80400c4204b1f385df33269ba6a51aa0

SHA1
8171e21bd3f8deb437ae32785e839580e9212f9d

SHA256
a0fd0beaa3c8b9cbd5bdf03a625259c4543ce20c9f536b6fd87bae298e32d9bb

SHA512
de2ce004b9f3905248098e5ed049adff3d1e1e4c348b3bbe08d4427f71405572ca5bff9a6c06d85ff961c8f5b643697ab8dac355df5eacd1db85e9c2263002ae

Download Submit
C:\Users\Admin\Desktop\HideOut.mht

Filesize
313KB

MD5
8936313fcadc4db3dfc3ebc0ecfebfd5

SHA1
e6851416413cfa25829f66d13effedcfec04971f

SHA256
0aad5896fe653ff5eba2e456ada73ade902decdbcf394261ed37fa0ef0aed2fa

SHA512
d77defd6253ab00c700e8cd17bcf4606d911e1577ef1638ca7e2602402a9a3e93b92ec759db4cf30e3ecf11978c11b3d4a6a1747ff5976e1ffdaaaf51b59f96e

Download Submit
C:\Users\Admin\Desktop\ImportTest.pptx

Filesize
404KB

MD5
999fa74f82e186b5a1f16dfc721ae508

SHA1
d39b288948dd5378dbf3907948bd9ad0711d67ee

SHA256
2d3e9d665369b34afbae3bd0c3e0e790c7c47add39381e9435f7075e1f1477b7

SHA512
7f4791e070b3562276849a587767318da789a63e1fdd3168e4b364455125d3a8f7fc25ad7622b71f2ff9fdf38f9bd0e9c7d945dbfb07d10d525724b54f807ab2

Download Submit
C:\Users\Admin\Desktop\InvokeRead.aif

Filesize
431KB

MD5
4be69dea25063409e76797d93efa22b8

SHA1
76d1da9a9c577db7a07fc4583c1e487b1c727ee6

SHA256
19f2115e96b47328f291bdd2a4dd4451f4bbcce0ea39e2ac7afb356d9bfd3128

SHA512
b9020a3b54e0c387235622f26ddbb18b1a1b1d246ea144bb3cb2f1a989ce292bf690a349f98f27369fad8df23d6ce6d6ee96c774684d36ecf1bf40f3a9be29e3

Download Submit
C:\Users\Admin\Desktop\MeasureSkip.vstx

Filesize
417KB

MD5
ea6dc674de6cac63736bed26a440145d

SHA1
ad69368355f249bc5e936248bc0a124fd5839736

SHA256
88bba97fccc2e4b583529aee3cae7602dc4202413f1111b433f714ce357ef787

SHA512
ac8a65b997b0704a10b21e39f7d6ce813df263f84ae56d745b4736926c093a0544e0d5b2b1c12445dde7370056de3947a7bc9227e9d49b5900c01a1c6a137af8

Download Submit
C:\Users\Admin\Desktop\OptimizeBlock.bmp

Filesize
274KB

MD5
1b232c628e57cc59f98b8b2da2c9ef8d

SHA1
ee63bcfc994deb225bea54495c2249a4568ef263

SHA256
9fcda5658e8e79a7d82363d6a25bfddd4c033b50c40a9ac88a9c8e1673332e9f

SHA512
22de9bf9b4990d3acbfd8c62981adc6311154cbbdc85d9c638ed96c6f955d7c838a2c5e894d65acaf8ef77a8a3768a6d1a80c3bf8f2763dd34c54c63c2ce1b58

Download Submit
C:\Users\Admin\Desktop\PopCopy.ttf

Filesize
718KB

MD5
c1c6e5b8391a0723b63958d59f351a3a

SHA1
dbd9d1e8b0eab13fdd69d28569bd19a067c8aed0

SHA256
8fc95ea14e6c5394cf59ef2cd5d9af5e5aa7dae900f90d6ed516ff63d3b43e83

SHA512
6ab53a147ac97a72b3791f81b13ac0eee1b0c84c01e70da15d8ea03db15586db44f00cb57551ca50d288b6302e8f6d298466ddcfd952cf066bf792737574c6c7

Download Submit
C:\Users\Admin\Desktop\RegisterOut.html

Filesize
208KB

MD5
79f8db7ac7532f9ab2a7e3174a478898

SHA1
51797bb6354999a5fa134b1460ebf7126981378e

SHA256
6c59b1e7ba0d2d00643be0704e7013c611997603991bc5935807fc13c4277103

SHA512
4a0e6f976162ee9795dbff72b3721e5db7d01746303b021bc9b844fb5a8ddc35a8adaa51f2ad9bbbe0dba1cab734fc883bb317edb7cfecdec1cccd2055d8a37a

Download Submit
C:\Users\Admin\Desktop\RestartComplete.docx

Filesize
470KB

MD5
33e4cdb342f9009a2349330af744705d

SHA1
557556ba4d7b8345b3789df6041a67e0470cfbbb

SHA256
09a2c7eecc6892ad4996a42498b38307b89c9d62c648cad7803831e45e7a4352

SHA512
ca83c6c5caddcb7e8b598b7758e83cac4e419d72ee1b2c007f8ae35e8b32aa49b9a2b726c8cc03b4215474c3018dceb974e54e3e8d516ffe4adfce9e5499785b

Download Submit
C:\Users\Admin\Desktop\ShowSkip.WTV

Filesize
391KB

MD5
97f3af786473c9dae849657aae42048d

SHA1
02ae790e4721ba1a55feaa926b6fd0d76e470c49

SHA256
15b6ec9758dad25b07c743b1b195c81a4c6b698376daeeb02a9d1e4029f68584

SHA512
805a53627366f6e997a1371a4016d4139870deac68c8adc27a5668492788ae5898ed033a1fc2bf66b30d73914a69effff2557854f31677e28a17c52b129679bf

Download Submit
C:\Users\Admin\Desktop\SplitExit.vsw

Filesize
496KB

MD5
ef521c0c48050d56342ea1aa1f1fce20

SHA1
b49bc5a68f043bd05f8307ddf394bb7b588e9c08

SHA256
0ab24b479c59b36c73b3171ec4ee134261b4c835d54c8836e6a906e717e33cf1

SHA512
08b156a1f12fa543b82517abb21c86719db68dec62a01b384162bb42ee4c6ef18c2be9e9ed9c7c5afc5207dfa0150b741b51b9af70c449cba3e164d258cffa81

Download Submit
C:\Users\Admin\Desktop\StopSkip.mpe

Filesize
522KB

MD5
663aae524f5b0d0dc6de82e0c1069301

SHA1
2a9c0198cac696a75c7e8e7fe61c9f27f561fb00

SHA256
8ddc05e2333a8809be66cdba64c90c58d903c4ce373ce0c31f6add166d3c2484

SHA512
da60e874599410c983e99f6641076cca12d4614c86f728fea444ef229820097d3c7a6165701002eb3c64cbffb9490b6cea7db2a23678e675ff23cf19503aeee5

Download Submit
C:\Users\Admin\Desktop\TestUndo.bmp

Filesize
483KB

MD5
2b58cbaece982fa99ec141414900bdac

SHA1
e45b121e260cbc37f86551ca2a3c4fe9c0d36d37

SHA256
fedf785cb3d204f8e8e3b59c16f2a17b959ff75cf138bbb7c1f7458bdaef8547

SHA512
bf6e42f256e69e94352460a7d1e255c570ba123384047b287cbed545188ddbf2fca36bc21252166b4294d2f63c871a3f5b9f1f53db631b9200ea40ddbd9cd0ff

Download Submit
C:\Users\Admin\Desktop\WaitGroup.mpeg3

Filesize
248KB

MD5
135390583c561b34ac89458c63423b9e

SHA1
d803b45244f308930eba720ed0b6b8f19ed21a33

SHA256
baf47330ed3148e75073efd55774f3ac6acfc068e885e8043adfc58df43e4d8e

SHA512
cb7fcaff7f1565fcf32b37b9ce85a190dc604a43fac82869d3c00309621ec43f36cd5d5de6e76129ea8cd9b0fa04462482c7e2dee6c9cfb28599696c834b3e99

Download Submit
C:\Users\Admin\Desktop\WaitRemove.ocx

Filesize
444KB

MD5
9e84417e8c94e47b67f6c6c353cfa8f8

SHA1
c4fb9dca9327456ca6a7d7ee9a1026d00696ed68

SHA256
c11dc62f3ab3a87ca5d8b4e5c377832a817d035d06264cc88984c4b94bee53c6

SHA512
da021a60795316b996b3cf3c500362b3af02e4ebd622c498d02511e927a35bd4f92101165a22f49ecc2fb3259df43df57a3d33b77319150ed028a3c8ab610580

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Public\Desktop\Acrobat Reader DC.lnk

Filesize
2KB

MD5
10745b20e7e9355b0eee19e7da2ecc5e

SHA1
20d67e6edc29bd1751c597982c09cc501aed5f17

SHA256
d7a6d1cff01c08a690af05a360e5c89cf13e4ae9702fa3d5682ff1cfde51a76d

SHA512
72e26dc1f0a844424110cfc509fbe3e710f4fcc75e257a0676ef021c23b81672c82d302d36e699406a5a2342fcf5aeffc34e3f7c2b3f9cfb1b48ec450d5d37ec

Download Submit
C:\Users\Public\Desktop\Firefox.lnk

Filesize
1000B

MD5
8aae4c0a55153f0eaba4c84a7358dbd5

SHA1
95f72b5704be50b15e2fa51c551066c918b680fc

SHA256
67af6b489216de8b721cadf6af6827797038e12842657f169761ea1006fcd050

SHA512
69ec275c473ec65757356eb630c146b1ffe6deb7a3893232286b2837fc1e3403564e520e231ed2c4690cdcbdf82a15d9d511d66e888d053be65f9331363d678b

Download Submit
C:\Users\Public\Desktop\Google Chrome.lnk

Filesize
2KB

MD5
35372101637f4dc7c7a1be117e22bd93

SHA1
3bd377e1f6dc7b0353f444300ca4d50f55e1ef49

SHA256
6e66ef5d3046b5c665d70d503fc2ef46df0915391d923083af2b8ab707f1ee01

SHA512
4b032fa969a0d3b3ffe0692c56c3ccd21a21557b26e013a2501d8d00b491a84e92cabf952dd34b2bcd8343a79623a5e8f07d54f74098cc6fcdb548549db0efb5

Download Submit
C:\Users\Public\Desktop\Microsoft Edge.lnk

Filesize
2KB

MD5
d675712966536298792caeba0091cf53

SHA1
1dc5e294425f38c018bbdeef6c37ed5418fa0cab

SHA256
9abbfe2aa01eaa2647ddc86fc74ebab6a5309526cf5feb0c25f82c206b226085

SHA512
802c963a35ec8d93dda55bbbd5c8a696e987fe34a1a259b3e0b5d2bfdd051dc63605f9ca8a4fceebe9f7b0f2a403b64af99d34c0f90808c9c4252f38e1fc3dac

Download Submit
C:\Users\Public\Desktop\VLC media player.lnk

Filesize
923B

MD5
d9150fdfffd31af3f2ff3a7dcc000d10

SHA1
02c717b778b01e47b793670833ed716698f3e416

SHA256
658afd099f71932ba212b98b136a399f9fcabfb6d3221a03b5010a3da053759f

SHA512
9e255b21a4d64f6afc45764767207593688ce73c064a19d9e89351db439f9da914923039cdff0c4fe5a97cd6cf7f8b3a3a8cfcf892f244df917408b5bec1ba27

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit