floxif | hxxps://www[.]ve3rl[.]com/

Resubmissions

10/01/2025, 09:55

250110-lx64ba1lcy 6

10/01/2025, 09:46

250110-lr2xeatjek 10

10/01/2025, 09:41

250110-ln5h5asrfm 6

Analysis

max time kernel
477s
max time network
475s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2025, 09:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.ve3rl.com/

Score

10^/10

floxif backdoor bootkit discovery persistence trojan upx

Malware Config

Signatures

Floxif family
floxif
Floxif, Floodfix
Floxif aka FloodFix is a file-changing trojan and backdoor written in C++.
backdoor trojan floxif

Detects Floxif payload 1 IoCs

backdoor

resource	yara_rule
behavioral1/files/0x0007000000023d4e-1549.dat	floxif

Downloads MZ/PE file

Drops file in Drivers directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe
File created	C:\Windows\SysWOW64\drivers\spoclsv.exe	Gnil.exe

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral1/files/0x0007000000023d4e-1549.dat	acprotect

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 8 IoCs

pid	Process
3180	MEMZ.exe
1148	MEMZ.exe
4980	MEMZ.exe
4880	MEMZ.exe
4056	MEMZ.exe
5760	MEMZ.exe
764	MEMZ.exe
1832	spoclsv.exe

Loads dropped DLL 1 IoCs

pid	Process
2168	Floxif.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\Windows Netagent = "c:\\windows\\system\\sysfile.exe"	Sevgi.a.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
147	raw.githubusercontent.com
148	raw.githubusercontent.com
262	drive.google.com
263	drive.google.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

AutoIT Executable 7 IoCs

AutoIT scripts compiled to PE executables.

resource	yara_rule
behavioral1/memory/5732-2278-0x0000000000400000-0x0000000000A3D000-memory.dmp	autoit_exe
behavioral1/memory/5732-2341-0x0000000000400000-0x0000000000A3D000-memory.dmp	autoit_exe
behavioral1/memory/5732-2343-0x0000000000400000-0x0000000000A3D000-memory.dmp	autoit_exe
behavioral1/memory/5732-2344-0x0000000000400000-0x0000000000A3D000-memory.dmp	autoit_exe
behavioral1/memory/5732-2345-0x0000000000400000-0x0000000000A3D000-memory.dmp	autoit_exe
behavioral1/memory/5732-2346-0x0000000000400000-0x0000000000A3D000-memory.dmp	autoit_exe
behavioral1/memory/5732-2347-0x0000000000400000-0x0000000000A3D000-memory.dmp	autoit_exe

UPX packed file 11 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/memory/2168-1552-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/files/0x0007000000023d4e-1549.dat	upx
behavioral1/memory/2168-1556-0x0000000010000000-0x0000000010030000-memory.dmp	upx
behavioral1/memory/5732-2276-0x0000000000400000-0x0000000000A3D000-memory.dmp	upx
behavioral1/memory/5732-2278-0x0000000000400000-0x0000000000A3D000-memory.dmp	upx
behavioral1/memory/5732-2341-0x0000000000400000-0x0000000000A3D000-memory.dmp	upx
behavioral1/memory/5732-2343-0x0000000000400000-0x0000000000A3D000-memory.dmp	upx
behavioral1/memory/5732-2344-0x0000000000400000-0x0000000000A3D000-memory.dmp	upx
behavioral1/memory/5732-2345-0x0000000000400000-0x0000000000A3D000-memory.dmp	upx
behavioral1/memory/5732-2346-0x0000000000400000-0x0000000000A3D000-memory.dmp	upx
behavioral1/memory/5732-2347-0x0000000000400000-0x0000000000A3D000-memory.dmp	upx

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\System\symsrv.dll	Floxif.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System.ini	VeryFun.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
3376	2168	WerFault.exe	193

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wordpad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Gnil.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	VeryFun.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Sevgi.a.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	WinNuke.98.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Floxif.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	WINWORD.EXE

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\BIOS	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemFamily	WINWORD.EXE
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	WINWORD.EXE
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 9 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\.apk	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\apk_auto_file\shell\open\command\ = "\"C:\\Program Files\\Mozilla Firefox\\firefox.exe\" -osint -url \"%1\""	OpenWith.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\.apk\ = "apk_auto_file"	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\apk_auto_file\shell\open	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\apk_auto_file\shell	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\apk_auto_file\shell\open\command	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1045960512-3948844814-3059691613-1000_Classes\apk_auto_file	OpenWith.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 475635.crdownload:SmartScreen	msedge.exe

Suspicious behavior: AddClipboardFormatListener 2 IoCs

pid	Process
2176	WINWORD.EXE
2176	WINWORD.EXE

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
4984	msedge.exe
4984	msedge.exe
4228	msedge.exe
4228	msedge.exe
4276	identity_helper.exe
4276	identity_helper.exe
4196	msedge.exe
4196	msedge.exe
5324	msedge.exe
5324	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
2984	msedge.exe
1148	MEMZ.exe
1148	MEMZ.exe
1148	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
1148	MEMZ.exe
1148	MEMZ.exe
4880	MEMZ.exe
1148	MEMZ.exe
4880	MEMZ.exe
4056	MEMZ.exe
4980	MEMZ.exe
4056	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4056	MEMZ.exe
4980	MEMZ.exe
4056	MEMZ.exe
4880	MEMZ.exe
4880	MEMZ.exe
1148	MEMZ.exe
1148	MEMZ.exe
5760	MEMZ.exe
5760	MEMZ.exe
4880	MEMZ.exe
1148	MEMZ.exe
4880	MEMZ.exe
1148	MEMZ.exe
4056	MEMZ.exe
4056	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe
4056	MEMZ.exe
4980	MEMZ.exe
4056	MEMZ.exe
1148	MEMZ.exe
4880	MEMZ.exe
1148	MEMZ.exe
4880	MEMZ.exe
5760	MEMZ.exe
5760	MEMZ.exe
1148	MEMZ.exe
4880	MEMZ.exe
1148	MEMZ.exe
4880	MEMZ.exe
4056	MEMZ.exe
4056	MEMZ.exe
4980	MEMZ.exe
4980	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 3 IoCs

pid	Process
1068	Sevgi.a.exe
2024	OpenWith.exe
4228	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	2168	Floxif.exe
Token: 33	5360	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5360	AUDIODG.EXE
Token: SeDebugPrivilege	6808	TaskILL.exe
Token: SeDebugPrivilege	5732	VeryFun.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe
4228	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

pid	Process
4228	msedge.exe
4228	msedge.exe
2176	WINWORD.EXE
2176	WINWORD.EXE
2176	WINWORD.EXE
2176	WINWORD.EXE
2176	WINWORD.EXE
2176	WINWORD.EXE
2176	WINWORD.EXE
2176	WINWORD.EXE
4228	msedge.exe
4228	msedge.exe
6512	wordpad.exe
6512	wordpad.exe
6512	wordpad.exe
6512	wordpad.exe
6512	wordpad.exe
764	MEMZ.exe
5732	VeryFun.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
2024	OpenWith.exe
764	MEMZ.exe
4980	MEMZ.exe
1148	MEMZ.exe
4056	MEMZ.exe
4880	MEMZ.exe
5760	MEMZ.exe
2176	WINWORD.EXE
2176	WINWORD.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4228 wrote to memory of 5052	4228	msedge.exe	84
PID 4228 wrote to memory of 5052	4228	msedge.exe	84
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 3224	4228	msedge.exe	85
PID 4228 wrote to memory of 4984	4228	msedge.exe	86
PID 4228 wrote to memory of 4984	4228	msedge.exe	86
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87
PID 4228 wrote to memory of 864	4228	msedge.exe	87

C:\Windows\System32\spoolsv.exe
C:\Windows\System32\spoolsv.exe
1⤵
PID:2120

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://www.ve3rl.com/
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
    3⤵
    PID:3224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
    3⤵
    PID:864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:2376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:4736
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
    3⤵
    PID:2216
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5012 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
    3⤵
    PID:2516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5844 /prefetch:1
    3⤵
    PID:968
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4000 /prefetch:1
    3⤵
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
    3⤵
    PID:2908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5816 /prefetch:1
    3⤵
    PID:4668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
    3⤵
    PID:5072
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
    3⤵
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
    3⤵
    PID:1944
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5740 /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5176 /prefetch:1
    3⤵
    PID:1048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
    3⤵
    PID:5372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
    3⤵
    PID:5452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1952 /prefetch:1
    3⤵
    PID:6120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6136 /prefetch:1
    3⤵
    PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6064 /prefetch:1
    3⤵
    PID:4372
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
    3⤵
    PID:2668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2728 /prefetch:1
    3⤵
    PID:5136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
    3⤵
    PID:4784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6316 /prefetch:8
    3⤵
    PID:1344
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6304 /prefetch:1
    3⤵
    PID:2800
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6368 /prefetch:1
    3⤵
    PID:5228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6416 /prefetch:1
    3⤵
    PID:5692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6836 /prefetch:1
    3⤵
    PID:5796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
    3⤵
    PID:5084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
    3⤵
    PID:220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
    3⤵
    PID:3564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:1
    3⤵
    PID:6104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6316 /prefetch:8
    3⤵
    PID:3700
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5228 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4196
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5944 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5324
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:3180
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:1148
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4980
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4880
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:4056
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      Suspicious behavior: EnumeratesProcesses
      Suspicious use of SetWindowsHookEx
      PID:5760
  - - C:\Users\Admin\Downloads\MEMZ.exe
      "C:\Users\Admin\Downloads\MEMZ.exe" /main
      4⤵
      Checks computer location settings
      Executes dropped EXE
      Writes to the Master Boot Record (MBR)
      System Location Discovery: System Language Discovery
      Suspicious use of SetWindowsHookEx
      PID:764
    - - C:\Windows\SysWOW64\notepad.exe
        
        "C:\Windows\System32\notepad.exe" \note.txt
        5⤵
        System Location Discovery: System Language Discovery
        
        PID:624
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
        5⤵
        
        PID:5056
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
        6⤵
        
        PID:5936
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
        5⤵
        
        PID:5268
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
        6⤵
        
        PID:4720
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
        5⤵
        
        PID:5468
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
        6⤵
        
        PID:1436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
        5⤵
        
        PID:5976
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
        6⤵
        
        PID:4864
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
        5⤵
        
        PID:6172
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
        6⤵
        
        PID:6188
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
        5⤵
        
        PID:6404
      - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa303246f8,0x7ffa30324708,0x7ffa30324718
        6⤵
        
        PID:6288
    - - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
        
        "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
        5⤵
        System Location Discovery: System Language Discovery
        Suspicious use of SetWindowsHookEx
        
        PID:6512
      - C:\Windows\splwow64.exe
        
        C:\Windows\splwow64.exe 12288
        6⤵
        
        PID:6692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3460 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2984
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6032 /prefetch:1
    3⤵
    PID:3864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6864 /prefetch:1
    3⤵
    PID:3172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
    3⤵
    PID:5080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7444 /prefetch:1
    3⤵
    PID:1200
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7464 /prefetch:1
    3⤵
    PID:5908
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
    3⤵
    PID:2380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
    3⤵
    PID:4252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6888 /prefetch:1
    3⤵
    PID:4380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7540 /prefetch:1
    3⤵
    PID:4748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7604 /prefetch:1
    3⤵
    PID:6252
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6476 /prefetch:1
    3⤵
    PID:6356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8000 /prefetch:1
    3⤵
    PID:6996
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6664 /prefetch:1
    3⤵
    PID:7104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=8028 /prefetch:8
    3⤵
    PID:3220
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8544 /prefetch:1
    3⤵
    PID:6584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2140,2853356042283028465,15959997127308460673,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8792 /prefetch:1
    3⤵
    PID:6680
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Sevgi.a.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\Sevgi.a.exe"
  2⤵
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: GetForegroundWindowSpam
  PID:1068
- C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE
  "C:\Program Files\Microsoft Office\Root\Office16\WINWORD.EXE" /n "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Melissa.doc" /o ""
  2⤵
  - Checks processor information in registry
  - Enumerates system info in registry
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of SetWindowsHookEx
  PID:2176
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\WinNuke.98.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  PID:3220
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Floxif\Floxif.exe"
  2⤵
  - Loads dropped DLL
  - Drops file in Program Files directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2168
- - C:\Windows\SysWOW64\WerFault.exe
    C:\Windows\SysWOW64\WerFault.exe -u -p 2168 -s 432
    3⤵
    - Program crash
    PID:3376
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Virus\Gnil\Gnil.exe"
  2⤵
  - Drops file in Drivers directory
  - System Location Discovery: System Language Discovery
  PID:5356
- - C:\Windows\SysWOW64\drivers\spoclsv.exe
    C:\Windows\system32\drivers\spoclsv.exe
    3⤵
    - Executes dropped EXE
    PID:1832
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\TaskILL.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\TaskILL.exe"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:6808
- - C:\Windows\system32\mountvol.exe
    mountvol c:\ /d
    3⤵
    PID:6328
- C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\VeryFun.exe
  "C:\Users\Admin\AppData\Local\Temp\Temp1_The-MALWARE-Repo-master.zip\The-MALWARE-Repo-master\Trojan\VeryFun.exe"
  2⤵
  - Drops file in Windows directory
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:5732
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\system32\cmd.exe"
    3⤵
    PID:4160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4376

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5560

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {c82192ee-6cb5-4bc0-9ef0-fb818773790a} -Embedding
1⤵
PID:3956

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 432 -p 2168 -ip 2168
1⤵
PID:5232

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x38c 0x384
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5360

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:6880

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2024

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files\Common Files\System\symsrv.dll

Filesize
72KB

MD5
ccf7e487353602c57e2e743d047aca36

SHA1
99f66919152d67a882685a41b7130af5f7703888

SHA256
eaf76e5f1a438478ecf7b678744da34e9d9e5038b128f0c595672ee1dbbfd914

SHA512
dde0366658082b142faa6487245bfc8b8942605f0ede65d12f8c368ff3673ca18e416a4bf132c4bee5be43e94aef0531be2008746c24f1e6b2f294a63ab1486c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bffcefacce25cd03f3d5c9446ddb903d

SHA1
8923f84aa86db316d2f5c122fe3874bbe26f3bab

SHA256
23e7cbbf64c81122c3cb30a0933c10a320e254447771737a326ce37a0694d405

SHA512
761dae5315b35ec0b2fe68019881397f5d2eadba3963aba79a89f8953a0cd705012d7faf3a204a5f36008926b9f614980e333351596b06ce7058d744345ce2e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d22073dea53e79d9b824f27ac5e9813e

SHA1
6d8a7281241248431a1571e6ddc55798b01fa961

SHA256
86713962c3bb287964678b148ee08ea83fb83483dff8be91c8a6085ca560b2a6

SHA512
97152091ee24b6e713b8ec8123cb62511f8a7e8a6c6c3f2f6727d0a60497be28814613b476009b853575d4931e5df950e28a41afbf6707cb672206f1219c4413

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
165KB

MD5
a274a27349fb21fcfaa65ee7fc59123c

SHA1
fd2ed7ab65162f3ce9a59baeb290e8fa068c99e8

SHA256
dc60ba0c74202d95502b3ee8b7f671c58dbb6da64f347744584adcd553d0276e

SHA512
2f889ce0a6d8b7e36b79ab04f30414e5e19a4198da521bab1ac79adfe097d34bb14a2ccb2c620fd379338a31508bc2dcc99804ecde284e88c03fc8bbc131ce73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
106KB

MD5
788dc81a13e87c9f6bf67339f117b21e

SHA1
e9a668cb7975f46be153548266bca3e9c1092ad2

SHA256
996fcf9f08004d2e80076b78c8967df66336083849d187f3f76b142221fe0afd

SHA512
fc5e6f5b66f904f5015be8746fc28cce2915f907296c7ac2598153a9b0b2576a5f2cb114489f03f0a67ea8e3e157c57dc319f57407df30c84e5533106e150ee9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
133KB

MD5
11c6da0c6fecd55884c125f89d6cd27d

SHA1
8f8dfc04d65fd943f12c558fa9f1965e49310df1

SHA256
507c4a9c0eef1d41be0ad9d1fa9e3af9a6f3a75b67c23d73aff33891d66c10cc

SHA512
f700a34872755262cd0e6f2aa86fd277fad2fa32da353a41e25b8e111c3881a7bbd4a0619dcab627e86ed2bb415529767e0ab96b7ad3f6fc0badaf4064338ea9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
26KB

MD5
1ede9e3905933a66e0ce4b0cf2e90e9a

SHA1
2785ff8c11ad3855117a3c4dd2bdc59836cf00b4

SHA256
ff21ca7f713de6c0e23eff626f794ccb31b5f68f922cba7e4fec3ec0cda10cda

SHA512
efc0413871558d2009f89f6abfe74730d5c4bf51860e0e661df8af4242d166bd18083e15c29c0eb55f0c6f315cadc7d6338c2b78f311ee13d5691d121fa421e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
16KB

MD5
0dade13d267d8481bb51a2dd7b994b83

SHA1
b7a6a9190163e676cef83693abb8c2e6d64f0456

SHA256
95edb9c8b9634228bdad9d9d237ad933e8be7d3be2c4bacc6599e50124ebb29b

SHA512
d7b0890c98720775f03ef4f75ccf9eccb1f9eb1aea1ca545c562730ca1770da1646bfd97e72886b86d800952572be89f4bf6d195dcde30a7b88439c18c67be38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
47KB

MD5
0d89f546ebdd5c3eaa275ff1f898174a

SHA1
339ab928a1a5699b3b0c74087baa3ea08ecd59f5

SHA256
939eb90252495d3af66d9ec34c799a5f1b0fc10422a150cf57fc0cd302865a3e

SHA512
26edc1659325b1c5cf6e3f3cd9a38cd696f67c4a7c2d91a5839e8dcbb64c4f8e9ce3222e0f69d860d088c4be01b69da676bdc4517de141f8b551774909c30690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
63KB

MD5
226541550a51911c375216f718493f65

SHA1
f6e608468401f9384cabdef45ca19e2afacc84bd

SHA256
caecff4179910ce0ff470f9fa9eb4349e8fb717fa1432cf19987450a4e1ef4a5

SHA512
2947b309f15e0e321beb9506861883fde8391c6f6140178c7e6ee7750d6418266360c335477cae0b067a6a6d86935ec5f7acdfdacc9edffa8b04ec71be210516

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
26KB

MD5
5dea626a3a08cc0f2676427e427eb467

SHA1
ad21ac31d0bbdee76eb909484277421630ea2dbd

SHA256
b19581c0e86b74b904a2b3a418040957a12e9b5ae6a8de07787d8bb0e4324ed6

SHA512
118016178abe2c714636232edc1e289a37442cc12914b5e067396803aa321ceaec3bcfd4684def47a95274bb0efd72ca6b2d7bc27bb93467984b84bc57931fcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
20KB

MD5
fe6e182c22ce8e0fca04e21242825a4b

SHA1
363fb33914dd0ff41a473aa2fc0f3d8e11670384

SHA256
6648d0b2d3cfade77810ab3e50524488fb4aa8e0dc843c66782c8742149d60ff

SHA512
7442d0b86bfa2386a8712e70a7af21adf0494800d55a518bf3bc1ad55a9f24a1c448c99e4ea5e5a9412105398b68255933a262a8ceab103b676645de039f65fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
20KB

MD5
0b17fd0bdcec9ca5b4ed99ccf5747f50

SHA1
003930a2232e9e12d2ca83e83570e0ffd3b7c94e

SHA256
c6e08c99de09f0e65e8dc2fae28b8a1709dd30276579e3bf39be70813f912f1d

SHA512
49c093af7533b8c64ad6a20f82b42ad373d0c788d55fa114a77cea92a80a4ce6f0efcad1b4bf66cb2631f1517de2920e94b8fc8cc5b30d45414d5286a1545c28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
38KB

MD5
c7b82a286eac39164c0726b1749636f1

SHA1
dd949addbfa87f92c1692744b44441d60b52226d

SHA256
8bf222b1dd4668c4ffd9f9c5f5ab155c93ad11be678f37dd75b639f0ead474d0

SHA512
be7b1c64b0f429a54a743f0618ffbc8f44ede8bc514d59acd356e9fe9f682da50a2898b150f33d1de198e8bcf82899569325c587a0c2a7a57e57f728156036e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
37KB

MD5
9f394757279a4ff3ad2a3b668e96c107

SHA1
131eaef19e2953762922d0403a79c663474aa48f

SHA256
5144936a5db002ac68fcedc9c3336a0e0fb038c8dafbcf025f1641986d4193d4

SHA512
aa8b10b03b5986ce59c83b8de223b68cc21fd3163acd1834d288b54382ae5410125f45ab62cf52c12eb20e9d9b630b34fd08686426b2764680d9447d8b69684a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a

Filesize
26KB

MD5
73fc3bb55f1d713d2ee7dcbe4286c9e2

SHA1
b0042453afe2410b9439a5e7be24a64e09cf2efa

SHA256
60b367b229f550b08fabc0c9bbe89d8f09acd04a146f01514d48e0d03884523f

SHA512
d2dc495291fd3529189457ab482532026c0134b23ff50aa4417c9c7ca11c588421b655602a448515f206fa4f1e52ee67538559062263b4470abd1eccf2a1e86b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
18KB

MD5
8bd66dfc42a1353c5e996cd88dc1501f

SHA1
dc779a25ab37913f3198eb6f8c4d89e2a05635a6

SHA256
ef8772f5b2cf54057e1cfb7cb2e61f09cbd20db5ee307133caf517831a5df839

SHA512
203a46b2d09da788614b86480d81769011c7d42e833fa33a19e99c86a987a3bd8755b89906b9fd0497a80a5cf27f1c5e795a66fe3d1c4a921667ec745ccf22f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001c

Filesize
18KB

MD5
f1dceb6be9699ca70cc78d9f43796141

SHA1
6b80d6b7d9b342d7921eae12478fc90a611b9372

SHA256
5898782f74bbdeaa5b06f660874870e1d4216bb98a7f6d9eddfbc4f7ae97d66f

SHA512
b02b9eba24a42caea7d408e6e4ae7ad35c2d7f163fd754b7507fc39bea5d5649e54d44b002075a6a32fca4395619286e9fb36b61736c535a91fe2d9be79048de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001d

Filesize
58KB

MD5
6c1e6f2d0367bebbd99c912e7304cc02

SHA1
698744e064572af2e974709e903c528649bbaf1d

SHA256
d33c23a0e26d8225eeba52a018b584bb7aca1211cdebfffe129e7eb6c0fe81d8

SHA512
ebb493bef015da8da5e533b7847b0a1c5a96aa1aeef6aed3319a5b006ed9f5ef973bea443eaf5364a2aaf1b60611a2427b4f4f1388f8a44fdd7a17338d03d64a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
40KB

MD5
e4c10b0ba1cbde0b44acfa479d2c44e3

SHA1
6ccc6dc424d638f4740dd5e1bf4b5b1b6a9df929

SHA256
65e36a17542b0b5a0bcf3991e55b4f5813e2ebf05713375236b7a200f83fa322

SHA512
f5785e4ba09d65b7d41a14f0fb22e6e7b2b5c0008961c5bc153a05d7771411dc70d602f9b5fcc3aa8a4635459650e9539221edf7e6c27a6d3fcf9148e1b33432

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
53KB

MD5
2ee3f4b4a3c22470b572f727aa087b7e

SHA1
6fe80bf7c2178bd2d17154d9ae117a556956c170

SHA256
53d7e3962cad0b7f5575be02bd96bd27fcf7fb30ac5b4115bb950cf086f1a799

SHA512
b90ae8249108df7548b92af20fd93f926248b31aedf313ef802381df2587a6bba00025d6d99208ab228b8c0bb9b6559d8c5ec7fa37d19b7f47979f8eb4744146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
107KB

MD5
5229229ea75490496d7f8a86d5c2860a

SHA1
f2deb6d9b43e811f486fac1fbee1d9517ce9b0dc

SHA256
487cfcbffcf804d2965bc4d45d846acd8724562714ceae80bfe1ca78534aea58

SHA512
9b42f14e130181117e2379ff23d6e08bfe739e27b0756785d6f20669139d870d4f73d03653d820f278a71f2371213a0104158d791ab867622014b1ab8d637520

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
87KB

MD5
65b0f915e780d51aa0bca6313a034f32

SHA1
3dd3659cfd5d3fe3adc95e447a0d23c214a3f580

SHA256
27f0d8282b7347ae6cd6d5a980d70020b68cace0fbe53ad32048f314a86d4f16

SHA512
e5af841fd4266710d181a114a10585428c1572eb0cd4538be765f9f76019a1f3ea20e594a7ee384d219a30a1d958c482f5b1920551235941eec1bcacd01e4b6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
19KB

MD5
1fff6fdd9e32f914220484aa8b61a9a8

SHA1
671936dbde257df7ff2b49008864f0e6729e270d

SHA256
321e768b15f783898a2ef6e0165a711fdac004f2988899ba88e32a92f910d249

SHA512
18db9a27ea7ccd41411399ec7c6c8619bdb35240865b34af5cc9e5d64711f02efc4c74b37f5af2f1e38502126a79fca8d66f3d5fa48bc7d6517bb7d23e5215f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
16KB

MD5
5615a54ce197eef0d5acc920e829f66f

SHA1
7497dded1782987092e50cada10204af8b3b5869

SHA256
b0ba6d78aad79eaf1ae10f20ac61d592ad800095f6472cfac490411d4ab05e26

SHA512
216595fb60cc9cfa6fef6475a415825b24e87854f13f2ee4484b290ac4f3e77628f56f42cb215cd8ea3f70b10eebd9bc50edeb042634777074b49c129146ef6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000031

Filesize
215KB

MD5
d79b35ccf8e6af6714eb612714349097

SHA1
eb3ccc9ed29830df42f3fd129951cb8b791aaf98

SHA256
c8459799169b81fdab64d028a9ebb058ea2d0ad5feb33a11f6a45a54a5ccc365

SHA512
f4be1c1e192a700139d7cff5059af81c0234ed5f032796036a1a4879b032ce4eedd16a121bbf776f17bc84a0012846f467ad48b46db4008841c25b779c7d8f5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000032

Filesize
46KB

MD5
c4d19d5e76a5af77665aff475f2f5e8c

SHA1
0de6e14c1dcae8940a3facd8abdb98fe242e1c84

SHA256
aafdcb0a99ea7dded6678f3d9e41a9b00ddeb136044959566fb988a1a465684b

SHA512
a69f586b81ab51ab0c5bc7d043562eb8aa533685ec813f06fe6173fa6cec3dc4ba7a2360b042f8db8f8559bb8eb5648ad3dedda713653803727a626487b49a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
282KB

MD5
2f32e8c14b5c1bfe8c18e24c6d05c0f6

SHA1
fdfb43d8ac05c066990b8ba89cc9a8fffea2e329

SHA256
193376db797170beb640475b49ee3169a9d591f631917ae3982d52c31f6b5b8f

SHA512
6d65233363010bd43779369f0dded9eb155787a1fc0a93fc9bfb1907a2233e544650f636eedce6952dccae27f768ab40c91bbb2d9a1178a77d03b83f87a39298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000039

Filesize
187KB

MD5
4cac55c8e1dc26e2257afc96307e9e26

SHA1
7ab6143411ba1f30cfc5d1bc1d8dd5511cd42126

SHA256
41d447f79e964ee9da68db4f99b36fd387e7eb636054e1740fba632750e50c52

SHA512
90710094e91fbe837381cfd2eebbbc09e2e8630d806aeb73de1a10e274ba3c7e732a6a31f4c3674f15724b9db723f48aa325e46cdd9500f3adf4d35b1afc9345

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
19KB

MD5
760206a2cff4a62c2fbc64d62628928b

SHA1
6f32d8c28267767fac40b1195313874cb4e6716d

SHA256
c6f6672734cde708deb45c0e1173189f129240e5ccbb7ccf2b7e644182fed417

SHA512
552d84bf074d322e0a9db34ed352b356213cfeb6cafd21f6ab3c0cb7fa04f438e88cd05d1befda8d0fdffc7651d23262227e9c73ac370d420333d9b1a2e7e93e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4e3cb9be0d33b750_0

Filesize
366B

MD5
93165769608ce9adfc74c486feed78d6

SHA1
8b0c9e283c3ffb077b6b59b8fa997474aa5a7f3e

SHA256
6a2727526585001b7f5fef7a25409a3dd77cf45273267cf857890ef2408b893c

SHA512
0b5f43cffe904b975fd1d65a1e9993e828698c1f9350b1059d2fd1508212f0dd8d8fd5ad8a3e000e353dda8eb78b546e406be28ee7a61657aadabdee29a7c652

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53040a210494ad19_0

Filesize
426KB

MD5
91041a62b7ace996d3f6ac391d5a5348

SHA1
a88ba43684427daf6bcce7f5b74f2fe12d7893fe

SHA256
7a444509325cf5eb0bc5456963defc0c37a8da5a6d986122f5c3c645e6571a58

SHA512
92e8a754cdab0b2acefb60f34f51e53e0315492273323122b135a91162a789c6160e6df15ba3e420d2da6065002f2e455d7d300a2b46d02371cf49c42b5e6f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81cc80d51dd913fa_0

Filesize
28KB

MD5
b42115fec9aeadd93e020b3ec45dbc1a

SHA1
421cfd61f56a91a0155ecf11ee57a69f489d909b

SHA256
dffbe6f592f3f61cbd1fd2e27e3214a23e14d5b3303af09b0bdbf59d8b0f5ff6

SHA512
73b30cbef36844e273b0080ba988723c910219d9cf60e57f0a384b002e4cb4c911bcf603bfa8d8a34c878e68a16e30e92a0d0753d93242aedf00afd7acd27b2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9a169a2e543a11b1_0

Filesize
426KB

MD5
6db568aabb56cbdfccb6e944cd513a97

SHA1
9227ad85dc2f08e0c222369eb55d540ada8d8d03

SHA256
c788de2be7656b326ce19495cc8a39b0b0e894be18dc256f0e69c4be60a786ef

SHA512
3d7e121114746123a1a3cc72d92f011f9e87d9361470d83e0f300f036af1c3b0bfd8d62d94c760ba81513b7ab0a1a1e198eb24c9d09aaf0b6d8d56e82e2220fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a58544851bf1d5e2_0

Filesize
273KB

MD5
90c1a0691b98cb471c77e424a60af9e7

SHA1
9ee98d29452af71a92a3e6c58a4c5594a240cde4

SHA256
7f00b8577818d8f60b2a638b7bf9fd6faacf095ee95c61d8716d9340fb829823

SHA512
36db8ab6be18dffecfda2510a6b09c85dd6342590a1ef2ddd2af2e5b43a7741b6a946faeaea5b2e2562c8c99d35cdc161dc1b72a7d38c4e1eadb77a66a1e0ed3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b5ee1e30e210d193_0

Filesize
288B

MD5
1e0a970deb4aaf565939fb7cd47fccfd

SHA1
f5781e2de6ddaf978a62391c184ed4f650439327

SHA256
18be9466d6707ed30ecd7eff7fc85657d9c51b6f46727c162079b08b0fd6dd9e

SHA512
8d89308d7386382e7fc7aa1b3d75544d6e6ddf83461af756d2dc95b2cb975a586bc99d821a276e52d8848edb5758812f767de03200961d5342c38a7f454a66f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d52d5677a2fbcfb5_0

Filesize
53KB

MD5
8bc29fb16ec0091335a3bbaa4af106c3

SHA1
0d4c95b93b29224a0b21117e9b27654f0fa44721

SHA256
9c0fa2a1b16029fe4b46918389e50e03e54bb8bd9287b6ae5ba7a248c25185af

SHA512
8eda0d87386d77b80b1a5ccdc944b339b81ccb466f0cd6adf52fa8b84db391a6433304d2400d5374e0a9a7744509bfc8c409853099a405f9dd630b40755a946b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e1e309d073e29be4_0

Filesize
31KB

MD5
a65bf1e4d7cebeb29b7d8fef0f0e757d

SHA1
8016f0e1b2986d886085184ea1e8b5f49b54636b

SHA256
257a18ada01ebf99de9dfc922cbaee0ef044fb65abdd6917a9c219fc2fd9be88

SHA512
4418e5225adc19c766934e9983455770f273719e80380a4315fc2385008f329e094548d97a5cf571d4481d148d7b2b79a1a3340d2a31bfbc86200061038c700a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eb0840898e90dec0_0

Filesize
19KB

MD5
986ac3531ecef5841af16c3773b78906

SHA1
c4634a220523f5cc149ca3f576863bff99257a0c

SHA256
ac2ccc87b283bee3e6d1fc90daaf665a4d79e240569d722e6e614fcc6b6b2178

SHA512
b5b4893752bbc8bbdc87928603b77807c02e5700c65f570f56910531801cc8ac81cd5aa3dba1bfcc59817fa4f0838c94b3b09809ccf7df0125af0e89ac6e7df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\faa0dd84a9c45df4_0

Filesize
260B

MD5
9ff203b47e5be004019dd858891144b0

SHA1
9c5a7ca090b50cd1b02e299d3e71226fe4e5f2aa

SHA256
89992ce2bd7d4973c3b40357e3a7b072f47368b4e05b77d075d2c0d40566f600

SHA512
d6df12ad1f99eb8e3004435b35d71069d68b829c3b4f506cc43204f80a59c8005604c75373ec5b93c2259fae9a134af2d31a8ae2f731646b0141f3dd40c04768

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
3KB

MD5
367f5b9e9a1759ddd3a7f8c9091eeb7c

SHA1
99adb750c7c66859b3055f463cf21f31d5074e7f

SHA256
0dccf0472ef45fb80071121cfe2b33a7be120df9659af5fdf4a8a4f94f939658

SHA512
ca9e0cc584f26becf29ce82d945d82877673ea86d6bb2c90891a5a7470f3c83f7767013e9e32c1dcf933dd4ea564b8efe42a252a926c82c3ca8464e0a47155a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
5ee197ad0cfb44f32501a0e0930fa7ba

SHA1
7ee8dbb5d96f6a1540d6cc9e9e1995e42d72103f

SHA256
b9ff2763b1a46ca8aad03f11e643543d53f1b5b2d124ff260c61979bf817122f

SHA512
ea77db85b7d767f29b7a32dab343fab02acede6799619fe6ad4015cb2bedeabd05c6026d31fc09fb361c6d681e5935fcdc2c07ad23c56adc5e0fbe6df4e30027

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
eea290a6d62a10addb430ce723ed3360

SHA1
6e2bbf8724e627c7221f6c4fa172d78bcd44486b

SHA256
95676560e4103af29b472b9ec19cd1ab4ed1f958999d8853c0da3cc2875fb4cd

SHA512
48c60ade83f4d65fa274f45a215bfd97ec3c3bfee119c9a03b5c2a1e67b1cc2051b0c43bd2af03689cf503aee53baf72191a49885e626994ca6f5f94ec0212a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
d83a84f394534724f4f3cbca539d65df

SHA1
e0b4379427e3e7c373d80ff5c7132d5d2da6e2af

SHA256
a6014c3791cf011d55f5cf3fdb7e40bbc3232b8dc108d424cf23f5e3702d08a6

SHA512
f7c4286f25061250b0a3e0797105f832bef92ed97750e974e4fdc0b3639650e8ddb9c15425836ba1c1789531abc3d4d65090b47b4574e4c7b5121aa1980d7474

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
ecf49777b38019785c89ee146ee208ec

SHA1
43ab8157ec43ca55949cf93b7b566bb87328327e

SHA256
9c54123ad64f5b2ac97f20c00f9758eaeda2e3df5aed1c7a702b20b6a02b3c88

SHA512
8150cebfe1f3d8df0f9ce63661ff80c71bb40b2e2aa4653976a47bdcaa32c0678ca7298b796ae6f2dd425f767baf8d1e9643d32ded1f8bbb0f02ad7d3cc57d98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
f378f6ebc55055475484eed9f5ca380a

SHA1
8bec317e553cd6a0254e997b60d426b200d9f733

SHA256
1b7976731a247659e763985b59b44297df836012b5e8d317f599c516b84ab6a9

SHA512
3c8c02d35336b4e8ea7d51542c4e8c2bb453308f11d78031176573abb19e8b93e0ed9a4e370983f5ead1879b209c2359607c37be278c303b380a1aa1cfde4683

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
cf423220b8ccd8cadb0abcf36d41872a

SHA1
1446612becbc6fa4296236d7adf64b37184544d0

SHA256
e9b1145858c5adbbd7a6adfa8b1f80605bfddf386e74d982ba87a3147351482a

SHA512
0eeb4a5f63b613ae3a81e187e9b9b71f73fa5532814b8bbe513c86e9f1c2c78e1a4ef36964736b171f8b25008de46313e974eb962c5dc33299a512b1e38e89a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
20bf37ef96459e72da6044051a199fbe

SHA1
a06474aa7fa6f48d1fcf07b6731507c2f81cd63b

SHA256
d9a793518ed66eb933fad5f463410449650af68579c820ffabceb2ce27a5b4b1

SHA512
a5a519bbfd5c424e2c9bec8bbd9975c3eaf5f095cf77fb5c99073c764fd14ff3c308a4a1144a56e22d241cc13ac1dd11229eb3a5d6c95d4793949c32d9435712

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
73e52b246df73517f31d2447c301ee4a

SHA1
ce4e709aa37780a7c03d289f9a7014de67017f5d

SHA256
eb6da7f3caf33ad182dd91aee0d2972b760324acb3c87c5a354d485ac1701f1d

SHA512
8673196fc77002dfdfb030cd9ee719c83ce6af283b024b3bf5ca70b1e8e0b03929c44648fcb4c0b8b70bd3b7b6a55dd2ef79b7f1a355f6de36d3ea6916bafc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
963b98153e573e38472149488015914c

SHA1
b0cafd7cf5271506dd616b0f05fc9bbed8bd78d6

SHA256
593ea0e4efb42f2a719b3696bff364dfb0ea5d64b9956c70cb247da482ffec20

SHA512
3fd8bbe6f8c3d26c59a7da070a92b73cb4652bd379ce384976c6d058c696f436d9d2152b44f92a88a7a775166152abd9659481dc8a76574aed10b4a6f1a7376a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
04f92ad47a6b6042706813a2abe1a918

SHA1
fd35a0b8acbd3a443658bfdacfc9f4a456485092

SHA256
b980bc609eb41b6e03608e7cd154815faca2038acd92ed340dd31426d598120d

SHA512
4068de8166034b452dfde15e25e09110387f97ad555fb92b9a52e89f502774f10e15d04a294a4d61de3624ee4222f9b0264cff909749d6314971d087b6045630

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c4696afe88b757ac272b8abef9f217d0

SHA1
98396669f20584dce73341661ff3604666592b0a

SHA256
8fd71f23c3c3a812e290b7346f9b249843521e3e2b19e93f1f819abf1062a489

SHA512
2bbb5887c1cc998c3cf3106042f1ddcf265181ae5cddfbae202b9d66af68e19d9112f86f273f393fcb27601d36e56f0b80c39da2e524da22ca717826f622eb62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f2811f594e7ba5029508ea528c30c09a

SHA1
14ddd7e1d82fee121e44a96570753c1d545fe5da

SHA256
b014dcfe891daee051c9b56b4da273b5a8c97162fc5282bedc9a09c1ca536d0e

SHA512
cd43b7eda2346d2eb5b186f1b9cd26500f3d0fd1531fce28490450faf39dd6dc6eddbca73d5568304b21f8f0b307cac87ce3d7c037c0ce4fa4c860d39b457661

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
8b971e12fa544147110f0538007d60a5

SHA1
beeb39c0ded756613ceae13cd38b28810f3af908

SHA256
9243e4e2a9aeaba1c847f9b074816c25f44e37038b8c2ab29a0215777e25cb00

SHA512
88a8f6ed79470a64c628ba376a37c47b18a365b5fa4891051f78da6fbe44bcf5ec7367fa4f1a2bf1809401ccd227172b6f7363af0582384ea24020ced9038e87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
491d7710886cc2720e7b7c7625c06b39

SHA1
cbf31a966be5f6fb8b384f7c3cad3c5dff70b44f

SHA256
f6e36cdbdd56585ac39e51a6dd94789e90135c1b70f7e2beee4528d006fb11ac

SHA512
6a607a639455fecf2a0faf744ee3b50b67d79d7721bd6443ef56819c467bf1e89ffd72f0b79676a0823264bb798809adbffc7297ca387922441458e9e3754370

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
3847868510aad58bf6f1af8f9daa03df

SHA1
dc958518b60dfb0ba1c4a9c3a4c1883af087feea

SHA256
36b35053f26ab0b2f9b0b80e7151974ce4907a0d081f2628061aa828549afb2c

SHA512
54cabb4bce108a0bb0525b8ac6e5334ac09ce8bb57987945df4999a883c7b874e5636e386bbc31e5c6219c0a1a802004f7c44824956d7cd1389daf9cac759ffc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4a6d77e4bd3951060f130c8e43a7c47b

SHA1
86e76ac65be72d97eb8f18308520502afa1c98e2

SHA256
74a7beaf019b439502eed64d8e0ade1ee2a67de9ec8f379ab0aeb2af28d77d10

SHA512
30d551ea84f1d180a012fd9eb25828bfcf6b52cb55f46e080d6251bec246e5e3b972c595bf42113ee1e6d345fa09a6e921e8effaeaeb818b45fcc5a3552551a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
08a71832084d1bb04977d66292e40aad

SHA1
33e93f07507948ea8e19a0c6b7db1f65e0302ddc

SHA256
84f2c9f3ecefc3cc1eea8e83aca7ebe5ff6ec7aac6f2fabefdaa8ab2d75dccf1

SHA512
358f9c1c69e2f4d494f1212eddf88767b98f8199987b35c3cc92dcf3f717f22d51f7fa861a45e6c5377cbe9ab48fd90b51b9bff43b6ef63375f1ae8a19ad9c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
51645fd4e0dc23282a0d7b108bb9cfb2

SHA1
37f4427acfd11a43c85be591bba7282ed1ba20e4

SHA256
8dac0f5dbc0ece52630fa08e9f8cedc6cf355166b39fe6d42680eb3d924c661e

SHA512
7bb82407e25206f1b14374c52e92b7827a02afd5ae0429177ee79902489cbeab7100816c0e2f9c2a993a705de92c18e91f47d878885feaff07bda8088080efdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
8d27cedf2c533477242c4e1592f1ecfd

SHA1
7205851ad4b59c997cf1182ef33f90d54802d024

SHA256
7008bc1a99df1f8c4e3c9381b9d9719e3d7337721eeef29cad0d088115c97e02

SHA512
7b914a671b1951daa827b022aeed3522a32b6196ccf993ba12682eabd0a6f4a7acd819f9ccb3c60f669082c09cab55fa8a4895a1ec8f71083dc765a049b61b15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
64de629d94d3410f165898846ad12d9d

SHA1
3d6c79c7c19968b47a06807f512c50ea437e0fea

SHA256
410a79a887a07a7817524d42f58d26ca28d842cae86e5a93707ffc5a60d74931

SHA512
1f3317f336eaded3f931f5125ad429150ab7f7672ab95eab5c8f46f61997ed03a2a4328f9fd864d4315ca185128f9f101d913c31cc87d852800a90aef4095762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d8251506ac347d99efbc426764a3cf38

SHA1
f702dd72364c6e3873270db178132a965133200a

SHA256
d9674a703363e384a49c9dd8ae6ed0397c51f26c397335d1c96e3e5b7e2bfadb

SHA512
6c906477c9f445c39c0358295663a88753daa6756d6053cf7bd918354740d4282092cec835a2fedfb12e64ea63e943f26592b02c825a8451d58b802b47559b45

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9579973041fb64d5e1deaa2f2f28560d

SHA1
814435e23099baa9b8b6581adbb5ad8b294b95dc

SHA256
81dc4e2e32ce51fff3fc654fa9c40cce9f0c917bc45cb594690f0ba7b454d816

SHA512
a84cb3af4491dabde8520fa11974624d9048df8e1dea4db5fa5db8d969e05f19e5f45f0456e32375186ad45a72fe62330566c555e2f65f943cfe64e4788ff88c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
873B

MD5
8c2a2527c57e4b314b196fb589bf96b4

SHA1
4bce491b319fd72c648cd785b1cde377c469a5da

SHA256
4ca69d85c8d0ac8c02f9a21e82fa7eabad1a907ec79e169279526b2cd051e1ba

SHA512
08daed829f537d9427a39d046b15c6cbc973d58ae76b41c5e894c5d10ca6970680034d371b1205b9caf16def01af39976ff27c6c9bd99690f629dbd2925076b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
803d4d0cc17735abc90525c774d68607

SHA1
ccd21de5135eeffb1654770ee09bc6da477252e8

SHA256
f9725b9160f27f331978a9f311fab2f75a3a62d42b412349556cf22775be777d

SHA512
dacaa68331cd76144da52c6f78def40463192fd01df134312261b7be825d9e93d8a83b77983f388a7c0d7a40259d2f7f765526e102ef692c633ef7396c1f1406

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a2c30711d2499ae097f69f8dfbcfbde7

SHA1
4cb25fa7a3d533b07d7b4cc76661d29bb467318a

SHA256
d22bcd4d97ba791abc25fa023b558ce85349de5cc8fc158b1e8714b9eeef8f48

SHA512
ef1396b8bb5307dbb370a2fb76df0104083eaa04770180e7aa8e7ef14496c8ac7122ecee5173331b4790ef5879a5784c3793854bd24d48c2954bf0116bd93ae1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
20da67fb2b38aff702bc0dab768642d1

SHA1
b82315f5d64406cdbe6546ba607be1cfd0bf09af

SHA256
a9d367597b7cc14b38e371a50c75398c4b6b051024e8d7fe31d39c82bb5ae140

SHA512
7831712a487aa5f6ac8f9c36433198f2a97faadca1e82c27c2e13f35fb08d6e14b77b4aae0ff2a84092fa7d724fa4d32981a17573ddc6e4137ca6468576b4034

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
bc63cafbd3c7c1bf4d09d784400f30ea

SHA1
a4b6347dadfed13eb4e8c6c3122dfa3a76a0309a

SHA256
c1628f5eaa72dec25622f7066966b96dc54a62edc4491c5e2a5e4b3f7987948a

SHA512
ca279c4bf3a0088f7a2289048c9e5a89478837b4e34406f382a0b51a3b0f8253772e637108d122f215ddc679289e8677545fa3da585f6ec70fc67fb2370cd738

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24abc9dbb8711b92b22438eb94df77c9

SHA1
2e0f1e8e6e4933ebfbd1c442ceab999ad577ba9c

SHA256
f8c94902ba9011eaf1df55ad8e88fbc9fc3832bb84f87dbc5ebd50034fc51303

SHA512
7ec0aadaf4c30e9f2d37f6e2d17dd7339c2948cd4c48b6feb9d2f2383359e959fcdeced86ecc02160c3177c93c93006954dc2ca591917bff74db6f7cf64af530

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
39c74a59679267d7b898504b982d4e81

SHA1
3ca845f3411aacf579b703c06c7d3c841e6a683e

SHA256
1bf29d14cbcaeff76d71929fe81e36281d68ba2f3def4ac4bf8a3d6df2fca4cb

SHA512
a873c64479184f220ebcb723694b02a7161a5c68c7ab96bf522282664d43aaa3d9f2942a097c83adc51bfa9433f67172ce9f4240a608118d8c07289d3b1bbc81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
f00bc0adcb48846e48c1af1fda851f50

SHA1
ef11e5d8d2aef5bd7390eabd7b3d7b4330ebb8ad

SHA256
4365d406346513e564dbc0854a631f89077a8b1229b290d3ff9ed39c70ade9fd

SHA512
10a1bf6656d650b38292ac7cf201334b5dd0f21322dabd1ceeb630c79055108d034c392b2c93d8c4fd38fb7ce4d353fda6cc91105d64a9ac5d0a3b6fa001ef7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a503bc4fc971ef8499f4ad096007c05f

SHA1
16556f98cc3105ae2f4011e2e0d493a81509ab52

SHA256
e8e62082ff1b467821efb188f6dd4e94f7dcc57a4a4120d48ac4c87dfdd383cc

SHA512
c729754b738f5c614edfc7a115a1e48f234a7a9dd9ecf47d103d91d4cb2e3d417d79189a8bfff9093d7aa3b1f72ddb44c80aa973388ee122690adf0b8c1d4b54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4c0e450110e30036564f4caf88705732

SHA1
9351771bebfedb7f8bcb000196f9bc3e461ddd9b

SHA256
4d250f0c98c86e25135e91ff413e91833349379e7ac10670fc119f053b6251f3

SHA512
c6646702b44dadab3c54e3723e5fdf6194aabae279c90458c0003d87f60909e727d5bf6faae8cd1f6241b7bb14717c07a4298955e71a106a992ac3349cf5e960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57d040.TMP

Filesize
371B

MD5
6b80b52628f85df7cf43b8f4516b28ac

SHA1
b11853780572db1f3187528e079d07246fc12b3b

SHA256
f5c2be9ea8e635749b5b776f1bcfccdd8812bbd9c3f8ceed3193ff2ed8c9e74d

SHA512
02d2a18a822a3525a19b08799db4a378a13975e9375ddc0b6341e7ccaa070156ac6bb9491cf61d64a27a9376719e26642ce6d07d92fdfb102fef735b96b7579e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\e8d1b77b-07f5-43ce-b574-057a9514e6a3.tmp

Filesize
2KB

MD5
9a0bfac2a4203c1a2bb29875ed70579f

SHA1
6255e3d721a80e2b0bf1f7393a1192b4a172c8fc

SHA256
3b36aef2b6b38ad2af416455f5ec3ab983e1eb7439df6cd8655cd8bd8d098b1e

SHA512
03b488ef9bd19a8b079e950968c21626320e6b331599b3e7fda233e919584a7c80fc09e7b5abb56edc318ed4a41c99e183092968e5e200bafe540499eba50ac0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f5d58a6780dd66346724ded55dbbb6d1

SHA1
e95ca6f57c82623fb9728d107878a5e8af37f46b

SHA256
28bce24ad52ecaf659abca29db602a2b65a8e3bb24b51a7381fb9a194fa4f30c

SHA512
d88254050f4cfedbd094b10ab3cced8aae1175a12eab60ab28a85d760256b82dbb75ca47dda771c50bf056ce5cfc46128bfc19a9e61028084be4f2f1936b5483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
72f3c233e882288433e15d55c08a0a2b

SHA1
4b4b78fbe726c2dc927d11afb459110d4646c86f

SHA256
7193d83aa5291e271bb588a08ce6c2292617239ac9ac29900405ec58420311f3

SHA512
222c7254a605c06d3c50cbf82972c4b8e9e2b2a209a7900564e5e229877b836f815bdedca8db657be666dff5f71febbca4f5ea3ae949db91c4a28e1b5c1b1580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
dcf47729e5e1102ee99aa06a784929ca

SHA1
aae532d498d149ceb2235f7a5d98a52af150decc

SHA256
b85eb1654b596f34a2e931df7823827ee471c9b97012d28e144b33d1f002222b

SHA512
fac78640e539369e00a6220bed2c491714821e6e2934d0750e4f61efc6c38040dd2bf0914f921502f597c335973f953422bbda7b58bc1a96fc0fe67ba73e010a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4a7fe1484b6d5c7faa810abca1153091

SHA1
42ac1e8cb736a165a14ed255191ff2a346f650c7

SHA256
b5ee2572439908b31ee7a6184298e7afc5bdef2a096236620769b962367397af

SHA512
40a7b5505ef585b97ac82c86b4914836b1d9f2b77b38d0c88dea45a08f0beb6bc4fe0fe8d5fbf394627bbd1a6ea5e92c2871c1ec07257c770522c05710ef0494

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bd59de3e-4665-4cff-b3dd-1df44f9af810.tmp

Filesize
11KB

MD5
111bdbd8c1a07deb4b48928439f12e92

SHA1
bf63d3ea7a2735b7bb77dee48f8b0752b9f1fbf6

SHA256
4a450f8ade8bcdce1df0fce421089a82665da3b647a8b2405e59f0c78f0e3520

SHA512
06cb427e061054484ba5d60b9c2db63e78f52cd914dd5d6d49cfc7e672bb34bda571753e7f78e713f6d0092cb46e38f5af71831e7c9144b1ac867d05132e7926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
011a2641fef7b456d4ebef29f1132cd8

SHA1
01ddd272ce2cb072e60194e063754ac7d779b20e

SHA256
839be167af057dcc35eb39b3ea7197b8ae15555697f6e885aaff1680a975c1fe

SHA512
7227ab75acafc241c27fcd92716bbee102c060045a8b770e507fb40721c82db7459e77a0cfa15582ef504281f61d4874e39b6a4505a98db455e210eefeaf6c36

Download Submit
C:\Users\Admin\AppData\Local\Temp\TCD7A07.tmp\iso690.xsl

Filesize
263KB

MD5
ff0e07eff1333cdf9fc2523d323dd654

SHA1
77a1ae0dd8dbc3fee65dd6266f31e2a564d088a4

SHA256
3f925e0cc1542f09de1f99060899eafb0042bb9682507c907173c392115a44b5

SHA512
b4615f995fab87661c2dbe46625aa982215d7bde27cafae221dca76087fe76da4b4a381943436fcac1577cb3d260d0050b32b7b93e3eb07912494429f126bb3d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\UProof\CUSTOM.DIC

Filesize
16B

MD5
d29962abc88624befc0135579ae485ec

SHA1
e40a6458296ec6a2427bcb280572d023a9862b31

SHA256
a91a702aab9b8dd722843d3d208a21bcfa6556dfc64e2ded63975de4511eb866

SHA512
4311e87d8d5559248d4174908817a4ddc917bf7378114435cf12da8ccb7a1542c851812afbaf7dc106771bdb2e2d05f52e7d0c50d110fc7fffe4395592492c2f

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Windows\SysWOW64\drivers\spoclsv.exe

Filesize
73KB

MD5
37e887b7a048ddb9013c8d2a26d5b740

SHA1
713b4678c05a76dbd22e6f8d738c9ef655e70226

SHA256
24c0638ff7571c7f4df5bcddd50bc478195823e934481fa3ee96eb1d1c4b4a1b

SHA512
99f74eb00c6f6d1cbecb4d88e1056222e236cb85cf2a421243b63cd481939d3c4693e08edde743722d3320c27573fbcc99bf749ff72b857831e4b6667374b8af

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/1068-1244-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2291-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1521-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2342-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1204-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2334-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2333-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1557-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2297-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2293-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2292-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1382-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2290-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2289-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2288-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2287-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2056-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1176-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2120-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2280-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2279-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2179-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2277-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1263-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2196-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1443-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1297-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1424-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2234-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1331-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-1401-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2271-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1068-2275-0x0000000000400000-0x000000000046D000-memory.dmp

Filesize
436KB

Download
memory/1832-2032-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/1832-2030-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/2168-1552-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2168-1556-0x0000000010000000-0x0000000010030000-memory.dmp

Filesize
192KB

Download
memory/2168-1554-0x0000000000B50000-0x0000000000BC5000-memory.dmp

Filesize
468KB

Download
memory/2176-1456-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/2176-2330-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/2176-1454-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/2176-1453-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/2176-1457-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/2176-1455-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/2176-1458-0x00007FF9FCA50000-0x00007FF9FCA60000-memory.dmp

Filesize
64KB

Download
memory/2176-2329-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/2176-1459-0x00007FF9FCA50000-0x00007FF9FCA60000-memory.dmp

Filesize
64KB

Download
memory/2176-2332-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/2176-2331-0x00007FF9FED50000-0x00007FF9FED60000-memory.dmp

Filesize
64KB

Download
memory/5356-2026-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5356-2033-0x0000000000400000-0x0000000000444000-memory.dmp

Filesize
272KB

Download
memory/5732-2278-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/5732-2341-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/5732-2276-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/5732-2343-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/5732-2344-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/5732-2345-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/5732-2346-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/5732-2347-0x0000000000400000-0x0000000000A3D000-memory.dmp

Filesize
6.2MB

Download
memory/6808-2274-0x00000000008B0000-0x00000000008BE000-memory.dmp

Filesize
56KB

Download