hxxps://drive[.]google[.]com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O

Analysis

max time kernel
596s
max time network
602s
platform
windows10-2004_x64
resource
win10v2004-20250207-en
resource tags

arch:x64arch:x86image:win10v2004-20250207-enlocale:en-usos:windows10-2004-x64system
submitted
10/02/2025, 01:06

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file 2 IoCs

flow	pid	Process
93	4236	Process not Found
254	916	msedge.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 9 IoCs

pid	Process
3524	MEMZ.exe
4932	MEMZ.exe
2068	MEMZ.exe
4444	MEMZ.exe
2832	MEMZ.exe
2912	MEMZ.exe
3084	MEMZ.exe
3384	MEMZ.exe
2012	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
254	raw.githubusercontent.com
4	drive.google.com
7	drive.google.com
252	raw.githubusercontent.com
253	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 10 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	control.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	DllHost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MicrosoftEdgeUpdate.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 1 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
2560	MicrosoftEdgeUpdate.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-2#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4312#immutable1 = "Internet Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-2#immutable1 = "Keep a history of your files"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-100#immutable1 = "Recover copies of your files backed up in Windows 7"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-1#immutable1 = "User Accounts"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-601#immutable1 = "Indexing Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sdcpl.dll,-101#immutable1 = "Backup and Restore (Windows 7)"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-2000#immutable1 = "View and manage devices, printers, and print jobs"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15301#immutable1 = "Manage your RemoteApp and Desktop Connections"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\DeviceCenter.dll,-1000#immutable1 = "Devices and Printers"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-7#immutable1 = "Change advanced color management settings for displays, scanners, and printers."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-1#immutable1 = "BitLocker Drive Encryption"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-2#immutable1 = "View information about your computer, and change settings for hardware, performance, and remote connections."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings	control.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12123#immutable1 = "Set firewall security options to help protect your computer from hackers and malicious software."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-1#immutable1 = "Credential Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-895555807-3853795127-2958627047-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-10#immutable1 = "Choose which programs you want Windows to use for activities like web browsing, editing photos, sending e-mail, and playing music."	explorer.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 742264.crdownload:SmartScreen	msedge.exe

Runs regedit.exe 1 IoCs

pid	Process
4288	regedit.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1436	explorer.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
916	msedge.exe
916	msedge.exe
1120	msedge.exe
1120	msedge.exe
4992	identity_helper.exe
4992	identity_helper.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
2500	msedge.exe
1832	msedge.exe
1832	msedge.exe
4444	MEMZ.exe
4444	MEMZ.exe
4444	MEMZ.exe
2832	MEMZ.exe
2832	MEMZ.exe
2912	MEMZ.exe
4444	MEMZ.exe
3084	MEMZ.exe
3384	MEMZ.exe
3384	MEMZ.exe
3084	MEMZ.exe
2912	MEMZ.exe
2832	MEMZ.exe
2832	MEMZ.exe
2912	MEMZ.exe
3084	MEMZ.exe
2912	MEMZ.exe
3084	MEMZ.exe
3384	MEMZ.exe
4444	MEMZ.exe
3384	MEMZ.exe
4444	MEMZ.exe
2832	MEMZ.exe
2832	MEMZ.exe
4444	MEMZ.exe
4444	MEMZ.exe
3384	MEMZ.exe
3384	MEMZ.exe
2912	MEMZ.exe
2912	MEMZ.exe
3084	MEMZ.exe
3084	MEMZ.exe
2832	MEMZ.exe
2832	MEMZ.exe
3084	MEMZ.exe
2912	MEMZ.exe
3084	MEMZ.exe
2912	MEMZ.exe
3384	MEMZ.exe
3384	MEMZ.exe
4444	MEMZ.exe
4444	MEMZ.exe
4444	MEMZ.exe
4444	MEMZ.exe
3384	MEMZ.exe
3384	MEMZ.exe
2912	MEMZ.exe
2912	MEMZ.exe
3084	MEMZ.exe
2832	MEMZ.exe
3084	MEMZ.exe
2832	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 54 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	3484	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3484	AUDIODG.EXE
Token: SeShutdownPrivilege	1436	explorer.exe
Token: SeCreatePagefilePrivilege	1436	explorer.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe
1120	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2012	MEMZ.exe
2012	MEMZ.exe
2012	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1120 wrote to memory of 2640	1120	msedge.exe	86
PID 1120 wrote to memory of 2640	1120	msedge.exe	86
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 964	1120	msedge.exe	88
PID 1120 wrote to memory of 916	1120	msedge.exe	89
PID 1120 wrote to memory of 916	1120	msedge.exe	89
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90
PID 1120 wrote to memory of 2600	1120	msedge.exe	90

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/folders/1Fa0E3128_Fq0UTCtHmctLFYdK7BNsH0O
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
  2⤵
  PID:2640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2148 /prefetch:2
  2⤵
  PID:964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:3
  2⤵
  - Downloads MZ/PE file
  - Suspicious behavior: EnumeratesProcesses
  PID:916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2848 /prefetch:8
  2⤵
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
  2⤵
  PID:4516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3060 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  PID:644
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5860 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:1748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4644 /prefetch:1
  2⤵
  PID:64
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4768 /prefetch:1
  2⤵
  PID:4332
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5540 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4856 /prefetch:1
  2⤵
  PID:1816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
  2⤵
  PID:1608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1768 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:4668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3920 /prefetch:1
  2⤵
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2228 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4672 /prefetch:1
  2⤵
  PID:756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7108 /prefetch:1
  2⤵
  PID:1616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
  2⤵
  PID:1408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3724 /prefetch:1
  2⤵
  PID:1468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:4052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2060 /prefetch:1
  2⤵
  PID:4116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
  2⤵
  PID:4212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:3356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:2872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6752 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7064 /prefetch:8
  2⤵
  PID:2468
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1832
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4932
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    PID:5636
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    PID:764
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    PID:4608
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    PID:5984
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    PID:5580
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    PID:5616
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:4568
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:3524
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2068
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:4444
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2832
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:2912
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3084
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:3384
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    - Suspicious use of SetWindowsHookEx
    PID:2012
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:2636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
      4⤵
      PID:3108
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
        5⤵
        
        PID:3324
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
      4⤵
      PID:4756
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
        5⤵
        
        PID:3272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
      4⤵
      PID:2436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
        5⤵
        
        PID:3728
  - - C:\Windows\SysWOW64\regedit.exe
      "C:\Windows\System32\regedit.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Runs regedit.exe
      PID:4288
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe"
      4⤵
      System Location Discovery: System Language Discovery
      PID:2140
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
      4⤵
      PID:1112
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xd8,0x114,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
        5⤵
        
        PID:2560
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
      4⤵
      PID:680
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
        5⤵
        
        PID:1180
  - - C:\Windows\SysWOW64\control.exe
      "C:\Windows\System32\control.exe"
      4⤵
      System Location Discovery: System Language Discovery
      Modifies registry class
      PID:4760
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+code+a+virus+in+visual+basic
      4⤵
      PID:5800
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
        5⤵
        
        PID:5816
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
      4⤵
      PID:5644
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
        5⤵
        
        PID:5648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
      4⤵
      PID:5436
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff97fef46f8,0x7ff97fef4708,0x7ff97fef4718
        5⤵
        
        PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6544 /prefetch:1
  2⤵
  PID:4684
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
  2⤵
  PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7088 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6792 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6856 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:3676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6236 /prefetch:1
  2⤵
  PID:776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3092 /prefetch:1
  2⤵
  PID:5000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=49 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5468 /prefetch:1
  2⤵
  PID:3376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7376 /prefetch:1
  2⤵
  PID:4304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7644 /prefetch:1
  2⤵
  PID:1532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7944 /prefetch:1
  2⤵
  PID:788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6340 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=54 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:2304
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=55 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8096 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=56 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6428 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=57 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7968 /prefetch:1
  2⤵
  PID:3688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=58 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7440 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=59 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8012 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=60 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7984 /prefetch:1
  2⤵
  PID:5220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=61 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
  2⤵
  PID:5864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=62 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4948 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=63 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4128 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=64 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4152 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6620 /prefetch:1
  2⤵
  PID:5544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=66 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7172 /prefetch:1
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=67 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8196 /prefetch:1
  2⤵
  PID:5956
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=68 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7300 /prefetch:1
  2⤵
  PID:5596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,5362411712601795775,14428953290623596138,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=69 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8392 /prefetch:1
  2⤵
  PID:3924

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4556

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3640

C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe
"C:\Program Files (x86)\Microsoft\EdgeUpdate\MicrosoftEdgeUpdate.exe" /ping PD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0iVVRGLTgiPz48cmVxdWVzdCBwcm90b2NvbD0iMy4wIiB1cGRhdGVyPSJPbWFoYSIgdXBkYXRlcnZlcnNpb249IjEuMy4xOTUuNDMiIHNoZWxsX3ZlcnNpb249IjEuMy4xOTUuNDMiIGlzbWFjaGluZT0iMSIgc2Vzc2lvbmlkPSJ7QTQ5NDk3NUMtMjdGRi00MjJCLUI5NjEtRjEwMkFGM0I2ODk0fSIgdXNlcmlkPSJ7NUJCMkY1NjUtQTUzMi00QUMyLTlCQ0QtMjhGQzAwMDM4MzJBfSIgaW5zdGFsbHNvdXJjZT0ibGltaXRlZCIgcmVxdWVzdGlkPSJ7MERDQTA3OTUtM0REQS00QjBGLTkzN0ItNDMyNDdFNjMxMjdEfSIgZGVkdXA9ImNyIiBkb21haW5qb2luZWQ9IjAiPjxodyBsb2dpY2FsX2NwdXM9IjIiIHBoeXNtZW1vcnk9IjQiIGRpc2tfdHlwZT0iMiIgc3NlPSIxIiBzc2UyPSIxIiBzc2UzPSIxIiBzc3NlMz0iMSIgc3NlNDE9IjEiIHNzZTQyPSIxIiBhdng9IjEiLz48b3MgcGxhdGZvcm09IndpbiIgdmVyc2lvbj0iMTAuMC4xOTA0MS4xMjg4IiBzcD0iIiBhcmNoPSJ4NjQiIHByb2R1Y3RfdHlwZT0iNDgiIGlzX3dpcD0iMCIgaXNfaW5fbG9ja2Rvd25fbW9kZT0iMCIvPjxvZW0gcHJvZHVjdF9tYW51ZmFjdHVyZXI9IiIgcHJvZHVjdF9uYW1lPSIiLz48ZXhwIGV0YWc9IiZxdW90O0UreGJBejZZNnNVMTI4OWJTNnFsNFZSTGJramZCVUdUTUpzanJIcjQ0aUk9JnF1b3Q7Ii8-PGFwcCBhcHBpZD0iezhBNjlEMzQ1LUQ1NjQtNDYzYy1BRkYxLUE2OUQ5RTUzMEY5Nn0iIHZlcnNpb249IjEyMy4wLjYzMTIuMTIzIiBuZXh0dmVyc2lvbj0iIiBsYW5nPSJlbiIgYnJhbmQ9IkdHTFMiIGNsaWVudD0iIiBpbnN0YWxsYWdlPSIyIiBpbnN0YWxsZGF0ZXRpbWU9IjE3Mzg5NDY4MzAiIG9vYmVfaW5zdGFsbF90aW1lPSIxMzM4MzQxOTE0Njg3NjAwMDAiPjxldmVudCBldmVudHR5cGU9IjMxIiBldmVudHJlc3VsdD0iMSIgZXJyb3Jjb2RlPSIwIiBleHRyYWNvZGUxPSIyMTc5ODYyIiBzeXN0ZW1fdXB0aW1lX3RpY2tzPSI0ODY1NTMxNDkxIi8-PC9hcHA-PC9yZXF1ZXN0Pg
1⤵
- System Location Discovery: System Language Discovery
- System Network Configuration Discovery: Internet Connection Discovery
PID:2560

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x320 0x2f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3484

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of AdjustPrivilegeToken
PID:1436

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
- System Location Discovery: System Language Discovery
PID:1600

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
71edbd259396abd0c4c6c574bd4c5fb9

SHA1
712a4ad962608fee66f788f3d29193484d3c06e5

SHA256
22d076f18a3b88566d81e040123b0a940068a921f63b254644dbaf7972488dc3

SHA512
0501f9e1361a6c27d7f5c2227c4ce091c6e729cc0a38e9a6f67a0fb24e3770d55937b39a22b64c20340fbc6298678222f866328e2bd30587c30e284761047437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4f6492f53eaa0ea25419906e6465cbb8

SHA1
081e2ecd74ff655f96e28937988b570550cd2534

SHA256
bdb4929c224bcd0d11c5b59947fcedcd581730832fd0a83fb62ebce715919321

SHA512
d6b1ce97104afae524e0b830b7e1e17869d0d3e3d43d00879076ca58c2098287ef1f5e42e8a62edc15d512f88e96d8f47a3cf25fb41ed711c1da23aee019d8da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
215KB

MD5
2ffbc848f8c11b8001782b35f38f045b

SHA1
c3113ed8cd351fe8cac0ef5886c932c5109697cf

SHA256
1a22ece5cbc8097e6664269cbd2db64329a600f517b646f896f291c0919fbbef

SHA512
e4c037be5075c784fd1f4c64ff6d6cd69737667ec9b1676270e2ed8c0341e14f9d6b92fde332c3d629b53ae38e19b59f05a587c8a86de445e9d65ccfa2bd9c16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
24KB

MD5
2b77b2c0394bfd2a458452006e617f96

SHA1
11eff89a8e3e64401818f81a02bdc84e8ecc4325

SHA256
c46f001852fd8e16bb731f21cadcfa0cda8e7d064e11b0faa18d6bb8325acb1f

SHA512
21dd89b9d6874539477e8b8dc8d98877c86595a8b0b8deb624547c3f407fb41550f65ff744c22f25c574994414a28e73f4d0794c5bd49be890fdac7906f0ba30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
48KB

MD5
df1d27ed34798e62c1b48fb4d5aa4904

SHA1
2e1052b9d649a404cbf8152c47b85c6bc5edc0c9

SHA256
c344508bd16c376f827cf568ef936ad2517174d72bf7154f8b781a621250cc86

SHA512
411311be9bfdf7a890adc15fe89e6f363bc083a186bb9bcb02be13afb60df7ebb545d484c597b5eecdbfb2f86cd246c21678209aa61be3631f983c60e5d5ca94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000024

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000025

Filesize
67KB

MD5
69df804d05f8b29a88278b7d582dd279

SHA1
d9560905612cf656d5dd0e741172fb4cd9c60688

SHA256
b885987a52236f56ce7a5ca18b18533e64f62ab64eb14050ede93c93b5bd5608

SHA512
0ef49eeeeb463da832f7d5b11f6418baa65963de62c00e71d847183e0035be03e63c097103d30329582fe806d246e3c0e3ecab8b2498799abbb21d8b7febdc0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000029

Filesize
21KB

MD5
38a759878edd6734647e9cd996017d90

SHA1
196bc2d58c375a19cd5bb30afed86775d5c88842

SHA256
405513788623c259826d8340da7c0dfe462a4907df13fb9e68ff6144bff4c938

SHA512
8439ca471004ad93669750d59d029675b10c112e15a2666cd5995843c36a3b3475f9dfb36e06ee47e7befcde5fe66cd58f35fd8a6bbdd0a02d5c5cb0ff6eafc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000035

Filesize
25KB

MD5
e580283a2015072bac6b880355fe117e

SHA1
0c0f3ca89e1a9da80cd5f536130ce5da3ad64bfe

SHA256
be8b1b612f207b673b1b031a7c67f8e2421d57a305bebf11d94f1c6e47d569ee

SHA512
65903ba8657d145cc3bbe37f5688b803ee03dd8ff8da23b587f64acaa793eaea52fcb6e8c0ec5032e0e3a2faacc917406ada179706182ce757d1c02979986dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1e3c0289834dd9a0_0

Filesize
288B

MD5
2dbe29ea49579798cc3ba9a588f363d9

SHA1
f5635e3ca8b5c1b290f51a18463256f1c12ae8a8

SHA256
d96dc4f19faeeb405b81df0413b5ff76a81ba7b40bb86b7cbb5ee57a2e7604ed

SHA512
70d75be0c882f9c104cc313b9ec6b4c59ec7102141b32347b124bf33b62e1cc74396f47a6fa86e0eb4348f7d7480f5e977cd9790aaa089dda81f51f8b23846c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\6d54f0d3221c043e_0

Filesize
417KB

MD5
5acc253676638fcc1eef56d7c50ad67b

SHA1
a554302122243b6030cb3f6769a41482add6553e

SHA256
891654addec81551cdd620773ea6d4462a475d75d7fd3b2d6d24e908bb7dcffd

SHA512
4a2e209538ceaca2e7acf84d8788f8fb7d75d191d3ce4e19a71ccf7b46c82823d871f82f88ad68249867b6bc52e1813a01d968aaa3267a178cb697586b163835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
54590016625c8f5c69e3cc9904455e67

SHA1
eb4403df198b969e2d773e4701ace629d7e545ca

SHA256
f35a5e7b8487fba743bd9cc696c4b78e42c2667222b771a5361c2548a7add6c2

SHA512
9b402160c9d93d3928cab79499beb01c6ca61432fe032b35421571da88f496182744dcff65ed44d37ba24b39cf4ef270d73335a32d989538df2d4747d5c7c5e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
b807d06b421bd850b681a2e9ed985b06

SHA1
102df34443a56fa8c16210b0a2885bc968baa8a9

SHA256
c92a6fed40ff852c4d543f55e1ca96c16dd89f5280c1cc17dc3db62c81e5c214

SHA512
6b878a578a92037cf5e60ff8e4a94599e608235d19042e1799ef5a6ce0c2853b4c2053fcd3ababba4b74c1f023afa5d57b918cbed9d94f5a0d7a34693a6d70d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
e755cbbeabb88d33c20bb06e5f87e0db

SHA1
cc7b849a998d7330f0cb038f55201d146fff5568

SHA256
ec961a0be2ec96d30761bce1c87ac7f5f14544122372def2d471842a1b351f52

SHA512
31c949e718a1638948442efd673750cde2c4bdd2c385b780e0b2bd4e03f4b1a549be2b081f97a910527773199d8fd79b4290ab7ac8a1ab0fcd58e8f3d68d9b17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
c0dddd62fd7e4efbf03ebe0e4dcd7881

SHA1
b28f9364cb362921b28b7a20a200388663139230

SHA256
5036812a6813f3890c714f9d481a81cec424db50256b32a0ce17d046549942c9

SHA512
f9a985d80ed49ed4b307ca751d2336c125b9427caba5546190b4838067dcd5cc0bff355d0aae081946e86b4d470dbcd9d90a7dbca05b9703537f1034c215750f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
c192a378eb8ecf0cbf744cb141108959

SHA1
3ff140b98113cd9d386d31d664b2dc33878f783a

SHA256
0d0a7e3a7ceb8faf0d3d7e45ff6516a1cdb9dcdc830d603affdcbf6b9238818f

SHA512
a50b1709eea2256b3f398269020db9c8772dc68f36c7a45b69289b53d01aee442193cb18c4841b86f9e6c7c4285ab3e70544697ac1935bcd6da25037d5a375d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
9e20736da0b1a398a4749991efa13ded

SHA1
12876653d4a86a89b458fde75a0162cea2459d33

SHA256
77f4e890485c8bda89775d445dbc9cbeacf3fc1c3bc5a18effb2eda6acf5be45

SHA512
3594a5bf09800179b3fb066eec3ab8f90b77293e38f9a9a4f7351ec8ba0a36a8194902f81db046e5d50b08859f802197b18408fb26628850a08d7c413da85cbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
5KB

MD5
3ee6e19934a85035ec1174df57123975

SHA1
746f1fca4e4faff354aa560ab2c324a8a76ec165

SHA256
f26f3141b7568e3d08a093b24ce3e01c74fc0009cd767f051116a4d15488bb92

SHA512
1934507693b199204ef5e132db8e61294233eb3cb1d14a0bc77aaa1804ea51c801fea28bf23e2cf63bc54cbcad18dac222c784b93a733ba56efc03d59eea3c0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
ef1cb817509b4e8b7f1bb052c32f7a65

SHA1
dc58ae0cbe94dd87c012de828234b5d722da49b1

SHA256
032c9ca0292b7f5fba97727a6342864159f1a8bc6b42003022f8ba2072676e6e

SHA512
6b7548a0d363ba16da43ac6fc094b31292d3f9b1bccc2fa6203ec65d76fb67c0491759bf448b283ef81183aabbdeba08ba29a7b9320f5590d08901d231b29714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
6e02c4076a63833756812d081acbfa2e

SHA1
aa688f864aafcad0029af5131512ed90badb1c61

SHA256
818fa9c66a44485d7589d3177c1b0eb3f6b68989b3bdb3d89c7cd3ef95fe3e26

SHA512
90b54366f1598664079495cd4a6f363f0013925b3fbafb3c43b8fea4d064a7fbef7608c0a7e9a9e9a9f9a92e234459eb9b1e801a7c9e3ddf3d896c731dc9d20a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
a5a3ece1762c23815efba63e61cc807a

SHA1
0871a85e127b14847747bf0c0aa1f4990039f53e

SHA256
5bae59e32db84399500dba7d5a45561395711e612de67213317ba50468f6094b

SHA512
09ccffc4217a3c38afed234c2fa60e651fd3c12a1c6a82d350765f04445af2f1cf4cfebd536030d3c3776e6ff6c79c97b3ca4886cd66e9c9d3e578b8f8260ad9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
4294be4be82d9845687245d6c90e246b

SHA1
ffe95a4819df155bc28dd290d919a83849422dc5

SHA256
84602cfea57e54f39682b1f69db8ef37620742c4cfaee5b4f74cd23f225d5b7d

SHA512
3db27f64b85c954c24dfd081f6956761f100f0f76ea7cff07aac31b8ace26da5a3d2bf1739109a19e800641dde8bb8b1f3e3dea2476779e63ab27c9777862f52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f44ded8ba746ebbb4df210d783eeae24

SHA1
2ffb731c9a4d16d66de7441eaaf5882638550b28

SHA256
e26a6533952979fe9444fe72a19e23464635d5e371462f44c181af26cfc0eb8a

SHA512
ba9cdab752f8afd0c8c14fab32c93de6f09f8b619100a1b41dcadefa9bed092f55758f790e85b49b611e63ef8fa417a41e55f2a6301fc6889d1ebff838a87ea1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
63c6577551e31a725d3ce392d5ebb4bb

SHA1
aebd4ad5f445a2e9ac1b418b31c3e6409eea8ebe

SHA256
97ccd9584239c2c5ef4053bb895b0423ec33c51905982d3dd3b176233347beb4

SHA512
8a7b012d0c7d2cff60145c47d6c99d6332055dc9706a85564afea5ead0c6db9f9ad29ea8657129fb5951ea7176b3a9f2a24298427c8147d92aec632154466c8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c09b9bb9f45ae794b2bcc120fc896172

SHA1
ef1eea8d03a03fe84bb848e925e6a71a53a51aad

SHA256
c549923a089a3518faef2cf280a76469d15e2e4eb714ce657d41b7926428ae8e

SHA512
0d77fcc40f61446d47248ef444c0de3ed258d11d7c86039a6e293f3e6a1075b63d49473270717c72a7fb68be9b6076b1063fed84fa0142cdd4d8274c9e810a1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4919bd3dd3fb4f7e7b0e000c4a5dd723

SHA1
891fd51f6f5931d3753d4a80e7ca367658491a55

SHA256
9843bb4599fa27da29cc8451b4ce333f5a47cd5de4330aa382ec6b7404d7c1a8

SHA512
45bb01d79bdaa23b3801694338bc5e1618447a043143dc44024a227fc242ac364275952b558a0ad7a12da62d22d14af5a4c12ecef179d805be87757ece68a75f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62d4c45312c776a8e349402993b2307e

SHA1
7da51abc77840d500540b8aab3abf97765c9ee62

SHA256
50ab9ae0ed7167b7400c4f2dd95bd2fb3a84e0673dbcb9f3a3ec33d62722f5ef

SHA512
a169f77fe7f98a28c98fc6502074432f29778e97715834953fff082ff566f866acf3f8603c78a327971fa1a914e0489fcd839d413282adf148168c7b449b7c0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
bac5d6ffb80d271fe14e239960fff981

SHA1
ab7de28b706a76a002f744dcc6c0531b471ee7ad

SHA256
70726174ef1ee8582743fdf45f227aa6f7e52ce7477562a91666c9779c314865

SHA512
b5f62fab0b90c33b6a090e0a587d2478cd3d78894b64b233c33b98ec2e58be933b04aff307c7a7088861545220b1edf339888cb247c6baeaaf0666d2b53904fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
c8f30e0a86024bafd08f6c5412508633

SHA1
da76e1560ac0c8a54532bc020dab5553e228faf4

SHA256
145d307f6fbc05d03eb31d60a8c9d49ee6b8e621d18cc70cf3554e10737699f0

SHA512
d99e1575d2ae9d4667a2868638fdb0e2f03e96037522943a8ee49b68940e35212eac44200e45d3d69bf5a804bf743bbff44d68554d3c8453ba7de019304f53cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
c572784505a1c66305387b2e567e5711

SHA1
45d4c7e58a6964d5d7076b73eb48630c2337b7a4

SHA256
52c5876ebffdfd01984c19ef5c3ef6ff7f74cfc95371860eb4ee3737c65c7eda

SHA512
a9991a7ced9d0514c3936efd16f4f9017966c4c884b93e0d363f2e3b37c266b3f4fdfbb3feb690a821e0f334ce8fc5209523a1a595922cb78757ec74aadae34d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1fb81de4ea8ea4d869e1e5712662e35f

SHA1
24f49b12ebdeb60531422f86974db441c691781a

SHA256
ce1e195a9f526aa07c26cf678f3885827e51f97e65710f6e2aba1f5874ef90e3

SHA512
0c76dd1db9963b380352fac15d206239fbbbc23bb81bc1e55c5f828b8e75911688b916818da72c9abe2c28cc2ffd1fe2d88144d14a2c0309b7defd8720691d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6777c01c93a447caa5d03f8d4de6d663

SHA1
dd88cbfcd878146fe0f1794efcad1d5119dbedd7

SHA256
4a9f47e9f620affb9538653bced177d8b991a02b4b3befb89afe1d211da2aef1

SHA512
c12956d62d944b939456b9c93603330f96ba2af45f0d34518e6a3d9c1eb980f2ce7c6cd22e473db58ad639d2c75ec08d9c4ecc354af92c84c2c9060ae2d642be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
73e4d3f5bfbd01b37e2cac56756aec9a

SHA1
dccf9735f1f5cc3a17c623e69a4546d292e0315c

SHA256
076864c29df0edb45fee2db66bc2f3bf06d6a79d2fb2c247e9568b9c52d3995b

SHA512
5d73d7afa31633551c2d67ef11a582a9f1cb34ab32bbc0099a86e48d5e7870d7b5ae8fbc431b91683e7dd8a2df5ed0ab890749cf34bf6e61a698a0b13b47826e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
781865bd5a9365561b7a799a4eeb837d

SHA1
b07a6598c6a09015a9921216a9a6a38e02c6c871

SHA256
b59429fb946980ac519ea433b4bd0a30535cabb60dde7d369d2cceb623eef380

SHA512
dd4c01f12b0f6e7f04a7df44a0c1105b2ade8e3e78a249cddc70732a7360a51ba81716728ff6b42e4c91dfd038527d818c43bdaf0b05a1ede57b38f120a9d5cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
dfa61958bb25714293678facd2005a6a

SHA1
6b947f5214f8a13300f801469c0eb03f97359f4a

SHA256
4ebf5ab5f4682a18ced83679ec1d2e41e2783aa26999a95adec911c104990cfa

SHA512
345d321c2edb00accca6201b05534fd8687841389d49a7f12b83c4bd59810d777a336ac063c8075b5ce1829b0539cd7c120bfe0dd86cc778c9ffc4498238798f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a020676b4d5386f8e9c009a2ca6bdf1a

SHA1
0edf433c3153786a33ccf95f4a89862f7bdc2b5c

SHA256
10d4ef4a5334f9b5a7d3d5b8010594bdf726c4739f1ee71cf2c62dd5916ea655

SHA512
1f10fb7bb1f5dcedb7e662328d2ed73d795a2a60343949f73adc3bce193c8cb410a8fb3111bd78237f6b31e077f89bf5788c054bef18111df381fa1cf918844f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
ca19d361ce3e6335015598c7d191966c

SHA1
6a1446b5c5c8fdb881e93f6931f8399d98f2c1e0

SHA256
1d1a31ee6c8e1619e1aede715a605109553ed645a73eb26d67f4b3c739acec1e

SHA512
f1eb8026dd4f209b3b6d08069c8f16bba5e24a54ce81c1d626b9a229177749a9b645573ea1013d51768325d31dffeceb23578ea03be43e3f18eb0c77c72cddbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
32c3cae3aaaaef27191bb085a2082a9c

SHA1
82403a0512dd7709ef37121903e77ff093766dd5

SHA256
3b30672c6ed2d57a98ac2058d9a13b82dea2e856c79077b3327d954bdf53b6d2

SHA512
855eba97e81bfcdbe35396e2ebde43d89285759df1b2704905d7f7e71ab0b2254c8b4f9a8c7c0f671244c36cc83e18a00786e56a16e844406ed0956b34b4c72b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
de252da405bf86a61c57960f9bbe86fa

SHA1
cf222f7582fe5a57f94174d3952d7fca0065c5d0

SHA256
e4419852154051a564bb4aa0ebc1736fcc9940be9630bf33502a87502bff5588

SHA512
81b08b663f66b3b0442e5dd1dbc3c04c07ce623f45bd86b64cdaa469bbc253ccf0a9afac96632f08617c4af73de9ef92acd426a21afa9baecc0d9a8fe95314c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
9bd155bff7a9a058ac6f3ef2f1da0d13

SHA1
c6cc0e934a05640ee2f13d978d3dde24bd3be9c9

SHA256
326e9c8aa9f08b39aeb399c21193c2452af75b3f635456b845ec11db3527304f

SHA512
dfc8b17ac6c1995e3a36e59af25232f37fd0aaedf1deaa18791bb7dac25ffeef478801f1c08e5c90dfdff810fbc16a8e89ee59cb61235e13593f19cf27a64eab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
6090953d0cd9e9cb07c825dbc035ccd2

SHA1
e22d590f123bef946a5c2240c2a61600075468e4

SHA256
db3f4ae94e430a42595ee10d2faabee12ce16cb42f92b0031eaf4d04322f8de4

SHA512
c6ecd5c657ed51b3350b6269402eba49bb542b728c2aa317b5a0c862001116063adf3a979f9002823b669365e2bc9d06ad8ca9724b19f73849fe65066687ce2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
7b2187a68273152c617519e8e1be97b0

SHA1
1ec639c72a5a6bbdb762cb6f71bf998b0d092509

SHA256
c95bd4d3524a649d01b49a738e2375964599e991e4b39136293b53697d706445

SHA512
52b54c4ef2f3722f9c78c7f6cdc054ec454669c6c532df5a63c00180d49a146f5ee4fdbc5a9507a53c62c142e1beb4ff76dcdfca77af10f8545ada91be4d5fac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
d2622e7107b4701d6bef5977790e7f97

SHA1
39f2330bb28cc6f739968c38b6b58b4e514eee48

SHA256
d9896b318db7928fd0690aacd283d996a1bbef3edcd946bcec740140c054bdd2

SHA512
941c96fce880f9d75f5e02ee62563c7204fc6157018b1176d9ba3fc030ed4c2a0a84690e37b789f214ea2f182c303e231a64154ed7b6beda2c980abc45e5f4a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5fee41.TMP

Filesize
48B

MD5
35150673d7ddaa20980931e1e2604978

SHA1
9f0fc4199495b39e3b24c64eb8ba6b2d9ddcc158

SHA256
ede1a4e45a186ea6564270d7f0d334f47ce242e0b901fd642e64efa760a43951

SHA512
a14ea842e25977d1853fe8479936cbeaf87d2e67793e5219fe88aea8d00b0a4a7ab35ad3d23c22ae75098b8cf21085824598db03e6980c036b8175e9a9ecdc6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
045f470cbd16c14fe312373c5e492dde

SHA1
019a28fad5231e6b7c47b6dcfad360fe4a4825ba

SHA256
191eecf0c022d2d1e0feac2d70410498d4ad268fad1750de4fec6eab2b050b3b

SHA512
0d6cdb6c254f4c5917ca439d2b7381e5ae40110c6dd9ac42d67d7c8f9401b70c275e72eb68a8f6d7116efcac96a5e426782747118d4e250644bbb6563707a4ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c63548f7ab84c05fe73efe18c0466c00

SHA1
96e13d86a3198fbc9300b0ac65c5345002879a99

SHA256
a10959b656a4f5e8ab7a121360d1547f881b5826b1ce5c4cb236f7f46583c490

SHA512
4a36177266384ae1a3cc6cd24463b8b92ee1bdccb36ff203ead6053b163be20a8179ddbe118dd8fb6d38ba934193e4a94cd7e5db328d16470a30a04de5a7b5eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
d95a55dcfd525bb99077628283f31547

SHA1
84c25303f51c895b2b5f3b60875bee35992bb0fb

SHA256
55a7a8f85efa2b8312eaef9dd6ff53878103df23c821ee0aaf07411b1a9901f9

SHA512
48ae6b603d953bb692d53a3e8a49f1a3db8eacb35e2b0cce0d8cb97978a9a8bd42ecd582649f12e303547d0b4cc1946ae205675685637d84c0aedb39da271a52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e6d650885a5284e1175296fae9520c35

SHA1
1956c2b446fb50a139e40309f4d256b3415a262d

SHA256
c2d866a4c4e7b79e97110e5dc1bda1ac8291ae8d1a0f28dfd4afbf8af8b63873

SHA512
ac64e16c1b5b94e021767fd2e27bf2e7be9dacaf7b7306271f9a8938ffa90e0fad4a0ae6b6246a4ddf391441c56c21b6b4f6a013c90f416ddfb0420ff716ea09

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
7567724670bb94240db003328f2bafaf

SHA1
d6feea56f20f77c5df93df112674f80657bed170

SHA256
0891f21e11731ab603c599cba5ac2a2323b57867a2b666c66d6e8c73cdfa99a6

SHA512
0994476ba81bc694e26a05a7bb25687db49eeb1b79e4c03b83c08b7ac5b671bd69c6ae6dc985f50da6b382cb3263c86157e7e4d600199541524a1316ef107e50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b1784443e1d74a5a716cb416ff6db08b

SHA1
3361c7834256704e42404668486d45f032375ffc

SHA256
56136e7dc5ea71b29ab4938a324181f88f8096893b877ef235297be84bd43234

SHA512
b64cd9db4ef3063ff418c75f54570242be3c823558b8c126ff26a8c317c373614e27fa664356f3fdb9ea3dda3d473e9a262d172ac95de5e8df015695e95dbed0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
2c66f7f665e537e6802e570fbddd2ea1

SHA1
ae0cea91eddc8e0e624e1b6dba583189b0bf70c9

SHA256
f2de5575ba3ea9fce1808a1ccb2560fd1a156688a18ad89c5bee891888c76695

SHA512
559efe2eb508d021081a8cf952ab11d1188095989edff5ff0d780502cfb7959ab3c9205ea50147f1236ddffd7206333b8f409296c5e3a040b262ceba284cb38e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d31f1e20700b4023e351857f4687e62

SHA1
ef09a4aff76c6c1d36a3d8bbb3460c97385d0c85

SHA256
a14685472e234b93fa98e2364010a59f96e29120b5cb5115fa2e83ff2e303e91

SHA512
c524263c092a6b3e7f7120d6799de23bf7f123a267608da95d28bca38baa76b064e9f27dd635c1496bda904d22d2f03124f715e73d8e40e73b6249d6d2a39326

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e4fa2858b4a75367d52cccf5ec2dd7fc

SHA1
0b2ffb1d1aabfa75702261fcb520b047ea50405c

SHA256
6aab8e5d69d36a7e73059119f257114545ed83a968a76c4d5671fb07fa3d6542

SHA512
9ee4adc8ee04a1aa9400d2af17c37c293a939663a8fce9a5acd79ceec4e21632563e3824c8ce6699aafef9f00f1f37bcfb7490930678d9a14dbf802a813cad70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
934c7bffa1f5fe7aad777491cc6153d6

SHA1
f1a4271e2aa7b9d9c197d010a22b9f7332fb4097

SHA256
0fc4f49f361ba6f00bab54f8c51ce92df6f07382ddfca5efd87613c3ecb6ecd2

SHA512
51531cc4c26ecbc968c918cca914b7451468593ad0fbdce477cee694d3ea83d2bffeb487398d1300c800056aa7c56e9a8c7bfe0a219a973ad75b4a1e3c80ddcc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
4702cdcd54e94307a33d5f24fc9e8058

SHA1
e65cba77161f1f9813a73bb5cdc624bbda3d7495

SHA256
9404966fb1a33b2f2b32dac7d29d66d87cda73380d76167aa093d5e6b5fce01e

SHA512
15f7da9751ce4087c0ea6a9c0175d070b2bf86d8c8d5e56f72808c1fd3bb02bc3d5f9461188027c8b2eee5bda8ff6279aa528be5f2acea976e1ccd69c6d86117

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d04e1968a2b5801af52bd1b7c9c7642

SHA1
b4fc45eb7d1464c1207cb7f4584d206b2f658f51

SHA256
245c9b7702e008ef3c97b8bb5e61422e2ddb6c8aa80610c818b7d216f0bd6867

SHA512
034a712a87586f4c1574297379acebbe8fafa35bd13193cb074cfd5e4ab8d4a3e5ba2633c50ff6d52f7ce1e3942a97decdb82ba6065bb34d1cbf82bb757c2ce0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a6f16deaf59b5f74b630c2872070c020

SHA1
af22a118e5f6838b0fe4ee4f37c2f9b22cc3f3ab

SHA256
975cdef6db695a0c3478ac84846d0c15e6be3cff30402cfdfc77bf014ce114a3

SHA512
f69a2b606c155064b22b856a563ff9a93336aa34d839d1d4c6922c89b4915197f0b526f6c51b3ad4e7d5fc791b05d479e07a7d45d336e0151682933c9e602ed8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
942312cbed5809fd3a4e83a9e5cc2441

SHA1
84f4cedb0c116501895c6120563ff4c5abca420f

SHA256
9346720560205a40c656f22d7a3ef4b631430df08484d17215e89aadeae5d884

SHA512
5f16e6eb18369001b4b1cefd50cf7bc135cc1ae82683aac8eb65e2af2da1bab852e6bc8d1a9591373c7d43780b2a69e2b0612041daa1e1029bc9b2d3f8acc089

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
155f5a53cf11d0c3b7acf0f7ddecb24e

SHA1
5c4c2deed48d574411c3745268ae6194f1c318a4

SHA256
62ba4ae033d4efc4ccda2e86c28eab79bf4cde1d1a861afa18159175ecbcb161

SHA512
e2ab43c505ca8d27e630d65140c43638d91488e8d65d60b315f4305562ec9b692c53d95aeb652a9ca38b37a403bc3438a64494ddd4863a83f4992c83b856d088

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
4KB

MD5
af3b5a78c4fa0f6c324b028382395c93

SHA1
7c55e83f9c858677f9ae484b6c7611e0c5f476d1

SHA256
6ede0e6f65807f74e509462f54c173280897e95d48a0914872a9758b6ac70954

SHA512
74b8a37cb2c2a997d7eb8f3712559bd8e57903d83e4529426bb3692e01a24696d8e0edc3ce1ce42e8db00e68607e839f43a2e6b5ed65bb2732797919ea85cab7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0e15f3770a9472e04539dbab9b62adfa

SHA1
c60abaac2252d6480ad0744cde426a5dce4a3af8

SHA256
85dd46446dd10da9538f747f578362a983021eccfd2b22cc2815cf1dae003ca8

SHA512
8b2401f19fb103a563ceae7d9dfbdc58981fa24d4df02eb1a005075d6063952f41b3fab53a6d9c654ff66d4916bb595d6ea6460b40ff2c267d93b64265724934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b55d27ee1e95bf9150f5200babdfdafc

SHA1
787ee671467d368caefb9295aea0f4b68ed15c6d

SHA256
63723de650072798862d810a8d4a673d47eee85f9502cccdf9db13c5bea844a2

SHA512
4d22d28ee9e98785daf882d80cb9482ae7dd210f4b78f3b13ca65b579148190d327b75fba33455390bcdb1f58741d40f398311f4c6cf87762a1e548c82511b78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ed1d89f99acab63119d012707dbece1d

SHA1
899b945269afb0d3ac290f0e0fcc08a3c1a7a22f

SHA256
93782b5cea464a730789a3b0b753bf2a2410518174c3183947fec794fbf13c17

SHA512
765b697814225e162fd56d56c70e05c8f32080978015b4f6317daa8b4fbd2f9c32a38f5094e08d8cec713296d7b8fec8fcc7c60f06a4e45a631d29b3bf3c6052

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0207267e416c5111deb99920e4d54f13

SHA1
acde43aace707e40b5812a4e062746e7e26eb4db

SHA256
37a87296c958a72583a9dd80966f93b66a755b92d31f22f1b1bd56cc54c7bb62

SHA512
013877cf47f8486682cf8280d071da61c1bfb6d53046241f0ec5014a3e7a347fe82966f911ae6e19a3cde056dc124eda17f01906ecea3917369e953a2d866a23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1276c565b12533fda1869789e0a69d81

SHA1
fef43fcd39011fe46c0061f1b95cf6c7b3e399eb

SHA256
a3d99f8dc1f5957395bb4d2cd5e216a215f1080a6f48ac8c9e9b563ffd00af39

SHA512
b268673ac99c0bf89879670b643dce5bc1e5b136d5e54e89ae240b6399cdd9e0ae89a9d4775edb922564b0b6b7a5e82f07f89600f1f1243b37c6b444a57f7a2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
b172a0458bd61f865decd14bfd1df2c5

SHA1
a30793c67d836718c504770a399c6777f2c785e4

SHA256
4c158aeb4d6fa12765def4a0427846583e7cbf03e27ef04ed122a8adc0afd29d

SHA512
ddb2d40e76920641267ea1adcefe3d360d66c649fac04b646fc339e4e7c0d42c4faa69d41e4613f72a3f5ac7f0da4584b2eaf808143121b82a8bd49a6e3c51aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
eb7c68e485e2256ca0263b4ac90baee2

SHA1
a63d6f6408cfcc248565b325455efa1efc553c6f

SHA256
ee9011e171ab93edab798ce34e55c14bd348cdc7b2b48d19dfeee295426c966b

SHA512
726c485b83fb5bd2e542041828f676adfbfe576a84792366d59913a9c0bf90b6e841493faf27247d5ddad7bcbadb05abb59c9dcba9ab0b2f2ee1e95048807024

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584476.TMP

Filesize
706B

MD5
67e17174bad755508c782be89b7027fa

SHA1
f37c6b2ffd8adda88046b02ba6917409f23759a8

SHA256
a33fd5aea903f6b218c892d56fa86ed562be03c486004123c127af1def6b22bf

SHA512
6ce3966b51edb3556f25109702982cf6cb1587a0d25b4204fe11723baca6ad8cc2b802a3696a07d709a7cbdc552d12d1fd6e2ba968d39103c6a250acdb52d1a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
3a8afb4ccbd7d0e59ece661cd53d76f7

SHA1
1daeedf287d4f4411d385b4c789405aaff6c3bf9

SHA256
981ce8f91a20cccbc46138b355f1b2870ed9ea08e3bee3e900fd1d5ccdae5a9b

SHA512
5d3a7fa9ea6a00aab2c6dbb2d3e84618e45ed7986b4a957974660a87728b23b774a1445293504f94d41d2068237e34b61552e9861be6925c7af187895bfe5b21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c48fbc02b1e1d38b37ced3d6b8853c99

SHA1
b34aeeba20ad5e727df1838562d00dd8c92ac07e

SHA256
32e49f21f42d5e4d94b848f646d65f69baa5a5080d037f08aa80261bffcb965d

SHA512
8c7d9b563efb282cd33b4dea4296086c845e4b2b6b1f8c7b17b9ca4676014446bbac7b87cd5fd687b151918fefe71ee9bb33348d0fff58c163cf71438cc0b6c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
792874dea8b9ebb0340940e46b1af8b1

SHA1
bb6fa484835b6a71e56b34fca77d0fb54f73306e

SHA256
7c7bf854af2f76622916650307e8fa7c0326b53a7d64889ca6cb3a940c6fc143

SHA512
b499b40f0aa9b08ef94b849ce5c1b22f0c9127833e956f00d94907a27ded7cdb945cc81ca1dde9aa3f1d1ba5e433a9ef34dd739b2520c6d8177c87781dfe56c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
fbd0721876f5cbfe71ba4373491d91c4

SHA1
c805705ff4d56fea789f41d9ba4ee450e9de0519

SHA256
e79874c60c4dfa5e4b105eed74700278b99348769f8393781defb39d9adecb03

SHA512
4e48e5e93125e46e66faca317fa29d44878e0167ca4062080e41aad876fe1cf4c9b1a45244e4e4dec9aaedb6ce150ad397abdd023cd0b01dc0cff6e091c5b418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
0a34dec3eab7d6c76ea3f0150672e10d

SHA1
bd2b5317111d4a04f34d7211680e673cd3e16801

SHA256
6a09c60856673cf237ab1ebed8d04fb224b2b7500bb05357fe7c425e1e73f8ae

SHA512
d69b3c15cf74980aa2a88150a6cc266899d716b8f0898028f57d42f227c6fd8aa7735dd4d1c185004daed3a1cb130d918090de86144f43e1427a49a9c2a57118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
6730733c5033839da69419ac6fd00f25

SHA1
fe361bf5c4f179c69dd675a26af8327e80389054

SHA256
3ab72293fb53c762479e9f465992b352cd4a824fd3b0f3db5f62fc084242bf38

SHA512
bd999d3e138f9399db02d5719a46dd8a880c7e2f598a7db48346f967b7259da50356494596bb850e1771dfcdcb03f1fc42d43f087d89218afc187ead80c35d48

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads