266d55fa5a8cee9d08c93c10f06cd75b8c2a7cd181933f9f955cc4e1333b5475

Analysis

max time kernel
303s
max time network
305s
platform
windows10-2004_x64
resource
win10v2004-20230221-es
resource tags

arch:x64arch:x86image:win10v2004-20230221-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
23-03-2023 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ 3.0/MEMZ.bat
Size

12KB
MD5

13a43c26bb98449fd82d2a552877013a
SHA1

71eb7dc393ac1f204488e11f5c1eef56f1e746af
SHA256

5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
SHA512

602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
SSDEEP

384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

1440 MEMZ.exe
3604 MEMZ.exe
2420 MEMZ.exe
4924 MEMZ.exe
3548 MEMZ.exe
2392 MEMZ.exe
3612 MEMZ.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Drops file in System32 directory 1 IoCs

Processes:

mmc.exe

description ioc process

File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe

pid	process
1440	MEMZ.exe
3604	MEMZ.exe
2420	MEMZ.exe
4924	MEMZ.exe
3548	MEMZ.exe
2392	MEMZ.exe
3612	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

description	ioc	process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f1dd00d5-f0ab-469c-b26c-caa5895201ff.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230323092247.pma	setup.exe

Drops file in Windows directory 61 IoCs

Processes:

mmc.exe

description	ioc	process
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File opened for modification	C:\Windows\INF\audioendpoint.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File opened for modification	C:\Windows\INF\c_swdevice.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File opened for modification	C:\Windows\INF\printqueue.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File opened for modification	C:\Windows\INF\vhdmp.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mmc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

Processes:

MEMZ.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3604	MEMZ.exe
3604	MEMZ.exe
2420	MEMZ.exe
2420	MEMZ.exe
4924	MEMZ.exe
4924	MEMZ.exe
4924	MEMZ.exe
4924	MEMZ.exe
2420	MEMZ.exe
2420	MEMZ.exe
2392	MEMZ.exe
2392	MEMZ.exe
3548	MEMZ.exe
3604	MEMZ.exe
3604	MEMZ.exe
3548	MEMZ.exe
3548	MEMZ.exe
4924	MEMZ.exe
3548	MEMZ.exe
4924	MEMZ.exe
3604	MEMZ.exe
3604	MEMZ.exe
2392	MEMZ.exe
2392	MEMZ.exe
2420	MEMZ.exe
2420	MEMZ.exe
3548	MEMZ.exe
3548	MEMZ.exe
2420	MEMZ.exe
2420	MEMZ.exe
3604	MEMZ.exe
3604	MEMZ.exe
2392	MEMZ.exe
2392	MEMZ.exe
4924	MEMZ.exe
4924	MEMZ.exe
3548	MEMZ.exe
3548	MEMZ.exe
2420	MEMZ.exe
3604	MEMZ.exe
2420	MEMZ.exe
3604	MEMZ.exe
3548	MEMZ.exe
3548	MEMZ.exe
4924	MEMZ.exe
4924	MEMZ.exe
2392	MEMZ.exe
2392	MEMZ.exe
2392	MEMZ.exe
4924	MEMZ.exe
4924	MEMZ.exe
2392	MEMZ.exe
3548	MEMZ.exe
2420	MEMZ.exe
3548	MEMZ.exe
2420	MEMZ.exe
3604	MEMZ.exe
3604	MEMZ.exe
3604	MEMZ.exe
3604	MEMZ.exe
2420	MEMZ.exe
2420	MEMZ.exe
3548	MEMZ.exe
3548	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

mmc.exe

pid process

5092 mmc.exe

pid	process
5092	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

Processes:

msedge.exe

pid	process
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious behavior: SetClipboardViewer 1 IoCs

Processes:

mmc.exe

pid process

2932 mmc.exe

pid	process
2932	mmc.exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

Processes:

mmc.exeAUDIODG.EXEmmc.exe

description	pid	process
Token: 33	5092	mmc.exe
Token: SeIncBasePriorityPrivilege	5092	mmc.exe
Token: 33	5092	mmc.exe
Token: SeIncBasePriorityPrivilege	5092	mmc.exe
Token: 33	5328	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5328	AUDIODG.EXE
Token: 33	2932	mmc.exe
Token: SeIncBasePriorityPrivilege	2932	mmc.exe
Token: 33	2932	mmc.exe
Token: SeIncBasePriorityPrivilege	2932	mmc.exe
Token: 33	2932	mmc.exe
Token: SeIncBasePriorityPrivilege	2932	mmc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

msedge.exe

pid process

1616 msedge.exe
1616 msedge.exe
1616 msedge.exe
Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

MEMZ.exemmc.exemmc.exemmc.exemmc.exe

pid process

3612 MEMZ.exe
2936 mmc.exe
5092 mmc.exe
5092 mmc.exe
3612 MEMZ.exe
3612 MEMZ.exe
4112 mmc.exe
2932 mmc.exe
2932 mmc.exe
3612 MEMZ.exe
3612 MEMZ.exe
3612 MEMZ.exe

pid	process
3612	MEMZ.exe
2936	mmc.exe
5092	mmc.exe
5092	mmc.exe
3612	MEMZ.exe
3612	MEMZ.exe
4112	mmc.exe
2932	mmc.exe
2932	mmc.exe
3612	MEMZ.exe
3612	MEMZ.exe
3612	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeMEMZ.exeMEMZ.exemmc.exemsedge.exe

description	pid	process	target process
PID 532 wrote to memory of 4268	532	cmd.exe	cscript.exe
PID 532 wrote to memory of 4268	532	cmd.exe	cscript.exe
PID 532 wrote to memory of 1440	532	cmd.exe	MEMZ.exe
PID 532 wrote to memory of 1440	532	cmd.exe	MEMZ.exe
PID 532 wrote to memory of 1440	532	cmd.exe	MEMZ.exe
PID 1440 wrote to memory of 3604	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 3604	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 3604	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 2420	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 2420	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 2420	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 4924	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 4924	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 4924	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 3548	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 3548	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 3548	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 2392	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 2392	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 2392	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 3612	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 3612	1440	MEMZ.exe	MEMZ.exe
PID 1440 wrote to memory of 3612	1440	MEMZ.exe	MEMZ.exe
PID 3612 wrote to memory of 400	3612	MEMZ.exe	notepad.exe
PID 3612 wrote to memory of 400	3612	MEMZ.exe	notepad.exe
PID 3612 wrote to memory of 400	3612	MEMZ.exe	notepad.exe
PID 3612 wrote to memory of 2936	3612	MEMZ.exe	mmc.exe
PID 3612 wrote to memory of 2936	3612	MEMZ.exe	mmc.exe
PID 3612 wrote to memory of 2936	3612	MEMZ.exe	mmc.exe
PID 2936 wrote to memory of 5092	2936	mmc.exe	mmc.exe
PID 2936 wrote to memory of 5092	2936	mmc.exe	mmc.exe
PID 3612 wrote to memory of 1616	3612	MEMZ.exe	msedge.exe
PID 3612 wrote to memory of 1616	3612	MEMZ.exe	msedge.exe
PID 1616 wrote to memory of 2196	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 2196	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe
PID 1616 wrote to memory of 5000	1616	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:532

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
PID:4268

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:1440

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3604

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2420

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:4924

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3548

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2392

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3612

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:400

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
4⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2936

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
5⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1616

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:2196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2264 /prefetch:3
5⤵
PID:3028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
5⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
5⤵
PID:5108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
5⤵
PID:3456

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
5⤵
PID:2856

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
5⤵
PID:1636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5476 /prefetch:1
5⤵
PID:1340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1804 /prefetch:1
5⤵
PID:4764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2640 /prefetch:1
5⤵
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
5⤵
PID:2080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
5⤵
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5312 /prefetch:1
5⤵
PID:4156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4064 /prefetch:1
5⤵
PID:2952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6628 /prefetch:1
5⤵
PID:2900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6916 /prefetch:1
5⤵
PID:1348

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7380 /prefetch:8
5⤵
PID:4180

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
5⤵
- Drops file in Program Files directory
PID:1132

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf0,0x23c,0x240,0x100,0x244,0x7ff71c865460,0x7ff71c865470,0x7ff71c865480
6⤵
PID:3372

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=7380 /prefetch:8
5⤵
PID:4660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=204 /prefetch:1
5⤵
PID:5488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7096 /prefetch:1
5⤵
PID:5512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7388 /prefetch:1
5⤵
PID:5932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7032 /prefetch:1
5⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
5⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
5⤵
PID:2924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=6948 /prefetch:2
5⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3944 /prefetch:1
5⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
5⤵
PID:5952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7404 /prefetch:1
5⤵
PID:5008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6996 /prefetch:1
5⤵
PID:1848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3916 /prefetch:1
5⤵
PID:4680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
5⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7488 /prefetch:1
5⤵
PID:5208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6536 /prefetch:1
5⤵
PID:3252

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7000 /prefetch:1
5⤵
PID:3760

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2176,4157070733739731058,16210426639054570259,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7856 /prefetch:1
5⤵
PID:852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
4⤵
PID:3808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:4292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
4⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:2588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
PID:5420

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:5432

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
4⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:2768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:5780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
4⤵
PID:5772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:4492

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:4112

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: SetClipboardViewer
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2932

C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
4⤵
PID:4440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+create+your+own+ransomware
4⤵
PID:5644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:5708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
4⤵
PID:3312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:4232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://play.clubpenguin.com/
4⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff982c046f8,0x7ff982c04708,0x7ff982c04718
5⤵
PID:3332

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4196

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x50c 0x4e4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6068

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4a9411aca0c52a2adbbf4de4edb19e11

SHA1
e2790223bd1fa7ca8838ce14d61cf62b941f12da

SHA256
7f408db384700f00dae0bed984637427db28026d13bbe71f7369b9484cf60eb7

SHA512
a34c12feb5991e86a3f4ac8220a7ae449899dc00c19cbe612a9e8bed79876f425ce9387447ca339ca521c329ddce137d332c417918c74d030d10853af49182ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
326KB

MD5
e6ebeb6d35b5b9faf7142c23ea1164f0

SHA1
49e7fdbd7eac1a8817af4fbecd858f0d181631b0

SHA256
fa62cb9e2d62e8d1db9321c8befdba219bcab254e1c499427fb047691b1a5fe2

SHA512
8066aab872b2adeeb19bb94b6c24dae510dd8a00aa00b4aecad9e371906335a9a17b53436193b8b55467a1d3a6e14e5e18e2aeed5f114206ca8eb60d343b8140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
63KB

MD5
38a059fbc080b07299425dbd6c9a0de7

SHA1
d20df74f0fb27f3154324147960a848988bd570d

SHA256
6a0192e4a39c3b7445105aacbca7ab692f39ea8f848c183ee9464b8cdc70d1bd

SHA512
dd15c47ee780d9bd7e4b6459d411a259f55e65f805a7e40d9b1473a491740d7fa7d99e276266cbd1987c6583c70fb1ba2c673eb81aecaae07d7026ab72ef64f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
68KB

MD5
ccef9c26dea515ecff28b040981eb76f

SHA1
a90a58b0d78e2875ca79075a4f2c7e4e56f65b98

SHA256
ef44bc72287226ddaa20033a991cefb3198139093cca5e4c80d8812afde1c9e1

SHA512
dd6c0af53d83887cdbd3a0fa71fe82d5ef78e7b9ed96c5f6c4a45759186b6c2ae69f1f9d4893808914cc4980d6dc5e50ae716cb6f56761993931de9722eb7199

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
61KB

MD5
0a2e2f95b54e89a310694f31dbc6fc62

SHA1
9daa610e872ca9f6e2ff762c593cdc746ec3622f

SHA256
8d4c2868376631c94ac7b06f4a26a3777ca799ec746caaa221b0074dca533d58

SHA512
038908b3550675c4f01f8b6fdf2079d8b2ef9a686d35b4103402969d22c199e6df0dda1a4c9429a6b78480b92b84730f538d2eb8d838f7ba3e1fd93174127ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
203KB

MD5
cb6bcb1fe7fa4ed9b76cc97498e92ee4

SHA1
8d0e74f445c2ec28f1c081c969d2157879ddd31d

SHA256
cb2ef4b211f67825f8f2d6e548a02f44df8d3c515c2e5766c0e77c540c065200

SHA512
fd901165a38839916dcfff5230f9b2bc2ad483f0b05b16ef46e5f6c147bd39a1807a7e060ebd4cdc42bf77802e1506ae117000be90cd37b2aa10b1f5c3a61b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001a
Filesize
360KB

MD5
093d7ac2bdd45414cba0283bd9039455

SHA1
7f4456a002eb0ca15a2e24be9383870b3420c3a3

SHA256
1fcad7113cc4bbdf3984a21931ab82f6931ce3b966a94717c8ad656f213d210e

SHA512
2ca3f2dc644421a5b1cb25f114d54acc55711d6b0db718927e7f708e53151a8ef9b7ec039b8675845f54e0520f52f871261201c7da72408a7c519634ed657dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b
Filesize
35KB

MD5
e99a9f01e9ddccefd4d210754a5b86bb

SHA1
d460ae915054b6ddc09ebd6b3d685abeec55381b

SHA256
69c29a5b48d53bca5fd624cde973c759d24c94b13ef6a7917059b9789d21b9eb

SHA512
957876d628c04107ac3b8c7a42c1d036fdb695d90309e3e6118f69f85830e70cacfcf187a2e368a17b513884f6dde843529091a81123603f3a8f70c8fb4c49ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\033c586ab447bd49_0
Filesize
494B

MD5
7e8b346e637ee50d2d5cabf51481c1e7

SHA1
af43f1a32b65c94049fb9ae0b2fc03c89c11c3f2

SHA256
5aea556b40793bee437473092786d49bf7c5113bb29151d7ef1b8190b160ecbc

SHA512
b1f5ed8db1073eb5f509bb29a838e48c72ae2fc7fec5afc85014fcbc04fc53a239399c9d524bb4a88c896e595c03d3d50ed18edca9e115c847566506d91a357d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\13331ffae9cc3f0e_0
Filesize
136KB

MD5
65ec0f50ce7b96b16ce23dce147857c1

SHA1
f0078bd6bd6d4f08046277be3fb5eede141b9c50

SHA256
dbcb89fe99c36cb3d0595720271ff98a028666be834631026f6055afe192b65b

SHA512
093ceeb6381e69afba4c99839689e10c5609c466ef705f2212df7e646c87aef75131a4deca7f368cc1709f7aac45f96d1f224dd88e0c26fafdaa98900e0cd142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1afa608b2c065dd4_0
Filesize
281B

MD5
dcdcfb8be5c9e9bbe9d39b9c1bd3755a

SHA1
163fbdac065227f56c036e2cad81b55b2f534259

SHA256
dd0c313e1a8a10b96784a68a55ec36c08703bf28d14c8794659d6ace69624805

SHA512
4dc8ecf6a32bc16e5ff9f5e3da3de401a468dda516373566691924d6f335a7d6472fbc06f84b9bdb01ab612e434f02bb3f3d483388951603f924c950b938c85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4387c1cf5d0286f8_0
Filesize
16KB

MD5
e66c8e12fdd166732a2ca3c6ce7e8e89

SHA1
b3170d4b72bd084c2a3b88222703a18146db5a38

SHA256
80e389e9c875c1ee76bd11ff5c426751a6f1a91dfd142be1265b6875c2fa6bfc

SHA512
3df50b9fe3f0dd51f39a4335d162a7f52a7602ae7e5a90df9e0cf58a3e8c0e2d4bb33e97d8e2174139903d9ab1b90e6185ace42d1a51049b66474b7ddedbdda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ccae0f086ff811_0
Filesize
388B

MD5
b1b5ebd9b8090495adbab9a0f8bd4aad

SHA1
d8e5c1330198f723104137ede9f544c07d9b20d4

SHA256
70c1408bc56122dded1d1db4a9421d6f6459fb6cae80c314f782849bd0364206

SHA512
caf658b5fb720f3781eff6f97c361b798e7f5018e512dd06d112d84ba11fb9f5801d04d5ad6baad88470f31a44390783cc6bb446f4dbc4ab145c7f9e6ecef119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\890918a952639864_0
Filesize
286B

MD5
af469ec637cfa95b5b07e9f2ee6232ed

SHA1
7c8328b9d62597dbe076a869e5a0f13ee7b9b2a7

SHA256
4787f8af74455ac8b6f8966fe719c085e3d061e5da10af4942b8b8bc16065a37

SHA512
4f6e80cda16c927ab5ffa9eed577a55ef69b817a8a03cdb5e350cf8eeeeed15e1948fe46afd314947c80c4e53be3e967b8eceb19848551b697806f16ecbe0ad8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a79ff3fe194a4b11_0
Filesize
1.5MB

MD5
84738afd78e1809614503fc0513d66d0

SHA1
5f406c9e916385c9c127252af6c0d546afdf4632

SHA256
e073e4447f7fb14ae9c12636f90d50e56c29084e954ff3565ebd647fec0e67dd

SHA512
6e783d1d71dc60994bc27dd94da46ec5a35e4dda1c4c37520f8a75ec5e6dba3d4724c1f9c026e7cf24b791919b52214516e8d70a4ac91c3e3a5fb574888d7a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\a8b95596aec2e190_0
Filesize
72KB

MD5
25bce35966408687c341666869aa446f

SHA1
aaa5d97545c6f5631c474cca666b1b11da0cac92

SHA256
b93da482df0c4a9193d18c2e09ec6e28053bc7e94a333afbf0f3efd385cab10c

SHA512
91436ed37ec8dd896ddc77c254cde1c9b502522352623a4bfaf97dff3fb09c9aa9e3bfc91c649c29668671b4ec75de7598587311c109357b78a8a8415cd2d00c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b2a1406491f05d2b_0
Filesize
123KB

MD5
c1c7aac78269d59f3c4ef0f166e6bff8

SHA1
dd1ef169ef2e38d7ea5ef2f7881f97666ea26748

SHA256
277ac7e1d12db7a182ea3fd438a5f4397e41bd6f5de0c18b7d54d25d3ad0be19

SHA512
6e71c9719d73fa554184a37d603ccb301494e708c2f2365e461a701a66dbf2d73c9e02fbf817be81d29a7d4e87b7412c801280e2e59bd3b40c380cfb1c78c064

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0
Filesize
62KB

MD5
470a821f4f321a507443aedeed74c76b

SHA1
5837c5f8ca9123b6259d2ad0acc5d4c6cfd685b3

SHA256
96f440e90337cd8bd64c0fe0e1f62873efff4949fcbd266f267170cea109d973

SHA512
6e2145d30128d8561866b9051879a62eefe027d9bcdfeb0d4a4aad16fb6827759e382872dabdbd344a752add97f8760d52c62ee55407377a9fe2aac152ae8e62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eaa9de976805d7cd_0
Filesize
413B

MD5
2119db085d1dde002f08233d968a77a7

SHA1
8ebd65c9ea50e9d3c19a11af18dceb885922ede2

SHA256
456dc5fd9dc352199fad58bf5efbd8e69e714df9b34b3c08fd977bf6f41c8eb6

SHA512
ed2f984c106a136d5c7dfd10824dce80ae020b50cd4f97e885c077b68b2d23825f4b15e72f7ac645776e6df34f10572f22077f1352f76af7bcd660c6fa0cfc50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f366771adcde18cd_0
Filesize
202KB

MD5
752647b7e76b918a1d4bb145648bb56a

SHA1
c0d8ca90ec2c4c8d47e044c34f3b55144e86867d

SHA256
f6a04f925b7826ecb8e77594b5db3c768caa05127251edb68a1214ebbf07241a

SHA512
06c0158e8642b66c8d8070088e3dc946505096c267df0a1d547119041a079df4e07629eec77834fcb005c38b4915aff5541a49b12b339d93cdbf018756c6d1fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
bd66fea890a54a613c2157c78b114670

SHA1
870882f921ce7eb0d312905241d813071a3bec73

SHA256
63ba2d749d5fbd00038d56b46f13928b9afeb7f7f482067272bcf0cef0adf1c2

SHA512
5b5b4296746e021aee5a4899b238d7e5867869755a0a1551865b26378136ee8b992a16e4791e333233c5c51f120f5e66b2573748eb0617682d4e1a689c9f2041

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
609882363ea4bb1d4828016df0951aa7

SHA1
52a2912d29defe02e2d77c2b57936f413a05292c

SHA256
5e1e1f698d2972808720b7b0d3793960348704f2df10eba62e0b6c389ff0c521

SHA512
3a6a779e1457761efd0e0ec4422888d2c01b4e2bcdd05af477bd8f07c25edc08f2747b001a400342735e4ae499b9fc54bd6c4c59684ce4d52b856ca2f62ed7a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
7a6d0df15ebad7aea8416da24e408387

SHA1
e8169bd77fd5b85a264756f492e36656c30df7a6

SHA256
b4eeed62262b9209a0333d2a99584b9ac1a923d86959c755f714f43fb50b743c

SHA512
6fc2c775dbd16ff7f556a962a2630dd4aeef1bd3bb028d5911b90e17c5d7e4029248ad893ce830aa4d9b22839eb3916252b1b29c4ab8a9bf124ad0504414fa5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe593a5f.TMP
Filesize
48B

MD5
e945786711ce857332f13f0b78b2a810

SHA1
8a72d7c29d54f51e5049347f8343a33e9270c310

SHA256
ecf1647034b9f2f5042553757c7c5f355ea0a20fe88e50763aeaa1239696ddfa

SHA512
31d9de1dc5052f57dbcb172cfbf613e7400243dd061475cedd07f7c649ca23da4fe2db1b49b4cc27e052b8a887bbcbf773321f1aad81059cd04ca506be2edc76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\000001.dbtmp
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
0498f4ebf8138625ea77901c2892c0dd

SHA1
945becfb9e9f1b38bc5a818e2e54bb6b1ffc44dc

SHA256
cd64abd8cf07426e27ab3f9ed32b209f7a0350a69bcecc4c6b7796d46508f635

SHA512
b9a898e6f9f03f3588f8889b1198bdb1a4f4dc6021d9ea1ca3dbefbf194612b9db4635242c71adba5e6d885585e090593443e497dbbc2782279651faab50947b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
20c5aa00a9ff401fb3d10328e658dc13

SHA1
1b5e39f2d06466a5f1328d1091a47b0940c4cfeb

SHA256
9a0d50242689d4e9da4468e6fc8d8ee14e4f1072d7e63b8892d84da4a724708d

SHA512
337e89465b16bc599e951b530649e182a3ab541dc055aece71799a7f1cbf22ce9a7894fdd64ed6a1c39f58ff4b4617835a86fe5bc9e66f740d3fd2f7c56653fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
d6d9fadd262f61bc526ab836b5f8584d

SHA1
b224f16c8dc9f059587e9ca9502f537f8c670546

SHA256
6ef6ec844a29d77dabb2af5e725d35eab53042006649feb207cebd5bf2f5623f

SHA512
d7410dce427acbfbc18f8c36957382129ca4813a17170990ea33cf03ca00ec1bf1d61fab9fa7a292d5c35d34d1b34f40e737e4ea39f7615ac7f852f59497a693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
887f1baed32a7bfd188ff3d30cacd577

SHA1
b0c59e724abc9e90726a8c9a2fa53682f423997e

SHA256
3cd4bab372a3428ed20f38cf171073e92d31c40d69cad170e73f198150c4cdaa

SHA512
62a0f5b7c0a3aa4fed84da740a0369566d0c9e74b9b93533236fbf9b90829876dbda140f4dde385c45cde9a3ebd5ed8f6f2321a7a510dbabbd20f2ff00cb4d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0f5bfa7c5636b069756e51b0b7285918

SHA1
b0e544802842a29af2cfadcbf6fdefb1355fba9f

SHA256
1af9af7cba82f78029436fb719dc5034e191c73cf011834fb34bbc444855aac0

SHA512
6b7a51896f5c5a80eb1c6a9a77db2623d2f3531a3339e65babb02af000e2a74eee21afea699f995ba3ebb0f7061693bc335094aabd3ff7f4c7ae5cf45f538d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
f8efca66ba622ec885cf8d686d93fded

SHA1
d505e58a90078d769d7b3e1d963f71cb5e390571

SHA256
76c42e5916808fb616357c17f6cefd89a14258456de166da7ca323e52957fc3d

SHA512
e37dff79ee9980dd8f77603219df4ef3a16ae8135a67f54869d5f877755da05aad8eb091bb81f3ca8d75a2f686295bede0f8e4a46d7702b064bdef4cf791ea28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
fa9c5054f9b1c9bb8af6425f3bd20919

SHA1
fd35aea3e93d647ffe75e451f0da573e02000804

SHA256
e3dce058b9a38a45d90d76b14fb47355a82ed98152e5aaf2c2fed31a3df8100d

SHA512
8fc3350cad2b24feb6251e8ea7e49bdfdaf3646c13656eeb69febbcde18ee86bdf9a108660492e89a61d91bc4be75e5dba5a2598d8849078d6e951e705422285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
77b952bf61c8f0379e913d1c51995ba7

SHA1
7d9f1072446f5f331b2fd3766f168f58ea798cb2

SHA256
79fa3e3f32b9d91878012238ef75f61e189881a2ca457fbce374965d91415716

SHA512
c37fef1573d1df4901b689ac31e601495d81b358f5f75717d2c14882f9f769b065b0724a1a52715876a1b02707aabe239f7196a08fa5d6bb9c2142888cbc8a7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
121c422a19c20c1c707ab53e920ad344

SHA1
1b98bd05d1590384b041bbf90df18ed5f116a6b6

SHA256
500e99c246fb9e4b6825672c721b0f5a109adc5188c1cd929f927648b2f311c2

SHA512
39d1427c099ecec632fd2f0242aae4ef3c6014982942b9313bfe3ee9fecc923c86735fb7ae9e3895873a08ac14d84dcc401c3b81675175e1de495128f2f2fde6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
a3fc71f68b3b26b403a2cc7a03feb7ab

SHA1
859fdd6ba70f8717f394fb3e3a319d9eca9ca3c4

SHA256
8d956628a1af053056dcc192f783a2a162935846b25e614850cf0c6a21f9855a

SHA512
23c52b3f97390c55201f171fd8b159ef6c067fee8ef6d5e77b6c8e8a7ac156488cd4148217d41860fb5da8519f94332ce2d5d1c3e809305015fa46287549fc99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6807bfdd12805bdfd2eb511cf4445876

SHA1
4dfb04dcee71a38d785c88a25b51c293567dda1d

SHA256
e76c65c8e49843cb57bdbd9729079330554132d573ddfa3b8d85c7d35cd5086d

SHA512
26224a6a44bf814e1f044d76174f788449522db29c68162eca0606351a1c649e6985621c71dfd36b02fc30a5f8717d8785ec837ee45f6f63c5405ae90c038ff1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
69618d3ac4f615e831d19d9622528ce0

SHA1
9d1b89949e85027da277fbf333215ccb934327af

SHA256
0c5b9cb28f17f23d9c6501d5f2697ffe37167f18e5ed69a8fa3a4c68401dec14

SHA512
de5b105e6ac4a619b0ad8730791e37de300cb75da8e33a4bcc49d9f5b8eb71eab0da701943d49ea3055bc53f7e4b981b74cda2368e2522af7c3d9316d4ae7e94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
08a5f61d8dce10a4e52081db5a75de85

SHA1
d3faa3fb6af8f73eaf0b3fae4dbb7993df5432cf

SHA256
c4fa5cfd92a19a66091c4e0c225a3c36d9dfb26a2eac18dc515fcd0f47153475

SHA512
3f7b4c1f41d5e6bd91818ea5e7772bd88ac81553b5bd9d1bc6331b8b1e9f4ce008314dceb550d555bd992dbc13ef953adf74c5b9f3056231227fd9ea3302aac4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d8bfe8027a33dbfdf4a94eda8540bcee

SHA1
a519849cabf5e57f92dff4732721eced71590d58

SHA256
e5f2d8e77d26dde9d76a5d04fc7afd1caffa653cb25a18ae44a6d1bd0b5625e3

SHA512
28ccf79953d7b6dff514d684350a9c8b77c84f5ae346f54e51cade9feaaea28851f209401c0ad5826b40556f21b10ef55b7059af1373eb0aff4da26f22ec7930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1154ce55fcb42cec3e2a53c8c75512ae

SHA1
79094ac5755a106e7080e05859439f11e9dc92fd

SHA256
8113d575cd8cdb0f1108bb609e4601e4af6c1c01ff2ec393d8c1c72700721da5

SHA512
e477f6d1eb5841449bc71cee34b3b6b2f657a26b76d4d0584224008784e10e51f1ef922fb58cbacc96df986effc58744e3e521398f286b769afa57b9931c4f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c7af07152b74cbeccc6928d9184388f7

SHA1
3dcdad4aae2ae4b11b2ae467055e300c9a4dca45

SHA256
0a094db1c9a7555dc579af053666e95c70476831e99a84c21e270df1700a0a42

SHA512
098a6aacee65924f4122f4daa886f7d05dccd39ad7aa9224d82550c58e3adb1a44b654b526dcbd405e6444c3afacbea8ba054cbe81fdfe58a0d73228e431fc95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
7c442832ba1968396a7a015e9ff0a962

SHA1
1d5d80425a6fd83cfa8ae1d7b8e558c1a3f40cf9

SHA256
224957ba2a402b482a2f027a47a6cff7fb097004830f1a18df86eb8084266108

SHA512
475424653106473c893cd12c304d8d78839366302d292ac0ee0176afcae6b20bf1321a370dd79dc0de25c08844e6ec3e0a304d1a001b43b16fe29ee26f85195f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\036481a0-4834-4c84-9549-5c913c9ab716\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
772bd032fd3171899d71876d96a11d38

SHA1
ec308788667273501e350adc2f7c31e372567e3d

SHA256
4839c03cf79a3bd23f914a3ccab39c640d83d2f25b07e97273935bb8016ca701

SHA512
9477f2d018a397ae79be2100e40e09833c55655fbef8c6d9964dbc1400cbb0848fdb4b653acd11c127f8e0e37d0b4adc63bd455b3022f752aafcc39f9dbf0297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
61a3098e5b3a0e5dc36ed60ddf2dedc0

SHA1
f97e3cd0b350a7c733c4a0e1622ac7ac958b4cb2

SHA256
50fb711dc3d0f429554a45f844b48be10fd4edff84defdd459f072e101285332

SHA512
2c4471d8351d5f79b433151736679845970af42db7239924f9044706d689bc611b3879663874149dc96d4433176fc9b676741f3d0be89793c8869fa0c81d8ce9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
0859f2fa8db01f80741cb4a45f1ac846

SHA1
d33be2de474aa953238cb93aca4c7cb7d0fb278c

SHA256
540c5830b303e8e4a8aa7f15d5b2c095b23e5534449604207dab4b6a4ea0871d

SHA512
e281ea7fd6124f40b0bc101f278d0bdc3577d8d43e3137ce6ae29e12895b002976c5e919b5b4eb577eda06364e8328d106b410e5bbabb4412d0c2ca0fbece71f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
6c4279399b1754c55f43d4de0db288dd

SHA1
0f2aea932078223ea777c72bddfc56f99fb6f4a5

SHA256
1718b7132dffa42e48d5e7ceacff85b71aaa0db2a9d4cfab03cc8fafdec255ce

SHA512
bc7add046c5a170d12540b752016063e4f7c5fac59aabf25fd0836cb69d17046aa957ff91a0808669fc508ac57586bb741fba68fbf3b9e422d7a373f000af330

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
a0a92f5de0876f720cd45830e7d394ec

SHA1
c99bb9c21998e5babe24120bab4cc181621005b7

SHA256
7965294709cde4cebbad390fe10e375f30e6c4cd17a5fdbd69c8bade78b1a866

SHA512
cd23df0e274039b0e06e3da829754f1ffc8b051e8d6aef4b1249c5cb51afd14c8285cb152b67eb12570446976c4407579f20a85bad035a07b11b55e7352c4424

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
0e6ecff585eee129b599bcef55b795a0

SHA1
2e7ee17f122182ef1e11ce41409de44fdfada227

SHA256
504179e3008bd555ad48f10ce2019dc05f3809fb83693771f9cc825bcfc8cc10

SHA512
741dff4c1e25caa6975499d4a0f6614894ea2314f202ed2d69d11d656bbdb54e79d83bb2c10f5d04cc668ed608c5e971f0a78010f74e8f8110f35c1abce377c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
d790f7e3b6fbde47d1fc1a6484597774

SHA1
a97d6e58959a53b391bc2448006a58b1c6ce6c15

SHA256
75125f5c5e89be7ef5d87e352c2e253a60405042b38b58e3476ca41cf23c805b

SHA512
455b74518c75dfcb44e3b60e7981bb3038a4925d4a33e53bc70267f70d12fda12dd770654aec635af78c9b43a725c5f5ebb0c63b589016968b4b1e7bb2684c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
7ab7492b5760c46bbe81348adfad57be

SHA1
7ad2eb1b99d47fbaeecacbf085704ff96bf06266

SHA256
ddfdc13bc49526e02cff75bd4eb6999d7218be93c0897f26fc1ebd462a77dd48

SHA512
c81a556e9aae8198e24e1cb542d54e30a3ca1307a515fcafca760c4df5bd1c53ad0e76bb2fdd0d40a178b00fe751258b690a95137c0cfcc102ac8fb3e969ccd9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
d16939417da497189c659ece9bde5bff

SHA1
d5b1d68d5c38a631f46cda250ca0ab4cf2cc3190

SHA256
381b1bdb8d2d0c6188feef23d45ff152f1a71093585ebcd1a5481f8b626b8c3b

SHA512
077f916a3a3ded2dcc8268fb9735de7a99b228308ad793d9dda1f506d8998463e8a7c650a862c4841eea0f38b461e5d684769269f89b4619fcfd14cdfb05ff15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
ecd04dc8bc2d7c8aaf650020dc5f7038

SHA1
f019b7f4292e70b98a25d7ed89f721a560f391e5

SHA256
d62115b1abc13c8b601f15819ca9c5dd89b065a222ba34d1db48bad416486354

SHA512
57cd9bfd623478dd3d5407205663592c4dc8af8a457acbd992d4da8c57e51e8f45a782cbeb498febec20051d5064a0028ccea22f19f8448deda22d0270872ca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
b2c462b1ba2043102884be94b3ef458f

SHA1
a46cf3e418fbda5cf5fceb8940cc031ffc464928

SHA256
58e4f72c162dc4ef11565e1f77184a4f0c306ef2f9f5ba640853260cc854f31c

SHA512
5f678f8e613d7c242d91227ceb4e993c828fde4682b8dd8f6c52c0fe40aea5a629cd3aabdfa7ac44a95c8e2f745d79e31f12e18f32f83201b09b49c30c3dc426

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
d5bf4f326b78efb64b7424aa81008295

SHA1
13e200c7ea22981a432ea2eab75efaf2b06b754c

SHA256
7719d6934657ae1c59d88a6da6d170a53b587a577db51d58854fa3ade890cc5d

SHA512
d10081c92678ceb9c09e2819e8bc34a429926512940ce5f6315977b53180f1630a32f52807452260ab7d28f45e96779dfc2b64448c3f8763982bdbb31b281308

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
a402c71ee4cdc179718b2604af388c80

SHA1
0ad6ce2e0498a6d4f62137fac2c9307ee52f1692

SHA256
57dcb15bbbdd520134c8a0fef21dd06294fe9025eb66ba228a843b938ac6b086

SHA512
8d9f1ec40a28260598e9cbce0a2a998ffbc50386128141a832a9b76ad84101c2aeed3645db23f5c552f89977f19ff5d59bfc56b2d42158074df70668ef9a4ee7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
91b06464d380f80b39b2ed98cac5b569

SHA1
3478e1bd385013633a83a9f07e5f1770a7ebda85

SHA256
525ba3afdbc455cc398a514afe846f70e44c9190f02c310af2b8828ad58556ea

SHA512
2bff3c4e19f5a3e64dcfa770224ea67fed21a9711853016d5b08a6227c5dc1ebf57cc1a23011202c7bc38037b2986fd8c543da7c0ad6034e2fcb251ee7e61e47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
c9b60bf645fb3d8dd089946943137473

SHA1
4d4d7cceef7b5213b896ac72c2b7c854ce7a7434

SHA256
487539d6ea24e87231cddcfb7534909c66d6fd9156ce3ce25b8a3404462f8fe9

SHA512
7420e190c0cceb7d66c9ea52c6d7b23cec96618b7e138d098af2440fa482b810f181f60a83bf2e3bdbc8f9b0b5b56dd7fe90b40f5dd651ab804e42209656baad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
7835433bba588a4f0a42dc50db88def0

SHA1
3d273a181210bb1d10f14107c45a55463c0f087d

SHA256
2fd96a6a7b75378922b923c34485b9533bf36ce1d44c874930d3d3937f2c97ba

SHA512
8e62a9418c39d117bab35cb07d50c33c9370497f74ce4579b9a26506edf9eb8db88e81c9cd60aa280278be4702287c69c9452c5c46c9cc21a96762e792e82f26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5805d7.TMP
Filesize
204B

MD5
d87443a14308e69d8d6420e9bb693f30

SHA1
1a7e3a01aa30487afa9126b7e507cd0e2add7de3

SHA256
11855c25a0e0b8ec245e977140a68533f57b9ce2b264a60173b0006ea6676aab

SHA512
a55b1ee6a785effb650a37aa2e8b97d98cd67ab732984bb95a68ff597e575d71d51b58246aba4528c24242c62451d19686100bab28f3f3e104fd4675c4511684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
648e02ee7ec3027e5eb556f2bd96e451

SHA1
df8ded3256387fd685b9baa6869aef6bc7312040

SHA256
691c5f8fbc9910332fb8b4c2496584b80a6f4cda841b04e5407a83cc80337b5b

SHA512
c322902d337c8ff74c8535b9a3d5ad23c318ada29c4ef9e9c60a76a42847a813a5be297f76a816599a45ca83fe0f87e3177deb55ba4103627013c9f3dcc01bc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
f7f4a0abfa13654c3138c6a0da8d9037

SHA1
9526a0cf8675322f45c37bb4e7ecc789495bfdb0

SHA256
e64325be50e145847742365b3e69a7802023c9fd1ee0afeb3c4a934511715ea2

SHA512
33352e13468ce973e85b3da8029c798d23a04b3e6190c2d6077202207669efa5bf62874c26f657c2d35cfa0644611360e0aacb4f4e6c6e927bcf6a2be727f25c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
1418a1b005574f1b3922e4a265e52eea

SHA1
4b36e4ec79d7263d62d46826dcb71460924f288a

SHA256
1fb399498461e9b6bfcb3a4e04baf26443d09d7ee2de4c94e5c1317ea8671fb9

SHA512
f65adc072aa52cecd9bf103f4a3aa78d7d51eeccc5b430d01dc0a1261a5d8e721c076c8d46f245f3192b3c73a1fc0b50bc9c610194a206f6ba10cc867090e7ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
9e08c8898e753e2e4d7c057eb27752b0

SHA1
4856339287a417d1a85ae8ba1b3248689eb4dfa3

SHA256
b2fa5a6f041bb2d53af3139eb1178b298806b98a22e9263a7097203c0a1c2c13

SHA512
5f0f11e8285031eddd95a89702be28b5b7419019d8b5474c2187bd2f9daec074d2319acedb071e2f06196e54828361542bec15ea586662a55eae5c146d08144a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
b19a0c3ec92d5f46986030379cbff7c2

SHA1
0803b4970306959bd836aaf71a4f3ec8cde6769c

SHA256
bdabbfce06944ff334376a91e2c46131241fb341f1c2395629c28f2fc1353698

SHA512
41fbfb2d96893595cd0db9bbe6e6e43207535dab742eccc602821adeccef8c89da8ea730e8b73ed550b92dc6f40e29d04ef09ac7876b781a284c155c1b3e62d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
cbdbdda9b84d5d1751520c683be5fcd4

SHA1
081fcfecfe7a45a6bb5517c062f1c92c4381a737

SHA256
d502aa923664a48bca50fdf74632f59928d4d8e00dd0e683cce18f20c086334d

SHA512
f4870fc8580b6536a74ce29236ba859ed7181b96bb3c1a266acd4a694496911d38fdc71ad5636847e93027d3ca6b973049250b4b49462fba6d739bb6e883a4a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x
Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x
Filesize
10KB

MD5
fc59b7d2eb1edbb9c8cb9eb08115a98e

SHA1
90a6479ce14f8548df54c434c0a524e25efd9d17

SHA256
a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

SHA512
3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x.js
Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\z.zip
Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\z.zip
Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
4a958b735e8c560ba281312fa9919263

SHA1
66ddbf18201381045bcfbaf564abe4056a6ee579

SHA256
ea3f1a169c738ace1cbd16e58e4e2bf35357edf2786e5d351fcc373b03e2c003

SHA512
e45fd30a4d5ebb1f1be699a755d165c5c192586456f6b546a60b6e7d6172160cac50ab2d5646000a3e451dc76dd92b0678ad4ff2e24808e24a1eb36347a9847e

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
39f9d8de3e1921624a8813fc09be6c01

SHA1
df9109fd51f0b03ff8c5fc459c5f5dd93f946d6c

SHA256
f30dffe0f07d0f2b5e4fbec6640dec8c8edf3f1fc770e28b3f1c2b7a16f817bc

SHA512
c93190ec210266b1f6ef9bfc465a7aefedd7558e205aa2f2a45d4f38fcc8da33719908b7775610d78ac1eb293afe3bb0ff4ed332ea080c4777871e1b7fcca538

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_1616_NAVKKLZSCPNKOJOR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit