266d55fa5a8cee9d08c93c10f06cd75b8c2a7cd181933f9f955cc4e1333b5475

Analysis

max time kernel
300s
max time network
297s
platform
windows10-2004_x64
resource
win10v2004-20230220-es
resource tags

arch:x64arch:x86image:win10v2004-20230220-eslocale:es-esos:windows10-2004-x64systemwindows
submitted
23-03-2023 08:19

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ 3.0/MEMZ.exe
Size

12KB
MD5

a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1

761168201520c199dba68add3a607922d8d4a86e
SHA256

3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA512

89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
SSDEEP

192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Drops file in System32 directory 1 IoCs

Processes:

mmc.exe

description ioc process

File opened for modification C:\Windows\System32\devmgmt.msc mmc.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

description	ioc	process
File opened for modification	C:\Windows\System32\devmgmt.msc	mmc.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230323092127.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d92a67f8-fe37-401b-8242-aa56ebf9b365.tmp	setup.exe

Drops file in Windows directory 62 IoCs

Processes:

mmc.exemspaint.exe

description	ioc	process
File created	C:\Windows\INF\c_fscfsmetadataserver.PNF	mmc.exe
File created	C:\Windows\INF\dc1-controller.PNF	mmc.exe
File created	C:\Windows\INF\c_fsreplication.PNF	mmc.exe
File created	C:\Windows\INF\c_display.PNF	mmc.exe
File created	C:\Windows\INF\c_apo.PNF	mmc.exe
File created	C:\Windows\INF\c_fsencryption.PNF	mmc.exe
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe
File created	C:\Windows\INF\c_volume.PNF	mmc.exe
File created	C:\Windows\INF\c_computeaccelerator.PNF	mmc.exe
File opened for modification	C:\Windows\INF\printqueue.PNF	mmc.exe
File created	C:\Windows\INF\c_mcx.PNF	mmc.exe
File created	C:\Windows\INF\c_media.PNF	mmc.exe
File created	C:\Windows\INF\PerceptionSimulationSixDof.PNF	mmc.exe
File created	C:\Windows\INF\c_fsinfrastructure.PNF	mmc.exe
File created	C:\Windows\INF\c_ucm.PNF	mmc.exe
File opened for modification	C:\Windows\INF\vhdmp.PNF	mmc.exe
File created	C:\Windows\INF\c_camera.PNF	mmc.exe
File created	C:\Windows\INF\miradisp.PNF	mmc.exe
File created	C:\Windows\INF\c_extension.PNF	mmc.exe
File created	C:\Windows\INF\c_monitor.PNF	mmc.exe
File created	C:\Windows\INF\ts_generic.PNF	mmc.exe
File created	C:\Windows\INF\c_sslaccel.PNF	mmc.exe
File created	C:\Windows\INF\c_linedisplay.PNF	mmc.exe
File created	C:\Windows\INF\oposdrv.PNF	mmc.exe
File created	C:\Windows\INF\wsdprint.PNF	mmc.exe
File created	C:\Windows\INF\c_fscompression.PNF	mmc.exe
File created	C:\Windows\INF\remoteposdrv.PNF	mmc.exe
File created	C:\Windows\INF\digitalmediadevice.PNF	mmc.exe
File created	C:\Windows\INF\c_netdriver.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystemrecovery.PNF	mmc.exe
File created	C:\Windows\INF\c_smrvolume.PNF	mmc.exe
File created	C:\Windows\INF\c_cashdrawer.PNF	mmc.exe
File created	C:\Windows\INF\c_barcodescanner.PNF	mmc.exe
File created	C:\Windows\INF\c_swcomponent.PNF	mmc.exe
File created	C:\Windows\INF\c_fssystem.PNF	mmc.exe
File created	C:\Windows\INF\c_fsphysicalquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_fsantivirus.PNF	mmc.exe
File created	C:\Windows\INF\rdcameradriver.PNF	mmc.exe
File created	C:\Windows\INF\c_holographic.PNF	mmc.exe
File created	C:\Windows\INF\xusb22.PNF	mmc.exe
File created	C:\Windows\INF\c_smrdisk.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontinuousbackup.PNF	mmc.exe
File created	C:\Windows\INF\c_fscopyprotection.PNF	mmc.exe
File created	C:\Windows\INF\c_fshsm.PNF	mmc.exe
File created	C:\Windows\INF\c_fsundelete.PNF	mmc.exe
File created	C:\Windows\INF\c_scmdisk.PNF	mmc.exe
File created	C:\Windows\INF\rawsilo.PNF	mmc.exe
File opened for modification	C:\Windows\INF\audioendpoint.PNF	mmc.exe
File created	C:\Windows\INF\c_firmware.PNF	mmc.exe
File created	C:\Windows\INF\c_fsopenfilebackup.PNF	mmc.exe
File created	C:\Windows\INF\c_magneticstripereader.PNF	mmc.exe
File created	C:\Windows\INF\c_fscontentscreener.PNF	mmc.exe
File created	C:\Windows\INF\c_diskdrive.PNF	mmc.exe
File created	C:\Windows\INF\c_processor.PNF	mmc.exe
File created	C:\Windows\INF\c_proximity.PNF	mmc.exe
File created	C:\Windows\INF\c_scmvolume.PNF	mmc.exe
File opened for modification	C:\Windows\INF\c_swdevice.PNF	mmc.exe
File created	C:\Windows\INF\c_fsquotamgmt.PNF	mmc.exe
File created	C:\Windows\INF\c_receiptprinter.PNF	mmc.exe
File created	C:\Windows\INF\c_fssecurityenhancer.PNF	mmc.exe
File created	C:\Windows\INF\c_fsactivitymonitor.PNF	mmc.exe
File created	C:\Windows\INF\c_fsvirtualization.PNF	mmc.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 20 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

mmc.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\FriendlyName	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\ConfigFlags	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	mmc.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A\	mmc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\000A	mmc.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 3 IoCs

Processes:

MEMZ.exeexplorer.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	MEMZ.exe
Key created	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000_Classes\Local Settings	explorer.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1696	MEMZ.exe
1696	MEMZ.exe
4264	MEMZ.exe
4264	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe
376	MEMZ.exe
376	MEMZ.exe
376	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe
376	MEMZ.exe
4264	MEMZ.exe
4264	MEMZ.exe
1696	MEMZ.exe
1696	MEMZ.exe
376	MEMZ.exe
376	MEMZ.exe
4264	MEMZ.exe
4264	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
1696	MEMZ.exe
1696	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
1696	MEMZ.exe
1696	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe
4264	MEMZ.exe
4264	MEMZ.exe
376	MEMZ.exe
376	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
4264	MEMZ.exe
4264	MEMZ.exe
376	MEMZ.exe
376	MEMZ.exe
1376	MEMZ.exe
1696	MEMZ.exe
1376	MEMZ.exe
1696	MEMZ.exe
1376	MEMZ.exe
1696	MEMZ.exe
1376	MEMZ.exe
1696	MEMZ.exe
4264	MEMZ.exe
4264	MEMZ.exe
376	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
376	MEMZ.exe
1376	MEMZ.exe
1376	MEMZ.exe
1396	MEMZ.exe
1396	MEMZ.exe
376	MEMZ.exe
376	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

mmc.exe

pid process

1076 mmc.exe

pid	process
1076	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe
852	msedge.exe

Suspicious use of AdjustPrivilegeToken 6 IoCs

Processes:

AUDIODG.EXEmmc.exe

description	pid	process
Token: 33	1228	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	1228	AUDIODG.EXE
Token: 33	1076	mmc.exe
Token: SeIncBasePriorityPrivilege	1076	mmc.exe
Token: 33	1076	mmc.exe
Token: SeIncBasePriorityPrivilege	1076	mmc.exe

Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

msedge.exe

pid process

852 msedge.exe
852 msedge.exe
852 msedge.exe

Suspicious use of SetWindowsHookEx 19 IoCs

Processes:

MEMZ.exemspaint.exewordpad.exemmc.exemmc.exe

pid	process
2512	MEMZ.exe
2604	mspaint.exe
2604	mspaint.exe
2604	mspaint.exe
2604	mspaint.exe
2740	wordpad.exe
2740	wordpad.exe
2740	wordpad.exe
2740	wordpad.exe
2740	wordpad.exe
2740	wordpad.exe
2512	MEMZ.exe
2512	MEMZ.exe
2328	mmc.exe
1076	mmc.exe
1076	mmc.exe
2512	MEMZ.exe
2512	MEMZ.exe
2512	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 564 wrote to memory of 376	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 376	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 376	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1376	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1376	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1376	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 4264	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 4264	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 4264	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1696	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1696	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1696	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1396	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1396	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 1396	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 2512	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 2512	564	MEMZ.exe	MEMZ.exe
PID 564 wrote to memory of 2512	564	MEMZ.exe	MEMZ.exe
PID 2512 wrote to memory of 3960	2512	MEMZ.exe	notepad.exe
PID 2512 wrote to memory of 3960	2512	MEMZ.exe	notepad.exe
PID 2512 wrote to memory of 3960	2512	MEMZ.exe	notepad.exe
PID 2512 wrote to memory of 852	2512	MEMZ.exe	msedge.exe
PID 2512 wrote to memory of 852	2512	MEMZ.exe	msedge.exe
PID 852 wrote to memory of 1224	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 1224	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe
PID 852 wrote to memory of 4316	852	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:564

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:376

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1376

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4264

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1696

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1396

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2512

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:3960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=minecraft+hax+download+no+virus
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x114,0x118,0x11c,0xf0,0x120,0x7ffad85c46f8,0x7ffad85c4708,0x7ffad85c4718
4⤵
PID:1224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
4⤵
PID:4316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
4⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --lang=es --service-sandbox-type=utility --mojo-platform-channel-handle=2768 /prefetch:8
4⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3672 /prefetch:1
4⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
4⤵
PID:556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5248 /prefetch:1
4⤵
PID:944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4296 /prefetch:1
4⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
4⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
4⤵
PID:4420

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
4⤵
PID:4348

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x238,0x23c,0x240,0x218,0x244,0x7ff726045460,0x7ff726045470,0x7ff726045480
5⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --lang=es --service-sandbox-type=none --mojo-platform-channel-handle=4056 /prefetch:8
4⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6072 /prefetch:1
4⤵
PID:5128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
4⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
4⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
4⤵
PID:3844

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6268 /prefetch:1
4⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2508 /prefetch:1
4⤵
PID:5184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3136 /prefetch:2
4⤵
PID:5712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
4⤵
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
4⤵
PID:5440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1352 /prefetch:1
4⤵
PID:100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6376 /prefetch:1
4⤵
PID:4900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1964 /prefetch:1
4⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2156,11841482353528794546,3143180716145624605,131072 --disable-gpu-compositing --lang=es --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1108 /prefetch:1
4⤵
PID:5052

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:2604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=best+way+to+kill+yourself
3⤵
PID:6080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad85c46f8,0x7ffad85c4708,0x7ffad85c4718
4⤵
PID:6092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
3⤵
PID:3788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad85c46f8,0x7ffad85c4708,0x7ffad85c4718
4⤵
PID:948

C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
3⤵
- Suspicious use of SetWindowsHookEx
PID:2740

C:\Windows\splwow64.exe
C:\Windows\splwow64.exe 12288
4⤵
PID:3916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
3⤵
PID:5000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad85c46f8,0x7ffad85c4708,0x7ffad85c4718
4⤵
PID:2020

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:5756

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
3⤵
- Suspicious use of SetWindowsHookEx
PID:2328

C:\Windows\system32\mmc.exe
"C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
3⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad85c46f8,0x7ffad85c4708,0x7ffad85c4718
4⤵
PID:1648

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
- Modifies registry class
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=virus.exe
3⤵
PID:1276

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffad85c46f8,0x7ffad85c4708,0x7ffad85c4718
4⤵
PID:5704

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4484

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:5584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3bc 0x42c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1228

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:5276

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4232

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\1cd68b28-b850-4e45-9f0a-41861672b704.tmp
Filesize
12KB

MD5
8f60a12dac0434faf5e3cc887ce20fed

SHA1
ecfd548469ae13480eaab18454f6b33ebb12abe8

SHA256
c5434bd40035e1e7c7844357924ef6ac83e0c6dc0b9b0e4bb73e07db50db39f3

SHA512
09b1a34ab6a0b6364a6e289bcccdaec8b0a77b9a80e4f868c67a0b75afa7f9a2daba22002952fb0143fda9b14ce53f726ebcf875f8254d3933a1104307b35569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b6ffaa80691e2105abded9deeb511a3

SHA1
66e828210eebfc58739b41a47e278b4bc41103b7

SHA256
81fbcd6df42c2aff230b521a5ab873ce524a17103bde2d831fe4e1f4055dc76d

SHA512
6abc82c0980e0af9974f3dbae3524cbb1c89ab54866ba74007c092014446e055b5901ecad74ccd4c6999cd8fa35aed84306cc2c28a7c51909434bd15ade56483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b6ffaa80691e2105abded9deeb511a3

SHA1
66e828210eebfc58739b41a47e278b4bc41103b7

SHA256
81fbcd6df42c2aff230b521a5ab873ce524a17103bde2d831fe4e1f4055dc76d

SHA512
6abc82c0980e0af9974f3dbae3524cbb1c89ab54866ba74007c092014446e055b5901ecad74ccd4c6999cd8fa35aed84306cc2c28a7c51909434bd15ade56483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b6ffaa80691e2105abded9deeb511a3

SHA1
66e828210eebfc58739b41a47e278b4bc41103b7

SHA256
81fbcd6df42c2aff230b521a5ab873ce524a17103bde2d831fe4e1f4055dc76d

SHA512
6abc82c0980e0af9974f3dbae3524cbb1c89ab54866ba74007c092014446e055b5901ecad74ccd4c6999cd8fa35aed84306cc2c28a7c51909434bd15ade56483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b6ffaa80691e2105abded9deeb511a3

SHA1
66e828210eebfc58739b41a47e278b4bc41103b7

SHA256
81fbcd6df42c2aff230b521a5ab873ce524a17103bde2d831fe4e1f4055dc76d

SHA512
6abc82c0980e0af9974f3dbae3524cbb1c89ab54866ba74007c092014446e055b5901ecad74ccd4c6999cd8fa35aed84306cc2c28a7c51909434bd15ade56483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b6ffaa80691e2105abded9deeb511a3

SHA1
66e828210eebfc58739b41a47e278b4bc41103b7

SHA256
81fbcd6df42c2aff230b521a5ab873ce524a17103bde2d831fe4e1f4055dc76d

SHA512
6abc82c0980e0af9974f3dbae3524cbb1c89ab54866ba74007c092014446e055b5901ecad74ccd4c6999cd8fa35aed84306cc2c28a7c51909434bd15ade56483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4b6ffaa80691e2105abded9deeb511a3

SHA1
66e828210eebfc58739b41a47e278b4bc41103b7

SHA256
81fbcd6df42c2aff230b521a5ab873ce524a17103bde2d831fe4e1f4055dc76d

SHA512
6abc82c0980e0af9974f3dbae3524cbb1c89ab54866ba74007c092014446e055b5901ecad74ccd4c6999cd8fa35aed84306cc2c28a7c51909434bd15ade56483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
333KB

MD5
5c92137c75e8517e99c399e4139802e1

SHA1
4d4cef819a5edc30f43e31ccef36da9780b80e97

SHA256
bbc4d41a0364a69226e2d11869b13ecc628b59948c6e5bdea1ba317e9d64a89c

SHA512
e76855df43ba6c8b48ff572e4ada34c72eabec87c1ae47b50a7f7c5672dae5663b10fb927307340978e3bfa3bf7eef4244bdf5a5b4cdb4eb642ad3d1d60458a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
63KB

MD5
38a059fbc080b07299425dbd6c9a0de7

SHA1
d20df74f0fb27f3154324147960a848988bd570d

SHA256
6a0192e4a39c3b7445105aacbca7ab692f39ea8f848c183ee9464b8cdc70d1bd

SHA512
dd15c47ee780d9bd7e4b6459d411a259f55e65f805a7e40d9b1473a491740d7fa7d99e276266cbd1987c6583c70fb1ba2c673eb81aecaae07d7026ab72ef64f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
37KB

MD5
d90cb261f4a509d886611473296e188e

SHA1
23551f9039c8b855b496f017c8f75b32f6e56671

SHA256
ca6c7cdd1e68e9f251fbf58e0b0ad9e883b38979e264c3cf4125f603b21c8bb4

SHA512
1cca6c9490c8f7adca7441ffea3e7445309d0c52fbaf7252e4c3c73525e00233a8173536c031747a55343bb86e96618d9c96afc6e4f8d25b0106729cca5c8031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
203KB

MD5
cb6bcb1fe7fa4ed9b76cc97498e92ee4

SHA1
8d0e74f445c2ec28f1c081c969d2157879ddd31d

SHA256
cb2ef4b211f67825f8f2d6e548a02f44df8d3c515c2e5766c0e77c540c065200

SHA512
fd901165a38839916dcfff5230f9b2bc2ad483f0b05b16ef46e5f6c147bd39a1807a7e060ebd4cdc42bf77802e1506ae117000be90cd37b2aa10b1f5c3a61b1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000c
Filesize
68KB

MD5
50cdf8ea07c405b7536d6271ea9fae60

SHA1
bce0a8ef29fd4d2dffc9a0e3b12bb17b6521aa9c

SHA256
6f9b944b3313c3a7bf48d20db778d99ca76a195ec28c44c3f6a2de2c1066d592

SHA512
b2f5f5b607fcaa13654651ab7d2992fa4238e31365fc6f41492ac4169ff12acc15ae5d10063af24ecdccf8c7ce73a1f82fa73ac6324d1a242a61e3d43b1af0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
61KB

MD5
0a2e2f95b54e89a310694f31dbc6fc62

SHA1
9daa610e872ca9f6e2ff762c593cdc746ec3622f

SHA256
8d4c2868376631c94ac7b06f4a26a3777ca799ec746caaa221b0074dca533d58

SHA512
038908b3550675c4f01f8b6fdf2079d8b2ef9a686d35b4103402969d22c199e6df0dda1a4c9429a6b78480b92b84730f538d2eb8d838f7ba3e1fd93174127ce5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
360KB

MD5
093d7ac2bdd45414cba0283bd9039455

SHA1
7f4456a002eb0ca15a2e24be9383870b3420c3a3

SHA256
1fcad7113cc4bbdf3984a21931ab82f6931ce3b966a94717c8ad656f213d210e

SHA512
2ca3f2dc644421a5b1cb25f114d54acc55711d6b0db718927e7f708e53151a8ef9b7ec039b8675845f54e0520f52f871261201c7da72408a7c519634ed657dfa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f
Filesize
50KB

MD5
7c25eccc08c604818f2ad949bbd64d03

SHA1
f798ffc2e47c6c816b6407df3be703e26daeb167

SHA256
4065467e0796055cdb19ba98e01666d967e99df14316fe190edc613c9f2bae71

SHA512
99d95a658e9cb66eb237fa78b0053e2403b903b5ae785d3b4ee840fe4a3696c22a707a6d7b3ab86fe2bbb7b3e34942f95db773e4cefd32fea224c8c559253274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
35KB

MD5
e99a9f01e9ddccefd4d210754a5b86bb

SHA1
d460ae915054b6ddc09ebd6b3d685abeec55381b

SHA256
69c29a5b48d53bca5fd624cde973c759d24c94b13ef6a7917059b9789d21b9eb

SHA512
957876d628c04107ac3b8c7a42c1d036fdb695d90309e3e6118f69f85830e70cacfcf187a2e368a17b513884f6dde843529091a81123603f3a8f70c8fb4c49ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\161ec2eff93cb693_0
Filesize
135KB

MD5
a66a3b9abf7e20094da132b31f0d6381

SHA1
c02ef40a1220b6ae544788ac6c3f2cf39cef338e

SHA256
751e8681e1dcce796f4f7b1bb237b9bfb4186f8e92d5f3d5a9a3d8de35770790

SHA512
1ba36f68b530e2bc3e70c32ca79888ed2384fca13c5521244b42067199b871f1704ef65fe47041c890fa6857deb3502fa5dd3a299ac5e2407632f96c5b918158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1afa608b2c065dd4_0
Filesize
281B

MD5
e5caccb754d9b2285be7c4eb5ecce4f2

SHA1
c277e43b56f409ad3a28607594bdbebcf1148c46

SHA256
3174a7cb2a2ab10ecbbe3c05d1b61af3509ccc9ed48dbf56519dd7c9a136d9c1

SHA512
33a7eb01fa303add2016a6400ca2af0b8e450bd4ec8d3f4bf251645df90ccbf9b950206cf707346a666a7b61cb67e4e8a1912f1d01768b77bfc62399c23827f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\52b676bf9aa63aaa_0
Filesize
202KB

MD5
dddea9774917ae7ca2e19debcb2cc493

SHA1
07198dbbf987fab7698440ad6269030854504152

SHA256
fa951469fbe5bd7e6af23cb54e22a2cef48bbf9cdb3d9b908a20e73ef04a57a3

SHA512
c2009f1760a29ab372c1d1f3b6603404f1542363e82a4f47f3e15e86219ab7b0a9e45ace01a723e153ca57d7fd28fcbad6e028dbdf7b4a5b795bcd1a0fc37963

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8649e36450efcae5_0
Filesize
388B

MD5
c42d79a92f385090fb70fcd5d19ccf29

SHA1
445e38f039b17614cef84fe40e550e42005cc9c5

SHA256
9d23cc5f9a545865454676867d1168fb5b01d058720feed1efa2a5ea6926a2a7

SHA512
374d6ef485362a90595569224dc3c57f9fb30393d68428047e4034a5c3ab313908f25f00a60c461c47a26ab21dfd15facbc68c050d1c04d62035a44d2fc677de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\890918a952639864_0
Filesize
286B

MD5
fb634423fc94f4fd4cb5206e33a8129a

SHA1
ecd8c5e3bdb59de08b1154d44bfe6c67bf4108e8

SHA256
7d64e1e99f805ae3c6a3c442fc17a9be1748b851300b1f4ba6f169fc79e86c40

SHA512
8c8e1f4b6c79e41861d73785fa42f115ec3f6e64d2002e003219846e6799fb0487faa69cad05cadc8489e267b91f15deae213da01574e38fae477921c39ec132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\94507a1d6ccb9ee1_0
Filesize
8KB

MD5
d8ad15529982b5fe111d6b1782e281dd

SHA1
72cce3f037fea238eabb8675b7c1fdf05c9e5150

SHA256
8c97349450932f22caea4ee3abbc8d4c8c0726900e872bae31da364fc4d5354f

SHA512
fd1e3b1f91a8bbdbd63d3dfff7be490a304b7f02eb591e365a05a8a040c64c4c4b01f76dea3444c0b3ae092f00607db0038efd26e4a22fab9ac0b4409c8c2f73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\b02f258783e3457b_0
Filesize
1.5MB

MD5
275b015e233588be74fd7f79a417a3f9

SHA1
29dacefec4cb80b54988718183c99f0ef31cf372

SHA256
e639b3fb58004d506c7db1e852a689d903acc645955d710e9b3dd5aa7639c01d

SHA512
51fc7f4d2857bbdbf323e47b3f586a3019514fa7b01ef188e5c9d581d67b7c9b6b3b8dc916812cb849fa4b5e227c412450adf94a2a38bac34d758edb7c3baafa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bc59a1b0223f8a39_0
Filesize
498B

MD5
fde9ecf233f63908a5040ea012a03384

SHA1
bbf5dbf4151978d15ebadd5f3170385eebfb5948

SHA256
6367d7ef9220d5d172ad44685d15b0d506e00db16476d71bdcf57c245ac4e65b

SHA512
cbf7434ae1f22a1f463a5f14bc6d78075ed41d70a9f22a7abeb00a699234dd0f2965e64f1cbedf06b78e06fed93d9f0185826b824cf56774532f397955f1b70e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d2dc6ee861c142a9_0
Filesize
72KB

MD5
716bd425fb01b61130578bc656797e58

SHA1
649f3a9533d759bac91a38455064c74e8014c503

SHA256
8aa59de6d0d663a00f0a90619348a66cf06292b8880461740176184119c14015

SHA512
6727bc9c04458ce407a87501e5ef168ab5a7323f6d856a546e00c3352f26f95d4e57d81350bbb3bf1b5da521e5fe325321cb03c229364fd87976b2dac93c3a92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e9545717e6d151d2_0
Filesize
57KB

MD5
c208d5e928bf058c03ea07329495649f

SHA1
67c3c9957a19c505b742bc601a476793666d91d5

SHA256
b0fdc8b54723e1840db4308fb04e4daa1f432c1cc57533aa31f57f232e3f9226

SHA512
68dfff66ff88d30b329a750e6297411d5ad812a5a1e7e9e5fe70cf5caaae66fd1e045a7656294bb60584422db6c21ae4cb82e2bfae2d0c4b5cb0fb7aed9cbff7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\eaa9de976805d7cd_0
Filesize
413B

MD5
07db993b7a5598f2b18c39fcf2bd5374

SHA1
4e7778b0e205107ca889382a3fc3d13749cbce06

SHA256
48c86dba73e4b9f68d2f21044ef9a08c449dfa16a8780209f69aae52d5c9dcdb

SHA512
b4e41ba6f196775c42abdbb40792a92a402f3f8585b1c2b0976d0179e3cd74559038a43f4b5d1669bbc55d7c8cef6f6679992013e63322429bff76364bdc6d74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f98b0e9271fe6ca3_0
Filesize
123KB

MD5
f58018dd642dc42e9974f858098b467e

SHA1
0101725fc3205579637c1ccac6a6f828bf306324

SHA256
f94b334520a73a00f4f93c46ef28d364444d44fd62bb7041148cf6d76193bc2b

SHA512
10a47e72e2768138f90bee4437bbf21bdebc798be8b4eed98b3647f82e21679be67ade0f2e662455eaf1d93cd04870bbddb7c4e99fee2a2b5baf2f0d210dd08f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
330e70e940050e5cf0f9cd359e04a41a

SHA1
abd25a2c37d41fecce088cbe1c088356af985b17

SHA256
e8069648e3d151bbe365af7571ae83475914bc474453fddc785707846a015daa

SHA512
82e595acdde1a2fe54cce00b126693b7cb6984e9780a12cb833a6ddb88795137686e4b3fb4e275e2d2690b249f476955ef80b09a89edcda3f6471ec18f43b504

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1008B

MD5
dd64b4d5e367b403fcc2f95ed28fca83

SHA1
03a989616941efe6cc7efca29b1f79a4ff5394e3

SHA256
a1300b302d11d107aa9969182d26c44fef2e3c9072ad563c7e3acec0aed0a3a5

SHA512
a398f3d33cd31a4718297e5aaf01f92bfc5f779de48f95d1209b04f839a70c9c59d0034056a4c553349bfbd00c363731fc278c581625839a321a3fce7a274fc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
600B

MD5
1e8863d2fc6b9b9dd6735906abf1bec6

SHA1
bb0ab67af8d303a526f677ea75142f84f6257105

SHA256
f1f1ae12e607487d37d6a84c9183ba29ce879b3c5c94ef2d9381f59e48045650

SHA512
6548bbeb39929c2117f71230378880cb0e74b3d931f0a9e471d8b2545428cfd4628dc85c68fa8cd710130b56ab97353a2c3ef8a890e5a3db06d43ff00aafbbc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
b820a2fb3836bd824965ac85413bd01c

SHA1
5879f75c39d8921ebc118d4c95df2ce8e8f97163

SHA256
061b0dc58a897c74df66a947cb717c76797755773aedb8758b75745c6c425f1e

SHA512
a2f1330602ac7927277e00d693a0e49574116c7f5470104cf269053935aae22872ec134c4073abbd62b8241c30aa2a86ce934bdd69747d3a7947bd5ae5ef1005

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3d6e5de00f961e8c4331b2c29058a760

SHA1
6c60500bc640739661bc5f8770410b9a68bb29fa

SHA256
c18ec71bad89487954fab333a0ead90a01c0a4f8a7ecb711bdcaf4735356fa8c

SHA512
9f98d7a992ef49affd11f188a627eca7becfaa9ec491103ecefb04dafd21e277692af14878b91a2484e8568e342d4f7ba97e1444595657625f7aac37747491e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
888B

MD5
7ca62c717b48ec33a6339e1935d8e9e0

SHA1
dde6b034016df5e5cd2b4f7e4fbf1c55774d138f

SHA256
18ba0f189c627b1b8ed04691d9ea55d3549bebfe2e50d76ef89a847e108102f2

SHA512
f22c24cae25b347b7b6b6be22eacfc4a612b804cc20bf5afc162d450339897333ac2fb4dfd658301c59a5a2082b5548c6f070cde2cc2afc02e47ecfd41c8020b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
62f3b9ac8bccbe4d20b6e0e6ad33f301

SHA1
e77aaa0b10630680b94d70de95f9a0aad6908bb5

SHA256
0bf09fa001834b1ad1bba3cabe4aca4ab32687ea2d55a2b3fde20bc9b7c5c061

SHA512
bd36110684b0a456e45a8da5c7d8fbc2fd9e643fd4d6239fdcce85327be6a4891d2dbec890936e90c6e9888e42ebe38f1ac0a8630e3d4a6fafe1bb3e835614b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
7f7848c276de8d41dbb3514b8470ed0d

SHA1
62eca156953e375035117cb53fba85e6f957b128

SHA256
b361c7b78d74dc87c9fcdb215b8515800ebdff5e9521aa1ae8a30da131a7e358

SHA512
69289bb0db7fa49723820bc4ec8ed193a5b4e2bcafdd5f34cd4fb0336fa15ff1e818fb5296a55e3b191e91b24bd55bfc50afedea9eb7b8d62392ad2a14f1bf95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
4938118a4682ebb71cb77853af64f845

SHA1
cc6056f925de08c64c44cbdac7faaf685dff9e69

SHA256
6e9dd0c1f131f4e3a367a06315e3590d6dd79175916c6732e227c7d5aeea5455

SHA512
16d31373575c5ab37d2a1b0197d1a71dd54daf3392da7e8bd5627c5f3f6c9957f1e4989a37b178fd0a0bbfb2a522607dd08ab49c407ec139c0a808ddb6307935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
70fe320b398e7a521f01fbf7e1bf187e

SHA1
ea21e498f0479ebc26bc8c996f2e6fa343fa7c63

SHA256
a6b5dd15cc4265c2ee96b0e320235096ae478269a87db2bffa019cd41322b9cd

SHA512
1439d918049fee41a7f3ea66ff619ebbb39eaab0f6ee02fb73b1730066d9fd0827b0482347f5bdac96ef3a4e80def0ea4b45dbc2589cbdfd9a97b607a06b2957

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
04009abd9230a73713dc3336349510be

SHA1
aa1d849641c5a9c7f402d8145aeedfbb063663bb

SHA256
50636bbd682cc1938b4c24fa9d647930f1ab9d7203e5268bc657ca88a045365f

SHA512
65eaf6480c51a6078d6bd9609a5c2d50f7f696674367cd02897f78a980d63bb7a3597f551b91ca4cee870dd3b432627a909b3573b5ee78faffae26cbeac2d0cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
72cd56e161971af869009a82b646fa22

SHA1
7aeaeb14d051a55fdba4e71875bf0acbe1752f4c

SHA256
67a86e48aa28fc82009a8b6a7d25533be5c726e24148d5d1bc22a2f4f516a518

SHA512
548a1088cbcc4ddb4a6b5f338726cd9cadba2e552a9a28c3d777a8049c0ed052b13ac42283214e706bf6a3a53656b03749f86df850c3d1462b574f83a2d7023b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
527748f7a712a42a5f6a85746210901a

SHA1
47a85ddd5b92f696ddfae65e0bb6af535268df39

SHA256
a6ddc7b66d203d964164114b0242ebbafd21de6dd0af62e435e92ca6004ca00c

SHA512
eb852e4daa5819a2b766f6fc1842b63a2912c2d6afe435226fe84a0a33d44d72ce6ee9b6f4e03ff4856c3e29dad46340d1455f559330a322eb20aa211215906d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
53a0f7d94762044ba3e2e1762fe847cf

SHA1
58df9b0af00511a98b63334470feab2fb8911573

SHA256
2d591fff604f9926fc4346a1e05f8d0b030325d234494bd30cc9a0addbaea902

SHA512
d1a7ebcf42885bf71f2d7fa1f2e1213b9a004b1583b0f9f0732ff65e76127c996d43e1a7f38708a11dcf1014df0f2ade2bb34bed61e47baff74cbcd4e63e09c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ad0f496caa79f828d2a0198805e04deb

SHA1
b81b5359d71dcf14510743fbbd92adfe2b104ea9

SHA256
812fca13ee7951958665857d58c5fc67f66066c42d6a98a275deb45775ccf24c

SHA512
61dd8d063f0119d5c6741b25b7e66436c585699555269b3d736fd41def4de32474c0f9a293409d3b2eb57eccd9f75b984e5abf722eb675a83c1a69c6bfb2c887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b5967d4183686b6db20443b84ba1df8b

SHA1
d361f7a3fab7faeeb37046533267706b63b67062

SHA256
48fd3e094f9cf310740a76e584b9a01d4e4d481e93d3a13c860e034d21fc1940

SHA512
e1f3d15153869f9030ed17cb93a869c82134205e79255c61897a567e73fd49a6a7a018cce2c1a633b126c6fd319d47ba32579625f42bb454198300a41f902f3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e0546fdaf2ead224a6cd11236b06d24d

SHA1
d1fdcfb7ad9dbf090b39c91fad20a24961113c2c

SHA256
a4ca4a81e9dfdad6ce2df9e45c4c00f2ac0c7045dd8369177cf7777266aa2ce4

SHA512
e131e59c39aa83aabb61ab81c65d00f824102acf8c63e6cc07760b4e7a0ebccb3c6203c1d01920bb65aef4ba0e18a3db037d7322ffee930789199546c3d7a885

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
42dae2473cee538112862c96e44c3d8f

SHA1
efbd968a704b9a163b69ea1cf0642f07d8dc883f

SHA256
f49d3e59f9b0fd694dce2b37f432b3a954ac3cbf39a2d8646940c73e6f377d99

SHA512
ee355e47131f18b09e5d446a02234a4b8f2a773d274e3fa72a8b35b75451e36fffc48cab603a27bb2a13d1fe449b5ef5541fbf870d10d1f47bc1abe1d975bdd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5fe78738a8acc3989bfce799fb39e186

SHA1
5b4b17158d7a97881c964c8e4fc0e983ba44a74e

SHA256
a839e10ad198d2a4543d48a98ae362c08d9916cbca4a15182d694603e9a70c83

SHA512
1add2bda456e30f5227cbfc78ad90765e0bdc45c5431d30b29e3145bd8bd2a69279d21fee22cd7c9cc9f3d009a67b368ed4e22f1d114e2b3b82786d2937f6815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
0b1806b8471a2c57b71fad22af148dbd

SHA1
64e743f9ec495fbfe39ebd0b5b45c9e3d9fd03d3

SHA256
6e19897851cf960b43629683ff92f7f37fc2b280fb58df1de78da69e29708abd

SHA512
fcda0cc861d624698bf1509c149fd50fbfcfaa126bfdffd48549599fe70228b6d6c3edb91cfeceaeea7be439b9c59cff69e1dba40b4fd4b71e92fe319bef3db1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
b1bc04824170f0cfadd32c8de2883b06

SHA1
116811c90b0f4531d5fc44a4bf5f50f906a83ede

SHA256
50d2dba9ccea5ec55c2528b257d85be3b1e91c481b4778e1257d3ce0271ce158

SHA512
199d31bc0c74979d38f0ff178d3ab17a1f0e150bea9ba10482b8065900035ab7e2a8b12ce2d2b52f89c0decc8dc8f7cba0f86d0b59720af51fa510b58708f27a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d5db277b-beea-46e3-9de8-3b4771659c2d\index
Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
9719ec955255a1399c04331f322940be

SHA1
bcac92733fd95d5415ffbaa2029e556f14949273

SHA256
c1e6cf11c710059cb600c1bbacadc764889be927fc01f498e0a0bdf76c3a482b

SHA512
ec8c1f5cd525f6ee5f2464ac595c4938e9dfbb168e8fa700d320a82fd716b509565394528a0e1ff5137e66636fe6e9a8605e8a6e8d5a05d07b7d0a17fb4c4bb7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
60a3d7d3966f96028ea83d7acac92425

SHA1
8f23674938fcacba546dc8fcc6583f4cbff09d50

SHA256
57a8e744c34aafa0fe0b59aad26399b8eaf80ab52d59ea8554bef84897cd147a

SHA512
9ec6593df3d24373e17e9ca84863cda6f97ac4fc689333624f502d0ff40e4bc466be00dba4ca11d1d4193697d354accde3da787ff1501e3e334663f353e26252

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
e661c7cae047f5b901da81bcb3f95f61

SHA1
f5f7dab6686e0174dfbf3e19f7e0a2e7a3079d27

SHA256
626923ed9a56f92d904efbba6c9718ef3569cdd08cb2c0b641e692b81bd33265

SHA512
b206460ec428fad28f8e43a5234c30bf7446ad037fe1853520555bda95176a5fac01956fb7ee331e8b5bce1173ef6fe8b04a64d329b1cb829a4476622be08f47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
f8214e2b1ad13bebe53180d8d4e92f08

SHA1
d7f84873b82a30bd91f9ec70d84ac9ca4ae4f4a9

SHA256
d52ec6c25ed2ee125d00ec21dcb64a90f547b9497481403ec91ee9f0e55f6f03

SHA512
ce2a638e79f0be08f56db23217ec2166515f23fae1c767826208925f050ae1a791d9ea9c38f0be35bf87e2dfb023b49bd0cb6e55df5fe7f3bc0c2a84924210e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
95a13fc6647fa7c99c62732e15f4ca1f

SHA1
a01372d65f30ebedf0f4037574ef00f047bc7327

SHA256
b525f0e269c569c5935f486897dd8acf42e1afe80a72dfb969f1924ecdde5b89

SHA512
ea472cb880f5358bb270fd573b0dfe465a60fb96e2ed3043d66f9ddfb754b561d4fddbf76337f4288995ed5fc3f6b847ed92a0dab50d170cf1adbc4bb291c451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
8df499d995bcfe69066ca2d39c99ee3c

SHA1
de01bc7b46c7d1ecc06bd3ec4a1ff695e37b913e

SHA256
82e2315e43e79ac0e5dabbdbb793cae3aa57a182f19837ffee75169b0231faf5

SHA512
d5d6c8948a9e0001bbc220ed721eda7c281c00dc70735e95bbeaf8651f3c90f22709185cdc435cc86b9b983723ab136ce793a8192c109d458171f46c04ade8af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
6011ae87fcaca3b08be99530922e5f37

SHA1
8170070353089afd00a8512d0ab8dbd8c0b0eec5

SHA256
7a239bd318da5ed14cc98c7ac94dee143de73b1d3c630536f49c779453c7d6c1

SHA512
f177a8881a01c5f46cbdb583b3f2f2e423777902a6fe468e9a8df6bc3b7db2e8dbd1193c14924a2b11862a5104eff077fcb415b65ba7371576494c7e949d4274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
454a10ceae7c59ee3ceed87256076b62

SHA1
e7738c9643f7ef7fa4a9318dcb6e2decd6830bba

SHA256
98cf91bd132b7c1c999b76929c22dbf7d4d59bffec83dfd319c770fef92b4ad5

SHA512
86983d0f7d24b37e7452cf6b4eed0aa33445b6fc269a1a9e3d578826c3894c472a190a552e48108693a170daff6fe9b13e4aa29a306f80d8e36b381a4ec1ef68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
370B

MD5
a58b45ee3594c801dca019057dd0cefc

SHA1
04e8c21f2d37bbf7b3368901b1c4f37ddd3f5c31

SHA256
bcfd36ac5d3679af6bf9e6d61817fdf74ddf662f426431205751015e662873d1

SHA512
a9f821e6a137713f8e5678252291a85882cf66034dc583f063cec1bfc7a9dc26a71f83a21af5a90d1244d806898c54cf2bd604994e9cd1422d99c7f992938011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
21ce7899ca95eeceef2b6b3a87cd3bff

SHA1
10e327caf7a082daa330e7dfd62deffb85c08af0

SHA256
16914807bee50ad26cbcd3e340f6628f62c2b967eecac578e9bc9697b99c24be

SHA512
8cdf03f5c754d3ca73add44abe6ac72a81fff8373bac14331696f586302c016bdbe04ee8a768ae0d493f337f53ccda63e7704b9725810acb9720a9a25bc134fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
2937ff645efc4e82b85a4fe4bd5b62e5

SHA1
a2774511ec06552fe76129de1a1607d4cf6c06ca

SHA256
b38b6c6b1ce7729e7f8df3f042633e07cf2c7bb3c017fc90b23a8374e50c7549

SHA512
7f96c50dd867f887f605b1cc23171b67467577de29853573431f1cbf5ae3e4f64c1bb29d429c9e0abb6fb5f9a6377e804ec6eb6377844d153ba09bcacb69f779

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57e510.TMP
Filesize
368B

MD5
791ae4e3ce91fbf0dbad45150e9b2603

SHA1
62a0a96f8a03b104fea91d2ea90be151934d62bd

SHA256
f64da16c337b86a9830a24fdced028af441488ccaf3d4d1971e5d5114aa50729

SHA512
dd0adc5f713fd525fcf6395244417ff71ba5599a993014dc41ebc3bc6e18564c2cebf9507a985646f609578ea75e2d0de2cda83456627706cf6737473fbce5a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
6e53437f7a9df7c6f6df10df5e154590

SHA1
0adfda2e9932a081ea948d9b68e3e9dd25222505

SHA256
28540bb139b2ff58b038d70571f7518143ec55822de2d628376483ee1ce3f920

SHA512
b7b6c2e76c3ef8885675cab52da487c9c9f189952a9b63501cd84f0cbff74b7a07a3d7a5993a4c72077bb9231c68de4ed1aaa3b7a972f1dada029eb5ac0c5079

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8accaa1c9e50cb237ada5f692d468133

SHA1
210b0c27eb9105b187d5f5a4892453fcb52194b1

SHA256
2867d6c0c97826eea77b9e15aa004aed0f9fd5002d0a0fba60b3861da03843fd

SHA512
b5d8df4330b0ac5989870bc8339baba8363a7dba05f81a6307906e6ecaa319ea1b9080ac0e700e4e5096e56eb1d5ec4fdf926b3dad516a078ffe556697ca505d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7fbc8b64cc319ead93ec48db338148eb

SHA1
32d38a7d2633bd239e1eff6190b974690195ac6b

SHA256
a1baabb1d97639b5797cbd762ad622ee9e268c5fad31c827479865490af87650

SHA512
709bf0686c908c038b4224cc61db1085382112ea57201fddf0ed4e21ffabcbe52bc451b7a65dd7736386f21bb849be5c7bca558aa58a1a89f807649d9ace1854

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
6115d41bf9625d1d3325695e13c36526

SHA1
1b8afcfa09cf8c7390dab540c6f1cd5b16e1e228

SHA256
621dc2a3938733a02ea8f8fd656c1f677fe4ed543917545737240c280c041442

SHA512
fe30e59b9897ca28b9ba8c3b7a0a0e901876e0834471b23378301563759ff8fb9465f9049d581a0033e4c6f5b9525cc7a8a8b0922c98c5619b1c629e6ee5baf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
75c0f077c9f026838b2ee36923693599

SHA1
1a06c332410c0504921bb4851f8b140dbc12de9e

SHA256
5dacee28734987351fdef04fe98a1375253bd93d091523649b8629e3b3bf29c8

SHA512
033dc44b29a0de9a720272c638e03e77a577df5c9bf153960dc75140a801e98b62bd0ef4bf23a5e72054dda706a1fac90cd8e8def89e7cd2602e081e445635cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
bbcf8a4a06777be4757c46214a9778ae

SHA1
5443fc5180fc7f39c1da9bc4127d485ac81393ce

SHA256
f6ff7cf27c79b149bea0eac582f710531ee19e25121feb762031e0ee78e1b594

SHA512
b9617486b2dddc5a33f151b353860bc7ccc66e2cef5e7a6b92700fe46ce681c1f4de9baaf5a09baefc1287ca5ac0b8d929bf4317f21cab6143a6526e0da0a948

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
4291cc6434c984c8705b7346ecfb7e8c

SHA1
d74787ac25aad34791493d011b6115a65b1a44bf

SHA256
c33d5813119cf0655fcfbcd223c5a1233c67d74199ff65581cea7474b5464c6d

SHA512
9e79cf42f941668898891e077c2d88835a6cbda2f1e6532c51eab24141fb9603e0ad64025d6a47e30433c31484239fb9b251240cd1beac0f7a2d70e1b7b2090a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
935deb5d2203bf2e7d08422ed6235c30

SHA1
718497c607933187f2ec1ea8a7cca67fbe89a92f

SHA256
b8a35a2471f8e6561caaef03b52dd6fe654d2eeabb70d8e0c18024298bb2a243

SHA512
01278c6f5e52d68d1e639ca16bee0466de692ee19778b9208329e8d691cd84bfafd3b6f0ace00fdaa03d9895adfabd7dc79155d195b7bce43fa2d7d4aa75bbbb

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_852_WUQGXEKGJUMTPDOC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit