hxxp://tria[.]ge[.]com

Analysis

max time kernel
203s
max time network
228s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
28-03-2023 10:50

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://tria.ge.com

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\527ce446-97f8-4c9c-a28e-ccb43b9a1690.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230328125029.pma	setup.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

powershell.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1529757233-3489015626-3409890339-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

powershell.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2868	powershell.exe
2868	powershell.exe
1284	msedge.exe
1284	msedge.exe
4960	msedge.exe
4960	msedge.exe
4972	identity_helper.exe
4972	identity_helper.exe
4724	msedge.exe
4724	msedge.exe
2308	msedge.exe
2308	msedge.exe
5136	msedge.exe
5136	msedge.exe
4976	msedge.exe
4976	msedge.exe
3900	MEMZ.exe
3900	MEMZ.exe
5128	MEMZ.exe
5128	MEMZ.exe
3900	MEMZ.exe
3900	MEMZ.exe
5128	MEMZ.exe
5128	MEMZ.exe
4352	MEMZ.exe
4352	MEMZ.exe
5128	MEMZ.exe
5128	MEMZ.exe
3900	MEMZ.exe
3900	MEMZ.exe
2980	MEMZ.exe
2980	MEMZ.exe
4052	MEMZ.exe
4052	MEMZ.exe
4352	MEMZ.exe
4352	MEMZ.exe
3900	MEMZ.exe
3900	MEMZ.exe
4052	MEMZ.exe
4052	MEMZ.exe
2980	MEMZ.exe
2980	MEMZ.exe
5128	MEMZ.exe
5128	MEMZ.exe
4352	MEMZ.exe
4352	MEMZ.exe
5128	MEMZ.exe
5128	MEMZ.exe
2980	MEMZ.exe
2980	MEMZ.exe
4052	MEMZ.exe
4052	MEMZ.exe
3900	MEMZ.exe
3900	MEMZ.exe
4352	MEMZ.exe
4352	MEMZ.exe
2980	MEMZ.exe
5128	MEMZ.exe
2980	MEMZ.exe
5128	MEMZ.exe
4352	MEMZ.exe
4352	MEMZ.exe
3900	MEMZ.exe
3900	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

powershell.exeAUDIODG.EXE

description pid process

Token: SeDebugPrivilege 2868 powershell.exe
Token: 33 2100 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 2100 AUDIODG.EXE

description	pid	process
Token: SeDebugPrivilege	2868	powershell.exe
Token: 33	2100	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2100	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

Processes:

msedge.exemsedge.exe

pid	process
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
4960	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe
5044	msedge.exe

Suspicious use of SetWindowsHookEx 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

1704 MEMZ.exe
3900 MEMZ.exe
5128 MEMZ.exe
4352 MEMZ.exe
4052 MEMZ.exe
2980 MEMZ.exe
5160 MEMZ.exe

pid	process
1704	MEMZ.exe
3900	MEMZ.exe
5128	MEMZ.exe
4352	MEMZ.exe
4052	MEMZ.exe
2980	MEMZ.exe
5160	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 4960 wrote to memory of 1112	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1112	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1092	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1284	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 1284	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe
PID 4960 wrote to memory of 4648	4960	msedge.exe	msedge.exe

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge http://tria.ge.com
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch http://tria.ge.com
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe003d46f8,0x7ffe003d4708,0x7ffe003d4718
2⤵
PID:1112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2216 /prefetch:2
2⤵
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
2⤵
PID:4648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
2⤵
PID:2924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
2⤵
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:3272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
2⤵
PID:3316

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:680

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff6e1545460,0x7ff6e1545470,0x7ff6e1545480
3⤵
PID:1500

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
2⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5376 /prefetch:1
2⤵
PID:684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
2⤵
PID:3356

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
2⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6080 /prefetch:1
2⤵
PID:684

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
2⤵
PID:4344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4048 /prefetch:8
2⤵
PID:2868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
2⤵
PID:1248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5672 /prefetch:1
2⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6704 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6636 /prefetch:8
2⤵
PID:3872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
2⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
2⤵
PID:5552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
2⤵
PID:4724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7012 /prefetch:1
2⤵
PID:4380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6064 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6300 /prefetch:1
2⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2960 /prefetch:1
2⤵
PID:5988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7004 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2160,4739958412301938416,14265612240876599269,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4752 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2824

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x304 0x2d4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2100

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5292

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:1704

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3900

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5128

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2980

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:5160

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:5596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
3⤵
PID:4556

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe003d46f8,0x7ffe003d4708,0x7ffe003d4718
4⤵
PID:2960

C:\Windows\SysWOW64\explorer.exe
"C:\Windows\System32\explorer.exe"
3⤵
PID:2736

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4052

C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4352

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:5044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe003d46f8,0x7ffe003d4708,0x7ffe003d4718
2⤵
PID:3196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2568 /prefetch:3
2⤵
PID:5072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1960 /prefetch:2
2⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:1
2⤵
PID:4956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
2⤵
PID:5024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2972 /prefetch:8
2⤵
PID:1444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4952 /prefetch:1
2⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:6032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
2⤵
PID:1304

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
2⤵
PID:5800

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4980 /prefetch:8
2⤵
PID:408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
2⤵
PID:5724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1948,11528140128018866718,17886979924025023150,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3896 /prefetch:8
2⤵
PID:4804

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5788

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
163202a097983b20ce2bc01b538ac220

SHA1
d6687b7a0da5b733e677f7f9bc909527e97ff748

SHA256
031eb7b5db01a3ac72cce6caa1b26a3abd390d0bb06ae09af624088979c9330e

SHA512
dd1323e23848cfc3bc9d025e856bb2e48c94dac3093110356ca9c1fdac2ebd5ea304d0c79424197e6153126d29189c07a2993ce03873392023aaa967e5345a13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
855ea64a607340b6b60e24120574bcf4

SHA1
d6895d6d63e465f2763cfb1c528f5e30f8c466d0

SHA256
1a465083b5b3704575a543de81f3a2516217e42c67be27bd33cc03b722b650a5

SHA512
d0c40d21de319a6c0eb87c4f7af6ae59fb598775f1a854fba33a0f4911426f72b460f7d6c6c091b77e8c2bb0598d8663609e82e7c846895fb79ea7ea91345d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
262bec3afa0618fa98102db97cc91ff2

SHA1
d6bc45e25740091dea9d9b6b022cf6ee16be4a98

SHA256
65b91952fe62383d8b1e993399a6e45575e63b620f1912035ee20f19ddcd5b16

SHA512
a1ff7982917dead05cae42a4dfe25515a5e5cb67e1049cf5d66681864689d844cd523a6d1f31f57ae9505488dff46355efb8d6ffc46d354dd4020c635004e9f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0820611471c1bb55fa7be7430c7c6329

SHA1
5ce7a9712722684223aced2522764c1e3a43fbb9

SHA256
f00d04749a374843bd118b41f669f8b0a20d76526c34b554c3ccac5ebd2f4f75

SHA512
77ea022b4265f3962f5e07a0a790f428c885da0cc11be0975285ce0eee4a2eec0a7cda9ea8f366dc2a946679b5dd927c5f94b527de6515856b68b8d08e435148

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
66KB

MD5
1e1893db97136870e8c6cb54e855524d

SHA1
dad67c5eab8bda24910b60d4f32cb3962bbe0bea

SHA256
eae958938cfac214a279052123bbe4821e9a8c8e560062f648c873c9e01815ae

SHA512
58fc4cb6943b102879de7c183d27d6b79050ccb91ee49ba8f52a50e47d5c7cd86426da2b3fcd2c9393b1c2e56a1e7405e4a5af845cecfe64c9289443c87497c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
62KB

MD5
c75e16ebee81303c7d361cff076c69a7

SHA1
ed658ee2e5f92380ec1cddb47d9294d26980ce69

SHA256
da5719acdf85d2d237fa2afe4cee6fb0c81e42dd8f4d5e85d674932d79a23e00

SHA512
dcde0b218d0288af970d1a2a84ea3f4d203a7148fcb328ce0b6b72fdf49e7f39bfa61242e4a5ebe884daec18387be8582f59157b985265e4ba3fca78721ca381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
38KB

MD5
e4c780a544249a7967b82f07268ef432

SHA1
64b38d103f06b8de4241c62835f67b28a96d286c

SHA256
4d2dc675ba41d56f2aa6cc1286f3f127590c9748f7b4e0bf4c79b0b4bd620a9a

SHA512
74b9135f09dffd7a081889235d2f4c7a343291a4c4458ac69754cdd5790b455b9b98a128561d516202549e83671de13cc4e4b9cfb3ff195dc3d23b42885edf49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
37c6855476933919c9db0eaa33fe2843

SHA1
41e8accaf482931c20ada901a6f5c3562d53682e

SHA256
c156f0f55074b2fce499f51d99985f83fd94a3027152913dece713e1211fe98e

SHA512
09107a56b637926a1b57533bfefff99975a74382c8cd03c5b5e62375ad354c2ac6301bec8c2d166f3d99da10a7077945305ba8493082daffbc71ff726cd4d06e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
0438321c6cb3d577ba241adb31e0a139

SHA1
b812dcbf13fabd9eaef2f16222c5693979d76f96

SHA256
9a1fedf68caf85df733691fa5c575576190f41e8fd7817ead576a220bfecfef0

SHA512
f304dda381cd105d9c373b77c5c25ae2c7ace5e9b6e74b30d787be4e60af02929632d08f35c7649bc97b1eff1981410e266def607f86b8dfef087f4f2d359642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
d7992c90d2355c177e43353bccf0795e

SHA1
6863ff7d886e12eb340701270ead721b9bde2403

SHA256
80d4087e4401d3407708f168b716f60ec9012c468406237ab92420ee7f3b5c98

SHA512
055371032e019deefefa1228f62f799633426dee91c4f51e73a434f2f122def27d7f8246629a2ce9bcbc3ed6476c97c22983146114df44365c6ffc67434ed3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
d7992c90d2355c177e43353bccf0795e

SHA1
6863ff7d886e12eb340701270ead721b9bde2403

SHA256
80d4087e4401d3407708f168b716f60ec9012c468406237ab92420ee7f3b5c98

SHA512
055371032e019deefefa1228f62f799633426dee91c4f51e73a434f2f122def27d7f8246629a2ce9bcbc3ed6476c97c22983146114df44365c6ffc67434ed3e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
0438321c6cb3d577ba241adb31e0a139

SHA1
b812dcbf13fabd9eaef2f16222c5693979d76f96

SHA256
9a1fedf68caf85df733691fa5c575576190f41e8fd7817ead576a220bfecfef0

SHA512
f304dda381cd105d9c373b77c5c25ae2c7ace5e9b6e74b30d787be4e60af02929632d08f35c7649bc97b1eff1981410e266def607f86b8dfef087f4f2d359642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
c081cc6e67c3d8ac43119c737bb24ecd

SHA1
08afe6feadd3c42d69713eb8fb2466574a9ccda5

SHA256
2db4fa8e3ba797eb15ecf01c4f5056a8708b9e134a595dd5ce943b65b72f058b

SHA512
a3190b984190968a05e0c0627d6849485ca3dfebf6192fc421bdeeb74ae2e3adc86c210cb83496aaad30d9641022f78c8262b2057a2b1d1775c58f4d91a1d5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
5986ebd7f08767951e865085dec58d60

SHA1
7d1c51bd15c202be790a6c602c77e5bb31f95bbc

SHA256
e7db1e9d6544baf2751b70d8f037ad1c7d4f0af4b19a6cc0d66ea06037ee2fb1

SHA512
a15850d93044a112624bf01019dd91b86b6fdc7456d00962ca737bc3d58c5a934c2133b83462a26e7cc77cbfb379a9e9be774cf451f4a8f642682aa684920b05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
d126621cce1652a79d24f196a943f6cc

SHA1
0ab44e9ad8a4a9a5804395371e0bc5eabbabc40d

SHA256
df77b6fce8b2e65e88b55de7daeed69e6d76fdda2a689bf9ea5f0fc896b1a7a5

SHA512
d5d38d863039cbc72d403cc613d3062cd839907b257dded9778a012d37ebfded51f18d99db4b77234491e5fca55ae440671a415e8455ffceaaab64cce20e40ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
58687ea7f45161ea7e37ef601d8660c8

SHA1
a41ac3f0eef3e836e7daffb6e6aeb766809df5e3

SHA256
310fd4bf9a49a3d12db7f17f0cc62c5996f19d46f411bac17fe9cb499919fff8

SHA512
bdac2e4c81e12e2540938cf4746c9bd085417e5d5c3caad1e32362566805e49eab6a38410f4220ae3a9745b5b0f186244c59d1b339061e2836f107447b7e7b4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
4KB

MD5
0f854d31e8c9189d3e97f52e2511a22b

SHA1
1278d159244ac01ba433432e464e2514f8eea0a7

SHA256
63323ac40b45ecea37620530091ab3cb7b83c9c5fa49820de41d768ae077dd4e

SHA512
33e997bdbe2d47dfbea5a2f06e0b098828e840e5b5b5a0070aef91ac48996575e08225aa0d169bf59b939181c187021d8e50315bde8290e4d15be66e7af18173

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
8KB

MD5
b2ff1bb4d4f451bba701f1e7963c1c87

SHA1
33608814500619959cce4f97714ed17a47ce2122

SHA256
854d2b403ada5be5fad4abf0db4deabe20eb40f1e017ce8d43a67b5df7cf0810

SHA512
012a019ee735652106e7bd4c2560e3ee1ec6c5ebb0d100242c7cd1e857338f74ea29fe524fa73c38371c2c5afa20fa4cd426417ba26065586720b609b5bc90a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
7ef458f1530cdd26f5b6d8b625d38770

SHA1
88d216b65108b72045baa5bdf5d969a94933178f

SHA256
20285349f9087c3d16d8bce3618f0a5e1aae915713a363f68627e741b1c491b4

SHA512
fd64518a0a02ed3d086c1ff8ae71257b7c441c23c5548f6f9848b98c7463bc3e2f9e717a63d68fb06d3e97a34abe86a5e77c25e8f658a7a48b8acf1ebe2d5eea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
bd2b8692d3d313a6191c03e074d319ba

SHA1
beec6d1c4d9b65cf23c96652f8b4e5745ac4d7f4

SHA256
1f0040e87da21a88389a5a27b5548c66014aba5fa2e9a693267e5185192d1b9d

SHA512
f0d1c4432a017e0c8570152511d5be97117230316421f2b39a92f2f63a7f4a31b373085cf194c8b357e906b91eff4520b3a8a48ddd72c4ba26685940b09a7a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
993B

MD5
25bd71bbd9138fa0d3ae9cb419c62373

SHA1
484ec101c05746b77443d2798c7a860ee21b2a76

SHA256
e4d6f1e1edd770a2e978ff416f28b887854456c983272cc08e749fbd842d2eb0

SHA512
3234da1916135f29c623dee92591f6e364de8a4d9537183939b78ad058acca6722133c1b5cf111ace9226ee9a8a21c9ed9890da4f9f1cb9ddf31ef4c6025f3e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
993B

MD5
beb62479fd407dc335ea4cc6f284935e

SHA1
43c06884a561c801ee905d109e6eb4f212241e15

SHA256
a278150426ae1c84a20b96d8d4aeb321371aecfe34b7a86f5540bbb00c86eec9

SHA512
f64f5a8deb59ca9c6846333bdfb1f2d53fb2d7957044756c3a74128ed686de4c4a09ac39b01e90d2d6b160cc33ea466b135dcc8492242ccdb49d1a6df65453f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
af99fcbd60001f68e6839665fea83a89

SHA1
b3c6971377005e2ed7f261a039dce578910e17ea

SHA256
16776ac83205e32cb2ee0c899a4f86ff7982ba5d5c361c4790127f318d91fe7b

SHA512
6f79314dd7325b269c68edfe1b90ce0589ac1e4a8c722d547d2d7fad8deedf491ed91b104bc2159292a6e6355bc1c46b390085261db595604e660f7fac29b11a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
acca3b5c6e17ae35a6f690b6cb55d1bc

SHA1
77da207328ad8e1a54c6fbd0a4729095231a73da

SHA256
ac6bc84b2c2afe13c835849ff746e3c05d7ec20090fca714354d954f0bdde0f5

SHA512
501014d434dcb5aaad4b0bfd500638f4775f9f7dd65aad702aa4b6c1cc07072a166eb43d8be0a017b8494dc5621799649df0bcd66866742a5d3a2e3dddcc6bd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
d3440cd09d3240f29ef2b8a0ea22bb76

SHA1
3931c94508fb754ae0ad96878a51b1b2bcaa4b46

SHA256
fef0a5688747f0d5f74b63b1c05a14efb2d828ef4c75e3f17b93f89426be4c38

SHA512
fd1e888a3fdf63eaf74e2156fe16e1d678ade390b9f8cf88bfb826c48d94942ae7a7d6a6c13459deb1345c6b97cc89229c7db436d9089743dea11451ffd61896

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
5e50636ed749d6d765da4401a21bf4d9

SHA1
41c379caafcd9923cc1eb3f2c2d1645d7c2743b2

SHA256
e73f946c75d606f0cf112f97ae19196bd8ba4c2de4dc1c3684343676e6f9c69f

SHA512
5c2bb6388f251b3b083e06e4652b261b957872a406fb447f1a0e330c94e2786248a378e45aeb196dcc7a2bb2e3eb68204e8da6683287cefe6269172d9680aa40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
dbc8ec8d17b4309b79c7932ac70a2104

SHA1
beee7fb64c2a9125d2684b3435142cfe3a61b57c

SHA256
46c10e4f326d28f2f97ea02632e90640a7e5dcf624b8a63f8c514931ba4883ec

SHA512
a1b4845befee8e2a2353d5b69eb070dfcb6e0131205df471a3fef06d03c0be1ad514601dbd29cce1e22b87e547294af1eb5938189afb13cd3126f7db050374c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
47fe91455f979c4ade268e51fd6b7036

SHA1
40b5529447d6d8fd83530892758052f46caba67f

SHA256
5c1ecbea20e9db981d6fb48d24063f2a1f2a3479e5f8391740340b3e184ae170

SHA512
cde8456ab65d03668532006c0b2dd3835903b4093f9d8d1b1bc520c629d8741801f82154cefff4efad8e2abf577c095c4223387c67d700c2539af7ce427086a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
ee7f36a378f85c0638da1767e72d902a

SHA1
dcef3f9ad236807b269f1aaba8f8aecdd721dea5

SHA256
669db82667d18f46f199d06fbcdc4ddd25ec4209d7e9ef57be0640bd79146239

SHA512
9e164b0e0dd8561f9561a4bef4c37440e9a173fc578890fb010f10c93db6450ad6a4e1449015c214d3a3784ecca3843cdd2572c4669475d8d7ba7c977032cd57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
20067674868bde48e0b88d5893246acf

SHA1
5a70f18297e25c9175d4f9073103fa4605a25bbe

SHA256
9f7e9030825636bca374f809160eaa4f9c9d329e60ff3c7bae30b0318da40f60

SHA512
f74d1e4ec4855d2b085b474b2b269b8875e912ad3b7752cd2e504170ddc3c37c71f4a400937ac738f5420dc4cff4688f51b18b42fa79ae39f997440629cd4731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
12c2e9cb8c3e75234abd8b9f5fea4ad0

SHA1
7f6ffe263956d0f368f26649bae87ed97c2d037d

SHA256
65d89d8a68d095b2ffafa3a2da02f5eba180c987b674b5b5220b48a4aa3df682

SHA512
f6f50a104e76100a3e0c5894005e235ebf3c9dd8a124b69af0e9dbe4cd6d9a3bde52d1c0c56da14881634989a0b8339fee46fe141668ea51ff26f460127427f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
12c2e9cb8c3e75234abd8b9f5fea4ad0

SHA1
7f6ffe263956d0f368f26649bae87ed97c2d037d

SHA256
65d89d8a68d095b2ffafa3a2da02f5eba180c987b674b5b5220b48a4aa3df682

SHA512
f6f50a104e76100a3e0c5894005e235ebf3c9dd8a124b69af0e9dbe4cd6d9a3bde52d1c0c56da14881634989a0b8339fee46fe141668ea51ff26f460127427f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
d996e70fb74618751d8f3e976e14c555

SHA1
3d9fcdcdba43b7e1a5a16207c972dd4c88a35ba0

SHA256
1d2ceb967b786930a23f4d654031b1a2a3d76d05e5acefee5647c8065a7814d0

SHA512
cd5c05cdab1cd5787aec4662ae38739c0cb9af7dec41eccd7c0bca269244fc14c0013b146d5352c6134fdfbe830a46c578c6486ab6f47191a02aeee41edba8b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
8KB

MD5
b06a13136a0615aa09b8020e8f44462b

SHA1
9e7a5853130ec57aaf4b850accd85f8ec5baa810

SHA256
9d7fd0f1b2636961b365b541e1fa76aff1f95a818b24933e0b133b94ffa53b21

SHA512
57b719e08c3c564f1c9560a4f8d7656c7f1359bb7b80d3cffa4a2283c2a28121c6f03acc46ea9549100b796b22e08cc625d0e2449453d63bbd73207a8e9ed057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
d53ac35ab3976e67caeed75c4d44ffc1

SHA1
c139ab66d75dc06f98ada34b5baf4d5693266176

SHA256
647867c7236bcb78b7d585b476d82a101a077fac43c78dc59e612253fbf69437

SHA512
391355c71734ded913239a6db10a3202087e756bccc8e29411108f21b3f2460d9a9c606619aadd785285be70eddcf61ef9519441cd387cd3823c1399a6967cc2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
8d7ee92369af9a61cce705c5a8b901a9

SHA1
8e58ab896d740ccc90d71d10474eae15c052a566

SHA256
b4912d40980b666264a31ef06e7722d44881e8acf92df8a3338bf74519cf353b

SHA512
0c0c12b521a3a5780a1428c3166c04ed028adb266c250dd80c4ff2cad62c97793f9f09c910d0cf2615d70cd99104f091429f57d25978ca7822560cc67ddeb423

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
279B

MD5
987f365b5e2a54ac0aaac29d4a3f160f

SHA1
5baef231d339cb1940c9da64f0c8cf211bb60463

SHA256
4d9c3396793bc0562c9de1089e3b605642e4ae5b218ef7b35e7025cbfb36e28a

SHA512
a328eb6db1f6dda72759b1e0cc7239e5aaa4db9df5eb0bfc669791379d4122ff789eacdfd7e40af2546537921a26c4836a5ac70942367720883625cac3fd7b60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324481534516916
Filesize
14KB

MD5
60fd097a079e91c265de68b82d9ecea9

SHA1
de7134907e4d85333a5a7e377b240a4c16abea40

SHA256
c38208de86873caa7e12db2a8605dcd6e38dcbbdf733fa7cc47c660a951ec602

SHA512
d61cb8ec695e27dd0a6c26231d9f38264b878dfad366bb387e571dae50645ffc38d66419328d7043fcfa29bec76cd87acb5d43d3b555296af6f870c0001b82a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
304B

MD5
59af34198c09b642239ff6183e74f9c8

SHA1
93af54f4a2ddd02e6a8e30529e9c7c523fb89775

SHA256
626e4980a0648a72dc7d0730a7e03e4d5ce77c88f597fe67bd7625db467a6783

SHA512
16914b2f018dc9f7b9aa725d773037893b3b0af2792b41d03717aa24d31b2123155d216ad2c9968f96e06863b9255b5d932bc6494f45c73b56b917b3694c0bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
7844225cdcd37b78ee301f980187bcd3

SHA1
a66141c2fc6529c7853b12e28929f2bfb7d1e8e6

SHA256
ffef471f8814bb9bafe3fb0c2a61f329342e0753befd09b4db807ee39227fcc0

SHA512
09cb2b44bfa451466c5acf491804cedabd14cb1292e28d1dc2ba6086bea54c312f7e5fb40524680db8693155ec366df2a6fd4403fe0e20cd0063da71d113b143

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
320B

MD5
887ea1440c83abc55cb22263927ee621

SHA1
e8b6e582a9d49672b76a0a15553451171464f7ed

SHA256
a352031b0a1038037b5359efa2a931ef03de0b4e0828999e912fedaa8623efa3

SHA512
5ea5e4e7180c93aad3b14129445ced146e55e4166d26a559c8e0bc19335bc977edd3023aa200aed51c083f5a5937318bdd080bd00aa023fdbd0ec8c448f35518

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
56698bad9ae55c17f970f6fc48d5c76c

SHA1
3745e87e97cd5eaaa6014409b1f62729959a3f3f

SHA256
16147c1e9e07bf92a1d058388f5168d0fc8a4317fd7860b479dce8eafcc4d29a

SHA512
c75278ee0686f6d7b9c22306dc4ec7fac63d40dff8b568a588ecd6137fc27985627a35d61ffa2e8f5b8351de2ddb481e3288bf73f528f49550c989caefdd0230

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
fd975c8a18be319add38016c6aaf90ee

SHA1
9a86b7f1d0faa9a0d0ac9356f90d25d35fc99154

SHA256
f9e67c889eda6b66f2eea8f49bee65b3a5c0855a67e06f2d8d6a5c6246c4baf5

SHA512
dead4e83aaff344d8e578fba71a1abbf6d0094bb696e69355d7b1628a09663035d94e735afe32d9ee5f9c4f1e87074b4448c1b1debd8894fb218ac35f79a411a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
4bc826756d52dd31297a20ea6bfa2f44

SHA1
7e5112195986f6f0f26b732b6d1089ec97adf206

SHA256
fa3543b9ce22cc3b89c2d86c708144d2d29d16aee9eba2224f0ca36c5343d457

SHA512
f239f814028b58f6c7045465a89d23c1d5b19ecf29c45832f817a8fbe7855bfa1bb545a7d6fb9a4b570d302ff4000a03e0b0e61255e6ae7e8a8da6331fc14c03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
8a20e60654c12d4d20e3f4550eceac51

SHA1
968ee7c9c76522257bfaf3483a6ddc0f210c0f70

SHA256
52004bfd43b17ff55942665596e3026769cd59d1e40a88a6f10539dee9aaa16c

SHA512
6d4ab253beb2abd42ad470ab962a5c4b9c324923a875524377d077e46e70f643f48b8d3b0204ee60866ca36cd3af98d537baa014960878f24fdedcf19b9c363b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe574c5b.TMP
Filesize
1KB

MD5
b82b991b9aca7f363c50bffb975660e6

SHA1
c7f38f368f00190f79bd00f132236e51ab412b15

SHA256
88ab107b09f6f2050c712d7a29cb21f739d12b9406d2d4c8ec8bba66c6e77027

SHA512
fe74d78b8203d87add8665bec7030f5f051df419b951483e40d42e01f540faa0745cb23095789620d6c71e757b0fa75c89ae970af0cce38a0cf6351e9a8c87dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
ec9f59a3f024b8f7183e91a111e5defa

SHA1
9c917a566e3eb04d2de64f9f04af322311a256e9

SHA256
86a106263f81b66d9ddc3ce7c654564b1e4cc3940c0ab91a7f8b875e78077f21

SHA512
4a5e6f976eab6e4e131f79302d0f46251051de220623cbb54710bb77eb45c23f9105d9ff04fee7297736d3e4d273bfcb9bf18451d6b75e6971fa3a6167c98508

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
2fd5cc8fcb133607c39b037ec9372a6b

SHA1
c82a0b07256b25b27b5916ed016a15213bb4baac

SHA256
83656d9010d8e5e71a35a8fa7158ac78bc6c26642b992a79462a48e22b5b57a2

SHA512
7d4bfe3749bf085a77dc60b6b9aab309175e94af64543cecdde74af1ed07a4a818c6538e14ee9bc6082988b030494c6ddc77cfcb52b0647ce444a77400302a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
3a83c11c684ff6900393b34d0f3a7fcf

SHA1
1c2eaf92abfa8fbffeb09c88ba4fe8719208d38b

SHA256
e2ce5e2ea4bea821aec6be856332b630bbbac8c5e705b1f242ccc5ae61fc4141

SHA512
2342ae4688c9444d2157daa1ee9b28ee1b7c2ac80ed1d8d7328451b5c3d36d5149b69513036c4f0a8465d6b4908a5d67fd0dab4c8caa9980885406224ed8f217

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
75753271ff78ff978138377a7f70b8ad

SHA1
2b9a61dcbb1841b9d2e3e124aa3be45c8ff36131

SHA256
7cd5e93d0259967eec7c29364c3fe653db08e056026b4915de32b6cd5acb9cb1

SHA512
8d3a15f56a762b23784e054172c5d8d453d63bb8d7084410daa21919846a5697fccfec3ae0a61df511fe33f868c674cd95eb5488b0ffd543805e8458670b33dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
ed5ff3f382f5c6d97785900c3a4a71e2

SHA1
751c6cbe69739bed41d920e5cbf3ccd5272d2a38

SHA256
4336f541859e4d2104a42596a86af8f658d4f3e36781cd20dcb12f30f22967d3

SHA512
5db802edfce83abc72504daec7438499aa453d377a7b8d933e098a542af7044c3ba58a36f1a20a80f71ad82dea17c082bfd3f5fa2f856d72f4f5bfab9e496a05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
39645dc493d4b723744e562d9aef1121

SHA1
acb0b07a2a6d4b1b64d8171e1b1700b93627a441

SHA256
05a7185de8dee8a7401cb350e236f85a0086d76f5e22b81130dc30e6100a9064

SHA512
8dfef9b8cc4c8e52e1e2e22f39d079d29ad91a248c213998edb633bb65b21edce9d89af634354b3ad29bf24bee6029e4d4071d7a4f1e9d0edbb4c64b72aaf593

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
f8fdd21762d6a44458c4ecf32cbc5a36

SHA1
7d5b5027b8d4e614c1df9c7101d7fa9b92c7fb3a

SHA256
38364f27a9dc5dc66c50afd559465b9dbb76d22777823a73798da0cdc35a7ce2

SHA512
8d2921e62e43e82e188dbcab87482b8c5af665312670b7f51c7a675ea7d49a843a88efe6bd093c104686bbe7c6701070b2b0f0e8efac70befdd621d636221907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
2077caed07a2cdacb88724dc6a2bd4ba

SHA1
6d93e7cdf92c2aee69531f50f879f39e66f07789

SHA256
47246e49689b7303a6132a8cca4a696af4d6fa65227550851ee19d69ec09e264

SHA512
2aa4f4a786e6a12d70272cd99e16875c434cd8cb14f94b9a193a08210989cbf61a02cb8386114fd2da8276643d11705414c3e77241f2f8e72296c1fa0b822ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
b3f42997109311bc114edb8a174a57a7

SHA1
b4278d98c7a3a1666a48a53484a847e5cc72d043

SHA256
8feac948e373a288cbdf8280fed99347c8eb0c6303a63087ffa33e9a9ffe9032

SHA512
207034898d704cab04e3ef80ad2330859b9e4b2a610060c43d4628bcea901f85587d7fa663eeb328f9c43426f03e8de29fc0a75318707a0b5e7ab8ff5d53908c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
2077caed07a2cdacb88724dc6a2bd4ba

SHA1
6d93e7cdf92c2aee69531f50f879f39e66f07789

SHA256
47246e49689b7303a6132a8cca4a696af4d6fa65227550851ee19d69ec09e264

SHA512
2aa4f4a786e6a12d70272cd99e16875c434cd8cb14f94b9a193a08210989cbf61a02cb8386114fd2da8276643d11705414c3e77241f2f8e72296c1fa0b822ee4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
2e04403fff89aed8940a5f389f526630

SHA1
a8717a640c35d8003e9a29fb4087f78b508ed16f

SHA256
4111d8f92fc7d53f6aa1beead68e6c1a8a6ff7bf589eb53e8966caf26e2b1a1b

SHA512
85c599f32db7d24e4c5455c43efe5e4a6e57356ea27dddbec3ca6e31f46915629788fb029ddf19550714086513499f3bf4c9fcd48106660929a8c48e77a9405d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
2e04403fff89aed8940a5f389f526630

SHA1
a8717a640c35d8003e9a29fb4087f78b508ed16f

SHA256
4111d8f92fc7d53f6aa1beead68e6c1a8a6ff7bf589eb53e8966caf26e2b1a1b

SHA512
85c599f32db7d24e4c5455c43efe5e4a6e57356ea27dddbec3ca6e31f46915629788fb029ddf19550714086513499f3bf4c9fcd48106660929a8c48e77a9405d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\a2809bd5-b2cc-4b7f-8184-ca7210d2b8c9.tmp
Filesize
12KB

MD5
1b97e96b00696d210c990b7e6e3fc1ce

SHA1
4277d150f74ad0df4e77fba6858e9fc0e4fc7cf8

SHA256
77ae755fc534a311a2f54567af898b7525777630fccd7e71ac8dfbf788470f42

SHA512
076e4c572f814956dfdd59a0e82beb163d525e2f1b749d8e31d312e48ab2a1689e33104fb4c5d4188cb65b9764992d226a1c185c1123c1244668de1f5d78dfee

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_5ifjl121.ytk.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
4a10a252480b0b7491c741040df9cd79

SHA1
d0a11c747e2c0c58d550d0b2b3debcc209a67eba

SHA256
e32f9801bff8f1a145307b0f5314a2c4019aac9799fff49754ff1271c30dd7de

SHA512
e271d872ee1662910828bd56c48d73d574595c7b2b7ce2d9f50754de4ab9473df3d8fa54963a84d860358c183408fba7633c10352247a42f48368045f03965da

Download Submit
C:\Users\Admin\Downloads\memz-main.zip
Filesize
16KB

MD5
103fbf0c1c832fb7893471f0fb8afe26

SHA1
cfdc1a5ce3864e0049ca8b1cbe14f221aee5f9b4

SHA256
7a80a9cbb48c81b3bcf3a4482acb3af6f5cd2318bfbaddf9d9581d55b0540bf2

SHA512
48316225933b9fc92eee25013da06d4ddda454a0ec00e2d1dfc0af3fd31df26e6bebe49119b040449c970862794ebb9b4df460343b863a986858c957d97dd771

Download Submit
C:\Users\Admin\Downloads\zblg.zip
Filesize
9.4MB

MD5
207b597f03033b2e0644bbbc29f04053

SHA1
0ad88c964f6f7eebafa7156080a7bcd90ab32a16

SHA256
f1dc920869794df3e258f42f9b99157104cd3f8c14394c1b9d043d6fcda14c0a

SHA512
f50cdf77557160a7294406e1f2d57ca789ec42834881069281e88ac334fbaad901229da0e460b26a1b69724a4adbf9d0e92adba9c3ac86aa1603b857789c1db6

Download Submit
C:\Users\Admin\Downloads\zbsm.zip
Filesize
41KB

MD5
75a6181a92b3a596f51d0fb8913aaef2

SHA1
ce602a35143cabedd109e20ad4e21e2c350d2e95

SHA256
fb4ff972d21189beec11e05109c4354d0cd6d3b629263d6c950cf8cc3f78bd99

SHA512
6de0d4297614bc04156c51dee9b86d13d696ef775fe1c14a09a32c3da793831ad6423a33aebc63f0667c15cb98ae6e41752e17e0ec99a0e27655b0a8092ff588

Download Submit
C:\Users\Admin\Downloads\zbxl.zip
Filesize
43.8MB

MD5
da596c5fa1bfe53dc6ef777e810c2e7d

SHA1
dc756fddd264eaadcc0c8e8576d11259bbe1c150

SHA256
eafd8f574ea7fd0f345eaa19eae8d0d78d5323c8154592c850a2d78a86817744

SHA512
bb7a10c4d9decee9687dfba5987939d1f55c3966bd80d06103d4bde6f61df3957d89392ac185b96ac668bc794193319dad33e34dde199df91eb2981e7e5f9fc3

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4960_SVWQNOKWZVTUXGHZ
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5044_UTYVNFIUDPPMMIYK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2100-495-0x000001E986CB0000-0x000001E986D1B000-memory.dmp

Filesize
428KB

Download
memory/2100-522-0x000001E986CB0000-0x000001E986D1B000-memory.dmp

Filesize
428KB

Download
memory/2100-1183-0x000001E986CB0000-0x000001E986D1B000-memory.dmp

Filesize
428KB

Download
memory/2868-142-0x0000020A8CE90000-0x0000020A8CEB2000-memory.dmp

Filesize
136KB

Download
memory/2868-143-0x0000020A8CF50000-0x0000020A8CF60000-memory.dmp

Filesize
64KB

Download
memory/2868-144-0x0000020A8CF50000-0x0000020A8CF60000-memory.dmp

Filesize
64KB

Download
memory/2868-145-0x0000020A8CF50000-0x0000020A8CF60000-memory.dmp

Filesize
64KB

Download