hxxps://github[.]com/Viper4K/malware/blob/master/MEMZ/MEMZ[.]bat

Analysis

max time kernel
119s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 06:07

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Viper4K/malware/blob/master/MEMZ/MEMZ.bat

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ-Destructive.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ-Destructive.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer Phishing Filter 1 TTPs 2 IoCs

Modify Registry

T1112

Processes:

iexplore.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\PhishingFilter	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\PhishingFilter\ClientSupported_MigrationTime = 575ec7859e45d901	iexplore.exe

Modifies Internet Explorer settings 1 TTPs 64 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXE

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "294617587"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d0000000002000000000010660000000100002000000007afc6c1154b2007fee69e76b8ee114d002845934ecba43189720e5385aea557000000000e8000000002000020000000c8dbdab6af23e56184f1bb7391b4274b8ccabf3923c02ace446b7b2508709d5320000000ffd1201a82427ecfe8df92aa6ffbc386cceb1273b48986e97832ac466325bfa1400000009cec665b1c8b8fbddaf01c5334579e0acad787dcbd83007f1b03ee0f7127249be9bed90ab1616839853e04c0077f025029443bcfb8a54677952eeebce1f678b1	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DOMStorage\msn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\NumberOfSubdomains = "1"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "2071"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\weebly.com\Total = "0"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "2071"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{3C8A8F4F-D064-11ED-B7D7-62507EA95193} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "46"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "64"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DOMStorage\s28667145.weebly.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com\Total = "64"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "9"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "23"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "32"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\FileNames\	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\msn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "46"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "387101420"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "64"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 803afc1a7164d901	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\RepId	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c0e38c147164d901	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000001d8bd3ec069392b026c249d3635116e1d13136e8e0257b1420df80f700d02ba8000000000e80000000020000200000003b4725052735939aa30a9e6283a417362e2c84e32ca8371de3b16ec9df6034932000000016f19e9d5f65bfbb2cde9441683de7199f57f61eda001b19e560ca3b0a31d456400000004c333868a8413a3d9bf12835ccbb38a3ffd6932530c885d741c6bc1987973dc15396f4c3675fe4b195874b9a4c8aaa611bca57cc75f5c08f8a917e9b25897ab8	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "46"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DOMStorage\weebly.com	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\s28667145.weebly.com\ = "0"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = c07a9a1f7164d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\s28667145.weebly.com\ = "2009"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\s28667145.weebly.com\ = "18"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d00000000020000000000106600000001000020000000a48fae896e47bbd93d7f2e4202de9082cf809829c02fcc1dd378d8685f7de7db000000000e8000000002000020000000748503b7424a9dfaa77734ec342a67c53c898cfa7d4399def9d1c6a749465ba32000000004979628f9359b7c790107c944eada81bd2c067f58b062145d834db34973f0e540000000def1bfd386c7543c0f95f3edab005f80aff3720d67362ffca1f537b96e37638e9d22769a613614ecbe954187509321dd1a5b906b1fbd443ef27f453b9fc70922	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024241"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.msn.com	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "16"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\s28667145.weebly.com\ = "36"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d00000000020000000000106600000001000020000000401fbf4f203df62393539e91398d96d09eab38683d7f8191249ea80551391b9b000000000e8000000002000020000000b008ebcd197ccd3e5bdd37f8553e99f00ed96744a26fea37a654dc3f7899368420000000895ee10afb7c4bb2079b584b341d0c059483e5b2519e395345b210e523fa21a640000000f1c19699d1a7436b0ed5dc0d53bd0656037b02c61a1844c6dc50fdb1e7d0bbfda79439deea21a50e5ba144ae50c7d89fff24e1e157aca2ed3339c4e26b5facf6	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 805e9d147164d901	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\www.msn.com\ = "2085"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\Total\ = "2121"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\DomainSuggestion	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DomainSuggestion\FileNames\en-US = "en-US.1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "307432266"	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\News Feed First Run Experience = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\DOMStorage\weebly.com\Total = "18"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe

Modifies registry class 3 IoCs

Processes:

iexplore.exefirefox.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

iexplore.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exe

pid	process
5088	iexplore.exe
5088	iexplore.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

1392 msedge.exe
1392 msedge.exe
Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

firefox.exe

description pid process

Token: SeDebugPrivilege 4324 firefox.exe
Token: SeDebugPrivilege 4324 firefox.exe
Suspicious use of FindShellTrayWindow 7 IoCs

Processes:

iexplore.exefirefox.exemsedge.exe

pid process

5088 iexplore.exe
5088 iexplore.exe
4324 firefox.exe
4324 firefox.exe
4324 firefox.exe
4324 firefox.exe
1392 msedge.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

4324 firefox.exe
4324 firefox.exe
4324 firefox.exe

pid	process
1392	msedge.exe
1392	msedge.exe

description	pid	process
Token: SeDebugPrivilege	4324	firefox.exe
Token: SeDebugPrivilege	4324	firefox.exe

pid	process
4324	firefox.exe
4324	firefox.exe
4324	firefox.exe

Suspicious use of SetWindowsHookEx 22 IoCs

Processes:

iexplore.exeIEXPLORE.EXEIEXPLORE.EXEMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exefirefox.exe

pid	process
5088	iexplore.exe
5088	iexplore.exe
808	IEXPLORE.EXE
808	IEXPLORE.EXE
808	IEXPLORE.EXE
808	IEXPLORE.EXE
424	IEXPLORE.EXE
424	IEXPLORE.EXE
424	IEXPLORE.EXE
424	IEXPLORE.EXE
424	IEXPLORE.EXE
424	IEXPLORE.EXE
424	IEXPLORE.EXE
424	IEXPLORE.EXE
2588	MEMZ-Destructive.exe
4604	MEMZ-Destructive.exe
2840	MEMZ-Destructive.exe
4724	MEMZ-Destructive.exe
4488	MEMZ-Destructive.exe
4800	MEMZ-Destructive.exe
4060	MEMZ-Destructive.exe
4324	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exeMEMZ-Destructive.exeMEMZ-Destructive.exefirefox.exefirefox.exe

description	pid	process	target process
PID 5088 wrote to memory of 808	5088	iexplore.exe	IEXPLORE.EXE
PID 5088 wrote to memory of 808	5088	iexplore.exe	IEXPLORE.EXE
PID 5088 wrote to memory of 808	5088	iexplore.exe	IEXPLORE.EXE
PID 5088 wrote to memory of 424	5088	iexplore.exe	IEXPLORE.EXE
PID 5088 wrote to memory of 424	5088	iexplore.exe	IEXPLORE.EXE
PID 5088 wrote to memory of 424	5088	iexplore.exe	IEXPLORE.EXE
PID 2588 wrote to memory of 4604	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4604	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4604	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 2840	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 2840	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 2840	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4724	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4724	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4724	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4488	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4488	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4488	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4800	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4800	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4800	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4060	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4060	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 2588 wrote to memory of 4060	2588	MEMZ-Destructive.exe	MEMZ-Destructive.exe
PID 4060 wrote to memory of 4884	4060	MEMZ-Destructive.exe	notepad.exe
PID 4060 wrote to memory of 4884	4060	MEMZ-Destructive.exe	notepad.exe
PID 4060 wrote to memory of 4884	4060	MEMZ-Destructive.exe	notepad.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 2328 wrote to memory of 4324	2328	firefox.exe	firefox.exe
PID 4324 wrote to memory of 2612	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 2612	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe
PID 4324 wrote to memory of 3804	4324	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://github.com/Viper4K/malware/blob/master/MEMZ/MEMZ.bat
1⤵
- Modifies Internet Explorer Phishing Filter
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:5088

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17410 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:808

C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:5088 CREDAT:17414 /prefetch:2
2⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:424

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4936

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2588

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4604

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2840

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4724

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4488

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4800

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4060

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:4884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffea74a46f8,0x7ffea74a4708,0x7ffea74a4718
4⤵
PID:2736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2084,15440077462707356641,2900901718456694931,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2256 /prefetch:3
4⤵
PID:5028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2084,15440077462707356641,2900901718456694931,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
4⤵
PID:2216

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2084,15440077462707356641,2900901718456694931,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
4⤵
PID:3848

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15440077462707356641,2900901718456694931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3572 /prefetch:1
4⤵
PID:3952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15440077462707356641,2900901718456694931,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3568 /prefetch:1
4⤵
PID:2060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15440077462707356641,2900901718456694931,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
4⤵
PID:5412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2084,15440077462707356641,2900901718456694931,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3780 /prefetch:1
4⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
3⤵
PID:5520

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffea74a46f8,0x7ffea74a4708,0x7ffea74a4718
4⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1980,15130018206425867768,13542023506788109698,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
4⤵
PID:4492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1980,15130018206425867768,13542023506788109698,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1992 /prefetch:2
4⤵
PID:4112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,15130018206425867768,13542023506788109698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
4⤵
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,15130018206425867768,13542023506788109698,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
4⤵
PID:448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1980,15130018206425867768,13542023506788109698,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
4⤵
PID:3832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,15130018206425867768,13542023506788109698,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4852 /prefetch:1
4⤵
PID:5296

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1980,15130018206425867768,13542023506788109698,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
4⤵
PID:5484

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2328

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4324

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.0.1170957279\1546599908" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3114eb53-c2bd-42e3-836e-54f767f9b1f5} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 1932 2160e317758 gpu
3⤵
PID:2612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.1.382414076\621704271" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6420bf5-9a22-4161-af9c-b2d085b7bf0c} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 2332 21600372558 socket
3⤵
PID:3804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.2.1580111423\1998038068" -childID 1 -isForBrowser -prefsHandle 2776 -prefMapHandle 2920 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40809c23-f3b2-47ab-a4f0-97359fc37c9b} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 2780 2161110be58 tab
3⤵
PID:4936

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.3.1562608045\1444433114" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 3268 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fda5f3d5-f811-472f-8b50-d23306f0dd4e} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 1276 21600363858 tab
3⤵
PID:2400

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.4.1491420024\1261320156" -childID 3 -isForBrowser -prefsHandle 4048 -prefMapHandle 4044 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {351aef2c-f0ad-444e-86ab-844502be5400} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 4060 216123a0158 tab
3⤵
PID:4228

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.7.2089498993\239332607" -childID 6 -isForBrowser -prefsHandle 5372 -prefMapHandle 5376 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {00d12448-ad88-4c9f-b760-b819de239576} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5360 216138bec58 tab
3⤵
PID:4108

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.6.9385185\1814386368" -childID 5 -isForBrowser -prefsHandle 5184 -prefMapHandle 5188 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {33f87112-bb23-4780-ab70-5e6381833543} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5176 216138be658 tab
3⤵
PID:1748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4324.5.989327052\1414143291" -childID 4 -isForBrowser -prefsHandle 4860 -prefMapHandle 5040 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1496 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {28a1bf33-f4fc-4d87-bb33-69b880701aba} 4324 "\\.\pipe\gecko-crash-server-pipe.4324" 5024 216135a7b58 tab
3⤵
PID:616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:424

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5228

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
ddb0dcd61cc74d498d3e161d49777568

SHA1
9d8cc506182d7a26851bbd3ae5bc4c6b5e50ba7e

SHA256
2078441c371166f5b12236ba2df573ab722ee00827439b24e3232befce59646b

SHA512
628352cdb7158fa6742ffdc0df58e19b1df11f1f510df0039fd33aab29088549626568e946db704901bca970c1d204cc3e9d958574127ef1b74807ee3be616f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize
1KB

MD5
8461a037b38246996c5f98a64b5fd918

SHA1
db8bf194f154ebcdedf9b0a8a9adc62d02dff008

SHA256
c85675b72791f932ebe52b51bc13dcb761a469b1fbde881c6c4ef6ba93a1b36f

SHA512
1ed13f73bd0e64d5609764ee65d642d3c9b658a117616e8e3ed4149b546695183f10befb51f24d471f134ddd02fd3068ea88cf949fde9c8be19bfaddff4a3880

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
471B

MD5
bdbbd793778777706223b00a4ea24ed0

SHA1
bf09527cebe8906bfe6aa1e885bc9fb1b3ec54e4

SHA256
8b1034038298faf34d3f580c1ded7212f40d146de7e62cff20826c8b53f80c36

SHA512
7397d981e28bee91dd0e08c3a38444d8524204118548e8db810f5a277cbb08c20a64350063cf36ee4a943edba249f1d0ed350d4cfbc0671461cf27c2534c1f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
471B

MD5
1ce55b62851f545908b98937b4ba5798

SHA1
8ceee8d77a7884ecac7ebf2fa5c705eca74d59c8

SHA256
4fb487f1a13027b38b70c97e1600d2ed6a8cf2ec151027a7a1a73e78c4fb5c65

SHA512
2ca236e0a0a378d89c1f42d4137af868ba1acc848e240357ed52f1b88ef2375d797c91e3cf0f33f0f85ebee6ec2465800634b5cfe4a167d7e706d81c4a414ad8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
471B

MD5
21ed9ca0f4579a63723066fab3cdb1e9

SHA1
625f8780cba0177fa7d9b747df0bd45511ddc900

SHA256
818a6653f6011a83d251998208826644fe68d228a739c87ec14e470e10817889

SHA512
203e8fa995dfd86617536e1fc445fa1fdfbc0ec462d238cfbfe1d03c81b51c81297335c4c54503070c25897858fbedd659c348ab994f9195635ff75a0f3ecda4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E
Filesize
471B

MD5
ff36ec2657d8ee3b0f78d0a8b2bc9c96

SHA1
7ce770b27771a2417292364a24af2d65bb9085a5

SHA256
7c6a6029f3d8b5c88c0d52cfa1d8a6d79fe57080cbd88951ce40456d1ae214e0

SHA512
5bc01c258cad0037aa128b8a65813c25e136862c4a1d257040f374412cf711fe877f46ebf6ba16574e0a459230ee99bb92b691b465af7584384f0bcf136bdeef

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_AA1ADD4071D073F3048022453A5FE061
Filesize
472B

MD5
a5ac29d7d71ef6c0cc7547974c8c4f7b

SHA1
29108a8370757ef63f347d1fd2ae696f5842342c

SHA256
3371093d6dab54c7c3b612e3774435f0a592bee4e40fbcc2edd55d29d7715c26

SHA512
a720f85874b4f6c5fe1e4248243d14af57822924d320a7e4ab378596c8ad092f0aafe9e794e0faffdbe826d5d12b5e8f442b38d8917c0051b8baf67801f5a0f8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF
Filesize
471B

MD5
02ddc021542aadb090aa31099f7b9267

SHA1
cb2091bff4ad6c225faa4c0c02182217bcdc502c

SHA256
dcca0f6c051c27f611b9e51981fb34bd0c82a317c2e3ae3412ec6de80c596d24

SHA512
4ecb4bbc4922d5353a8cb386aa68578a04c654cbdf55ab8804b30a02353f6370be23724453c29619b021c0c6c1eb280cf1251d661b80d5e15169d7a8761235b7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F07644E38ED7C9F37D11EEC6D4335E02_A99D2092C18949A4202ECF824898D020
Filesize
472B

MD5
741a2f47aab81a2c7ed0fadaa1fa74e3

SHA1
be34e0df4a5f272589a017ce77ece974d890f27c

SHA256
4ea1737c8246072ea1072314ae684c1f7e518a81a5200c46374e47378bfb6b63

SHA512
ea6a121fa2cb08b28f1ea9dd3c0be1cc4ce7b425450e6149e1ca00f52ada0fa68986bae7ffe209ef12eb0b17de28bdff707dcfa4c9a5f78f99b24863ff98fb61

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_6628EE291B93C04E9AF2239445A01FC7
Filesize
471B

MD5
4eec701fec69b73ab6ff1af2c178806f

SHA1
5de0d4c444297364831a311b4c13954aa31976b0

SHA256
fda1ec0d2c39aafdb994d336b4d8b5d819fcd064a64b43649598609dac04f512

SHA512
27f0d327660634a522ea9199b6843374d3da4edfd63669f4be55410ff7db192cc59f95406bac38a4adbb546083af4369ba2a3b06aa0e06876bd6e492d8606357

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
c8521cbd5114cf50effe7f7e59e07c6c

SHA1
04148a5e2635f172cb095b9705525fb3e548c946

SHA256
6c57b511a84c83c16f4afa7b01d1675abfb3d714ea7e1812a559123a99c44a4a

SHA512
24797c3bdbc588040254af12bc4bf17ded61de31591c947cd729edf45ab65590ab130bbec243d9509d227ea0029a17c3b861209295f47f324828f7ecaa88150f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442
Filesize
446B

MD5
7343506b141d57d9687cf1cfe445f9b4

SHA1
ef7e7379566cb129f2574030f4ffadff4f5bc3b6

SHA256
e255fa54d3a5c344d3de8d02cda20cfa871f23d3f33ca008e77520e52d5cf7f0

SHA512
1f8d3a3d959f0960af9c891244245c101aed3d5e6938c44dc5297223d3991786fb196ecf2144d29d35f38252f78f21ce97842f7405454f3f229fb60485433fd2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776
Filesize
434B

MD5
f41e9422e342afecc0749ded9f983490

SHA1
a461c5e1e5100e6b59abd92d2ba83d3d1611e635

SHA256
7b7e91e8d94a305d86739d5ab050f580dac136ccedc48f21b885b88c3dc62fd0

SHA512
f3250d3a238ab50391ab50dc79b08906af8a2d046d1b5e465acec47a753bd96daca127743f7d871710c19eb260166d9309a64b7736af92856f659e5b745a6d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\80237EE4964FC9C409AAF55BF996A292_C5130A0BDC8C859A2757D77746C10868
Filesize
412B

MD5
b1bd8f3e8184c0703f8cf2b9863b192c

SHA1
6dce691808796c42b108ecebf00eb75ba0ae80ac

SHA256
44c4d45442c9135a5dfc84668c8e3cd755ffc9408cc2bd1a44c3d6ae31a2e5b3

SHA512
ffb9bd4aa9e5cdba87e739ea0b5f487e7b4413c50d28c9c8147a900e3b545f4503cdcf7e35ed1c7c2e950f8e274090ceb35f70e6f1e7b2857ebd3f74bf752fd8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04
Filesize
430B

MD5
16fcaaa989e2b5d7e987c472b68a889e

SHA1
8390c5b99021fb71972c31b6400e7a6596885b4f

SHA256
037977635fa1b64ea6ebb6bc33d6dafce37db68fb7f8ae40516bd070bfac341f

SHA512
9ae1051aee1942bff1d13cbb5f6e14859553f6a04d54a465d6d06fcfc7197afe5511696a7d7ba4a49fdbf6b5a19969010b942b3d8573429a58beaef4e1a38df0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
3c5a4cc587bcfb177be1a28fc8f3c41d

SHA1
61c44bc1acc3569558fcde228dc79a710812dcd3

SHA256
32670d2145bdc63edda8c557409fc87c2ae512fe1bca07e0b857964b6890cfce

SHA512
d86413881b65b9e8b4acb3f51d5b40868425dbeb583aa03c2783383a1f15a136a494b42b26eebcd18c57ffb869c75f3d5c22b50aa547ecc7115bb3259610f241

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_1CB3B26D4404CE9B58DF976169FD358E
Filesize
410B

MD5
42cd65e8038d99a73e91ca6b39c1e52e

SHA1
18794e924341ab9bc2ff2dcbebb3459e05f9fd4a

SHA256
f5227dfdf46e8cd0e7ef939844f77647da17f51bc360442cda47ef49e7daa0d6

SHA512
28d7a860f9e55b73a42ae6f01d7594e20af495989e5f7e7ca32f333c4398ebd2a3071d400429c2dd85e33078c2a9c42f8cea620423559241706b6b9784ce7d02

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_AA1ADD4071D073F3048022453A5FE061
Filesize
402B

MD5
25cc9ec1331262fb4714085605e8ba4c

SHA1
38807d0098c048e829c4a0c5dae98a29d8145f55

SHA256
2b67046a23d39b86fbbefc0e1a3aaa87168c8dca0038c68455226d4ae06ecbe4

SHA512
da88600294ad0131d9b98fee0900cc8ce964cc103db4b794347839fdc6945c523eeccd2f8e4384c267d89558bf425766766197ba3d3a56269a603a5e6a921751

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_F21BF538BAEA56C2FC86EE4A4D9AD2BF
Filesize
406B

MD5
dca347fdd85300dddd91c2e5bdb07f7a

SHA1
fd2f8bda34b8ff72ac7901bf924f2aeba5993673

SHA256
7341a8f82f8239ccb20f58070bfd047e3cc17ae18cbbd4fd455320c0e5c0d8f3

SHA512
b1cba52baf9adf84989615443183c9d8be0a1f5eb26d84d82bdc4eea4366f7dfb725fa90d03c98ae794eb043f0ece7ed30033847c869fbb5fa12466b9ff3d315

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F07644E38ED7C9F37D11EEC6D4335E02_A99D2092C18949A4202ECF824898D020
Filesize
406B

MD5
ba357d106e7c4323295e54552af3eaf7

SHA1
fac3cae72ba39f7de1e12f121f2de4226c679af9

SHA256
4044a90df683fe2a53d2dfdc5e295ee16ac6de6a98e13103115d6203ce73a0c9

SHA512
0f18405cf961ab47111d2f48b88b21742a5c9f3d1df2140699115544b9579b4057f0f4e8a625a4b2e4615635b387d257907ee305b0dd13167b4bed27f0c88818

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_6628EE291B93C04E9AF2239445A01FC7
Filesize
410B

MD5
0c641b858aeb63a819a58378d882c965

SHA1
6e6760415f0e29dcf0d05e1b84869dfebaf49b83

SHA256
3fe4b7c23c1c67d07d2ad5dba5ef08586c5e3d4d1ebd388d14c896adef5ac09a

SHA512
6e575c9f4b2f4f6e1f338436fd1d815666c0f502867d775f142f75ec3b66ff226f0b3f5224cabe88de15a1dc87888ed5d5f81780bea97005f18b9c1856a832c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
dbfb8061a1582a3032dd1604e144ad90

SHA1
7efa0c3fba1e0627f30ed2938ef4ec9d6a1976e8

SHA256
3c1763f5b09877f3a825e89fea9c3dde987c85f2d8ab5246b152fc093f593f4a

SHA512
5fb03a9efff30f9ea4a06205808acb7926339cdb0e6668b0006f28c75d65d4df981a4ebe2483e6066e7cb6e886de3d61520fbf3ae7c22fd3e699c25fff528529

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
648B

MD5
aed30867de7c34c2b4f8d7f8b1f35fca

SHA1
34e9d0c7bed26aa1122030b468a9302effe44988

SHA256
1a6876d84d66adbaec8a649ec62645bde1986ce59971befe9190962c0c1dafbb

SHA512
ab063905fb7f64a17453bd4e3acb1c25666e986f7b7fa61ca0b6795a4628939ffa378b218e354140712ed63c6e2a461a2981cba18b40a0adeaaf91c1acf86e6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe587598.TMP
Filesize
48B

MD5
fab6f7c89af8663c0d0e94e7b28808f2

SHA1
a14d2c3ea711484ad7e4d05e683768aaa7f3add3

SHA256
35247f7236ccf0ac35578e801c39be9d9e042cc0b615ebf7add1bfe439dcf1d6

SHA512
13bea2f6d385cd452f18cbe07d96efc2229fc9962459e21bec58338182a8ba45c7f6f9ba6948f0d73832d62c5e043aefd517aa4d3bd3e626f182783d6cc05e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
da2363d84f044948b220e70dcb09b070

SHA1
985b8f32b6881e23e7b49f9382d7ebc04b913594

SHA256
0c59446c3a2be8097bc6cc482689e4d3592e225591710c97ec5052da6650d54d

SHA512
5569d85a7446eb5618ffdd99d5d520c68db32bff7a28898753d1996488031aab94e77845d34fd19a9cf86d047a1aa7718069ad5dea5cf122fb6a9144c0391f50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
c807593880d3fba031b0523c57b72505

SHA1
5353ea6ccc68a6eb18e597eb864cd0ea6ca765e3

SHA256
161fd420357f2f17dd1cd914b670fc0b69e564e3ad4d430c6f984ecc94e5aefb

SHA512
c7726f10e39de58c5b440d1f337d24634d8d10286e7d3dc1e279ae8231d684f5df28a61bf578e9a61ea92311b54ad03385aae1a4255a85dfa3681f11a177613b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
b2f9f3f260ba5984de96641c30c70722

SHA1
f1e8912648587cfb3c3f61a71bab3db3ed284cee

SHA256
09e83deb725ff75302505d252c1c4677dfb35cdc456f34793f10135eea7aab34

SHA512
f7e1533eb0c90d3cf1dc2a88c317ee2677644602a32bfc1f5cc258bb403dde8bea1521f3c7e927c8a96c01094ad3cc2530b0e5761ac0d2e58cacbb6f61b6ee76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
b26326bf7ca44f2c64ef366178c2cdaa

SHA1
a093417a46357057fc4a4b417516f8474a1f90c0

SHA256
c6e3f5b0c6914185085e7383ec80d3469c6aa8d00d4985ce46568d30f7755cc9

SHA512
c13a2c91d90b939831c3d206b8fd25305fc791662ceec41315171ed8ed546e236db8882434eee3e0e13b3ff22a5d8ba3fbabbad22771418c2e7af60023b1a7bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000004.log
Filesize
736B

MD5
80d18cdee5f104e567c5b7fa4a5c53f2

SHA1
e2874ccef61d352036d3eb000de6bda9d8cac0a8

SHA256
a92270b083669bcbf7f62df3b0357604bca5cba56a81c725339b24c6f0785f7c

SHA512
8262a55fd07a8265e12fde377e6ef5c406139e8972914d642014b70cc50d654ec301eb687c3b037d87ba9dbbe8897bae50973c0d86614163d58f11f9671ea734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000005.ldb
Filesize
48KB

MD5
bbac50304e737c0e34368c929703a758

SHA1
f6874fab08d58bf8eec44c36bdef4e08fbd6d84b

SHA256
631ba8c15f9df28552f4049e4f57c31c61d2047344d46cd6c55d9e4673e37e39

SHA512
e60b1b9e47fec3fea7b8636786d5740fd4aae0055154a7e457e96987c52dc7b3ad57d147de3277ada460e8a65af8454b64bf73fb16d2d3f9a19961acac7c0b73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
491B

MD5
4d2529ce496516df02c9229d473a012e

SHA1
2de389155dac229fcf884d9ab1501f9b3da4fb95

SHA256
5e8b06ba43bc3d8c539d04dccbf4b9d3c3d0b96f82986cfeb19b89dd00241087

SHA512
b25435039815d50af9baf6f466412709bbe339368cb2d2bcf8b4b160c405648572b60713e58ac86d798bc826e3379088e999b5ed07ffecba9a8aca8cf7099762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\MANIFEST-000001
Filesize
153B

MD5
bf2ad7e8e521d8a4ec1038a5729b81ed

SHA1
65a5035398ca5995c7eb2fa37fe571e768a6c964

SHA256
028c027e85784c4414ee61a9642eef4830a628ed5f5b52f7c5cfaff33f51b5ea

SHA512
6997b220075b05608088cce06e1f39d5fdb2197a108d76735927f92281a46715de91ce54477a37495ca3862331a9816f63f83121ad49255d948793a767ae7f78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
5053e6f7fe45171a5f6ab035185a785e

SHA1
163e82225df6715b84236f80b0957c3e54250007

SHA256
2400ab18e0d579842722dd0107788cdec99fbead5270573f1a234ce23c3e7366

SHA512
18acdbea5555aba85b93dedc275dbf4227c343eceb95d70a2b7df46ac16eb727025fb64e58edaf33b40e111037d2a9f24e6ebe88cb03f12b769d2881da9c3084

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
9b415cf16172e972d245178d0583547b

SHA1
59c9e903f1691acf3283cc0c8d3c2203665ea45e

SHA256
742d5fbe8946936211889f1c6854f85c08114f5664d3b70dcbe37e0aa1887e8a

SHA512
c79ec316841b7e1231218da90f144d9b9f90ca1bb9b38b815d84a0463f0befa71110e6990c4050750bcb1111a804b19378ae17c868181d39e23bd1aac3e04d5f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
d482d544c757ec4d6b664e16013b3dcd

SHA1
d907172452fef85bf9055edbf0f34fc3d958f746

SHA256
3e89f8062436f3d059dc858db041e8ee44a73b1eb7e2b2f7e9f4ca82c4ba8dd6

SHA512
bf46e28a1ba131ef4685d3a13107238bb7316d523e1f479521bec4e16549dfba3cda763a117045e2881c9094c5d1d9eb086421665d0cbdbd629b408d692497e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ab8f8bcb0730126d15025e3d28f27924

SHA1
862c42e7add0e0969834581cc3943fa16ae8997f

SHA256
55ecefedbd05ddcb5211f7cafe07cfd629677d14d9ffd94d73161a2cee458b2d

SHA512
2fcf306a9fd68c460a5c9384374c2699ee107718dbcfc384a0e42711c76fbba8c6ceba4e8318140b0c16702bbdbcfaa3f1f608b356d81f1647a9c519533f6823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ab8f8bcb0730126d15025e3d28f27924

SHA1
862c42e7add0e0969834581cc3943fa16ae8997f

SHA256
55ecefedbd05ddcb5211f7cafe07cfd629677d14d9ffd94d73161a2cee458b2d

SHA512
2fcf306a9fd68c460a5c9384374c2699ee107718dbcfc384a0e42711c76fbba8c6ceba4e8318140b0c16702bbdbcfaa3f1f608b356d81f1647a9c519533f6823

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6f35df185d1782bc806fcc9af1ac147e

SHA1
ce4e8567bb7e9ca070774f575652318aa6a40d68

SHA256
3df645a5e38ac703ff53a44823acaae5003d399fec3baba292101d1f7f63e5a0

SHA512
4af9bd510d85d1c3b29aab0528ac6edc4542c66ef9a95bca1e91c42d31cf6d504425a77f10429f8a3cb412a5d6e21439a5cc28e9669a4671ded243c12e41f6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3a2524f73b869b2a06334d76e2ac7a2

SHA1
71136ffd8347c13eb1a6bbe0438134bee380d063

SHA256
ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc

SHA512
f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
07c0ee9cbb7986730889d67497f43855

SHA1
7a879a6b39d5bda15464f7377865edbb01281d10

SHA256
ac86b1c5230e425d8ee62f7a333fa487055f2882aa292da5ef6085156f5b0ec8

SHA512
e02987cf7f72e263cb358adc5695633c141a3fbd3687d82a18354db75c14fe4b422c6662930aa25d4f7ecb36b4b3cc0173194e5b2f2b6c673e2dbcd4dc4f92f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe586608.TMP
Filesize
90B

MD5
177b177540d0be0ac410cdb44d9b5c7c

SHA1
4d1c1aae8b36a4d70bdb9dac0a27d8adcc9bc630

SHA256
19bbf1d88c448d337f8badf68ba883b92db613fd1d2a09c103e30aef82bf94e6

SHA512
6f21ee1c62bb1534d55c5701cfe5737dc0f2ec8d41dcf1db334e4d70865541d21e16b6aed65e8ace58fe0f3ffc82c4c23bad8ff907a1b29b159d1128cdfc656a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324810173081507
Filesize
5KB

MD5
597a5b8a0af48fa817b09e810a277924

SHA1
dd0dea1de17e176e345f9b2aa3579a09e5977ff3

SHA256
293d50e363c05cae4c419c9bab355fb24b38cb8532c262aeb5f58ef2a924f47b

SHA512
d8b6c9a9db89adabe405cf2b4e8cc53829af5c6a451df29617163468e7d642d214972cc43b776119c99f89ee5bff3a823423ef2b116ab0a40aa731a6e14999c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
bc56381460b2adb167d85ffee48a3e5f

SHA1
65a2ece2a59bc8358fd39cd1abc5cea9fe4d5b65

SHA256
cbb55d61526478cf9677d14bce38c4ec831302bf027ce0c85dc6c7e69a545ae1

SHA512
2fea9cc9b64661638c6ecfd597e82f973314af181f24561cb2176f253e2863cf4ec7fb72db43c7a1a96d3d69020b785bdebdc2c116ade80bc4aa1140f198773f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
85a1712a1af191eb4ce29addb5bd86d6

SHA1
9b7b4ee45558f7acc02a2f6e03b3d1cbf6bb2cb7

SHA256
87a8755f0f37a6e99944e01d4dbb281c3dabcc76da620daa3ecdf138cbafaaf1

SHA512
247eb381faaab9efb462fda93017dddb01d2eb285e620579543396770dca87da39a65c047b86937ee53381eed7a9622ef59f10da000b32799c98d1be34f69d44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
ce04b21e969ca63bfc4d710e2f00a27a

SHA1
d76654c281e38cf768819774230e31be8fe13430

SHA256
4992a95aff18ea1731c44525ee108c91b857e67b9d452476a32c7a3bcd7ee17f

SHA512
108e170be47acbf119ab149f17d5a2ae652d483dc3d364561183f668b26fc8529981ac6d65aab4f655409bdc9c4fcab3ecd8e06e2f2251d8aeaccf75ecdd6859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
7a2e20bcc09545e6ad3f12b8ce0b219b

SHA1
d336af476b6cd52fbeb25465d5b366e6329f8b62

SHA256
1ed633c25640a93d1e9e3800202a18613920624874bd973cfb8e5ff3bfe97fc4

SHA512
10cb8d449484dc2107fadc8b02c1efdcb91820d3a042c1ad7cd068422d17137378cafbd66d5d7341565048f256c87e59af7137f5d44311b82573dfa319b0ff65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
52KB

MD5
a9038a3de44533228ede88fd8e8b1fcd

SHA1
7cd1c8483042c9111cf965571dbf6f2d62fa7fba

SHA256
355082b388c7114182e6cd5b7b696bdadeb7854b07450a05282a18cb983a9176

SHA512
590666d1e762ee5b5737ef0a37a430f8eddc8d9af4d746274a3c54c477ccad0d0ceb93a294580a052e1156d22d71552d3ab4bf9bba29f97e55d1eb71d2281140

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
67dd0ecdd514cc8dea1c37dd3e146bad

SHA1
fb6b5c0264b29ed5e66daf426f042340f2295911

SHA256
306628d50fbdd9a6f6c6506462b7635a845adac0290017fb927c51083449363b

SHA512
2584bde06e29caea36bd183226310c79452bc6cacb2381dd6aed801339fe866591c9e2fa59ce2bff2101db02182730b07716d432291fe3ace67b3e042e320e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
8edadab5c4eb3833cdfef2bc1a6c28ec

SHA1
e802da7436576f3e995841bd8ec3b459e917db3d

SHA256
5b4bb0edd28b7c210f74ede07620036d8cd9af0d2d1fdf33b1a943b066ec1f2d

SHA512
d51b80163c3d974563163acfedb4c795ebd4a8a83b6bda0ea90b381dd7215bf2c39d78564eca94aa7036de8cc5645d542430af9a0baff2fdf4a9cc3694c4efe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
67dd0ecdd514cc8dea1c37dd3e146bad

SHA1
fb6b5c0264b29ed5e66daf426f042340f2295911

SHA256
306628d50fbdd9a6f6c6506462b7635a845adac0290017fb927c51083449363b

SHA512
2584bde06e29caea36bd183226310c79452bc6cacb2381dd6aed801339fe866591c9e2fa59ce2bff2101db02182730b07716d432291fe3ace67b3e042e320e5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\ZX3JWNOE\s28667145.weebly[1].xml
Filesize
2KB

MD5
15a3a8dcd6f347082134ec85ba14089a

SHA1
98d203111d7bdf4d14207a3f0e083bb44d701f6b

SHA256
49091a3a18b55d3a12d6aec9c93a36b175a4baa86b9ac6d2595ea4318e52364e

SHA512
b018e2ab829818a90aa7f8456012ba644ee5cddfa4cb36226e32f2d089719ba95984ec6ef43824fabb68f98ad4d4fa13d4cb557057cf93f47a8be90b731924dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\VersionManager\versionlist.xml
Filesize
15KB

MD5
1a545d0052b581fbb2ab4c52133846bc

SHA1
62f3266a9b9925cd6d98658b92adec673cbe3dd3

SHA256
557472aeaebf4c1c800b9df14c190f66d62cbabb011300dbedde2dcddd27a6c1

SHA512
bd326d111589d87cd6d019378ec725ac9ac7ad4c36f22453941f7d52f90b747ede4783a83dfff6cae1b3bb46690ad49cffa77f2afda019b22863ac485b406e8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
Filesize
44KB

MD5
b46f7fae8106fa9255ae0072d582d0d7

SHA1
77ac68ddb8be9312901300bf24c3c70bc66df35e

SHA256
d6039c5bdb85b1b736f0626175aa7cea2b790d6cdf7b5decf7375002f5fee8b8

SHA512
800b9a9baee37909134440f9ace9d19ce48455cc7cd07a0a78f8c49d652267c17b13fbc00c06c3c92fba72990de7d71ee9df5d0cb2591fb9b880069dbc1f483b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
Filesize
1KB

MD5
7bc637a9691763021bf25c87b162ff2f

SHA1
183fe166d523d135634f970bafe89593eb4e0c69

SHA256
871c675ac59c65dd08caef1795b1ed3b68595e2c8d908ab6aa8ae13fbb9db887

SHA512
c298c745bd4897bae8d1eb6f02c80e84f7d5c71d327a2caa592bea964809a8a46fea01f1fd1d9b6fc67a4ab7c02def29f36f33a5d5bbd00d404a91726e12e087

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
Filesize
35KB

MD5
8197b8431d1b53d41c73a9afb01919b8

SHA1
bf231e7cdf9ea3da8f63d5946f62c3eef5923865

SHA256
0fcd0c30992ba8fea84016cd4ef408599b33221288efd2fc5fc78c14a6faaa4a

SHA512
3ea18c166adba5767516d8a6f1fd9d1765a558513e3df0258cf04cfc7b135e2e86da735459f7cb0e07e016d833c609254314508d7b1d859916eaa1efe2720846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
Filesize
35KB

MD5
8197b8431d1b53d41c73a9afb01919b8

SHA1
bf231e7cdf9ea3da8f63d5946f62c3eef5923865

SHA256
0fcd0c30992ba8fea84016cd4ef408599b33221288efd2fc5fc78c14a6faaa4a

SHA512
3ea18c166adba5767516d8a6f1fd9d1765a558513e3df0258cf04cfc7b135e2e86da735459f7cb0e07e016d833c609254314508d7b1d859916eaa1efe2720846

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat
Filesize
39KB

MD5
b9d5ef431291b9898de5cb7f22dbab1b

SHA1
c70375c3e9540723a08bec21ff51b6a129cda719

SHA256
533c574187b9a7dc73d3d245eff3b817aa200490d6205a29d0767c554e144fad

SHA512
8e4f875c1609b5caad1d5242361649e068f751bdc758e1b4df3c69f62141562852556bcb8eb53adc8b421566aa33abb82d11961cd8e3eea763fe6dd8a41f98e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\Favicon_EdgeStart[1].ico
Filesize
33KB

MD5
7fb4a1f2d92cec689e785fd076ae7281

SHA1
f3477f75f8d14dd3bcf5f50176f8cdfdcd3944f5

SHA256
8ffb08e22d8848b0dc64e13ef43a5db913a3b4c112f67b0346f1508f2811aeb1

SHA512
bfc68283080028dd1b93bf28600f2abd8cb3c375c6433649972485e027b6d72e81535221ff2c89c2e5b255dc24ef3a1db28129a95eb872f236ca624f1ca9d02c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\memz-master.zip.6hlf8kz.partial
Filesize
17KB

MD5
4790677e05d72ef7429dddf35562bf4a

SHA1
4243d6ea53db7e8cc0c355e70d6cffb54787b90b

SHA256
319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96

SHA512
a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\stl[1].js
Filesize
177KB

MD5
6582c2aade33621450a6e3a66cb31e9c

SHA1
c75cfa7f8043793d88ffd5db3858f4fc1adc4db9

SHA256
3456d0f6931cc1d0a50ccb7fa01916ac2b398b80aaa249f8b3dd89c5d1666ef8

SHA512
19c1b33899369c7180d7122668e59e16fc7c3ad3a283cdbc47d17c1dba6baedb5e72ce3e15e27a7a4e286384a3f8f637eda19c99276016a623519cc41668749c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\favicon-trans-bg-blue-mg[1].ico
Filesize
4KB

MD5
30967b1b52cb6df18a8af8fcc04f83c9

SHA1
aaf67cd84fcd64fb2d8974d7135d6f1e4fc03588

SHA256
439b6089e45ef1e0c37ef88764d5c99a3b2752609c4e2af3376480d7ffcfaf2e

SHA512
7cb3c09a81fbd301741e7cf5296c406baf1c76685d354c54457c87f6471867390a1aeed9f95701eb9361d7dfacce31afd1d240841037fc1de4a120c66c1b088c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\favicon[1].ico
Filesize
4KB

MD5
4d27526198ac873ccec96935198e0fb9

SHA1
b98d8b73ad6a0f7477c3397561b4aab37bf262aa

SHA256
40a2146151863bcf46c786d596e81a308d1b0d26d74635be441e92656f29b1b4

SHA512
1ee4b73f4da9c2b237cd0b820ffad8e192d9125ce7d75d8a45a8b9642ce5fe85736646caf12d246a77364c576751c47919997d066587f17575442a9b9f7cc97f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\kernel-a9509dac[1].css
Filesize
100KB

MD5
1f9ce2a5856043b3a3910f5fa7366aa1

SHA1
9d86db46ddbc7440d5c81d6bac746ff2afdf266f

SHA256
6c4a421bd4a8251bb6ca8d9591d44a40619375568ff2b3eda48c5e6ffeca0c0b

SHA512
1b9d5e4ce34b821e1c05335449ed00b6f91868ea3d59b63eab52d425c0c0b70ef90d1dc36b75389ad2e648f6a6eec86f7e9e339b760aa8c33cba9b09f556af29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\favicon[1].png
Filesize
958B

MD5
346e09471362f2907510a31812129cd2

SHA1
323b99430dd424604ae57a19a91f25376e209759

SHA256
74cf90ac2fe6624ab1056cacea11cf7ed4f8bef54bbb0e869638013bba45bc08

SHA512
a62b0fcc02e671d6037725cf67935f8ca1c875f764ce39fed267420935c0b7bad69ab50d3f9f8c628e9b3cff439885ee416989e31ceaa5d32ae596dd7e5fedbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\jquery-2.1.1.min[1].js
Filesize
82KB

MD5
9a094379d98c6458d480ad5a51c4aa27

SHA1
3fe9d8acaaec99fc8a3f0e90ed66d5057da2de4e

SHA256
b2ce8462d173fc92b60f98701f45443710e423af1b11525a762008ff2c1a0204

SHA512
4bbb1ccb1c9712ace14220d79a16cad01b56a4175a0dd837a90ca4d6ec262ebf0fc20e6fa1e19db593f3d593ddd90cfdffe492ef17a356a1756f27f90376b650

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\kernel-e08e67f3[1].js
Filesize
283KB

MD5
463d2e66710fcff44d3915c12caf5335

SHA1
e80a0fa3e359ceafa2a80f5c84451d951c6b8947

SHA256
824531c3073f6d80180df9e58f1574f2609ffca984faf66a596ce39bf39fc72f

SHA512
277d83693093525f07cf9aef0754e31138f518624c84ae634fa8eef40f7e789fe90f08c010c100d40bf9e0bee60e29aab429cf98370b102801df9f35f311c4a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\memz-master[1].zip
Filesize
17KB

MD5
4790677e05d72ef7429dddf35562bf4a

SHA1
4243d6ea53db7e8cc0c355e70d6cffb54787b90b

SHA256
319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96

SHA512
a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\suggestions[1].en-US
Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
Filesize
153KB

MD5
7e08de74d72d105f7b2c4c0f6f349b45

SHA1
cbc280cd2be41baf35dc7c77d71999e750a36b0f

SHA256
e42442cb290d6b87ed30824eef133fc6c4a78a86d6630c8ba6828ca0ae84fc21

SHA512
8b44c119096fdebc020e2273a8446662658f39738ed48fad2d04fc041ff663f8c3fd67a1b3841443545fe98baa8f900d9086ffe2f56da2472c38f676f1fa0f96

Download Submit
C:\Users\Admin\AppData\Local\Temp\~DFC5A623820464FBA0.TMP
Filesize
16KB

MD5
7ad7651315392fdc8ff701ef98e733fb

SHA1
416304a1a82b31de7fa540276c879aceb4b7732e

SHA256
9a53964ad7af6564c9c76908048484850806d5527290465ad959782f8e7873c9

SHA512
b3fd67559380c2b837e3f69e483205d6d0cfeabc0f4c738fcf760825f9c7cdebe29ece87a667ad7db8244dc5316b670083be17550b4ff724135553b00c5247a9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
ae1f865c05fbedfeccfb5ec68eeae446

SHA1
d619d5eb73d16b29ee5eaee4452ce9b46cf751b1

SHA256
494f6a229e0045f90914024355abf82e3a0e69b8e119f62598b42323056d7506

SHA512
61e20bd73dc611b514b4854246c9bf4dbbc38e8e0e274ab4718c551c9b39d324d3314de1871865fdaab3d6aa1e35c03dedcf9e21fa5d6c9c979d6291278ca7c1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
ad9e121c2507c8c22eafc3206a4fb222

SHA1
0aab1be4b666395428522dd867cb83ae859762ef

SHA256
b0560f34b3b4f1d47dba215f6ab74a25f00dfdeb46439a84d616d018f3303104

SHA512
130074216f2e04c5eb14b7481436d1dacaeea921d260d5259c2f0fcd6798c38fd7dea42f8766c374cee5b32896286b7d6cf97d0a8b9a4bca516514327cacd086

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
30fb2254b2a67c5eb8716db5073dba68

SHA1
d361be0c64558d95fe13a9ce1bc3bc4fe137e99f

SHA256
4393dfdd513ba26338179bed044e36336e2310347e6a9235366167ca45042491

SHA512
82e8efce30003a75205c4c57d403182216f57200844086d04c3d97b5ffb5e3b2bc4d66137b9fa94ceebdcf588a809f6f5abd808348f42e9d2892ce02c242a0b8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
e1ad36044f3db8fb1b1e71e3e337d4dd

SHA1
3f945971bfef46a032b08c19751189237d1e3328

SHA256
c6ef0260bdfc018752b98654e61e08858e0960daaa47dff70b123c8044a8e42b

SHA512
62251d58e08c0712ae6928d7b73917bd9645338161a5dfc81d7d6e0a64cf5a210b1c851d7956223eae240bf676c8917dc9e75c2f3b79ab80ebd83282318cc290

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore.jsonlz4
Filesize
880B

MD5
9b5b94ad7d6e05e9bd2dfa30ae5eb155

SHA1
ffa11296a4149bd8539fcc27fbf5403d2b8e406d

SHA256
0cca9a7be11e0a14ef6ead35099cb571aca59892833aaed735674c2ed297ab54

SHA512
37aea2a8e3f2e717b3b12de8a8fd3a7a2aeda3cf56dd88b9262b1812221f1f3d0708ba63e50b94c7142a2d89c014631eb72c7b44de4ad92cc06f695e6f4b9d3d

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_1392_NDYFYVPUNZXGEQGP
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5520_AELYBOAOVKUUNNWU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit