3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Analysis

max time kernel
150s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 13:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230401154337.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\34d71581-ec26-427f-9b1a-4aeb065d4e06.tmp	setup.exe

Drops file in Windows directory 1 IoCs

Processes:

mspaint.exe

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3716	MEMZ.exe
3716	MEMZ.exe
3640	MEMZ.exe
920	MEMZ.exe
3640	MEMZ.exe
920	MEMZ.exe
3716	MEMZ.exe
3716	MEMZ.exe
3640	MEMZ.exe
3640	MEMZ.exe
920	MEMZ.exe
3696	MEMZ.exe
920	MEMZ.exe
3696	MEMZ.exe
4236	MEMZ.exe
4236	MEMZ.exe
3640	MEMZ.exe
3640	MEMZ.exe
3716	MEMZ.exe
3716	MEMZ.exe
4236	MEMZ.exe
4236	MEMZ.exe
920	MEMZ.exe
920	MEMZ.exe
3696	MEMZ.exe
3696	MEMZ.exe
3696	MEMZ.exe
920	MEMZ.exe
920	MEMZ.exe
3696	MEMZ.exe
4236	MEMZ.exe
4236	MEMZ.exe
3640	MEMZ.exe
3640	MEMZ.exe
3716	MEMZ.exe
3716	MEMZ.exe
4236	MEMZ.exe
4236	MEMZ.exe
920	MEMZ.exe
920	MEMZ.exe
3716	MEMZ.exe
3716	MEMZ.exe
3640	MEMZ.exe
3640	MEMZ.exe
3696	MEMZ.exe
3696	MEMZ.exe
3716	MEMZ.exe
920	MEMZ.exe
920	MEMZ.exe
3716	MEMZ.exe
4236	MEMZ.exe
4236	MEMZ.exe
3640	MEMZ.exe
3640	MEMZ.exe
3696	MEMZ.exe
3696	MEMZ.exe
3640	MEMZ.exe
3640	MEMZ.exe
4236	MEMZ.exe
4236	MEMZ.exe
3716	MEMZ.exe
3716	MEMZ.exe
920	MEMZ.exe
920	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 18 IoCs

Processes:

msedge.exe

pid	process
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe
996	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 2092 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 2092 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 3 IoCs

Processes:

msedge.exe

pid process

996 msedge.exe
996 msedge.exe
996 msedge.exe
Suspicious use of SetWindowsHookEx 4 IoCs

Processes:

mspaint.exe

pid process

2204 mspaint.exe
2204 mspaint.exe
2204 mspaint.exe
2204 mspaint.exe

description	pid	process
Token: 33	2092	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	2092	AUDIODG.EXE

pid	process
2204	mspaint.exe
2204	mspaint.exe
2204	mspaint.exe
2204	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 4628 wrote to memory of 3716	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 3716	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 3716	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 920	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 920	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 920	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 3640	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 3640	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 3640	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 3696	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 3696	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 3696	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 4236	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 4236	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 4236	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 2908	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 2908	4628	MEMZ.exe	MEMZ.exe
PID 4628 wrote to memory of 2908	4628	MEMZ.exe	MEMZ.exe
PID 2908 wrote to memory of 3936	2908	MEMZ.exe	notepad.exe
PID 2908 wrote to memory of 3936	2908	MEMZ.exe	notepad.exe
PID 2908 wrote to memory of 3936	2908	MEMZ.exe	notepad.exe
PID 2908 wrote to memory of 996	2908	MEMZ.exe	msedge.exe
PID 2908 wrote to memory of 996	2908	MEMZ.exe	msedge.exe
PID 996 wrote to memory of 4080	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 4080	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe
PID 996 wrote to memory of 3504	996	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4628

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3716

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:920

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3640

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3696

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4236

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of WriteProcessMemory
PID:2908

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:3936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xb0,0x104,0x7ffcb19446f8,0x7ffcb1944708,0x7ffcb1944718
4⤵
PID:4080

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
4⤵
PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
4⤵
PID:2140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
4⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
4⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3588 /prefetch:1
4⤵
PID:2156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:1
4⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
4⤵
PID:1124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5796 /prefetch:1
4⤵
PID:3292

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
4⤵
PID:868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3760 /prefetch:1
4⤵
PID:512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
4⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
4⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:4508

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe8,0xe4,0xf0,0x228,0xec,0x7ff6cb845460,0x7ff6cb845470,0x7ff6cb845480
5⤵
PID:5040

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6216 /prefetch:8
4⤵
PID:3792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
4⤵
PID:2412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6364 /prefetch:1
4⤵
PID:2076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
4⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6156 /prefetch:1
4⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5348 /prefetch:1
4⤵
PID:4228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
4⤵
PID:4832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
4⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
4⤵
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
4⤵
PID:1664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1460,15876845889477245724,7351813955944201328,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3612 /prefetch:1
4⤵
PID:1100

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:2204

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
3⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb19446f8,0x7ffcb1944708,0x7ffcb1944718
4⤵
PID:4388

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
3⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb19446f8,0x7ffcb1944708,0x7ffcb1944718
4⤵
PID:1180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
3⤵
PID:4988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcb19446f8,0x7ffcb1944708,0x7ffcb1944718
4⤵
PID:2808

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5024

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2680

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:2376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x504 0x42c
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:2092

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
331KB

MD5
95efe88b5b36c29de90d7e6e99300857

SHA1
9a0ebfba154f93b7ba83b733daef1225beefee76

SHA256
c596953e04cb63487d2543005ed52be5b4dc0ee3c38f394f530ce1ee9d79f8a3

SHA512
38d21358e5a36e63ae79a6e0346fe11fafd3404830bb9702355404cb6b0dbd5415d58a1b1db1570374b0212e894c2a03f4b37fb18a98cd9d00e4a6fcc438891a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
69KB

MD5
785147393dab3ae1570cbc5a154b15cc

SHA1
927cc1109df79110c811fdabca8d8da9be408e32

SHA256
e440876b66455f0eece5fcd088c8eaac137c83f931520ec578d842cc6f45e816

SHA512
405d52e5aa3bd17cb9a1503253027b3b87f228881d684f042cd8718c0ba65ed9195575d46b5e5d82bc657c29d7573437386e1f080a7b2437bfc5b3f48e0be2d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
61KB

MD5
a0efa5ed4d2876e063ebceda6a5ee1a2

SHA1
06c14bce0a9dad23ab9a94cb976c1acaea052743

SHA256
ada73543baaa7b64d16deb817b39b984d7cff5cd624948c5106f9cb1c8af21a7

SHA512
f6898665ac8b7e20b6d613d7409d5e819c5a6af123ac512f9fc72ba135666b4fad18eeb8369c7ea6ab4a7e1a8671c67337c30e90166a2219867a4d6cceb8a9de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b
Filesize
50KB

MD5
40333c9d07daab8ba8a53f73ee3f974e

SHA1
36c2b17a7c48fc28036534f445b79fca9658f0a4

SHA256
998313664fbeab2403238a77e6c50a4541d20805b30533f67de1a12c624fee54

SHA512
4a893bf97a02f88a3ea7830b5f72eb56295566a2c6ceafa33fd80f74f81edadbb4172f71c0e12e4a06b1e927f9d7b0cc62c5ba070cd50f3f25c8b670a1270de4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e
Filesize
35KB

MD5
fbf149f3cc52c0e994c22360da1fdc3c

SHA1
71c4a5d6a47d01dcb40c659951b5ce38faf1fef0

SHA256
53e46cc83cf44a5dce1b018be9011952eb7714f2949757cfa2e3efde44112dd0

SHA512
9046410e4bc370c68e98c5c00875469bf667cec7bfb14046df5a8547be292153d3621da4f1bc4ed583b044f739a3e56dd9f0fc70bd79196568aca2949501d1e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
480B

MD5
4b86b8d705f0616b69c217d8c70f483b

SHA1
534c0b5e63b50056260d91ed5b397aa409d0268c

SHA256
7d7a6d9966f618a95d5ae8047b94040f27153cb32ec541755ad7cbcf2658813f

SHA512
5f0af89d15d7c5c65b99dd80ed4103268dc0d644dcd75f7537bbe0d0345b45d225dca85ac13af51d5d1da86ed688f0cb5784e524cfb2f38ab03dc60388be692d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
696B

MD5
d7a71d6bdaf470a75a8ad393c9b02a3a

SHA1
5c00ecd06eced0a27c1ec66fd8057025d8191f37

SHA256
d8e37c58d54f586ff256ffebb3499b202c8499d469112585394df6b479eedbcc

SHA512
c72a1380395ff6804a8d2b02fb3d1ee1987334ef03eeeb370911d48ae60bf26b4fe9def4c5cf1b09359d6f923c24364e9a34f354ef398e245a00d00e39e16610

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
af51f63157de75d8c608274bb6fa5db6

SHA1
47fdeaeffdc8b6424614f6874ec623051e70cd58

SHA256
08a45e174ff0aa4b28a62474782fafe9626879a94869815e5a49d94ecc6f5b7e

SHA512
3fa7ee489e72f9064cf85c04f40f867635aba4ee04259248910b4755dca09d2b9139151eb9991874faeecf10bbd6e22e9021dade41452a48e6fc72d9d944c2f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
4fe8c4a663819cef15d47a35a267a45d

SHA1
7ab18b2ff20c551a6c8c3b5bb72dc9898d4df109

SHA256
edfddeacf5dcbd6561a38a347fc9a3df0c5f96bba2ba33ed08f939c6301bf184

SHA512
31923a121fe7667373ff998eae09c2b42aebc12aee3c127c1cb3ca409bd7682c926cb2648b8fe5dffd65c24d3de7e1e77d0e04b06761858af93f9871f95008ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
39f518fb67e71bbb892e906de5f94bc2

SHA1
a4445694207e4f4630bc4f9d4870b27c2a2708ea

SHA256
7ccec8dff8b6bd0aace50103b1a638beb72981c971a465c2d3b6b3a68c47eb0a

SHA512
ab564dcda0aaa99f0b227031a29b56662504685d5fb8d1c2baa6e36272005d5534be4704522b9bc73af83045613e8e0963f78edc945eb06c5c9e1804e4b6ef88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7cab9f564a5b1d8db80d0f700f802e33

SHA1
2562964487e9aacd79e6353192b9f29533f87b1e

SHA256
4f06d8db39f888be155d5a37bbf93c038c81603275e02cb28436fd35530a3c9c

SHA512
417766d0cee6658c2285fcc7fccb935aafd0c07393a4be14d6d8e39dcf4719a6878bc12eff3e4cae69db16a743375c5aea812c7f437fab63f180a34a5d2488a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
d3dd766c525bea9966c8ad7d69721ea5

SHA1
947ec1782112d813e09a567de547848370e332c0

SHA256
d571d3fcde621100eea656d5f0e29d265e11b3fe8ba4da062cdd22377688aa73

SHA512
c41a0671b8ccb1051c4251a343694af28d49992a356592dc338ee6057b6e2b4fab83e70cb672e4ead6723485cfa504a439d499333011ac2122283ec3ca5fb2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2b57c54d01e13293605c014ebe13f19c

SHA1
5f447bacf051723122a863224c62f330feb5d47e

SHA256
6ff9cdfcd3c897ebd8e33d6a5dfacbbac20ca747cb4118ebc9782b2fb2924efc

SHA512
07e307bc154861bdfc9d4455df19cb0e6d3583ecb033d91f828bf91936509e8611ef838dc6852495cfc488533da400161162a2fd0bffa387333a1193f2835183

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
9d98989b9adf35783c3eb3974c926255

SHA1
7add346152cee088970c8bd75f142733115bacf6

SHA256
1082c9a600c9cb1c0a99f77df6c0c839a0fd0100663123c7802c8d9aa19821aa

SHA512
5634a42aaa1ead2862fe8d007638baca09d95c295e12f8b81f44a71c79babe7b125dbb84296c6093106ee1b6e0be64a4cc867f9f117edc6d2dd17022c2b4b3bc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
b1f4228a062bc1b37711d13289ba134b

SHA1
00ddd80421c2d3c24cef10ead14b6c84d664e276

SHA256
76a6c3e20b51940333b83b1a6c6eeabb0fdb3b28e158a983c96643b3d52d5a46

SHA512
72ecb1d8da9ebaf49a03dcaaf6b441953cbe91bdfc293312d3057cde6afd6894cca02d5acb9cb5cfa2b14de13f425c8806a48939ace991b33c657bb01021d36f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
57c7dba293dd12681ac942b4cd75336a

SHA1
d20192d8ae95d4f5f39644eac6cea94893889574

SHA256
1d43508d30a302bb3281dd23901e170dbc4ead66704fcac03b2ef29dcf3c2dd0

SHA512
93cf127d25ffa45c88a45786c05f623e6e86eeb37a67174302e4cba5090ec3869a8b7c9dc8c4a6b3cea7fa72cc9b3dce475984a16a71c0fff5d045c1e3a2e6be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
8e12248e109b90b9a49505fb5664714d

SHA1
3b3e3e9e46d60598e1b9ca922d25a0928b94f75e

SHA256
d6363a16c13135e292eda129635c617278a8e63d2fc61ffab970f510356893d3

SHA512
64861c5bc865154eb6b64f52849989d028c19a7227c4cfd35ce8319bafac7b57d40ab5aa4fd8bc9bee03639204aadd36ced626ed6983f2e171e9e545d7325415

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
eabc3c41b7b296c2898e9992d7c74ad5

SHA1
e706c060512a66b8d384827cc40d3aa8df8c7aec

SHA256
4d6c21313c0abab998661f951c908cf3f2dffb3e502efd158f58f9ee09172b42

SHA512
c4d79da71b5689a47c40d60967579c4cd8afa3ce34c33d9fa360cbccdeb1e762e00923244f94ac5247e9c6d223daa6499737a3f398eb0566265583fbe36a9209

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
80c323866819a842a114ad9ab00647e2

SHA1
a38a668c27baa4d4c766dd81bf7ec2f2aff9363e

SHA256
dc5010cd2bd7b3c8f9aee12e205cbfa03550b51d1e97c83fb5429324516761bb

SHA512
4fb15ceef2c1c756a86b62dcf553bc3294ada608b361fe70780f7d5f89d2df1a0ac1b73b7ae0731b039146038614d3eacec8532f384b9962a5f2b5324cab094b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
707B

MD5
d908ee9cbfc8b6b2a0f1ac6989114b21

SHA1
071ae321c4f15af2f2c6c7a4cd16a59af8ee660b

SHA256
3173e07142083bf354217d41855b111a5acf604b8be620540abd205d56b72934

SHA512
952496664e238a92886a3577df37447dd5622a2d26d47ec774807c3ed58d0e9f22c99f344a04de2b78e3606a59b5298b2cafdd0f4b669bf0dffa502f8407a437

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
c997cea6835f6c4bdb0f7a19f34cd036

SHA1
2b711539106c89dc3dc57a916ed4064e94d05e84

SHA256
076e46d5882b82492b55b7d6790595b03709c938985cabf92824c48f2f10e396

SHA512
49e9af7d587eb009c1c77d0390e3a0e339818c4aa6af29ac2d1612d0c7fcf691bcab6dc1e2cca392f965e8d9e2c05171c819dead7aba5c6388fe216f42830ff9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582da3.TMP
Filesize
372B

MD5
d88b019f9edde0107112c885c459e967

SHA1
60db1462d8c800b9fd5c35550354c0ceaf63cf7b

SHA256
1380b764f8c0f9dff7707b1b684d5ade31e4a6b84d09dbe29fc437d77258afa9

SHA512
37dec64eb4ff8a46b460af9318eda81a7a5d7cc69d44e74e5f6c58ae00805156225947a5c59f6fcca3d21503f4721f1910df88321eb9665fc6763314ef62f986

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
e9a8e571e78bacb9e70df2adbbdd9e6a

SHA1
27c89e6ed456771a4fc280078893587296927904

SHA256
2348646b5fd3cbf7972ddfd2420e62d36a0b5b6e9c2492362b93a0709722bf08

SHA512
915f2d1fca2f81ea7e116f7a60853ed500cf99e2606d95008f10cdce6b1a3448d3d672d83859e6bafea69139bcce5c63af3b1649e38e19c49a2c08fbed98927e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
33f381a4dae063f94d8fb4aeeb70977a

SHA1
8a4ed04d21640ee88dc6cf183f08b486e4522eb5

SHA256
e147d0b7fc4ec21ef6affe7044479561e20f050636226478c7ef3916fc336a37

SHA512
f2a5e8fde3fcc78cce1768bccef894cc04cb7a1576da85039cc743b2749df6b3eefa9e58263256fb5aea0de45c13a1e8776d14242aafdcbbba7c4c6072275270

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
2b7fd349064217b77a6c144679779425

SHA1
b9486304af53e048c109cafc117e401b934961bd

SHA256
890d213412f5d3443ea28e6916601ee0a1480977b7db837902d7b4dc3750758b

SHA512
8ec50b67815f9b1bc387f5fb0a019027d921c52d2e9923011d5801cb9392e6aa1856d6e03b3132006b652525f2f2859ea9ede3272ca2c671348141675c50c5cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
ba532b735fad79e740fea8786614c005

SHA1
b01c8c4294205422d5844d4512e3783ccaf43638

SHA256
24d4b37bb950e147c71585243015ebe381bd4ff63f3887f967c32280f8be06a1

SHA512
ac28714a0da2f680829fb2bbe0471ff68c1c3161b836a741057e1e79b04fc84c200e1792ab287adbfd56e0b7a5f10bc79af86ce989507b4a5b6a9321a32dc7cb

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_996_JOKZLYUVEJEMBMDB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit