9ea61336dc345e8e68c562f94a385c3831a0fe621d242f24abfbe34d28e16c57

Resubmissions

01-04-2023 16:33

230401-t2seqabb77 6

01-04-2023 16:19

230401-tsjq8abb34 10

Analysis

max time kernel
205s
max time network
212s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01-04-2023 16:33

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

sample.js
Size

13KB
MD5

0a1d0cb632a7f7cde057b8c11c1248a2
SHA1

651caf0aa2637d0b56411f1679eb68f43a7b00b2
SHA256

9ea61336dc345e8e68c562f94a385c3831a0fe621d242f24abfbe34d28e16c57
SHA512

f911550898a737cd17c11e0056660ba83b4a577baaeba85c5fea5f5119cb0cd8226f6176b0afafe163a57223c60b5767aed10211f6fde22eeb42aaa0f535524a
SSDEEP

384:rN+0ElzeVoOsKlElKeGM0U8HhhbNAq28rtGk:rc0ElCVoOsKCI1MeBhb60rr

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2d5daa7f-9569-4a61-b632-903d24f104f7.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230401183409.pma	setup.exe

Drops file in Windows directory 1 IoCs

Processes:

mspaint.exe

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Checks SCSI registry key(s) 3 TTPs 6 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

msinfo32.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_DADY&Prod_DADY_DVD-ROM\4&215468a5&0&010000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_DADY&PROD_HARDDISK\4&215468A5&0&000000	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\HardwareID	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\CompatibleIDs	msinfo32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_DADY&PROD_DADY_DVD-ROM\4&215468A5&0&010000	msinfo32.exe

Enumerates system info in registry 2 TTPs 7 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msinfo32.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMinorRelease	msinfo32.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemSKU	msinfo32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\ECFirmwareMajorRelease	msinfo32.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2180	msedge.exe
2180	msedge.exe
648	msedge.exe
648	msedge.exe
948	identity_helper.exe
948	identity_helper.exe
5232	msedge.exe
5232	msedge.exe
5324	MEMZ.exe
5324	MEMZ.exe
5456	MEMZ.exe
5456	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
2904	MEMZ.exe
5232	MEMZ.exe
5232	MEMZ.exe
2904	MEMZ.exe
5460	MEMZ.exe
5460	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5456	MEMZ.exe
5456	MEMZ.exe
5456	MEMZ.exe
5456	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5460	MEMZ.exe
5460	MEMZ.exe
2904	MEMZ.exe
2904	MEMZ.exe
5232	MEMZ.exe
5232	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5456	MEMZ.exe
5456	MEMZ.exe
5456	MEMZ.exe
5456	MEMZ.exe
5232	MEMZ.exe
5232	MEMZ.exe
2904	MEMZ.exe
2904	MEMZ.exe
5460	MEMZ.exe
5460	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5460	MEMZ.exe
5460	MEMZ.exe
2904	MEMZ.exe
2904	MEMZ.exe
5232	MEMZ.exe
5232	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5456	MEMZ.exe
5456	MEMZ.exe
5324	MEMZ.exe
5324	MEMZ.exe
5232	MEMZ.exe
5232	MEMZ.exe
5460	MEMZ.exe
2904	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

msinfo32.exe

pid process

5532 msinfo32.exe

pid	process
5532	msinfo32.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 13 IoCs

Processes:

msedge.exe

pid	process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 4304 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 4304 AUDIODG.EXE

description	pid	process
Token: 33	4304	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4304	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 14 IoCs

Processes:

msedge.exe

pid	process
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe
648	msedge.exe

Suspicious use of SetWindowsHookEx 11 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exemspaint.exe

pid	process
5036	MEMZ.exe
5324	MEMZ.exe
5456	MEMZ.exe
5460	MEMZ.exe
5232	MEMZ.exe
2904	MEMZ.exe
6096	MEMZ.exe
5128	mspaint.exe
5128	mspaint.exe
5128	mspaint.exe
5128	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 648 wrote to memory of 2552	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2552	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 4220	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2180	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2180	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe
PID 648 wrote to memory of 2232	648	msedge.exe	msedge.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\sample.js
1⤵
PID:3132

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe3da446f8,0x7ffe3da44708,0x7ffe3da44718
2⤵
PID:2552

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
2⤵
PID:4220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2956 /prefetch:8
2⤵
PID:2232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
2⤵
PID:2808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
2⤵
PID:2512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
2⤵
PID:3964

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4780 /prefetch:1
2⤵
PID:4044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
2⤵
PID:3680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3836 /prefetch:1
2⤵
PID:4304

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
2⤵
PID:3384

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:644

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x22c,0x230,0x234,0x208,0x238,0x7ff683be5460,0x7ff683be5470,0x7ff683be5480
3⤵
PID:4252

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5600 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:948

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
2⤵
PID:4124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
2⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5216 /prefetch:1
2⤵
PID:1316

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5272 /prefetch:8
2⤵
PID:2348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4012 /prefetch:1
2⤵
PID:4732

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
2⤵
PID:5196

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5996 /prefetch:1
2⤵
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6536 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,1672849923585234003,9044491028843927101,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5872 /prefetch:8
2⤵
PID:5792

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:628

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:1384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffe3da446f8,0x7ffe3da44708,0x7ffe3da44718
2⤵
PID:3692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x2f4 0x500
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4304

C:\Windows\system32\msinfo32.exe
"C:\Windows\system32\msinfo32.exe"
1⤵
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Suspicious behavior: GetForegroundWindowSpam
PID:5532

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5912

C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:5036

C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5324

C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5456

C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5460

C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5232

C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2904

C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Downloads\memz-main\memz-main\MEMZ 3.0 (1)\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:6096

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:5084

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:5128

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
3⤵
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xf8,0x12c,0x7ffe3da446f8,0x7ffe3da44708,0x7ffe3da44718
4⤵
PID:2136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
4⤵
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
4⤵
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
4⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
4⤵
PID:2180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
4⤵
PID:4808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4052 /prefetch:1
4⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4224 /prefetch:1
4⤵
PID:3716

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3804 /prefetch:1
4⤵
PID:4708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,8634427041272632169,6745849147994929278,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
4⤵
PID:5620

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:5444

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2208

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe" "C:\Windows\System32\tpm.msc"
1⤵
PID:4964

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d718caaf91ce110257325ea65e6ee3a9

SHA1
56bc9d07345088e0b578bbecfdbe963ac152a12d

SHA256
e05343bca8937346cd930877fd533b350f178214dd3fb7b6d620d236c6705a7e

SHA512
30b06348adc7af9974228951e64c5df00630e70c1760aa9515a409df92afc76fc602fabd39932ea43b6b775047f8218f0b0fea877575a4cf2754e80586fcaf25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
ed491be6d70da7465873e176ec17cd64

SHA1
adc253cd1140dfb2299f54c9a8c60cac1a51a09a

SHA256
d6d0d36f38cc8702bb31857a6f242420074f91178e0d01c82fcad61368fdd4e7

SHA512
6c5703bbcc93d55add79d867107d65e0f5de2932de9903c6da997daa577f40dec19d5d6f1e0292276f7d93581073a1d0144d36941377930d24f4827e72b63c3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
2f590d2dd2173242225928e84abe0498

SHA1
d85c99d94eeb6e13352b1a4ef24678dabb9d7441

SHA256
f56469b1550575c2634cabbe1bf983ce6c8f325d060192ef02070b90c7980419

SHA512
7946a4138baaee432227d7f3ada531ab11bdacf7895658f71d61ad92566ec6c7bcf8e232aca4e837f5e7982984e9ab48ad362f66f5eec267168e5b63d0b69394

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
1f79b4317e0195e5dfcab251915611f1

SHA1
eb3f9840d9b2fccaa0d67091aca21f1384f1d087

SHA256
372486d9dc31f007e57368793628395b4da9e04919352a2cf96e3316af1fb2a7

SHA512
b94754626eea068efd4c7e25c8cab62f52a89ecb8f2a558a6060aa351828f303f002084ba40276c063515de53f2d817457310e2df26cf9f0e33447aadccb2db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
1f79b4317e0195e5dfcab251915611f1

SHA1
eb3f9840d9b2fccaa0d67091aca21f1384f1d087

SHA256
372486d9dc31f007e57368793628395b4da9e04919352a2cf96e3316af1fb2a7

SHA512
b94754626eea068efd4c7e25c8cab62f52a89ecb8f2a558a6060aa351828f303f002084ba40276c063515de53f2d817457310e2df26cf9f0e33447aadccb2db6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
e23d50785c095a13bb2bb5d724b98346

SHA1
20107a6237465c18bcca16ce189bda96288beb24

SHA256
2795d25cdb44a957173cb71c350021576215a6ab4c0a74f83efcad4859edecbb

SHA512
7bb02b08915b41acf8c109a573394b0d48333095a03dbe22928daf2363f5e66e5aa5d15d0b833e647efc54b9f7ffca77f871ee50c1409b4195b41366a780adfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
e23d50785c095a13bb2bb5d724b98346

SHA1
20107a6237465c18bcca16ce189bda96288beb24

SHA256
2795d25cdb44a957173cb71c350021576215a6ab4c0a74f83efcad4859edecbb

SHA512
7bb02b08915b41acf8c109a573394b0d48333095a03dbe22928daf2363f5e66e5aa5d15d0b833e647efc54b9f7ffca77f871ee50c1409b4195b41366a780adfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
28KB

MD5
9a9aedbea9172569eee754d2cf9b7810

SHA1
ce3d94bb557c110cb3acc46384ef144a412e3923

SHA256
4f34c93ceaf318065ae3db3752eb700f479dfea9ac5fe2e26e6e4423a64808f6

SHA512
6296673a4ddca49c68f9958287c16bec6726f29b772c91be8324ffb4eda592d93679696ed79a7052250ed64106b46b766eb39d167f7b3a98ccf130f82f8514fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
dc072b3659740a97e76843fe956146d3

SHA1
2fc85a4578ff5ade0588c0a26a8f81ac1a3d5b9c

SHA256
e3eabe7a0cc77be3f2d352414081f7e66a6260bd4c12549f65ec138aa0a95739

SHA512
5841d0718e3cefb9b6e5141c012fb7d38857bf4c587795377f1900dd838daf070d23913ecaa466fe27be935befcfab2732d5d3fe780af56e904835c4f2e29e4e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
df1039d403e88052bd4557810a7f6735

SHA1
39b726516da3404ee8e01110437664d7b6e51065

SHA256
a43bda066b7b3c8783ca66a0c99c52cd2e4f4f060b1ebdf5f8e9f6b9ab065e70

SHA512
483b8f1052dc3476505bff14fea248070416ef6cfcf408eeee89a8a5fea0a1810f198dde3d3ebbe8f7fe578bf5df7a57d79b63ba003d8f488aa0df85cef6f061

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
12ebb13cb5aeb8b2fa2ae59438709e51

SHA1
b38106f33ef17914e323d51069863cd984706163

SHA256
ccf599243e85d8fc152c3f872648a670561eeefa96d0cef4847e1e6ffa900c84

SHA512
02539423bca9c012eaf927057a9fcb4c5178039e36ad7c8ed919898877002ac1d335eac536ddb8f29a8f121c0ed2bea90a8410771264e9265fdb40f5c89e5f60

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
ba741dee4c8b49bac44a9026b66b6a41

SHA1
061e61c6dd61a15a0bd7a1e835529750b28c9d28

SHA256
d7816831ca463b22bed3028904d2cf03f31a1ae085fb59129c5679db07c9beee

SHA512
4beaf054992d02a54f3b98a818668efc6364207f243fb0ecf09ad86c08541117d975f989e43c6650f29f842edb577b1c1abe807ac121c0214696788cd7a7f3d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
3KB

MD5
e3e0ffa2039633b509ddcaf69724bb21

SHA1
d0f5ce8dbddf451265b7b08eec4b84060b4ae170

SHA256
9ff04e2610299ea2f41f1197c693ede1daf49a84ce23f463384e735c13c1c0d8

SHA512
58bc4160c323591793e096109c4bf4fc92dac0b9a5fd0a7a4c4c541cf7433091fe53f561ce6a687648220e7e733d51231e788d18ef11b751d8324e9ab5ab8829

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
8KB

MD5
450854a2eda7a519a4e250c7646aeaee

SHA1
f25b2aa286fbcf537ec3ec08734f7ba8c538510a

SHA256
dd16e549d541d09129f6acdd3a1c84e04b56421b7884dbefdca46977dd6861c1

SHA512
a8f101fbe71990e3ba4c7dedac232d07b3544d479b0e82837d920a1edcb1b3b2b12c7c246baae3c576c2f777222008dc675444b7273778df54374074c2775af8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
d0c166fd226529c0bbb9bd36a3875f1b

SHA1
769731722a76f632966a354f40c517a20211a14e

SHA256
dad51c4ae026aa613346ac16c04932aa9695c6282bb3d717792f6607935aa956

SHA512
5e7f784789d9f1bfa5844b49582e9661e9063db3175ecb48ff65d42ae51acaea4ec499edf7814bf778237a9b1e6691632529ba44dc5f17bfa9f867134e9ec788

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
22ab2d9dd9716edc87971c4735a46a16

SHA1
a8ecf476f2dbf3a0d41a445925e14cbc9d1b510d

SHA256
502b741fabe763148cea0c52e150865c95492e94422ee83ef3878d32e4bb86c3

SHA512
f7b614062d997f64413a5c17d511d629a777c7f4650e052c9c8f59e4774e240c96564e592feb16ca45bb97b776eca007c9de83f14a5415ae812f9a4aa46e4e0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
845B

MD5
244087212b61dae5ef1b2ad491fa5fa0

SHA1
881a44e32f0fdd43e248fadc57bcba6ae90895da

SHA256
8e324d8346afe2158cc7df5957d54a71cf6a10fc1fa7f62cdf14d6012c9abba5

SHA512
05f1acec401db79024315fccfbdadf99d39b2bfc0e055d52b28e8f1c7de805b7684091124872da9f17a1c7fef72c27d324b29a307e60c1cbd49ad8ca35dca6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
922B

MD5
a04dc146a51a01e1eee4ff95d1345846

SHA1
dd090b0324d0c50ff8c976b5db5bc921708814c7

SHA256
15ef07c1cc139b9a1c299a021f3fc20d37175c7a9a94eadef40abf227b08a07e

SHA512
1a8c7cc3d327eb40fbc56d65fe7eb51b07aef89c6915481890c2aac3974453512acc02060f0332e0778c727384f151338e6ee4628069263f9c496ff352f31a63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6a3c165628f062a6b5e0d4e87c51baf1

SHA1
ba77721dfb54149088867b47a50c47593d2aaf56

SHA256
ce7359406c24a5a58fc6be41ee2d42400a1b33825bc6c6612d6054d507707019

SHA512
6e0b0bb9909229a98aeb56ea82deaeb68f8abef366547a6b21782350884c5954e3219590a812f2372a1dc2f805041832e19aa6e62afc42527de85ecbd2dff7d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c89cb3a2640c5f62cea35d2edcf19222

SHA1
a517973b935379ee326aab2e6d0990a47c339667

SHA256
b6f391ae8055fc1f287a54e6c1381ffa84a7224b6a77a34e922c0aa1c2400599

SHA512
c9efd34bf341023163da88ac74ff9976386b2b0829c706e2dc28277dc6ba091d8912a7ce90f4e2c17736e400d25c4802725c8012c7a42b40a593988c844cead9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
4b5f9bd2dfd07bd5bff3331de4b3b2ae

SHA1
2187d87625649e57aa52f46cfb7d025d8c397478

SHA256
06505e6fb0cd7d49c7603b35f9a2a3abcddb6740895e15cd779121c399b6d33a

SHA512
b95faf707f89c87b0557e93cccbab39ca5c91d6d13a8ace43b471fa12a48eb9281aac610f57becaaaf9b92301420e0e9b8e2622e64bf2b37f0014c4e8ea90a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
255004fa2938e0d85b3455948df7030c

SHA1
ecc4ec4b29e71a560726c4828229d88403d04b89

SHA256
a914cddddb8b883188f67b87662ccfc42166fbb0e5f5a7fc88fdc776de2bb6e0

SHA512
e0491599b86ba602a2a8019284dddfd1215989d1e608b38cfb585bc197c666ed1827333a1ec27360a32e0db6cd48b7e054585d4a4759983455e92d70506e700e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
255004fa2938e0d85b3455948df7030c

SHA1
ecc4ec4b29e71a560726c4828229d88403d04b89

SHA256
a914cddddb8b883188f67b87662ccfc42166fbb0e5f5a7fc88fdc776de2bb6e0

SHA512
e0491599b86ba602a2a8019284dddfd1215989d1e608b38cfb585bc197c666ed1827333a1ec27360a32e0db6cd48b7e054585d4a4759983455e92d70506e700e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
210171b0a492dd868bb567d90429fafc

SHA1
49145e006c354615db25087ca77b92e0c28a3f01

SHA256
a33f4f7dad8d58352c14ff92218ea38f72fd28e4fddf081c81298e19bce1fa44

SHA512
8bffd918bb4c4e51a8883f1659d40733226904077a0a4a0ceb80f62cbde849be4422f670d7b014d22741164d6b81645499388a09e133cffa11070c769bab09fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
46cb7006e007af728489498b374ba20a

SHA1
329e4c7b05a369ff5e518a802369d417d8253ca5

SHA256
ef5404488707fecf3f1c495842b7269bad25420a83e9d24cb5b0734f5073750f

SHA512
a17d411b900ee956266596e449248332c5894a6a4f9ba7427759a162b36f56f6bc8b8d634be74a21947fbec3b00323931f9391ab8347759984475d9fa778be21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
8f1130d638d1edc2b42858320ecfbd14

SHA1
0dbf4ed05311911f20c1913b6c3a73a8159b12e8

SHA256
0f021999e302d472b629ce95978523c12e39ec02da8a2c284abc0f6fa3cc186b

SHA512
cf4f661d68bbb64d8f2fe01ec75b91c3f80d2d82b982b26facc3fed401e301d649df9402b380e1256bc5c729512bfcc8322e8d568787d35d8445b1eaab1f59b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4bd19e0374c2d25812003e45c8d5cc14

SHA1
b5f3efdd7c7dcb8b42f4648ad056efe02271343a

SHA256
a1e0c4973a2413845e9a0b4f26459b25fd6a540b8541ded3aa2abe4fbe802585

SHA512
073e6ac19716cd7cca6b09e345626d94b26d3b9b868b0176e7b41e4656b385e9ee2f9a7060d9f8084c6597132b8aa075bbe4a9ef2311cfb956d0360c2c206e79

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3a2524f73b869b2a06334d76e2ac7a2

SHA1
71136ffd8347c13eb1a6bbe0438134bee380d063

SHA256
ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc

SHA512
f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
279B

MD5
f9c27090f52ac521d1b0f0fade18fc3e

SHA1
fdfa8c38d3b873ae243693d55afa1e342fba62ce

SHA256
8de35753b08af73750b5f48d4d43516ca79667015ba745e28f5b45223156991b

SHA512
e2fd4a0312794ad2b8aacbc73c99c45fd87628984d31bb6ceb1b401ac56fa1307f5760178845c583f298d96387b1a41780df5f3138677bc2ec298392fb3da1e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13324847713200103
Filesize
13KB

MD5
92b1c37e6281bfe10c5707b05c0fca75

SHA1
63c8c15f884e63b3bbf0ff4882c21d4905cdf4cb

SHA256
fe37f0a8ce14f91d0244f0209f5d388d2448859eacf28b111794907902125e21

SHA512
9b30c1acaff9b1a9ccb3f3e49c64b9c680d7231d6d571a0fc33281db13509d1f97c7bbf6e83692ad28b015a447559d7369692e56213bce15c14e5f4241d89d3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
2a92ea2d4a3e7bfff86ee923d08503e4

SHA1
3af71ccec254116860768cb64d050fae20f25ca6

SHA256
89ef725e587587de6f2b9bcfe8a9c860f271302cd99da902e0fb25bab3831feb

SHA512
2ac87e0ba7eaaf6ea577f31411bf6a0e52c132d8e11d09c89f4257d3fd55a4900ca20a9d855a1c2cbdbca7bded9ed4d47b7721b349136a47a307ae05f2d0e7af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
3244c489bd32faae38456089e80d4b24

SHA1
67c8f4fdb1f57156ed678f15aec5155ba83f87ea

SHA256
f03a14d273c7420cc4f8d1b3181a1416a0e30762b7d30b458fe98c81da16e418

SHA512
6730300782c63f6d92c43c0cae1a32507a99a156e8590fac33758cac0e2a6734f1d1729e8ae7faaff1b54fc23321afca3008b11cd11b700d0b9cadeaebb87ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
9f34304723f5d13de40dc32b216320de

SHA1
65e13094294ec06ba861261d343b2758f7660cab

SHA256
0a2d778a3f45edde4c0ab9ab5b17605781c6fd3356469bac22d9c81618e59ff5

SHA512
e3233fbb39b490c6dc9321ef43e4cf1ddb635be0a3fb23ffd5b6abef3ed0b1594ab888258d4b1b2276b4a1db7e45b777d4e09310f531b31c411d350136de8929

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
1d335eac6ab65ecf084f103d63e43861

SHA1
73235a1c2dc94a19a544689e2844495d4e00c49b

SHA256
f54c5a4e3713735ec6ffc9269845b8a0da2ee7ef0b5063bddec7c4ae011a5dc2

SHA512
1f702e543388b628a67c42ef00923647772eed04b095c5668937deb91db14dba5754eb8fd3a898a0f29dc38e02bf132b6cb4c23a3f9dc93c8589e891a6194634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
438c25e4f8ca4d3709aaf3ac226b8c24

SHA1
99af3fe573dcf196145a90e94b164c517c8d639d

SHA256
e68771c331709dbd5c70106cbac19658afcc782d9ea76a18ffff7aa89bd05209

SHA512
733fecbd54abd75a791b8d8c2580ae4c2eaa0ff5f3948ee789827ff589c5596318ac7904492a4d1b1212a0b39f356707d48a5c99ea16e6c53e20e4d9b1a7b91d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
347bb947b999348f558def3f3c5e173b

SHA1
8c18ecc793c844c5bfd853b93afd93a5c7bb4a75

SHA256
adf3fbe66847f42a854b3e20f73156d836c5a6e21480c2451d655cd7ebda720a

SHA512
0bb5aef96fd4902b15fc16fab3e6be4313b5fc84bf5be0b0c6faa60f524575313d9096bcc083a66f83c0b304918cd0ee78ad8c4bc170e9e234fa5aa9b3db7642

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe573076.TMP
Filesize
1KB

MD5
9b27de92cd1e0ebdd78d5e0510a81eb9

SHA1
4c1af786444d35777af8633e9bebef6dca702ea2

SHA256
d699191a56e8efee61b1d2751810a53e15b14ef8d1c34a0b9f73d3a1f639ab72

SHA512
8e6b707527add95b774b8be5e344631e0fd640a6987292c287229452d3f8f651721a3babf59bcf413431a07d7687e5b620a5ae078c39aa4e8c91220f83343718

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
69d7738d264675182cda8230291f94b6

SHA1
72c42bf5a56cd8b09db54b3087b6f46c31fcc291

SHA256
5f39e2a9b95269f854814f2cbf1bee380e59e50323781340ca7208c566a7c5a4

SHA512
c229e34987360722a03e634d02928d1a5b66aa3d45b4030323c0c8139f018a55f1b40cb518c783cb5e02966c18d8b944bd3133cbf4c937e138270c6317898730

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
1d7f4e31c613f32049124bd5ce64ca01

SHA1
4885ae44c42f9269519f93bce0ee8d5106354cb4

SHA256
86f6126cee8564bab23da6141a64bf8a3f7bf1ebe9542b444902dd258ae4e540

SHA512
95c88b496a7a911a2e81e529ca02609d985b6cbfb7a6d4f1f1997f7ed146daeaec70414546251e3487fb95676581254a4d8ec716d754b6c0f9dacf9a94494d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
4KB

MD5
d9f84c8cf73422f2ca07d7e7462b9534

SHA1
cff6e092bf5bf1f3f47b7074847e204042a881ae

SHA256
5bf7b14dde109f722782628bbcf3011a23cd2416e7621a62b49ee0333cdec6c2

SHA512
1ea893c62d64304c35b9086e2c7e760716ea5ce220bafb76632670fcd2f97eca5c6693ff98004a861b190060c47c9d97ac92b41e3b1da1a4e8f89d9638548c38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db-wal
Filesize
1.4MB

MD5
eb1bed6a564a509bad9bf6616d50b826

SHA1
95b34e22383869b685ebaf5c4d656724b4386b56

SHA256
31fffb0f6c6d1660b1d474743a0fb706aa3b9aa29819c4f17c498eaa9d58bc11

SHA512
4555d23211964bd0c733d857455352f24c20711a41ff5dddeaf2efa8da4646f374909f1ba4c11dd7a58bcd014d1b2884a134f28a61e9b06ba474a9ec9acce0b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
279B

MD5
fa41cc0fa62bbb3aa86799392f4f5800

SHA1
a2e7015f3e2d8f1c37ec0e2538e610a81976d740

SHA256
593399fa9a90c5d572b44ae672f441296b70c915ff9d9fa0e769b96af25f7279

SHA512
540faa5681cf4ba6dbf01e28aa8bb2b57f3296b1f0f33574ca5c03afd22a3883e841857a590fbf424b85c1ef0b95c9635ba370a53d53b435420f3a68d62d0723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
531B

MD5
eb22c68844d478c9b47e4056302bf1c6

SHA1
a97244341f5036e7227fb4e8df1875b9b696fe01

SHA256
214bb6048fd69ff0c4ed4ec4da7f8c51c2a41a33e7c65fa17166fde63a9d696e

SHA512
e03a920ecdc869516d7624ee8d506180219822064cfd2345a71141e7f977fbf2f27972d44958dae53bf5c427c9b2f11d08b1a1d3f75133c844d559f550f952bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
297B

MD5
46795651a559cf04ef733ce96f662b5d

SHA1
9b8bdddac521e6ba1e377c447dbd94961c8eb90f

SHA256
d28fecd3759de6fd05b316ddeaa218f53b1de4d0a84abd5d412a9738a491ba36

SHA512
92a0870e99a9f5051ed1a4ad9c8d344c0f453ea9ae32efb7308a52094ac8253a8e37343ea60049d799c591fc326a08986192591917af7a71d95c5935a4313cce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
5b12dca3cef31179595b0cdec7414629

SHA1
f3658d08e264dea3f6b8059c8f1bca23ad430dcc

SHA256
15801c537cc4c4a99050eb804ceb6cfc74f6d4bda3cdbf6434cc2118121f992f

SHA512
93af526fab7dddb32fce3f9073340addd5c0f8fb253a218543d0e5fa32bb5bd396febb044f9f9156f920aebbddaeab770ac8bdd927a5298e53e24c0c40e8faa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
1b9c75ca668b114fe05f410d7f20b1a1

SHA1
29f315e2c9bbf375bfb434415416afe46654c28e

SHA256
3d4b1bc1e18da8bdaa13f803af4059eedf7a13e6242e4e271a459661d9f70ae3

SHA512
7d1bf631bab8b0e1e3b0f36c041e3b9d5097be754f35d182ef8486d71ca31202b2b0e140cc59900287e98e06089ed4a4a72dea685bb9bb26524d8cfb8bd245b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
d8914e7d06729a9c4ff4b7cbab1b0494

SHA1
30308afde72c29056e1614832187c90a02203f57

SHA256
046cf8ddb507cc8b052369f33bcfbd665a090b0bae6c4f109b446f0945238728

SHA512
7c3ce9ce93b2d16bb1ce7e123dc588aa17ce06bee6f6365cd0147306e68b4aad1fbafbbdd7c1389d1e2304d5d143622fc5985669cc6ccdf17399e2279b462eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
7137b27942fe05f9259dd96f69a6a044

SHA1
a0c4f2374ea5a8eea1f02110ab7b44d1fe023b41

SHA256
a484338466c6a55349ad5ef4088a7878cde7241579134552a23749f1249880a5

SHA512
bfc2916a79a62dae2f924cbf88bdaa4d192f44e8be1a9d8d92065b309c9271ed593b296fa94a749458c74c7cc091b09e8fd9fc4b82b7242e59ae0fcded446815

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
29800842cfd4f779fdd5d66ceeaec632

SHA1
c360568fd5269a3a5ecbd98fe5b0dd468b31dd6f

SHA256
1509a21ea7146f68f4a4f2055934bba482be11a4550d5ca168a1d56140d255f0

SHA512
cd51afee168b80a2746809097b1a80c9d28e9f8b5f7180219ecc381efe47eb5e0265392f167fc3c3a827bb2ce26be753abbe73522e2756c4f4513121512a5b59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b83470c8378444910d926fc6053bd1f5

SHA1
64319b4cc4202565431985f592b9e5ee4f5fd18d

SHA256
7aa23e689eb04d5e72ba4ff2806566156606b70e0640fc3393e337c627c02327

SHA512
d7d31c9bf4ebb11e59241a50d0b4aa8b7c74829861eb3dd0f1171dd0a09926d168629b0c30e6dd29816d95f7d47b43b38917b02e71d740ec89f97b7e27d678ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
d8914e7d06729a9c4ff4b7cbab1b0494

SHA1
30308afde72c29056e1614832187c90a02203f57

SHA256
046cf8ddb507cc8b052369f33bcfbd665a090b0bae6c4f109b446f0945238728

SHA512
7c3ce9ce93b2d16bb1ce7e123dc588aa17ce06bee6f6365cd0147306e68b4aad1fbafbbdd7c1389d1e2304d5d143622fc5985669cc6ccdf17399e2279b462eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f1f574587cafcbd016e6c02734c2d0ed

SHA1
ca50242a5deb9daa3db563d1071b008448b56f07

SHA256
9847aacee0b65918ecfcf1b8da5f0507d5ac730e30c3a8f38cce97e0ceda1378

SHA512
e3773a91972ad1019f1fb0b5ad4528f1ea8016434d42e8c6eaf25932e484e71701ae107b6ae5ed4d491c83dcd9899aeef7c56478df6b45a479afae99c1c1fb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f1f574587cafcbd016e6c02734c2d0ed

SHA1
ca50242a5deb9daa3db563d1071b008448b56f07

SHA256
9847aacee0b65918ecfcf1b8da5f0507d5ac730e30c3a8f38cce97e0ceda1378

SHA512
e3773a91972ad1019f1fb0b5ad4528f1ea8016434d42e8c6eaf25932e484e71701ae107b6ae5ed4d491c83dcd9899aeef7c56478df6b45a479afae99c1c1fb85

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
d8140c61544d12478feee9ca1f4fde91

SHA1
24c9b540d6000343cf0d48e769382e5eacd9e761

SHA256
fdd7f9e1d435693586bb84f6f8acb7cd615abd57faf4c162f70409dcf49283ba

SHA512
4dcbab83ca48a1948592553569f725186c747e07ab8ad83546bf8c14d21044d1f6413336eb119e22e8f740d2c08beb726e86476d8827f0a3685f74d27028e4ef

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
ed6187d0ea5d9bcaa301b3f4235ff944

SHA1
e5c755bc9e18c0362f4c662074e96b348cc0e7ca

SHA256
cd7b38933725c9317a9300ce7ba12802ba7634b23386c78da4e7b84146359124

SHA512
5ad356bd6db7ecbe244cd86d90f6340b744a0618083cc4393283f72b9bd187e2507777d6f9025c818796516b2889f8c59e9409b3c2c2e8abc57b6bb650673e44

Download Submit
C:\Users\Admin\Downloads\memz-main.zip
Filesize
16KB

MD5
103fbf0c1c832fb7893471f0fb8afe26

SHA1
cfdc1a5ce3864e0049ca8b1cbe14f221aee5f9b4

SHA256
7a80a9cbb48c81b3bcf3a4482acb3af6f5cd2318bfbaddf9d9581d55b0540bf2

SHA512
48316225933b9fc92eee25013da06d4ddda454a0ec00e2d1dfc0af3fd31df26e6bebe49119b040449c970862794ebb9b4df460343b863a986858c957d97dd771

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4368_MXBOSADFMNKTRAPV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_648_KXJXDSBGKZVDOHLR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4964-892-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4964-890-0x000000001D680000-0x000000001D6B4000-memory.dmp

Filesize
208KB

Download
memory/4964-893-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4964-904-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4964-909-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4964-908-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4964-907-0x00007FF4FBBF0000-0x00007FF4FBC00000-memory.dmp

Filesize
64KB

Download
memory/4964-906-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download
memory/4964-905-0x0000000005450000-0x0000000005460000-memory.dmp

Filesize
64KB

Download