hxxps://discord[.]com/channels/@me

Resubmissions

03-04-2023 12:49

230403-p2qtnsgd6s 7

03-04-2023 12:45

230403-py935sgd4s 10

Analysis

max time kernel
90s
max time network
96s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2023 12:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://discord.com/channels/@me

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

5956 MEMZ.exe
5172 MEMZ.exe
5136 MEMZ.exe
5200 MEMZ.exe
5216 MEMZ.exe
5292 MEMZ.exe
3788 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

pid	process
5956	MEMZ.exe
5172	MEMZ.exe
5136	MEMZ.exe
5200	MEMZ.exe
5216	MEMZ.exe
5292	MEMZ.exe
3788	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in System32 directory 5 IoCs

Processes:

cmd.execscript.exe

description	ioc	process
File created	C:\Windows\System32\x	cmd.exe
File opened for modification	C:\Windows\System32\x	cmd.exe
File created	C:\Windows\System32\x.js	cmd.exe
File opened for modification	C:\Windows\System32\x.js	cmd.exe
File created	C:\Windows\System32\z.zip	cscript.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\166c2b60-50c2-45a1-a0d8-3c9943996cb0.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230403145019.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies Internet Explorer settings 1 TTPs 13 IoCs

adware spyware

Modify Registry

T1112

Processes:

iexplore.exeIEXPLORE.EXE

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{CC9BD33F-D22E-11ED-BDA1-5E272E2E2FB8} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe

Modifies registry class 2 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3680	msedge.exe
3680	msedge.exe
2708	msedge.exe
2708	msedge.exe
3144	identity_helper.exe
3144	identity_helper.exe
5984	msedge.exe
5984	msedge.exe
5172	MEMZ.exe
5172	MEMZ.exe
5136	MEMZ.exe
5136	MEMZ.exe
5200	MEMZ.exe
5200	MEMZ.exe
5216	MEMZ.exe
5216	MEMZ.exe
5216	MEMZ.exe
5200	MEMZ.exe
5200	MEMZ.exe
5216	MEMZ.exe
5136	MEMZ.exe
5136	MEMZ.exe
5172	MEMZ.exe
5172	MEMZ.exe
5200	MEMZ.exe
5200	MEMZ.exe
5292	MEMZ.exe
5292	MEMZ.exe
5216	MEMZ.exe
5216	MEMZ.exe
5200	MEMZ.exe
5200	MEMZ.exe
5172	MEMZ.exe
5172	MEMZ.exe
5136	MEMZ.exe
5136	MEMZ.exe
5292	MEMZ.exe
5292	MEMZ.exe
5216	MEMZ.exe
5216	MEMZ.exe
5200	MEMZ.exe
5200	MEMZ.exe
5136	MEMZ.exe
5136	MEMZ.exe
5172	MEMZ.exe
5172	MEMZ.exe
5292	MEMZ.exe
5292	MEMZ.exe
5216	MEMZ.exe
5216	MEMZ.exe
5136	MEMZ.exe
5136	MEMZ.exe
5172	MEMZ.exe
5172	MEMZ.exe
5292	MEMZ.exe
5292	MEMZ.exe
5200	MEMZ.exe
5200	MEMZ.exe
5216	MEMZ.exe
5216	MEMZ.exe
5136	MEMZ.exe
5136	MEMZ.exe
5172	MEMZ.exe
5172	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

Processes:

msedge.exemsedge.exe

pid	process
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
5716	msedge.exe
5716	msedge.exe
5716	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

taskmgr.exe

description	pid	process
Token: SeDebugPrivilege	5980	taskmgr.exe
Token: SeSystemProfilePrivilege	5980	taskmgr.exe
Token: SeCreateGlobalPrivilege	5980	taskmgr.exe

Suspicious use of FindShellTrayWindow 14 IoCs

Processes:

msedge.exeiexplore.execscript.exemsedge.exe

pid	process
2708	msedge.exe
2708	msedge.exe
3536	iexplore.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
2708	msedge.exe
1124	cscript.exe
2708	msedge.exe
5716	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

Processes:

iexplore.exeIEXPLORE.EXEMEMZ.exe

pid process

3536 iexplore.exe
3536 iexplore.exe
1740 IEXPLORE.EXE
1740 IEXPLORE.EXE
3788 MEMZ.exe

pid	process
3536	iexplore.exe
3536	iexplore.exe
1740	IEXPLORE.EXE
1740	IEXPLORE.EXE
3788	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

iexplore.exemsedge.exe

description	pid	process	target process
PID 3536 wrote to memory of 1740	3536	iexplore.exe	IEXPLORE.EXE
PID 3536 wrote to memory of 1740	3536	iexplore.exe	IEXPLORE.EXE
PID 3536 wrote to memory of 1740	3536	iexplore.exe	IEXPLORE.EXE
PID 2708 wrote to memory of 3880	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 3880	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4508	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 3680	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 3680	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe
PID 2708 wrote to memory of 4772	2708	msedge.exe	msedge.exe

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://discord.com/channels/@me
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3536
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3536 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffb46d346f8,0x7ffb46d34708,0x7ffb46d34718
  2⤵
  PID:3880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:4508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:4772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3732 /prefetch:1
  2⤵
  PID:4004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3740 /prefetch:1
  2⤵
  PID:456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5392 /prefetch:1
  2⤵
  PID:4752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5268 /prefetch:1
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:1252
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3368
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff78c155460,0x7ff78c155470,0x7ff78c155480
    3⤵
    PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:5068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6308 /prefetch:1
  2⤵
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6316 /prefetch:1
  2⤵
  PID:3704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:2992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6132 /prefetch:1
  2⤵
  PID:5976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6168 /prefetch:8
  2⤵
  PID:5968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,7739308052957371727,1559174771663666049,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5488 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5984

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\6a7e18e73de247058bd74622ed15bb09 /t 3636 /p 3536
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4256

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5276

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 3.0 (1).zip\MEMZ 3.0\MEMZ.bat" "
1⤵
- Drops file in System32 directory
PID:5488
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  - Drops file in System32 directory
  - Suspicious use of FindShellTrayWindow
  PID:1124
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5956
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5172
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5136
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5200
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5216
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    PID:5292
- - C:\Users\Admin\AppData\Roaming\MEMZ.exe
    "C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    PID:3788
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:5436
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      PID:5716
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x40,0x124,0x7ffb46d346f8,0x7ffb46d34708,0x7ffb46d34718
        5⤵
        
        PID:5668
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1996,9246229996182510951,9898960353221294336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
        5⤵
        
        PID:3356
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1996,9246229996182510951,9898960353221294336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
        5⤵
        
        PID:5692
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,9246229996182510951,9898960353221294336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
        5⤵
        
        PID:4320
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,9246229996182510951,9898960353221294336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
        5⤵
        
        PID:3736
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1996,9246229996182510951,9898960353221294336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2812 /prefetch:8
        5⤵
        
        PID:1968
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1996,9246229996182510951,9898960353221294336,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4784 /prefetch:1
        5⤵
        
        PID:4448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5980

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
91fa8f2ee8bf3996b6df4639f7ca34f7

SHA1
221b470deb37961c3ebbcc42a1a63e76fb3fe830

SHA256
e8e0588b16d612fa9d9989d16b729c082b4dd9bfca62564050cdb8ed03dd7068

SHA512
5415cd41f2f3bb5d9c7dadc59e347994444321cf8abe346b08e8c5a3fc6a5adae910eda43b4251ba4e317fbb7696c45dba9fd5e7fa61144c9b947206c7b999c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65621744863bc73bfc8816ca10cf29ba

SHA1
028b975c9b485e74162bd2692c6b5c5a304b2ac7

SHA256
b0d6a73c6c76b2c9f68dcb709d78f20c8337c97eff1ccd2dc45a5b827ab97d2f

SHA512
badba897706c97d897e1e768bc7aa776f7c4824272985bc83aabc75608312363b7035d71654b2463bb25fbc61eb8529fcdf40791ffd2d1834d638d269c6af836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
65621744863bc73bfc8816ca10cf29ba

SHA1
028b975c9b485e74162bd2692c6b5c5a304b2ac7

SHA256
b0d6a73c6c76b2c9f68dcb709d78f20c8337c97eff1ccd2dc45a5b827ab97d2f

SHA512
badba897706c97d897e1e768bc7aa776f7c4824272985bc83aabc75608312363b7035d71654b2463bb25fbc61eb8529fcdf40791ffd2d1834d638d269c6af836

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d9fec3c6376ffeb73a7fd67b7749d8b9

SHA1
ca33e8d8bbb748e023fb021f04069c363a7af92e

SHA256
1c580f63d37cd7693f9ecef47487d10a0f9a825ce43571494d44aa36a9e042f7

SHA512
630072015bc797460fd2b6107acb46a89c3521b1b954fb616b606963b9d22e99eee3a51fbacae90a9c9584fdd250914e04a576dfe113faf4ad1e8a813e9bdcb5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
66bbdb83ba9d3a224806415a26efb4c8

SHA1
d4b32fa5ae834c1f53e76e0be1f4f322dc2ddf1f

SHA256
ee703b08b5df5ab3b36f44bd555d9dd41ecfdafa2171242f0eff8fdc47bc240f

SHA512
b5a06d17d7e61a5645488029bb546861ab3e61fd1dcc074a39c0f32a3047d2a5392c7d9f0608f4db4b36f10e774a0c3344dee71c6ff7eb872ca07db4b65a1f10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
efc10ef0e10f1306981b543592f3341b

SHA1
f7226c830cccce107f7d067097c26c34f0c4642c

SHA256
7ac125f70f1bd27ad4ee80c2ceb35fc68122bdcd2a81289057496879b82ab44c

SHA512
b5c9d359cac93b05396ac95a6fca1df1b41d6a6c1b52d7c9e65a0f88f86cc0fa586feb039dd44c46eaad07cd5d14c0705f0ddc8135a8ca589cf6206bc5802796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
efc10ef0e10f1306981b543592f3341b

SHA1
f7226c830cccce107f7d067097c26c34f0c4642c

SHA256
7ac125f70f1bd27ad4ee80c2ceb35fc68122bdcd2a81289057496879b82ab44c

SHA512
b5c9d359cac93b05396ac95a6fca1df1b41d6a6c1b52d7c9e65a0f88f86cc0fa586feb039dd44c46eaad07cd5d14c0705f0ddc8135a8ca589cf6206bc5802796

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
7f8d9dc6cc0754f45a37da97e7f6ea29

SHA1
0170887e7b9c8d487cd3c549e458381584106a87

SHA256
cee4a33f5dcc4392f3c7b449f24cdc16b308b498e5a96e6a82da4d5877abae0b

SHA512
59561e868f76ffb46aa463319caeaaa00ea2f1c83e73ad7fd5dfb1e1a63f25bb824a6403450c8a22ce3f7464ea612bfed293d2e71c2e3bc30389667937fef3a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57a45e.TMP

Filesize
48B

MD5
3a0d73414100e331335bbfba81639dcc

SHA1
58d73166291988f6d5013b676976c16f7018fa79

SHA256
d502ff09cbe249c7cee7400e88a9aa93a1c3bcabdcaa037eb1b751ad08cf60d1

SHA512
6e4805f81b32d06dd2acde1d36ae9676eb96193fa8f71d0a13c433bbc28dbd38c5de226b474237c9e8c64e1aa16e59ef7826706ae34928593b2cf1b29e606018

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index

Filesize
48B

MD5
b59953b308636eb6709e686a37f206b0

SHA1
e31a8ea21baa2ec6b79af25dde5a69874bb17828

SHA256
6778acd347aecec36dd6cae1faf1c4a2bd0cc3674318f9d78de1e0d345f0f250

SHA512
120d14d537017ac8ebcc51f7d95c8c8b8a099a51db4e5fc1f10a9e01794a398c70deaf5ff62d0c9340f454c5f8257deb77aadd36ed5b7da61349a79fe4357746

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
ef38a244649816b32f1f1b17e462995f

SHA1
df09ec920b3fd30b44cacd87f0126098b3f11245

SHA256
5b8ef3cfc4c08735f8a3e794b83d78bd47a437c1cd0f722ccec68aa6f7710b58

SHA512
9e844389072be219ebcb2f4b3fc0ebd83455518a95d34a27d43c018fc11a70c3e7d69adf01fff3fae2183e2c3cc4ed07206514adce1577176e7337aae0d56082

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
279B

MD5
196cf193ce27b93634ad16cb88f97aab

SHA1
cc1f1bf0cabbaea7e05c28442daf18aef318b96b

SHA256
b952a20d65f5b0011eed539524830e594b21d6adcb693b301d8ccd7fe4186062

SHA512
863577e29f73c15c55b7f7453e38ac3389830c978dfde86b6ed128c0522c92ee00db8e84e3b581ae7bfe4db8ecc1b2d044fe2d0948dca25df856d8a17db0a6ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
3d4feb41796d6a8b9007faf6f7525ead

SHA1
a5bcb3922636c9e791e7084ed7d1e825af2e4f66

SHA256
18ca8f0b6ca78ef5b03346cd3174d6ff1f66fa3d999ff732ea6895a5d22a221b

SHA512
66b255b703b5a89e54153cdd1e8618b2c1ea43651f1cf732a4da60f7fd33e82a2f7dc682608ace3925e6b4edd9806ee6b43c66690aa7826ef8c4754c625ca19f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0

Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
be9b298a56231687281a51211840c053

SHA1
8d63f00069d476f2d1265b08e45008b0b9225e2f

SHA256
a24c00b3ac71a5c35f961f5a3b3c0302ef060831ed7d392de7e07643a5b41f64

SHA512
53d48a2e07d466305584244f627d2d0533d9ab9c270a82a6b0f49b0b713388ddf501e2ee9b9710ac45698ec065a029c5b24856911bfa4db89b26c14cb682da13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
be9b298a56231687281a51211840c053

SHA1
8d63f00069d476f2d1265b08e45008b0b9225e2f

SHA256
a24c00b3ac71a5c35f961f5a3b3c0302ef060831ed7d392de7e07643a5b41f64

SHA512
53d48a2e07d466305584244f627d2d0533d9ab9c270a82a6b0f49b0b713388ddf501e2ee9b9710ac45698ec065a029c5b24856911bfa4db89b26c14cb682da13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3

Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index

Filesize
256KB

MD5
954f36865d4b9b14fdd63a21b109a022

SHA1
a5d4808c494dbd797898e85d04ccc335d1436113

SHA256
0550f7599a3d8a3704c8292146b1d798238429ea3ee20a96560dfe9e5e81cf00

SHA512
d1330d88f0e5337aaef5b802e1b540a7bb79f0366cd1b29aaaf4699753b90c54dfe4a1378db09c2f85f21b4f649662c72034bb65cb4b75399715819cfb711675

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
dd812d5fd09c1cf471e5ab170891d459

SHA1
f73be35404fba6419ddb6e4ed8c80491b386ab79

SHA256
7332aea62434737ad8ea62aaff49a99b5e28e18748575a1385a39df392dedbd6

SHA512
b0a312a66a933eef0fdf0f939859136fea07863599f1dd552ce0237d9ec179989445d9452710bff630a533fb05fe6cc7c40f0d6d4fd4dc2fc1a8c3178b8da335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
3639c1741c1d59f85ad6a83a89cf7bc3

SHA1
dc2dc7d8ed499e234337195e7f4c7029190be3d2

SHA256
8db31c2dcc2d272632153c68f63a38f304398a6da106a44a55d4c9bd2c6056be

SHA512
654e9158335f8eab581d7207eb0f18d11d357caa77c01340f5a114847a02cb927f5bb500493216296cb49db4a78c6f60dbadf7147570f24c3b9b7cb1811b6c88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
8KB

MD5
6cff39616210b71b100242fe590921d0

SHA1
bfe9281fea03797135452a3b3de8819059d2d2cf

SHA256
1696edeb5d36525104f75f8c39174dcf07fadc4247d54f0296b9110163d32b8a

SHA512
fba23f85b2e9a99d7843863a41b56fec99b2bed7bc6e3266ee06ba0d97889bef95f209b5182ec281ed0c0a486ed5438178f4ce600a97227e7a0f9aaaed7b9e1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
0a3893ff054675c84b7730b74a5c8c35

SHA1
d4469304a5927c2c8d929cdda786dea1785009cb

SHA256
9b903fc97f80f2dc75a27747877463b055c53ac8f9cc7f614bcd75b7856adb36

SHA512
d40b69e5ee6f26dbf7611b3b19895402cb22618627c75e09fa0f7e1157c1b6014dfa666e1f1757afbbbfd7e31e33ca02b2c006d8d8aa707337a036962f71f04d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
9d05bbd63ce518d82367fea3f768ed9d

SHA1
1d7962cb98931daee6b9647a41b998a578ba4198

SHA256
af50d0371d4d220d3a0502eb1e2ad549216b90e377ca121d7757952901408b2d

SHA512
902e4d9e522f39446c2145b6db84af75ef85a9ed414a3ee28b6058c0650a32ac7151ea348571b6a645c44b07b6edf5f4756e5c892d1a0321820684576def59d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
bba84571c0e829bcafed60a20b59b1b9

SHA1
ff9740a705b4904c2a3b6fe28c25f0f125e4be87

SHA256
261890f1e2764dc82a679caddb05dae351e6b5b4b6b5de007b8b40c5f7649d04

SHA512
42649e17add7bfd0dff382f12711693a40506bbda122ba192fdcd30df58b56c69905fda9bd9bf57644dc661f8efc5a74de0dd2628d32dc8ef9751712aeab17c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
786B

MD5
00550263fbe9dbbf2b3686a82c280a8e

SHA1
7afd63a888a4786f1668e590032b7210985d37e2

SHA256
ac973cb3da1b5ec176413a15b09f05de1a161969d6910b140bebdd6b1121c75f

SHA512
83424485fc7e53ecf4f9c474f45e05f3074c13d4ac1dca8db9cca29951e7953868b003f650aeb269c27bf8ab08ddf4beb0eeae2bc7dda2f2c08ea64078fecc41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
89ddf3ca2983b499097e4e07dc838db2

SHA1
cfcff0af48cd60978655e604afa913bdc79e83cb

SHA256
0cee585a186500403d0effc6e15a2c3ac79f6b5d4a6c9861e11fe41676446897

SHA512
40b45d23c7c30240ac4114d5c2a8f64e7d000fec25ad732dd3bb8a781e0fe7c104a5142b046b331811e8ef231e2857a12bf817e29071c1a3178757b1ef5eedf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
7fd83e82206bc8f9dde2c8f3944b7bc7

SHA1
0a38e2ea23d79df6fd508907913011c4b7cae5e5

SHA256
57caea84946e89918a7d1eaf3d28d2a6a45ded9adc94578bdfc344da4ff1ff12

SHA512
ec7f0ef6da9051906ec8cc429413febe94213576bad3b4901ce6ed24c20c0514f59e3d8ca9120aa861b0b0b1eb8cd3ceaac9c1f14c9be4c1b54dd56d0093ef29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c13e91bd685b405e089ad6063ded5866

SHA1
5d532611c84df9add703dcbd309937630a638b22

SHA256
c7404cc055f497d27a6c1cf8653efe7a503cbd6d322a1de1ce63892c701acbec

SHA512
55d1ee03e59848016fb031214b6b0fb5cd8e92a1d40bfbce487e1b005ec6f67e4551e8288dccb714503f9810215546cc02b0e3696738b73fffbe7ca04f51a25f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1407a500f980806844d17b8bfad0f8df

SHA1
ee4afdaefbe383e04a51631b58d07cfea3cc2238

SHA256
8b9f915afa0a34a8ff99cb1077f666e73a00ceaaa036c6bad6278889e6440265

SHA512
46e624301e2531f5bfa8c33c721c213d0eeb06f6559967d83f26edac332a037c21749b46de27bf93a4b2bc1571a19a6ca47176ee08ab92d476971afda9bfdf85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
66b78b186e593846cf0c17ebb2b7e0ad

SHA1
b95d867284af467233b64f3051338899ac39fdea

SHA256
5de4b59439248220aef569ab3b2fadbf268ddf6d9827c99c3c97301ea24e4fb6

SHA512
9a0523eec0f0a298746d9f66c903fce155886b11359181dc67c391673719b4d9f3c142f9436be2b53f5c4eac9dc4b269fdc453556bfa3c68fd9da01be5c9d139

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
13b4483d9fd0e296a9843f585e167811

SHA1
9fa4640c3b254787af0acaa35a97cf771b57cca0

SHA256
9e9794c7ef1a1874bd3651951a052ca312cede19862467946e07078028e7cf93

SHA512
a02af053326ac826638b9fa855172b681a2bd3951ba26f9c9d67e38cadf7a565c041822ce922d909d276e7b28ec462cb2a78a451e7a63697e5cf6d7bcb4f54f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b2907b704e98c6a14150ed78dab8b89

SHA1
2d7e385af0404494636cc8597db1cb8e02e128a8

SHA256
1b3765f5cda8abc4cce650de046b6cf11f70b4ba5b5ec8e9fe82222bad3bf2c6

SHA512
4da59d0e8365147533d2e2b818c9fa65315b3e372dccfb2d2df55325dab0dd738325b93a750a695f4c4ac47a594c4215a2cd82c168b771e77c9793b70fa74d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b2907b704e98c6a14150ed78dab8b89

SHA1
2d7e385af0404494636cc8597db1cb8e02e128a8

SHA256
1b3765f5cda8abc4cce650de046b6cf11f70b4ba5b5ec8e9fe82222bad3bf2c6

SHA512
4da59d0e8365147533d2e2b818c9fa65315b3e372dccfb2d2df55325dab0dd738325b93a750a695f4c4ac47a594c4215a2cd82c168b771e77c9793b70fa74d36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
acfcbb16fadae6fbaa1ab8bf894730a3

SHA1
510627ecc38d01212d10f8fd77798a1804b2edb1

SHA256
0409ba629e259ef5eff0e3cc33a267b3234e4a4eb46992f090764416a93ed89b

SHA512
dbc17293c4149a45787bfbc8d6ba156232ed7bb7c6a63d29ffdb34a68919f96be86338c9b858b7e0ae4e3b23cbd01c9316f500b6af5573da7e8318c642015502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000001.dbtmp

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13325007022758449

Filesize
10KB

MD5
17a9a989939655e8b404e0073d8523b6

SHA1
5aa9f87da180c7181c927f95fe5d9f19fb848c27

SHA256
d9adb985c7aa7f3530bfbd1b01268512a2d7ef6dc6dd51e9d288e03df85c0d52

SHA512
6171840cf9be4dce9877a538face09cc5c958d1af56b8aeddfa9ab188c76077da6aea4dd350d240bd02450e4e042a71d8e9df96814cb48678cb7fc626b03bb22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
3abb679d17f7adbd3f6a2f862b5a31b9

SHA1
f55c841947f8c5d72c54fe62ff79528cf08eaa16

SHA256
3b93f35d57293c1464d4b44c53f7396f320f96f92a28ae8918d1e40bc6cca94c

SHA512
c5874cf3b7c07ce4ed714bb114038d7c2d63bf9b8e0e99a593cd574d683baaf6e234f2bfbb33f4488d8405c8611b3873086fbd929e215a99c66ddfebc95cbdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
96405908c7c7ffa830d871847d2e1525

SHA1
7790c8c7403887d9ae7d99c6509f6accaff3f4db

SHA256
41dca7b462cf2b18432d03997e84804b704c507a1870f2b8b2a586c9c7f99fd3

SHA512
95a3e26803cae2886e06b341a417c123c036bbd033acebb424114f90fe233788b96ac5010e539511d9f32c945dfa2039b0b595195ad21fbab02ae2052fb223c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
c0698b9275f657cc1e37a1356c9fe57a

SHA1
bce87edb54b0aa35535fa726ac4bb0f05a8918fe

SHA256
5185b6afbe7aac913181b472961e0acd7fe913dfe5d75ad785ccafad89e4e88d

SHA512
0b978177428da3fea6703a88b3f21ef0232cd87b2e468beef24dbe7deff86794edd1c18d0f9357a89cf3c3dd58c4d6456b1c930eebf9cba7fc1e7b75cb98af0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites

Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b5a1b6402c5d1d1ba6adb4f158091ffe

SHA1
40b4b1111173b907229dbf35e6f745ea2d663057

SHA256
e8943f74010381453d466bc9f0fd923247ad25b4207af03de7430c95eec1987b

SHA512
e80e322e59092203d12bfa22ed23eebdb2a658e19594d847387e9a17fefa3552e26017a456a39abf2687a04adf05389bce1e9e05cfa22e0cfa9ec047b2d2a89f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cec5a3d89402109bf989837bb4080dd0

SHA1
9301f6fb1b7d472407f30724f2a5f4ee7a970767

SHA256
547d418adf6e3fdeccfd29d8d24a6f2bf83bd7276a3bef491f7cff5554398acf

SHA512
245d73fcddda556430cf88177f4d047c7b886e2d0886ee3116951b9197deb044f791b6f68c09b76349c4ea714b11d47892dc49df49afe1a88dc3e03fb49ecb93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe577c15.TMP

Filesize
1KB

MD5
cb49ebf07e723b3ac90e358cf117b90d

SHA1
52a19c430f762f1e14ea9066f6b05b2c277f3060

SHA256
52574b5f10a6e5101b09a4b645b358318052137d48ee88a1828db2cd8356246d

SHA512
30ce6b3afa04585364e616d284a36133cd24d6990fa2d0da02af16fac32797aebc4e4ad760077f0cd39f581e95ee09e6ffe8418701680df0bcd495f979af2e91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
a65532e9ad263d56b5ba8d5a4833baf4

SHA1
c23b39de00568006efd2ddef5287367f4ea21ea5

SHA256
6a892195bdb2aed8b000bcd9e5acea33c9264991dd43f5a16003d94fe9fd715d

SHA512
12785e0c29c5a2a48896ad83edf52752378b934957abf580b2b056d6b5822c1e3369ac3ac8a7b3c56f62473d7830bcbb887d93b9d0ab9b4c9694015d1162f63b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
2e2dab83b082f3ba9dde39b3f69644ef

SHA1
d2d9f40f459e7c2e2991db699d93d9d96fb978be

SHA256
6e87b6f7b4b459b85aad6cbfa4fe178efb85c8e214172ae7bbe604d4f1662dbd

SHA512
387e47a0432e35793a93297e8d511c8630710b4fc1c068aba16525b5f13bc5c33900d52b404c8478d2fec71db202873a2894319a0d6ad5961e0c51f4ac9cc558

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
52KB

MD5
2dd8cf70b0bd192e1050a2c6c9471b13

SHA1
0d329931a3e878516507c76942a345518d007960

SHA256
b20868982447198c8052bf37bda16908ab297d09bfadde238c6d89d410224ab5

SHA512
b7424a9aaa4d833ef66596724669349857eec8b7a9b54883c00e3ea4a655093c45d993e032c43147f5c99fdb480a1ecd172a46ce82a343f47901b4ed2adf921a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
297B

MD5
62d058ca07fbe3b94956b5da6cec703c

SHA1
440b542104de93dc1a9f14acc5cb9bca4e376e03

SHA256
27a83355abc4897280ccebd24619be2ebf5836af0e5cd63b0c2c1d96966f3410

SHA512
c3b20cc8ab30aeff50cf1667a2f1e74e7117c186b876accb329d26ef37ee77fa735cfb65b37e8adefe307e80244dd7702b6f54dcde814b2d2883fe107f96f20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
73ed760e8f2acf16141567341dea93df

SHA1
65b4be4d6867ae2522b2437641e2c254548a888a

SHA256
28eacd04750484100f229448aa54b547bed0f6955432e87dc833164375281c39

SHA512
668f97094a856b8ee4ece29ec5aca2cbd3bffec0bb70ce192fe2bde559d1d78634faea0a40a8e2cea41a521bea3c730da18b88ec908a307a16852155bdcf3ff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
b84d7f53a69977035bfba4cf34988f1e

SHA1
db8442b755f21ea406bc09bc3ab72d4ed233f580

SHA256
d2dd42154463bc266d46457e1e10b701bacb1d0bde50f0eb582262526c9c1b64

SHA512
81cfc7a0902e7dcb0416c6a4798c581cb4ec765ca0c954205a5633db7832213b034bd66881dfce104b123698e768cf2c0c3b47fe70752d4d718c66eac3c40d2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
96c25c50bf32e11e1326acf70a49f5ea

SHA1
fb875c825521f6fc456d275c85dd620e3e98f305

SHA256
81dd5139de697d2cd14d4f6c2f03df19cb90b8420f1cb4c1ef08c314f7a72598

SHA512
7b409824268363383203444a9876fc703a8a1ed3260dcfbe88471ba5c02c6800399692f3c791c828926e0b04dae96c055092016497f644a5eff84c2f277ffc9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7ec8527f1476685e7677f8b5273ffb54

SHA1
4a1aacf6fd8b4277a95534e5283d8a8fa48df7ad

SHA256
989a70bac38ec718f4e11c54cf13aa1e803d7ac163e580fce9d42799fb7e6a84

SHA512
485c6d56c29405ec356f195ba82e2d2f7762fab794dd79a672e321274a1dddc7b9499a9f19fe5202b5f426d6a3f8bbb551b6eb29c02f6ee04f76ed6bb954106f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c7f08a1a935109d27b2e1dcdcfc51f61

SHA1
ac17894491df768a0f065acf0941f55f9d2d43a1

SHA256
361f06f4a08673fb06622c7671185b43b2b93252c81eef13d651f62c8a63c65b

SHA512
3d0e7ae0da48ed92d9f30a34056811ded36b743e3afa5ab2941890aaf6f728baa0d37ab0f06276d96466143ac5f7ff3d1baf4d6aa44a5fd71142fdc902c3375f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5bb2c85ae73c43683c29d223819509a9

SHA1
3dc557905266e01be6a32284040a50beac3c75e4

SHA256
bec84e6ee96902d2de8994dee964b5f9eb9c87d034370b7d7451ec8a629c5fbc

SHA512
6a0c3a9a7abcd9b953115deccf56f64801e7ce4a98c40e163a3931c6ad5425bcc7611b0e2a915dbea62623809ff0e56c0cfe85aed0a8dfa9ae38b0c470b13ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
5bb2c85ae73c43683c29d223819509a9

SHA1
3dc557905266e01be6a32284040a50beac3c75e4

SHA256
bec84e6ee96902d2de8994dee964b5f9eb9c87d034370b7d7451ec8a629c5fbc

SHA512
6a0c3a9a7abcd9b953115deccf56f64801e7ce4a98c40e163a3931c6ad5425bcc7611b0e2a915dbea62623809ff0e56c0cfe85aed0a8dfa9ae38b0c470b13ad3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
fba5733fbbb46a5312ddcf279b1092c6

SHA1
22905adc80c70193c38e5bef3837d4f460e341a5

SHA256
7d116e0324a15e26cf4ab6de3223c5b7d439eea6fdaaad29ae86d6fe4cec643f

SHA512
d53d40708a494a0432a3109b7e4c28609ffc5a79b0fd52623bc5b87f49247bc814d9db81541f2c64737d1bb038e6f863c2a7e107dc752d6618fd7be0478e9499

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
a9f6d63e9cfb7a840dafe0b465ef82c8

SHA1
387b319f9dc28dd81f474441729a0c5fd6a5eebd

SHA256
3f3bfac083d10c45943ce46b8db759f2c77815fbeb4e65270d1e4d16c399a9a3

SHA512
accb2b49533217e6e02829055ed3f024609dc248e50ba04286ef1cf788f6bcd5763ed5aceaa6546b80ff70a630890890df035731eb3eda79d30481d7691e82de

Download Submit
C:\Users\Admin\Downloads\MEMZ 3.0 (1).zip

Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\Windows\System32\x

Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Windows\System32\z.zip

Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Windows\system32\x

Filesize
10KB

MD5
fc59b7d2eb1edbb9c8cb9eb08115a98e

SHA1
90a6479ce14f8548df54c434c0a524e25efd9d17

SHA256
a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

SHA512
3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

Download Submit
C:\Windows\system32\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Windows\system32\z.zip

Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_2708_QAEFHLBCBUXFFYYT

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5716_AJGETVGPSAWNZBTU

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5980-1036-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1035-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1037-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1043-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1045-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1044-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1046-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1048-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1047-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download
memory/5980-1049-0x000001B2190A0000-0x000001B2190A1000-memory.dmp

Filesize
4KB

Download