Analysis
-
max time kernel
221s -
max time network
390s -
platform
windows10-1703_x64 -
resource
win10-20230220-en -
resource tags
-
submitted
03-04-2023 14:46
General
-
Target
MEMZ.exe
-
Size
16KB
-
MD5
1d5ad9c8d3fee874d0feb8bfac220a11
-
SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595
-
SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
-
SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
-
SSDEEP
192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
-
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
-
Drops file in Windows directory 8 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies Internet Explorer settings 1 TTPs 4 IoCs
-
Modifies registry class 64 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious behavior: MapViewOfSection 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 26 IoCs
-
Suspicious use of FindShellTrayWindow 1 IoCs
-
Suspicious use of SetWindowsHookEx 14 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"1⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵
- Suspicious use of FindShellTrayWindow
-
C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"3⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\splwow64.exeC:\Windows\splwow64.exe 122884⤵
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SysWOW64\mspaint.exe"C:\Windows\System32\mspaint.exe"3⤵
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\System32\cmd.exe"3⤵
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x1e41⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localsystemnetworkrestricted -s DeviceAssociationService1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\System32\DataExchangeHost.exeC:\Windows\System32\DataExchangeHost.exe -Embedding1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
Network
MITRE ATT&CK Enterprise v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\RIZDY293\edgecompatviewlist[1].xmlFilesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\OR2TDMK1\pubmatic[1].gifFilesize
43B
MD5ad4b0f606e0f8465bc4c4c170b37e1a3
SHA150b30fd5f87c85fe5cba2635cb83316ca71250d7
SHA256cf4724b2f736ed1a0ae6bc28f1ead963d9cd2c1fd87b6ef32e7799fc1c5c8bda
SHA512ebfe0c0df4bcc167d5cb6ebdd379f9083df62bef63a23818e1c6adf0f64b65467ea58b7cd4d03cf0a1b1a2b07fb7b969bf35f25f1f8538cc65cf3eebdf8a0910
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QZUS9H00\embed[1].jsFilesize
23KB
MD52d7da02c551158ff6f91de3289efad7f
SHA1c2a0c8415c36a2e71f80a0eb2f4aac83908e261b
SHA2569e89a92b0ee6959fc76460b414049e3bd12fbe00b119e5a6bdc51faf9f37a9cc
SHA512b40671fa1e2486539f6846384a5361e83c466ca9b59d0d331fd546ffd224acbe045baed07b0a61e5096e42e98464e35e1b34f62720e3a6f3e8587fe4a811e880
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QZUS9H00\gpt[1].jsFilesize
76KB
MD55acdb098fb85d854babd545605d5e183
SHA1732990cd20f12710d06bef3c3785195d00ed9691
SHA25633268ed1673034820b1c40dd0431254f1067e8133119894849d35767f09ab86d
SHA5127fcf464934bb5fc61c08d626087d78bf0730a3806edc31318869de6096a33412f5ec67c271664a6dbe8e7b577f467d48e99a847e04487d6abf7fbf6e28350406
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\QZUS9H00\v1[3].pngFilesize
68B
MD5edb2aa47631c67a43709d4ccd2501e33
SHA187475b448c53cf32ffe78ab121db8bab41d478e0
SHA2566019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
SHA51265820eeaf261f01988570afe7866d9b83901950dfbd89542009a1faaae520e1af2fa08789b7e94a64b0e1a3bdc39256354efe1d38856621851dd65e80505dbb2
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U05K7UL0\cx[1].jsFilesize
107KB
MD55fcc59137a3ad79ece3b8d70155be895
SHA1a302ed4aac376c99d09ffff29a8343d693266d37
SHA256a800fde51ec9a5181e3171e21f3fc5d30dcd5c7498391f4250a3b3ca6dc29fe6
SHA512da4e28c471975794836f70e2c27685ccc885d2af611714b3cae2642f74f8c7e508495d2331f2e3f0793748c32b2a41cfa6231e3b7154fb36bb564944c367d7aa
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\U05K7UL0\ecm3[2].gifFilesize
43B
MD56851dbf491ae442da3314f19e8aff085
SHA1ecfec27263608c4ae7cd4f8e0cebb1b061df2ac3
SHA256c21e2c1246fe45a6750ae6208db2b5965ff6ed63eb80d2ecec3be9c83813428e
SHA51289dfc38ec77cf258362e4db7c8203cae8a02c0fe4f99265b0539ec4f810c84f8451e22c9bef1ebc59b4089af7e93e378e053c542a5967ec4912d4c1fc5de22f0
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\XKVZKL62\merge[1].gifFilesize
43B
MD5325472601571f31e1bf00674c368d335
SHA12daeaa8b5f19f0bc209d976c02bd6acb51b00b0a
SHA256b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
SHA512717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\V43KYQNG\eus.rubiconproject[1].xmlFilesize
228B
MD5daff18dc86487583f2a487e1d0d73b88
SHA198428521b4f53408a78052710a949ce614252ef8
SHA256307afa9ec964773e965344675b454a793767953962115de585a09d2c593ce206
SHA512175b47e8b46d882b534f4d383992bb5a0b03321a98d7d45b6606227e5af8794c3cb5411ed00e640f47bef3b140b9ba069332afce05b0d2676c22a31fbd636686
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\Z2V2PGGQ\widgets.outbrain[1].xmlFilesize
302B
MD5418b470ba2bcfaaf41fbad38814cb9ed
SHA1c73446b0b11ed2c5ab1371e18271fcc8c8b22672
SHA2566ec19d577c546036a1be3b8fc7b876bab544144dac242a4d3e865904d2d7c258
SHA512c5b106c70fa434693d60e77069f7bbf100fdda09e1c056cff58dbfcdbbf8c442f4d7fc7aec8da956d83daff2f1cb680d4c01eebd305fba2ba9153015f82e0457
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\Z2V2PGGQ\widgets.outbrain[1].xmlFilesize
477B
MD5d9c8ae7b8e69e06a20e2c55e9b02e35d
SHA1be60311d40335ab766d3429c12c19d3139bbb466
SHA256bdbd41468371b448e33bdc732e58fa8a37aa6a840c722c3178c65728857fecb0
SHA51258d74017729334b2c37c2a6a5af5616737ffbcea1acefba84d8bf3a0a46323859cfaa4b0c17bfc42a6e6be67dc17982be12672214e887677743d1ad2ab252a0b
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\Z2V2PGGQ\www.vice[1].xmlFilesize
13B
MD5c1ddea3ef6bbef3e7060a1a9ad89e4c5
SHA135e3224fcbd3e1af306f2b6a2c6bbea9b0867966
SHA256b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db
SHA5126be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\Z2V2PGGQ\www.vice[1].xmlFilesize
7KB
MD5ab9e3bed64d8b8f2aae99664e96be4ce
SHA1a1ffd045bc1542c705b53fc184c152c0cdbb9216
SHA25656c04b54be419e2a1acce4aa86ad8276b95f55ec7ca618cd624cfb89d96a039c
SHA512ebc790cee9a739222152b8a55ce7803234a86d91711883bac2361d19b594f9b8da26b9dadc4c6f67f6abd1a8a247f117cca24c548e8546d7cde5ed776300619e
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P7WKHLDN\favicon[1].icoFilesize
4KB
MD5b939aee911231447cbd2e3ff044b3cce
SHA10f79060358bea92b93ded65860ffbc9ecae3dc14
SHA256f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c
SHA5128053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P7WKHLDN\suggestions[1].en-USFilesize
17KB
MD55a34cb996293fde2cb7a4ac89587393a
SHA13c96c993500690d1a77873cd62bc639b3a10653f
SHA256c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
SHA512e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QPKZGF7Y\coast-228x228[1].pngFilesize
5KB
MD5b17926bfca4f7d534be63b7b48aa8d44
SHA1baa8dbac0587dccdd18516fa7ed789f886c42114
SHA256885cf4c748081f6e569c4c5432249084eded544d55f7c85cf47ec1aebe6bdcd6
SHA512a99269cc3c0af6a291e5373c4e488eaa3900e66bc3342933da3a18caff5401a4408aa1cb4463fac649c3cc5d88773f789fb120e292ed956188f1f5eda8ca7633
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QPKZGF7Y\favicon[1].icoFilesize
5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\dda51l4\imagestore.datFilesize
15KB
MD5f37d02a038fa9c5e09addc1c3a09b27c
SHA19d8ff3baa169da9f3f794a3b05ea7e8a772530cb
SHA2565640c639294f32d93f031a52f867d86fa0c9e61a5521a59a4e240f62757cfb16
SHA5129cd227ef95a7ebf21787c650c63d61ba7abc735005a390a94ab2245dee0daa9f49c463fd4baf86317f358332937ae1d2335a755561378d4a37846d6ef3e81271
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\Windows\3720402701\2219095117.priFilesize
207KB
MD5e2b88765ee31470114e866d939a8f2c6
SHA1e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD59a432bd5fce8a499b857ea2ead0526e3
SHA1ea74da66307df60e0154d57b22a98ed559f0669f
SHA256aabbb6bbab4cf144fd70791e15091aa64f06af9c6fb6795cf8591c3293e7784d
SHA512e577f175d78607e1578886426c334a25f6aa451c149e2ef497fea00a2ec3b4512bd0a736904851e9ada7c03b93869ec8f24955b0f42084fa8606a7e26e9bde43
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442Filesize
1KB
MD5dde292d6a9acb9155b3d3114493a9a51
SHA181e89a5e56696093366c1c632d62d186a477a6ee
SHA25646ab8693f1b782c32ae9eced71370e28f41576039edef747626103f1d6e63d97
SHA5126ccdfcfce0c5c6ad5a0979ed61e9a05ebf1fa53690fa4be7a053c785c05eb4f0383906562189308703608f7073a22c768a553b948ea0491c841b8dd933a03496
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
471B
MD58b82e64a7691fb70aec48c12c37eb312
SHA196084b73e24ced2adea93695f71a62092771ce79
SHA2565e1b36f0cccb94221d862d2fe35c892d699d397a87f74f18a668a57ba7ef8d5e
SHA51236802e6043f76d717a376d762f84e89be4bf5b6675bcc662f9f768dfe6487582654333ede1f871cadaa5b5120ad5147ca81bd79b5092623d38f1fbf4037237f8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04Filesize
471B
MD5b361be2c15ff7fe631bb78da68d03614
SHA12a3d9586cfc668118f62b1548db36d0c1d494113
SHA25629e6de16bc16d88218ee1617fdb4eca2e9924e905408992c4f7d48233051b44c
SHA512d7357d0bc5c8ee32c08d88917c3df10b831453344ec04a8167f3357c9cf4b4c24ad16e54d26c3d51ad5eee70ec9026c1ea63d8febff07d7376cf9342615ca99f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD5f569e1d183b84e8078dc456192127536
SHA130c537463eed902925300dd07a87d820a713753f
SHA256287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413
SHA51249553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_3B19E079B02C6E9472149DB847F37EF9Filesize
472B
MD5c7fc9f3151264e42a899962a8fa1bb8f
SHA100bb625b29829bd10478c7e8e68770129c76ae5c
SHA256470835bb5cdbbcb416a4e7485d6490d350bb023f693ae8647c4e2ebfe04cda4c
SHA5126ddba5224b418c59e4f8fda5beb0ac77070d59814acbc370144612d3da8072daf6078591f9df393cd91ff893e934f72fd75e35d6a4186a52f2a24ed6e7f398aa
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD5bf79bf6e214ea469e84f748d4d3ba8f2
SHA1acd83549d10ec9fec8918f77a82b9c22232d1a67
SHA25683168fe030b320533ba1c9b4b5214c74f059be948d332c1796185fe29f669743
SHA512720d412241f72a38aaa71462f2af8c05a9a3c1f5ecfafa7b4c436b66e8f00dc75f845139358343fb99cdae23d957b825d88edbc7e689fbebd54087fc48baae43
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_1DC6D7385EA816C957BA2B715AC5C442Filesize
416B
MD5364558fd39dba3032178f4e97e3b95a0
SHA120fc88ea30c3e682a8e57d1bc534a1e7a78ea623
SHA2566c747b21995c13d5d8e8150e81bb69ab7df23f0923d2dd7ffcc8ecd789d248c8
SHA512629f6cde1ce78a672c9f9135c5bdec4921f11dbedd656412e376460b33b700bdb3199b59d2c3b13a0110349a5e983ed17095e630a8e3aacabe00e246e4964adc
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776Filesize
434B
MD57cb7a1395655db1deebd1c8c56764b46
SHA17082f244773b2487b010f7cb4daae171c00ee794
SHA256687fc9144d67617ed65a131a74c327d2b7e62b935a80491b3c870fb7ec885806
SHA512d2f95eba03f118d5873369da753f0922dfbb77dee5faf6345ff2152b8a05151c17be6c524cdc145a201e4e262e3f33f6d51931c01e34137fff554feda44e72bf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04Filesize
430B
MD50d2268b7c8a0b8272b56cdf334f0ef8d
SHA167abe233d2ec12a8c8c151e77b084301b7d26d74
SHA256a1dfa1956a4b50d3174d24b43707a26bdc3aaa977ef8b68af8eccf2ff6715a01
SHA512c5ba4cc03cb393249e19f304328ef4212a253faf24f869da8947b5cdf502b4e0cc6b9e2c01b85e4e92b11e22d68158b0e14baad123773503593d6e6c9af3a57c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD5a40ca46751fbbc7f488c2cf16ac45264
SHA1ce9b01bc527d66cca82ec746fd005722dc7d7cf2
SHA2568a409ddae6f6784135dec2e88879d0bbac1410a88896a8afe3064d7a86a9692e
SHA512b434fcd15a072d3437d6b8ff962bb3196a60687d1a5b0f81d3c0aba46a3b570fcbec6e4d2ee09e1125743cb350c149d4d3a7dcfd2730d80e9bf74f303ca7d484
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_3B19E079B02C6E9472149DB847F37EF9Filesize
410B
MD578d0a60b04ee49d90ecb18541274d915
SHA1a116c3ff390763bf9a408e1864dc76d4ad2d5fa2
SHA25667d5b9908451df687fd3d98d91a107b1caa010eb678fa0be7c5d3dbdd9c5ca9f
SHA5125119107f9abe9758474bba9f0dd7b346b83acca011a6f4d44828f3f7fad959928148aa60c716762004c1535af2e53bcac736c5ec2db1c5f72cce0b3f4c729694
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\Windows\3720402701\2219095117.priFilesize
207KB
MD5e2b88765ee31470114e866d939a8f2c6
SHA1e0a53b8511186ff308a0507b6304fb16cabd4e1f
SHA256523e419d2fa2e780239812d36caa37e92f8c3e6a5cd9f18f0d807c593effa45e
SHA512462e8e6b4e63fc6781b6a9935b332a1dc77bfb88e1de49134f86fd46bd1598d2e842902dd9415a328e325bd7cdee766bd9473f2695acdfa769ffe7ba9ae1953d
-
C:\note.txtFilesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf
-
memory/600-199-0x0000021F69C00000-0x0000021F69C02000-memory.dmpFilesize
8KB
-
memory/600-195-0x0000021F69A30000-0x0000021F69A32000-memory.dmpFilesize
8KB
-
memory/600-207-0x0000021F6A2A0000-0x0000021F6A2A2000-memory.dmpFilesize
8KB
-
memory/600-206-0x0000021F69CC0000-0x0000021F69CE0000-memory.dmpFilesize
128KB
-
memory/600-204-0x0000021F69C90000-0x0000021F69C92000-memory.dmpFilesize
8KB
-
memory/600-201-0x0000021F69C70000-0x0000021F69C72000-memory.dmpFilesize
8KB
-
memory/600-286-0x0000021F69350000-0x0000021F69352000-memory.dmpFilesize
8KB
-
memory/600-284-0x0000021F69340000-0x0000021F69342000-memory.dmpFilesize
8KB
-
memory/600-193-0x0000021F69A10000-0x0000021F69A12000-memory.dmpFilesize
8KB
-
memory/600-282-0x0000021F69330000-0x0000021F69332000-memory.dmpFilesize
8KB
-
memory/600-191-0x0000021F69850000-0x0000021F69852000-memory.dmpFilesize
8KB
-
memory/600-189-0x0000021F69830000-0x0000021F69832000-memory.dmpFilesize
8KB
-
memory/600-187-0x0000021F69810000-0x0000021F69812000-memory.dmpFilesize
8KB
-
memory/600-185-0x0000021F697F0000-0x0000021F697F2000-memory.dmpFilesize
8KB
-
memory/4152-223-0x000001EBF68A0000-0x000001EBF68A1000-memory.dmpFilesize
4KB
-
memory/4152-160-0x000001EBF4EB0000-0x000001EBF4EB2000-memory.dmpFilesize
8KB
-
memory/4152-158-0x000001EBF0A20000-0x000001EBF0A22000-memory.dmpFilesize
8KB
-
memory/4152-161-0x000001EBF5640000-0x000001EBF5642000-memory.dmpFilesize
8KB
-
memory/4152-156-0x000001EBF07E0000-0x000001EBF07E1000-memory.dmpFilesize
4KB
-
memory/4152-224-0x000001EBF68B0000-0x000001EBF68B1000-memory.dmpFilesize
4KB
-
memory/4152-137-0x000001EBF0C00000-0x000001EBF0C10000-memory.dmpFilesize
64KB
-
memory/4152-119-0x000001EBF0320000-0x000001EBF0330000-memory.dmpFilesize
64KB
