a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
03-04-2023 18:16

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ 3.0/MEMZ.exe
Size

12KB
MD5

a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1

761168201520c199dba68add3a607922d8d4a86e
SHA256

3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA512

89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
SSDEEP

192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2275444769-3691835758-4097679484-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
2044	MEMZ.exe
2044	MEMZ.exe
5048	MEMZ.exe
5048	MEMZ.exe
792	MEMZ.exe
792	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
1992	MEMZ.exe
1992	MEMZ.exe
2044	MEMZ.exe
2044	MEMZ.exe
5048	MEMZ.exe
5048	MEMZ.exe
792	MEMZ.exe
792	MEMZ.exe
792	MEMZ.exe
792	MEMZ.exe
5048	MEMZ.exe
5048	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
2044	MEMZ.exe
2044	MEMZ.exe
1992	MEMZ.exe
1992	MEMZ.exe
792	MEMZ.exe
792	MEMZ.exe
1992	MEMZ.exe
1992	MEMZ.exe
2044	MEMZ.exe
5048	MEMZ.exe
2044	MEMZ.exe
5048	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
792	MEMZ.exe
792	MEMZ.exe
1992	MEMZ.exe
1992	MEMZ.exe
1992	MEMZ.exe
1992	MEMZ.exe
792	MEMZ.exe
792	MEMZ.exe
4860	MEMZ.exe
4860	MEMZ.exe
5048	MEMZ.exe
5048	MEMZ.exe
2044	MEMZ.exe
2044	MEMZ.exe
2044	MEMZ.exe
2044	MEMZ.exe
5048	MEMZ.exe
5048	MEMZ.exe
4860	MEMZ.exe
792	MEMZ.exe
4860	MEMZ.exe
792	MEMZ.exe
1992	MEMZ.exe
1992	MEMZ.exe
2044	MEMZ.exe
2044	MEMZ.exe
792	MEMZ.exe
792	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

msedge.exe

pid	process
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe
2448	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes:

AUDIODG.EXE

description pid process

Token: 33 904 AUDIODG.EXE
Token: SeIncBasePriorityPrivilege 904 AUDIODG.EXE
Suspicious use of FindShellTrayWindow 2 IoCs

Processes:

msedge.exemsedge.exe

pid process

1912 msedge.exe
2448 msedge.exe
Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

MEMZ.exe

pid process

4780 MEMZ.exe

description	pid	process
Token: 33	904	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	904	AUDIODG.EXE

pid	process
1912	msedge.exe
2448	msedge.exe

pid	process
4780	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MEMZ.exeMEMZ.exemsedge.exe

description	pid	process	target process
PID 4400 wrote to memory of 2044	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 2044	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 2044	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 5048	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 5048	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 5048	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 792	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 792	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 792	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 1992	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 1992	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 1992	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4860	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4860	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4860	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4780	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4780	4400	MEMZ.exe	MEMZ.exe
PID 4400 wrote to memory of 4780	4400	MEMZ.exe	MEMZ.exe
PID 4780 wrote to memory of 3016	4780	MEMZ.exe	notepad.exe
PID 4780 wrote to memory of 3016	4780	MEMZ.exe	notepad.exe
PID 4780 wrote to memory of 3016	4780	MEMZ.exe	notepad.exe
PID 1912 wrote to memory of 736	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 736	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 4512	1912	msedge.exe	msedge.exe
PID 1912 wrote to memory of 2892	1912	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:4400

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5048

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:792

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1992

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4860

C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4780

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:3016

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe"
3⤵
PID:2764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:2448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffab99446f8,0x7ffab9944708,0x7ffab9944718
4⤵
PID:548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
4⤵
PID:3904

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
4⤵
PID:1100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3000 /prefetch:8
4⤵
PID:1640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3632 /prefetch:1
4⤵
PID:2248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3752 /prefetch:1
4⤵
PID:4952

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4824 /prefetch:1
4⤵
PID:1936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2992 /prefetch:1
4⤵
PID:2560

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
4⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
4⤵
PID:1528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
4⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
4⤵
PID:4820

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
4⤵
PID:1084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
4⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:1
4⤵
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4828 /prefetch:1
4⤵
PID:5504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5364 /prefetch:1
4⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2100 /prefetch:1
4⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
4⤵
PID:3704

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
4⤵
PID:1740

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1880,4490206718516961681,16545606936881519382,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6248 /prefetch:1
4⤵
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=bonzi+buddy+download+free
3⤵
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffab99446f8,0x7ffab9944708,0x7ffab9944718
4⤵
PID:5392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=g3t+r3kt
3⤵
PID:3656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffab99446f8,0x7ffab9944708,0x7ffab9944718
4⤵
PID:872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=mcafee+vs+norton
3⤵
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffab99446f8,0x7ffab9944708,0x7ffab9944718
4⤵
PID:880

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd4767118h0318h4e1dhb23aha42b4f73d955
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:1912

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffab99446f8,0x7ffab9944708,0x7ffab9944718
2⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2180,2622084825513855353,17398207487451578904,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
2⤵
PID:2892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2180,2622084825513855353,17398207487451578904,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
2⤵
PID:4512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2180,2622084825513855353,17398207487451578904,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2804 /prefetch:8
2⤵
PID:1448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4872

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1936

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5692

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4e4 0x504
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:904

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
78c7656527762ed2977adf983a6f4766

SHA1
21a66d2eefcb059371f4972694057e4b1f827ce6

SHA256
e1000099751602ae1adcec6f1c74e1d65f472936817b45239dfed4b043984296

SHA512
0a8e58ae95163b3cdf8e81b5085887761e73cb7c836a1a6a972e837fb3df69b2ac70cfd6311d06d40656344ec35eb48e512f007561480f0345486ac2b329be0b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
099b4ba2787e99b696fc61528100f83f

SHA1
06e1f8b7391e1d548e49a1022f6ce6e7aa61f292

SHA256
cdb1db488e260ed750edfe1c145850b57ee8ab819d75237a167e673116a33ee8

SHA512
4309375e10785564ceb03e0127ced414e366a5b833f16a60d796471d871b479e4c044db5268902d9dfd14715ca577cb26042bab8f7b0f31fe8abf33947feb9d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f8fc306410fe7dc766efa069effe7fa7

SHA1
63a792049c631c5da017a4666b071fcf7eb701da

SHA256
b13b532a7baeec5003740a148730594924cbc2feb6952f936706ee411128084c

SHA512
a9b6e454db1f3675bd286ed724e520670e74bf354783b2af00d67339006a6d6adc119162998ac8a7982fefb138e4a89b2badce2d812ff23a17950386f8bc337a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f8fc306410fe7dc766efa069effe7fa7

SHA1
63a792049c631c5da017a4666b071fcf7eb701da

SHA256
b13b532a7baeec5003740a148730594924cbc2feb6952f936706ee411128084c

SHA512
a9b6e454db1f3675bd286ed724e520670e74bf354783b2af00d67339006a6d6adc119162998ac8a7982fefb138e4a89b2badce2d812ff23a17950386f8bc337a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f8fc306410fe7dc766efa069effe7fa7

SHA1
63a792049c631c5da017a4666b071fcf7eb701da

SHA256
b13b532a7baeec5003740a148730594924cbc2feb6952f936706ee411128084c

SHA512
a9b6e454db1f3675bd286ed724e520670e74bf354783b2af00d67339006a6d6adc119162998ac8a7982fefb138e4a89b2badce2d812ff23a17950386f8bc337a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f8fc306410fe7dc766efa069effe7fa7

SHA1
63a792049c631c5da017a4666b071fcf7eb701da

SHA256
b13b532a7baeec5003740a148730594924cbc2feb6952f936706ee411128084c

SHA512
a9b6e454db1f3675bd286ed724e520670e74bf354783b2af00d67339006a6d6adc119162998ac8a7982fefb138e4a89b2badce2d812ff23a17950386f8bc337a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
330KB

MD5
3e0120ffdecd701d5b4349c76e5d6a86

SHA1
97314d0eda1cfc496378a445f7d1174a5ce335bb

SHA256
25c1db83e78cd1b537480bf1e98c3e0596f099e0519fb16a22140ecb96d554db

SHA512
8c685cab626857039b2e1c91c2a94844ac13e60de0be7abdb10fea1169eb07cfb22bb4ceeec656c3351e63db3b930f10870d251dff3e6809f92cea5567d9c748

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
64KB

MD5
c4f7300442a8f13dddf5c9bd09128727

SHA1
d7c8a30cdfe9027cca42c45f44d569627112ae6c

SHA256
5decc8ac1f3d26152842e44d1aa103c913711168c968c936bb782fb3cac10155

SHA512
3b6ebaff36af22dcc9ae7a7593657b56f99afb242ebeed50d26a33e1e6b0ff31c98ef576b96cf98c277cafc1050fee40b5d4c3fcd730595be756089a980030cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
69KB

MD5
79f2aa99d3d8b52fed79466789e04e77

SHA1
1f9181fb8888127785b333cb1347568c5eb84c18

SHA256
660441d1e19b20e694e76063a3d275bb4ff0d1c46550ca04f1b60f98dd9b9a54

SHA512
d82618c29d6191813d26113ab77c5e50e995e4cc4ad66edfd75c45496cd2ab13aa0854e2fbe15882864fae2326a77ea578621e07389281b74a1b197c7b73ff61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
432B

MD5
3fe4d036922edb01a4908943e6b24c7b

SHA1
2f13df20272112482c55734cc62de1ef6c11284b

SHA256
adc3e5569977ef2b8e056e48c7e39e0b6af233f8e8f1260e1118739d4a53af96

SHA512
04a96889863fc06a03c055a3f694ed34b6de4dfafbe8065db30452171c02455b95f27bc55849252b02621a97b06ef9a1ea694851f85500cf5db1dc35f1c0b9a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
840B

MD5
2d92dc9ac3e9eb7f19c5a283570229a9

SHA1
64752265f5ae7c1beb32a2bb93b7df6e4b219544

SHA256
6256c9df6355083be51e17ee0f69c5f19e23112ce726696bf9df6f2b407dcb3b

SHA512
b2c958d7d804d9024809167517b4cc23ce1a17c818836fa99e56ed604612770589929a40d62146317626fa8520e11c116a00b6a7b75426ff97924b0d7be1a56b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
759b67adaad342b6b50ebdba3b9d9928

SHA1
b77edcd9ac909a860504b40d9e6717bd22d9ec76

SHA256
a2ed535f5c971ba536a87a9bb1d5d59b3f85fff81180d3cb0776f95614fc888b

SHA512
060091b4a62ac8aaa90b56615bf034fa8dc4e399c75b41403a2a6c691a561179d3651caf5a0e482fba0203dd29145f17522970df0298091b31661223fb00c5e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57caa3.TMP
Filesize
48B

MD5
aab4da93147fdaa88be5ca28b5a6e782

SHA1
319a6d61b5d56c3ee2a161a6b9f8ff0d11caac05

SHA256
0db2af51665c493d623ef4ea5db0ebf940701b658f331c750cc78d4ddf7a934f

SHA512
3cb0f3b7cd3554be2e332b4be81a011f2cdbe3f925a42a9facab57bffb975669e7f69a687a51b93ca4e2455a2b4c56797f1a0204be8925a8832a17181be2884d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
d0d388f3865d0523e451d6ba0be34cc4

SHA1
8571c6a52aacc2747c048e3419e5657b74612995

SHA256
902f30c1fb0597d0734bc34b979ec5d131f8f39a4b71b338083821216ec8d61b

SHA512
376011d00de659eb6082a74e862cfac97a9bb508e0b740761505142e2d24ec1c30aa61efbc1c0dd08ff0f34734444de7f77dd90a6ca42b48a4c7fad5f0bddd17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
b0db20a0205434aa3a26c43705b3e1be

SHA1
9c63fd569b74c4ab53ec0c26aad76b18cc393d6a

SHA256
6e6944e11502d8247f7c1fbba1791ab0c332b88488b6370c7e5bd0d398d9e3b3

SHA512
128a7a78cfe279b36a206eda6c476d4d2f37ef2b3c5b777c6d010260575932917d409d2c42a608968f944e31594dfd3eb1c19552be60274bb980272c4f131c2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
ad24f95dba5f3b04d38bcb2984164727

SHA1
548aaeab9c6908d15c87973564e2d30f15b4bfa0

SHA256
42c01b46cb0147e14182afce703b2ab441711be0bfe8533fb42911d5592a7f6e

SHA512
f9a581e938ee8e3b51ca82a44021fe8af175837bd16732cb4a4d822f51509688e0fcafdc54840ed957e90234876c2d4dccaeec59c966c140a8195ac84a54e9f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
2b828a936cec474b8faf35f84cad16c3

SHA1
5e43f3d3156b7196e52736042eb05aa09fdbedc9

SHA256
1b67eaca491f02fa15bb92d25302e0b2b359c2f93557b0b80fbe19f29cdf98b4

SHA512
9495f5ca2e52d2d3a20769c5b246db413bfe4d11e30649dfffd161c70b0b40c2f743f54f6a7a256a94cff4b4b5f475b974d6f8757655b25985e78798c94053bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
3KB

MD5
e1a4172747f84b15a016b841eaab267f

SHA1
0cb5412a4b416143b6207080786c90f8efa6727f

SHA256
e4e88fca1b76826a2739f1d078b7e913dd802e97cc26c1a6372dc77bf278661c

SHA512
dbb3a8ab7897214a0d213f93828d6afb05c9e0297c65ed3d0bb34772ebe51980559705b7a6a9db19a3567dc40985970fee3e46448ef3e873d08a6a79702a6251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
3KB

MD5
e1a4172747f84b15a016b841eaab267f

SHA1
0cb5412a4b416143b6207080786c90f8efa6727f

SHA256
e4e88fca1b76826a2739f1d078b7e913dd802e97cc26c1a6372dc77bf278661c

SHA512
dbb3a8ab7897214a0d213f93828d6afb05c9e0297c65ed3d0bb34772ebe51980559705b7a6a9db19a3567dc40985970fee3e46448ef3e873d08a6a79702a6251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
984eabf711c00bd25d8c73c95edd7cf0

SHA1
b157b5cd5fb91b0b405d808e9055ebc1ccaf5242

SHA256
cfd8b02672e50b61aec627204f036382563123c9fb5e20ae3ee1142dee5f7fe3

SHA512
b8610f3baa8890ef51bf4725caefa768076daa296a40474b04e575f442480bd587763a38d8a5667ccc5fe29d0970bb0ae92308f0fd3c0b9579607908ac9efe3a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
518748ad8211fa30465e27710262d94c

SHA1
c5d7e28f9247666183aef3b1ae09e88e71b0f14b

SHA256
5ac56906a6d9034bd0ecc7f25fb5f00c5077123f79c645737d7b8fe98ce60962

SHA512
df95483c9466a711182cd0c63a4b94d1a1d7f3e12f671c9f217049117709a92447971e47e6a25db664791c4e3adf028690374961c1a4449b721d06ce3b0c563e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
10b2e3ecbd07d370d2722e90e61d22d0

SHA1
efa9676c01391f3d236f5f9ed0ab43e6010426b1

SHA256
385f15d5e10ad37fd694ca7f8d1d2504e12c980a2c9a40f7988dd0646f16d022

SHA512
a0ba62fb9e856b87f4af967756626965381d98da42198f55f20712471e1f5aff29cbf5d12dab5754edf59e74ba15ad2c01be5ad0dec0b7f7065727d2ed6a1b99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
60f7f94716f15d720d94b6a331d31b79

SHA1
a6a20693395cfa506e70088fa13b55c7cda1e95d

SHA256
0900754101aa7aa423f8dcc5494d1eb70cd2bf741f241c7a7c2b927024d4abaf

SHA512
0ead01d14f72345f83f2fdd77bf19f288d1a47eae9bc26f54869923dcc7754c39d374dd8ba0e630da1f4173402002e3ef3810f2d1ae0a64eaa55491cf1fc4d00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a82d581226bc62d022d623ff15cf1f7a

SHA1
0a42239dd2b1fefb6415c5562eea237ecf289ae9

SHA256
48b76e6fca5b557e4e51300501f8ccf985ec33019c616393c87f31455f88dfe7

SHA512
93c21631ed713822a2e66176abf6864a2b6455e09aa022a48433d9be596c8f71aeb23aa94e5815d085a6d2d07aa7e5525c7e964271ec10633855ce657c15e258

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
cad9738a2cb53b67e710bda5352e733e

SHA1
458017890dc3241f326426972da3d552a4b03276

SHA256
b3d23a69ddaf1c187f59f32b4d6e858f09be9588476a9fb0041385e193364c6f

SHA512
0f7baf14a8d54c544c5f527af16cf10873991a3b4c3cae44718a34df98ab59a25f33744c1d127b986c1199ac98161e2b5d8f86e1b6039bcb356e19b6dd68c5eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
02ee7addc9e8a2d07af55556ebf0ff5c

SHA1
020161bb64ecb7c6e6886ccc055908984dc651d8

SHA256
552d3ed359b7a52278ce621674d16428d8a7969f6cd5663df18e240cce66aadc

SHA512
567989543c3848a0c3276d96b96ca761f750e4b71fb74f36d809f590ffe16a72fd5ece251737a8b1ffe65f0051e211bd7ad19d2b8b0b7ca1b7ffc86dd2a52883

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
f1d900a561aaea79520afe5a7dae4f24

SHA1
203b9d3f52cffacd9f3ce37cf59b3d6cfc5e69bb

SHA256
da914270d8b32deb39144c40ba82c74a48f16388063f562d497a0ceeabd64c5d

SHA512
cc5324638e732148324022714244b875d85c9786b2dfc4eb7debeeef6f38f5e5c2803ae7ad53e1f9bba8ab79af1036b3e2828c1c99486f546207bb86a3b5cb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
ba03f379a5b76f6deffef2c13bed6a24

SHA1
bec43cbdb9df295cfe2d6408fbcab62a55fa5a63

SHA256
05b7c6ad39f9abaf7bbf4ca50707be8642fb14fd2a18a6792e874b6054ab44bc

SHA512
0ac3f79c6e854e4e78ffb833a66c44f2fe3af96b48ced9ca967023b47e17645603805041a39bc24449a5545b1b271983fd321726c597b1ead45a1b1ac5e2bebf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
d128198a0e451178795a23ebae7bc081

SHA1
5e98f58178597956e3df6771fdf45e4012286fdb

SHA256
7b3f1190273b3270ed1d3d73ced08cbd79ec144cd0a4371dee763187b8f6cac4

SHA512
11a1eb5a07f1ede52f0b3e7a68d8550dedf656c2477dd6c0e94c0ba3bfb3d580f7a11490c21ff1a930dcf75308045590d3b3a7b5fa87a05553fb6f285872515a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
9f693c45203a61222dc75e0eeaaf0e08

SHA1
e2c68b5e5914ccdecdef704d9219731e211be17b

SHA256
cbf6f499e1f5dac1e59b449d027750cb4c6e2c60844a4cb695ad4ad37f7f2dcf

SHA512
c8f58fc469e97144fc3a3dac5bb51a5186ac2d11feb76c089c49a8d9b6e281e6bc3246e75a960b4a4af0dc2ab3f45bdbb2e649bd85596f0eecb7c24b15ea8aad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
439096e7c05a72f57e70dbc78e0a1119

SHA1
517edccf220be375ac853ebc2a130fd51943f091

SHA256
e7890c564ecfa43da926817584a7c24d932c8b4693a0bcb87369b76dc83fccf6

SHA512
42d8964b812ab694f0ee2f911b48227483261f798717910919caee05111a3a31561c26ec42344cf1e8587e67f0f01b94ec6e60fce9fe914d665b52d281ce2e31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
d88fc6260f15aa02a43f26c0bdf1c15d

SHA1
0716021a7535834f2ef5596add734b3ef296d57e

SHA256
7a05e16a49935274d4781a2c6dbc2790e7a49ecc8dfb13b5cf5b46a6a97d64e1

SHA512
6321a83ec7826059e4c1989e2f2c0c0bf72e52290201e87d05096e1800742c92ef226b81fee87863d0b58e302e598bd2a1af29ae032229ccb452b2b8d1f0b51d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
0cfa6a9c409187c75c0d714f281e8b2e

SHA1
86f52e3886dbbe108dfc9e7f9d2f169b940039a1

SHA256
1c3d85e691a572b457ab334fb297cd9ac838fbdabda8867e6d854e65322b61e5

SHA512
a164f84f9b6a76ae30f67f7256daf1fbe3c512185a8bb32b267db5e0fceb3c972ccd40716da7f9909c5f4f0c2a6d88a4b49372467b3bad749313cdeaafde009d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57efee.TMP
Filesize
372B

MD5
4ae5854b7fe134ce5b3a249e47fb0498

SHA1
43f7e3b2fda28b5b0381527045351fb953a03544

SHA256
9d9e0e8210259c26013047bb1985637a668377463b9ecf02a67179e1d8710583

SHA512
390bcce4ab259591074ae3b4a528a22fe04d1a29894e1e80533bf72d9b1a9e4e824ede8d381a3c7cd69be136e5f056912ae6c274c217d3decfb8168902d5296e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
0fd06a26f451cbfd0ed3c06af78935d1

SHA1
c6bd3ed81116b2be8da299044b06acc32bd10e14

SHA256
4a986e35c7f70be8eb207e65bb1debb4820976f57e16bdbbab3f640fa976ba36

SHA512
dc6cd9bb01c5a2f8fad805275f62a7f6b0c1a3e6b2437832c709650d6eb2028da2242f30fdeb6e8d72f9803954262d3625c2caa1c1f3bfecaf29581b0dbc5042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
3KB

MD5
0fd06a26f451cbfd0ed3c06af78935d1

SHA1
c6bd3ed81116b2be8da299044b06acc32bd10e14

SHA256
4a986e35c7f70be8eb207e65bb1debb4820976f57e16bdbbab3f640fa976ba36

SHA512
dc6cd9bb01c5a2f8fad805275f62a7f6b0c1a3e6b2437832c709650d6eb2028da2242f30fdeb6e8d72f9803954262d3625c2caa1c1f3bfecaf29581b0dbc5042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
038fa254fb4780c0d39b93fce742b8e9

SHA1
31733ee68453358851e034b6db4d80645ba58e5a

SHA256
64bc6def21d38c5b4a80585f93d852390a75c772cc866e6dfb939cf5ecff21cf

SHA512
905d6b374271f315f0896b677076cf60c05905f1a805a9c2fd2e81601bd54e4f9153664ea371c2b7d730b1c7b2da72ef3d108a1df2ed33415a21eab2dc646b95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
Filesize
2KB

MD5
ad24f95dba5f3b04d38bcb2984164727

SHA1
548aaeab9c6908d15c87973564e2d30f15b4bfa0

SHA256
42c01b46cb0147e14182afce703b2ab441711be0bfe8533fb42911d5592a7f6e

SHA512
f9a581e938ee8e3b51ca82a44021fe8af175837bd16732cb4a4d822f51509688e0fcafdc54840ed957e90234876c2d4dccaeec59c966c140a8195ac84a54e9f7

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_1912_BPIFWARSALPMMICD
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_2448_NWEKPXZNFGLBTYJO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit