751bfa320057b876376f3ab2c3f532324ab2782c0f0d8578d92edd6ea86f15c8

Resubmissions

05-04-2023 21:00

230405-zts9yabe71 3

05-04-2023 20:49

230405-zmd7fabe4w 8

Analysis

max time kernel
228s
max time network
243s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
05-04-2023 20:49

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

download (74).jpg
Size

11KB
MD5

773c727f5bdd0870602c2bbc81e2d9de
SHA1

cb866613f048351b4dc7f493ed73a6506ace0539
SHA256

751bfa320057b876376f3ab2c3f532324ab2782c0f0d8578d92edd6ea86f15c8
SHA512

128a5c5a2f8f7290847b612a218d2f04ec7f8b771e8ec6a310c043342ffaa6e4910cb9be6528dfc4608db72327f4986f2dc5e34121ed1cf17d1a59bb69dd264b
SSDEEP

192:fxZ4EDPy7DGgJ146Tf+77d60Nv4kSJTCIn8u6r278sPVw5XYdQ6ZLHtAOB9k:fxWEDPyGA46r07d6Bvtki78CVUobN3k

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

3528 MEMZ.exe
772 MEMZ.exe
2328 MEMZ.exe
316 MEMZ.exe
2068 MEMZ.exe
3340 MEMZ.exe
2156 MEMZ.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

pid	process
3528	MEMZ.exe
772	MEMZ.exe
2328	MEMZ.exe
316	MEMZ.exe
2068	MEMZ.exe
3340	MEMZ.exe
2156	MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\3e125e0b-eced-4199-be42-2d4c11720c27.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230405225159.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exemsedge.exechrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252086283607825"	chrome.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description ioc process

Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3384	chrome.exe
3384	chrome.exe
772	MEMZ.exe
772	MEMZ.exe
2328	MEMZ.exe
2328	MEMZ.exe
316	MEMZ.exe
316	MEMZ.exe
772	MEMZ.exe
772	MEMZ.exe
316	MEMZ.exe
316	MEMZ.exe
2068	MEMZ.exe
2068	MEMZ.exe
2328	MEMZ.exe
2328	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
772	MEMZ.exe
772	MEMZ.exe
3340	MEMZ.exe
2328	MEMZ.exe
2328	MEMZ.exe
3340	MEMZ.exe
2068	MEMZ.exe
2068	MEMZ.exe
316	MEMZ.exe
316	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
2328	MEMZ.exe
772	MEMZ.exe
772	MEMZ.exe
2328	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
316	MEMZ.exe
316	MEMZ.exe
2068	MEMZ.exe
2068	MEMZ.exe
2328	MEMZ.exe
772	MEMZ.exe
772	MEMZ.exe
2328	MEMZ.exe
2068	MEMZ.exe
316	MEMZ.exe
2068	MEMZ.exe
316	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
2328	MEMZ.exe
2328	MEMZ.exe
772	MEMZ.exe
772	MEMZ.exe
3340	MEMZ.exe
3340	MEMZ.exe
2068	MEMZ.exe
2068	MEMZ.exe
316	MEMZ.exe
316	MEMZ.exe
772	MEMZ.exe
2328	MEMZ.exe
772	MEMZ.exe
2328	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exe

pid	process
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
5168	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe
3440	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe
Token: SeShutdownPrivilege	3384	chrome.exe
Token: SeCreatePagefilePrivilege	3384	chrome.exe

Suspicious use of FindShellTrayWindow 41 IoCs

Processes:

chrome.exemsedge.exemsedge.exemsedge.exe

pid	process
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
5168	msedge.exe
5168	msedge.exe
3440	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe
3384	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3384 wrote to memory of 1864	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1864	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1476	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 2436	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 2436	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe
PID 3384 wrote to memory of 1332	3384	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\download (74).jpg"
1⤵
PID:1652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff864169758,0x7ff864169768,0x7ff864169778
2⤵
PID:1864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:2
2⤵
PID:1476

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:2436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2220 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:1332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3212 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:1
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3348 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:1
2⤵
PID:4824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4576 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:1
2⤵
PID:3736

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4728 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:5040

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4588 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:3700

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4776 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:1580

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5112 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:5068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:4736

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:4240

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7bd857688,0x7ff7bd857698,0x7ff7bd8576a8
3⤵
PID:1248

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4832 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:1
2⤵
PID:2912

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3468 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:1
2⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3276 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:3088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3252 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:4688

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5612 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:2612

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3512 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:4632

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5488 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:4576

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5656 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:8
2⤵
PID:2524

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:3528

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:772

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2328

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:316

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2068

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:3340

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
PID:2156

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
4⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xf8,0x108,0x7ff863bf46f8,0x7ff863bf4708,0x7ff863bf4718
5⤵
PID:1188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
5⤵
PID:2816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2236 /prefetch:3
5⤵
PID:2084

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2744 /prefetch:8
5⤵
PID:4404

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3596 /prefetch:1
5⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3576 /prefetch:1
5⤵
PID:4012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5200 /prefetch:1
5⤵
PID:5536

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
5⤵
PID:6104

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
5⤵
- Drops file in Program Files directory
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0xe0,0x22c,0x7ff68ff95460,0x7ff68ff95470,0x7ff68ff95480
6⤵
PID:5276

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5468 /prefetch:8
5⤵
PID:5384

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
5⤵
PID:5872

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
5⤵
PID:5864

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5760 /prefetch:1
5⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2080,7537143292034955699,16442910508856856481,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5768 /prefetch:1
5⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:5168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff863bf46f8,0x7ff863bf4708,0x7ff863bf4718
5⤵
PID:5152

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
5⤵
PID:6068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3360 /prefetch:8
5⤵
PID:5936

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=4 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
5⤵
PID:5868

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3020 /prefetch:1
5⤵
PID:5320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
5⤵
PID:5376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3976 /prefetch:1
5⤵
PID:5452

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
5⤵
PID:6048

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5672 /prefetch:8
5⤵
PID:5464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:1
5⤵
PID:5344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
5⤵
PID:5408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
5⤵
PID:5860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
5⤵
PID:2424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
5⤵
PID:228

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
5⤵
PID:2476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
5⤵
PID:1176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2008 /prefetch:1
5⤵
PID:3972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,2425254911527463656,5675534383759894871,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4996 /prefetch:1
5⤵
PID:6112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
4⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff863bf46f8,0x7ff863bf4708,0x7ff863bf4718
5⤵
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:3440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff863bf46f8,0x7ff863bf4708,0x7ff863bf4718
5⤵
PID:1988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2044 /prefetch:2
5⤵
PID:3024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
5⤵
PID:5584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3200 /prefetch:1
5⤵
PID:1488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
5⤵
PID:1972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2532 /prefetch:3
5⤵
PID:5832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4812 /prefetch:1
5⤵
PID:6000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
5⤵
PID:5760

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
5⤵
PID:5308

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5148 /prefetch:8
5⤵
PID:5688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4100 /prefetch:1
5⤵
PID:2700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
5⤵
PID:724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5656 /prefetch:1
5⤵
PID:3368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1936,18100314069646304067,72463042028421111,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
5⤵
PID:5516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3548 --field-trial-handle=1776,i,12777820571890325647,13519993555928478159,131072 /prefetch:2
2⤵
PID:6104

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4524

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1128

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4c8 0x2f4
1⤵
PID:4060

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1116

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa390e855 /state1:0x41c64e6d
1⤵
PID:4140

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
e4861df3621a4352885b24b7eb97d870

SHA1
6a2fb480f4ea1ed763fa7ab217a34a3d8a75c39c

SHA256
724e002813dca8f5be4f31f2efb6ccb96c8be2518ea8e814b36c0a28f8b4e934

SHA512
e29d885b645886d4408dce4044942db6ac90f7c18397df8bd0e15640883d9d41b2be04fa06dcfc0a94021d7c3784ede2c7ea780bb70de2cf8c33d6d83f703960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
db3460da12e2a9d603f83ea2eb94906d

SHA1
ed898bbea51710981e751ff9b3a306d34463d967

SHA256
7e598a3bcbf001fcff13cc3d70229720f69b0140f3c06616da76980284028f62

SHA512
7165aeb9a684b12573276e8ceda2899da1b2d3b8cc16e3ed6ded6ba5f47c6731db9ff5e1c2a453a477cbace129630f1450ed8bd1433257944aea9958fef36616

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
2KB

MD5
424c8b841427ca596121fc3c43065f84

SHA1
aa3a734eec2b97cd1f16f00bd2fd011593588888

SHA256
7f63a1151e83cf4dcbcd342de45d9bf67c8df2edc56b222cc5767bbc81ff9e05

SHA512
c1587f9c816988a2b5896d56770512440123ee0e73e952c9a478d6136131c24fac7edbe136ae38dd58855061f6c0ad5c92254107348753d28514fa5580fd7def

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
03f5502876c351366be3754545c89e7b

SHA1
f19835db2dccd12ffe0b9c90b0c23d3a7a215770

SHA256
71a72c3f502c27956a82c2b820cd4b89aa8752bb56b1fc469cfbd1a373a5477f

SHA512
4176ad58afa18475ced4d112ad722b6cb9bba5f4efdb98d1e6e7fc63ef62ef6c0ba62c1a5d7ae42f015095e374a27df9dbf0eb2142f1cc0757dbbc7f7144b41c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
bcd5f857c37cdf3243c7c27e90f5163d

SHA1
c9613dc2e71f18c81e546d70451dae8dffa10fe6

SHA256
1baec0ab5e68d1ab221155fccae73847f205fd08c27839cbbbbdaff10fb60d64

SHA512
7de172b7a5005bdfbe7720c98f74b393d49a9a4194b3ce804aeaca185e3689c644e4b89e55b616b52e429bedb4f6e2b3d2b5f2dea5fc03426bfd971782c365da

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
0c18edd59bfde4c248995f41a39dbc26

SHA1
3573a6e781c8fbdfd81f7156c8f755763d1da7fe

SHA256
c581eac28ec6b2c522cf08d6d74d0e7c64ac36bcf2413f852424defd4793c504

SHA512
fb3de2c1fc9f7ba85592e28ae0823019bca4c2ac7e1e2904c6bb06b8f13dc7c3c7dfbeec826cf3e7caff461747bb330570141e9976e8641305c741f7c065fe41

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
4f9e4d79b8be88b0bea954b2ae83ec94

SHA1
2476f5a4929e1cd5eada6a0b828ac39fb7011f8b

SHA256
c0b6e8cceccedf7e71ae3d4ff316a24e4ac75a9685593b7d41746366f3a43d5d

SHA512
312bd9109781f586649de73adcb883d76de76055514b1fbc816dbb7ecfdf929646dd938de7188b67ecd3da02cc59b35d4cb50ffec48d1cfdfa52d0c8a05cedc4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fca65e9d7f5d78ef0495b59dcdf317bb

SHA1
52ddef64d632a160a141cea961de26601d12acd4

SHA256
0d67f49f0cf854590b552f230e9e16e67d63bf802d1f7256ca802fa5bb0e145c

SHA512
b1ac33ff2c4fb2fd46330b870894ed91b898595c6cb2118f78c5e86fb08196fe301d4067a2b7c105f8324faf56569e5055090d675a96bfefe1e011a4d87c03f0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
d2442cdbf4e5c9d5bbcac6435f0a4fe1

SHA1
0e66c88e9a9b8240e95499ff4b6288c63ccb52fb

SHA256
8cb080e75e7a4915c1c9bcf1fad193e83050ece8149a9783547e2d57bfe015b6

SHA512
ceae35e6e8b6d8cf9ca0cf10b437c5e9f4858a1412cd24135df990545633ec1e904bdf9e5c4bcc88a1b9793aecd3f5adc0a8fc4eb5a01528cbf9234a86569bb5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
128b3aef5f1688d034c48fd3f932a386

SHA1
a1d14547052bdf6ecbef4dce3714708e5bff33cd

SHA256
6fa66f7e616d44b76e4f49c1a8a7be129d4908b91d47a7d492ea59d0d3fd790e

SHA512
897db0adb10cb63223d065ea40a718a0dbc6b87139c8d6c5f1bc396ec22b037502f663555333182cb869a28b2d2c2cbf0e3749ed023fab3d4805b6f0fcc1b7ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
299ed3420be2bcf00c66aef6fe560eeb

SHA1
48319cda4a59aafffd5642ffb2b5bfc9e448b3d6

SHA256
dc5b7f2abf04cfdb85e8d76dc00e846bc60fe6819287b52c07fd6b5064193494

SHA512
c2ed71ae0ca83f43bd3709a7ea37c7f01ece0c4461ef8c2e83a15dd6d53d274d926847bc8609874d764b2aba301531238cbd8b749579267a83ccdcc60449c8fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
75ff055e69f4c2eab4945bb707c8e276

SHA1
42279e6018c38aec5d6788ff14d38147333a5f77

SHA256
f36dd21cd69997cf931683f517ad0a6aad60a896bb149db158c6cb79c9b474f4

SHA512
5a5f079c75bef28bf27d1687f509cd7b7456a31a97f6c7eba02be734f00ed7c0a3dadb97a1d7a77a6e9ee02cabb57a2d7418265bc0da8a6f921a266897abf8c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
d07ad7f28d659aa08337c9ceb6c0e849

SHA1
c0d1c2ffa49079cf97e8fa76a099803dfbeef9f8

SHA256
d4450e50fc3bafabaaa039f4433eade7db1a344e08003b8dd556529786ff426a

SHA512
0270e63ac940f371476f9a11ce09614cb7cfc72635d152215e35d1df356f22cfbe3b6333dbf188bf57f9c42594f30b457e5e1f0c138e62276c96f8a29215d062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
d07ad7f28d659aa08337c9ceb6c0e849

SHA1
c0d1c2ffa49079cf97e8fa76a099803dfbeef9f8

SHA256
d4450e50fc3bafabaaa039f4433eade7db1a344e08003b8dd556529786ff426a

SHA512
0270e63ac940f371476f9a11ce09614cb7cfc72635d152215e35d1df356f22cfbe3b6333dbf188bf57f9c42594f30b457e5e1f0c138e62276c96f8a29215d062

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
99d4977314afa9f2bb4eb180ba24aee9

SHA1
1ed0bbb2ace11a8986a516590213cd6ab626c56b

SHA256
bbdaf38c45771890b07b2874278b8f5c15830c660ce8a2a094ccf8d36d098580

SHA512
18fb434c1df9306d60b22a517883490e78afc224fed80c0a14048a6c7debfdfd1e9058e1029ec8bd9d3b78016ee8fd4bda50392244172b5cb617afc870e183e6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
110KB

MD5
b3d102f075d0f1771b92f1e7c9bf4eb4

SHA1
62bdfe78008cb5f3a15658c993506c3ce562afd5

SHA256
b0eddc567ba9645a9aca1a267694575ba90e78b1be6f1f28e9922dcb9c7e9aec

SHA512
cfd99a2189a0968199fa66ef1c8ea0a03fb2c1cad7812f76866e36d47843def285d204c7cf4d81c72e4116b2777b5aa0899b2796cceb33b0a85673f36ddddf37

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57980a.TMP
Filesize
97KB

MD5
5d678f6c183686a1365fe91c3ab2caa5

SHA1
1798c5b63a18fb540846cfb3913031237ab1394d

SHA256
2c6e54463ace3e28217e67959894a4059c4b14cb6c75549d2a06b5961682b69e

SHA512
358f83a67bdbd185853ad7a6d6ae33d4c3326324d116bd1d184c9c0e18c68813614e559b07190c5d24a918b44a3b4fb65dd5a87a3d9f07d5b642f786c9ba4850

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
223237b7a0e7ed6ce4cb45c2e1015d24

SHA1
d7edca756d3d74a44ead1e2bcb4628af3dc2dc87

SHA256
5ca0c580332968ae7dbd50113cd4d9b2f60d947f26e6b7750bba2c86a44bc3b2

SHA512
d521c727c22d2454df10b210f033773bd514368a590971f46d71854714ffcd4462cd45fe9d16787b307261797668d8cd591b6c6ad687836c2f9ee5fe1c5cfa34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
717d04df43d095b712b47d2fe3bc15fc

SHA1
b79b787fb42f93c53fbdfb55b89ed338370f92da

SHA256
297562f8fbfde75a805d764be5787871d0fd92e7f23bbe7d5914193065108d75

SHA512
cc95d97dd6c25a816fc99d28a0671447192ceec7d5980f0eec498eca2a3624609183ddda4c400b27a0a10adeac3de26eca15616300744101f13bbdb19e4765e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
75b2aaa35305093c6b15357f06824159

SHA1
56ab4361e2268e11e7533787da5e46c61634ae90

SHA256
642dcbd39bfb5151245dc56121697df6f3b945e1e8f8af52e29926d65d5535ee

SHA512
2e8a80a636cc3dd1d9760642937ee469bad16855be9d07d7d68503c30d0812e12cc1bb7c821ecca5c23299d99e43738e1ae5aa513e59f1ff0b18f6c5c76eed25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3c2c8d7d-2935-4b13-8819-5741e9c44f66.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
3e314517c46ea3aaffa75f609935f862

SHA1
c91175cd3ef03027b5157518c8fbb6f7d13f2ac6

SHA256
71dba608174a957c5385dd9b6432adb86b2d5e274827d207a7c3cc4be90fa9a9

SHA512
6656db3ca765ab88426cd12e4df18736b52a4222e66336a610af8428c7d0991c288b15408ebbb945541af1fb2513176a5f904a2198bcb039055792607c2719c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
672B

MD5
aefc7a3237bcd2f8d89ddc0dfea77849

SHA1
bccdbf2818d5f880f4ca5c0766675c3efd91d70e

SHA256
2c6ab2ae140fa5f971195990ae810c509fe6945b8ff9b831a0ecf7f6d782cdda

SHA512
c10b8b2573de5b6543ade11de6e3d1de1c9e4aab205a4c57a99f2f26e7f176c1c4d56bee030af21221a7bab5eef7ce25ce8c1c66bcb5fc8372dcb65e29562d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
942f8f2833e252305d696eec90a00bb2

SHA1
4519257cffb9878e58719d02fe8d0aff96a302cd

SHA256
5b2ecaecc8bec7fbed637f025fea2c50dc6302c6ce82c3c64c9fa81fb8d202d6

SHA512
72be509645f7244c6642fec02cf22abffd229b3d8ce7866fa8d5391be91016b0a5bceb64782882af5a42a81dadc78c731382fcc75663fff52aa11f3a05fa23f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
264B

MD5
64db71db483ea66706db2386a16fe99f

SHA1
3226d7335f2c5305d91c00ba17165358ff3ef038

SHA256
55d2954292d59d356bce3c5725b5441264d2db1e9b237b7038b8eda80c72a09e

SHA512
86f524cdeae3944112e23e6f03cd954e6d478ae5cf736eb7b07e8eaf57889e248edf8a8b9614640f379eab04524df66a38973dc500c95bf7f554580915257ca0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
289df86fea4c6b52d006eb69e87be039

SHA1
59d1edf9ba285aa62846b8efc4f2b6827c176b94

SHA256
c69cf5f2a31da7ae686db99696588c6b64cc4a131e482394483bd26ff693e2a3

SHA512
970b8f524148eb1c6bc5572c5cea07a326274e7c89d23cee10adc24057b3173075f1f097a7567a5783808d5ab25da8368f8794b97e5b448800e4eef1eddba589

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
a4990c67c2035328fbcdd5407d695c51

SHA1
ad1d63199241b9473881dabc3f3d69b8881fdcff

SHA256
4c3124af9ecf5571f0199a177a190743a9b93cfb87f25561186e778e98dc6422

SHA512
fe76d8de0071a761e079a9881995477f5fee4f3b581002f317080ac1f197f98be992255ab6d5d69a2feebc0fd1e9cd484a523735b764f72fe8fe9e966b87af18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
b0705f8228cf349f383147dd228a86da

SHA1
1bf4b8e9a5ffaaf69aed2c7a16c61da95160fbd3

SHA256
4dd112bd8292d0e10d31b41fb144865bcd9eb4e381b23af6a24d207bbc32cfbf

SHA512
6bbbddd4ccf0e6f931d762eb4c82969d524ba25093371aee3cac46690e23d6e497acd24f1a2a41ee8f7ac3e201e042446c9bd84f6d4b9b75d37f32d708f03c73

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
1KB

MD5
4f85e3e5e79b60764d0389c1fe755478

SHA1
dc7e24f23f79bdceb2a902ba9935f41f6d094854

SHA256
214b3fdcb53c26c2403a97522df2849c924f63f5ba07443a18cfdd1072ecff5d

SHA512
bfad22cbfd8326fd44711cbb4e55acb229e96cec72936db11fd0fc533ebcb7425fd29dcc2b19f65d74c5de66907a42c25676f9d9bba0980c4d67df0ab8555bd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
f82a1a9b1f404bdec5b23930bcf58ae9

SHA1
383840f0461960d6ab23dceaf61d32b930718d6f

SHA256
b731a5519ac2e2033dc7d2378dce933059916c9f9307a8296c7cc8c11156850d

SHA512
31caf69c17ae8a7f9fd3664d86c7c53d2e0b8eca6b053e153b89433c07074cf30dad458b94345be01ed1a98dd5ad4b6b469feb2096f48b3f9d79c0fde4a2f362

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
d53ff62356f23ea067d14e9b7c1c516b

SHA1
feb53cfdd04f6d1a92173c0aa2407878082e0d8c

SHA256
5a143fa5e3879c6f074363d8f825234b6f57d1a79bf0670da4cb5d8170054223

SHA512
898cb9a8ef8e40b047c2e7014a72ba61fc8794fbc973529a89170fd2fb718a4f7be8d79a497b6218fd38cc1773f32ec609a2215bd8b765bfe33682f7b27bf132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
4KB

MD5
a47997024531c4301d58b6cbbf180837

SHA1
fb3a5b5d7c8cfc5cda21dcfb4eee0727b03f7d6c

SHA256
824db0ca5ed3f44834c86ff6daf44a819c0d3cdc7a752554bb30d0fddd2e3312

SHA512
0bf9944a4873dfc1fd38a6e5e43b0bee065be1cb7b677dac49c0fa0981dea89c6b29f71d11e600a65b3ec12a930e77b7718abfe50a793a173c70850f5e406c1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
38acfaff98d84f6c3e393aa05670b975

SHA1
bec3943ae694e9de10214b8a691c745fe085b2b7

SHA256
84c6543170c5be87ccf4122f323f70c155e3f4614a66ed7daca91d1de57ca2f8

SHA512
5bb3d8ad0384a743f73aff00e199ba2b20bae8b0d9a3280b71c6a434724e0eb3b48753435279f963de28bcd9adf4253c6480fb2efacd5a722f1907f7e55d4822

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
82419132e43a4bd7f66cb3dcd898520f

SHA1
349c14e93dbee0199cba1ac1c22b3862628bea73

SHA256
27b264b3bc5fb2a65051b5faf2bc7953f707f4a8e0b0f8dd16ce9622e1cb7cc7

SHA512
228f3170e47a9f58092d4193c1d08289b470ae3f802f503f9fc7a668bac3ffeba543c4ea672d4324610d222c0235ccd246315f660bc824186cfa030db1b09337

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
80899adf61cbbe73ad6ac015f586d988

SHA1
3c11f30fb35b0f196f1fbe8a86797de9afcebd65

SHA256
0dff2506a5ba584c361299ade56e8cb75d3ab988ca3f5cff51ac9e3c0a310a50

SHA512
e1c8f7281802e0f287b5d09cfb64ebad4448a37da5f4d4150151405c5f81873d8c4b5ffa931a28bc54809d0106b6597d79eafa8cf2553de37363b7e705c391a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
c4d3176f541e1cbd2949582413e96c42

SHA1
e4d2b0949f53dc88f8f17eac937766e67de01424

SHA256
ba78b878c459995e5f6534bd399d4fa88dc986506ff5a83e0c6ea3186395556a

SHA512
4d103d180f8c5de4fec819baa91af1f9dc21192ec1b8e84c4f65ca3be41e11fed686a38b394949b3dbf6e110a74ef30de71538cfeec0ed2b9e721a12923427a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
8cf70e76cde9874f3b3f52d6f96f50a0

SHA1
261d981afae49ba5b2dfefc159355e0fb12b76b2

SHA256
73bbb90c8c6ecdd9e5e1ba52b24d4c8aa2f9104d57bc7a48032eb9590e5fed29

SHA512
06c094466111f4e3599a423d36533962b1ec1195ee6f0b8f9bec8f8e3f90bbc2ed57a24b07c195669198a5f85a7dbe81c506100191e3c06dc104285e4eeb24b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
067f54d1c0f47fc2077a94e0d0ef5b4f

SHA1
8b3ceaa4697863fc2811982c180a7b646537cbb5

SHA256
9deb822f0ac20c1bf68dbd5c55289053f1e9c158339060357b1bc2bd68dea562

SHA512
1bbb5bfa46ca20659b099d73fe8865a20fd116cc3a582508ed2ccf047cb7bd8cb46d9352482e5c0335442189702934af3d4156f11c0fd7b6992f60766565773f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
067f54d1c0f47fc2077a94e0d0ef5b4f

SHA1
8b3ceaa4697863fc2811982c180a7b646537cbb5

SHA256
9deb822f0ac20c1bf68dbd5c55289053f1e9c158339060357b1bc2bd68dea562

SHA512
1bbb5bfa46ca20659b099d73fe8865a20fd116cc3a582508ed2ccf047cb7bd8cb46d9352482e5c0335442189702934af3d4156f11c0fd7b6992f60766565773f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
96581ea9980f48fa3315a89265e5d812

SHA1
4b0cd7d072b1598d04011c3663d29b10b87743dd

SHA256
fc7fd0ae5baa1a7201c27c4038193e86cdb7d8c02c1ddca0d136569feff9a05b

SHA512
8990befa2faacff4c7bd9a60fee358958d14f0354969660e931a37f66d005ed19a4aef90709db460d1909b249763444de3c7494c2095bd0724a9b8e1d7bbb0d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
2e2784a1fb4435934ed7d99a385fdb0c

SHA1
b34398ff6bc0d4374dcedec2252702b32038f11a

SHA256
62827f9c00aa90ae6244c52486acca501513f13db143726e753c1a09f6765013

SHA512
d7f260726ce5cb4733305cc9dccaeebb7f93e8f771da969d79f972314db0b11807139629eaa5c72accb024d0326ee3dac376a400c0474a81efaada6c12d095af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1b5b37c8c8252d880e8a576835f5c0b9

SHA1
cdbf3df816991f13fdacdf7bb487787d9194f229

SHA256
02c0cc1eddb9d06240846f9d196f71260ff9dd195136be8d21212dde58a07673

SHA512
378a0adcdcc94893bd1dcc577990e874e18302bb4b293cf21109ced05b36ce64e1afc5bf4863076fe9c04634c383aa080ed634a0efe7ccf04c76f7b0bd8a6290

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
b538657a965bcf8d3098d7e50c2a6aef

SHA1
ae942e521c0af653cdef3aa37a390a4578e6599a

SHA256
5dbb0ba07059f50ca5970ef67da69147ea57d5c31e5246f2d04f7f95b28053f5

SHA512
22a9deef497642b6f6190f7e62b0f8b3ad7af5a03e6dbf11884572423b5ba15e26c5ba41cd9ba18a5d04b2227760ea79dcbddb4770ab7278ef1077c9a92382f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3a2524f73b869b2a06334d76e2ac7a2

SHA1
71136ffd8347c13eb1a6bbe0438134bee380d063

SHA256
ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc

SHA512
f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
bd264c6f72605c57ee492e4a1a74f478

SHA1
a3a24ef49670e1eca33941b153d518fcd83e1f73

SHA256
b14bd9b7ca01f4ed14186bb9096b8da7d3b8511aa16697be87cab6011818185a

SHA512
8c959ace405cc0ff67fcdaee94ec84b9c077b99cea516c4fa2ba6a3e5f23e7966aeb69fe08d023af05f4a35986a43b78adf26c3d6cb882d3fe4377c088074795

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
c4f52837b49f4ffa2e83c85691146e6b

SHA1
ee68618de247f1d66b9c0d5d3af94b2af66b4f6e

SHA256
186c61f32a890d022e301ebf54281390dded090164350132d2c94445800eefd1

SHA512
5739b1f0d7002ee74af8e3f94c3166eaff1ba440ec70ecf327000762dc44d13e85fef5ae9422fe1bcf7eac0ea08d7b5d29c16d56f0059d984ba3d30f8b87f176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13325208740744730
Filesize
1KB

MD5
8843d0ec787ce1abfe82c62a0d0b4fe7

SHA1
039d1285c88a0b22dcded0f698051df99141ed59

SHA256
77d1ca7a690b32880088c0362c0dc1c7e75048f00cec056afc2480581dfed7fd

SHA512
d5a78b5aae425ba3fe8b01018eada6a73a7d62d37e92c6aea4735f4058d05225711f54a2706a8f13a9610b0903b49c7be7bc876f00f5ec3f97132640fdf385be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
f702dfee80e01869215478fb77ea0917

SHA1
c9a3a0e3a7076f32df7111b909df99c93687d1df

SHA256
409c0e121d772ad5c3f2be2f0d2869415afae73016205fca5f4f08661f63358f

SHA512
0e67a897e3632cf08e068aa749f70a6a63d83cfe087b20a2e46cd2a55d9139cd29c766f0532e711833edadc33fde1b51cf08fe8a7ebf0375b5b5f049040bcd7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
d446080e0b8f1ebccd8a9a9842aa71be

SHA1
cced4b8b1249ee39390b7e20744dd1fef5784747

SHA256
7d9eef579bdd115c1d7b210911efe7f448f3c675fe4c227206e40f59e7333005

SHA512
cfaf2ea215a020261df114d644e24009a955296e6b85b69109345b90498972243cd1da487d4f3b318d6a617fda8a2b970d8c824b4ac840e691c41bdb0885cd0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
b6d342ee447d12f2e9b6b5ba2707dd40

SHA1
7768d68b110a489c044058505dbdfb5edfcf5962

SHA256
fd95c6ab2c7fa09182849687eb8592c4682c83955f6786bf0a6a309e3b57b40f

SHA512
c37bf67b74ddf3fc332cb1c0056a2556d8bbad290fcec2ac9caa403df148e2313a458b09d5f1e0641a29c5d25eae12adeeb7088fe2301043f243e70647c243f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
6bb51725db6d166ab75e8982370a7da7

SHA1
cfed9f206a2d54d5ce70d3f09be1ba664d64a5e0

SHA256
14ef0981450128acd024ea88539e12f89d3b72a943d024b7bd3876e33abd90db

SHA512
b52fd438f19d7060e577dfcd2049eaf103489662d2a7a89f7616b1f9712373f8a9df1e287385a3c82f1abdb7e10e86c11cd359ef874ec7aa088a68e06a90e01e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
204B

MD5
bad885dd80108903c2f51e7522382c37

SHA1
0cdd0d89b5e0550bc108ca1c087bb31f2479065e

SHA256
a83f37e0d1dfe1def4ffbf75d111e743dda6948900d2dc878a016c2b79b56eb8

SHA512
40a40cf0016b0da67c321d321466e54206abed48e5cfae07573647e1d3361f26dc292c899d92209adbfe6b59f285c2477cf413a08839eace080ed4da31538344

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
372B

MD5
b9d31b441259f4ef1dc4ba08a66fbd74

SHA1
b4c117bb20cc052ef676cd8ee3540a87fa637803

SHA256
f628702fbad1b8a701afd70339b5913a7d06cb5a083745a1f9c33060bd2956a6

SHA512
fb20e71dbdb0abdaf4620a40058ee253a45d045008a574922686dfac016fcf91d716a7c026dab2145ad35a731d1bece4bfa1c1e3d170bdd45c5625b4c437e85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
943d8355d76b818e71988f55ef4ead31

SHA1
3532f634d0e52c5fa9d6cb3ccea37728a1005868

SHA256
19f987785f1ab193a1541d7f963252f7b5766ff9d04d341181819a616e472789

SHA512
ea72e963a33565ee95a8526dadb7ff22da3162109c677306bd52adcbd9b9944305798d551fef68031cce76a29de266fa9e118ce909f89b9eb0fcc39a3e9d6bf2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
d9847b5afa8141f09dd31598bacf5179

SHA1
0bf08901a0b535ff9fc734da421118be7f8df6d5

SHA256
cfa69676abd35beb81dccd64a11bcf75b8d7a0d036bd00a0c51b97e88ac0adf8

SHA512
b49b72637a1ab10b50956afa627bd7a41016b624327a6c236a095801a8b4f0162c94f2741b8135c1a521ca5e4a5d35ce7976987c1751424221f973ac40d4ae02

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
49b6b0a8fcc6fbd7c7c8f06f72ebb340

SHA1
93e23bd3e43669c32bfca34136e87391a8d36a09

SHA256
c460620edba3d0d4ea7ff8728dbc50c253c01ae3acb7fb622e97db4d1a8db3a7

SHA512
142c176358cf8b592c2ff95e10709882272e44992a7ad062b893ac1ad24ba653b3493f572f60c8cb470533273b06d239265c110b3f41b07909585b7c3dfc378e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
99e4aa0c90f27bb6948c22250806113a

SHA1
13ef7183f90f767ee2367646a221b1e60c56a95a

SHA256
4a1b7a5701a034b9a77c0561c6eacc3822cecdc94fecdeedcebfeba0be21577c

SHA512
b3088d84fc2b1e6a2db18f1235fcbe817b16b4fd1d13e5d8bb8f8f697033cbaa2a545ce9b55f376d0f426b7c8d928905f1c76b7b0175ec7daa4f83750347abdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
49b6b0a8fcc6fbd7c7c8f06f72ebb340

SHA1
93e23bd3e43669c32bfca34136e87391a8d36a09

SHA256
c460620edba3d0d4ea7ff8728dbc50c253c01ae3acb7fb622e97db4d1a8db3a7

SHA512
142c176358cf8b592c2ff95e10709882272e44992a7ad062b893ac1ad24ba653b3493f572f60c8cb470533273b06d239265c110b3f41b07909585b7c3dfc378e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
93d01f0de76fe1a0a6862346bd854a6e

SHA1
c70b31998c08b3c56de04e7d33638c5758d98db2

SHA256
1deb99316ad56553c73f2402e0ad9263bda5b631b6adf12386ffcc93379f8497

SHA512
77decf8f6b3dc44cf22f37d20abe8b79d84d99b6c6cecfdaa9808206699b92eab221e4fc8580e7d09d96475194bc07ea5b281e831b4a6632249a6a20c6935c8d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
b4143a19979d5af2301521263ffaf87f

SHA1
a7667257fbef1cfa1863d5536ae38efd996f553c

SHA256
444150f364f823b6dbb8e9b2bdd0ff20a33868008ae316f72e33e4c97d7ed44f

SHA512
3b6b34f8e37033085d380fb03c526fd77a325df6e91c0010ab5de472dfe99c432019cbe92d86d424eb1dddbb05f806dce3676f4b8f0efa56e0fe244dc8651d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
8c6211b683b988663589ad625bfa23cd

SHA1
074534ec972f0810043c9a8fb1b3a642039978bc

SHA256
35363f66fb6e8a0e60478961e128d9d9058330115a95a2cd39adf66fe7b837a3

SHA512
d6c025a7ffa6b3fab1d995273c117b22022a870118ec827ae37a2089c6609f1a8e81f43a70376caa8dfac92d32f071dab138e406a9f5eb15168debad16792b88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
082e0acd27b73045d120fa44f34cce31

SHA1
349ebe62287b2eb246ff4ac96dbb164591fbe4e9

SHA256
3cf644a85aa620d7f309a37904137d623245737d878123b8b7074a364511eefc

SHA512
ebcb4fc8d9b952fbf16039aa2747a1cecb60e1ad36ff9bb30049cc7c9b53db8e05b8638ea3608960b1c69c3b773bda859ed5faf0039a2d85b270dbdbbec9d5bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
48d80c21761d425d5563f6a8db1cab60

SHA1
0ef7e46cded6a4e55c37885187565a4d0ff61da2

SHA256
8304af2b05f2b4a15cdaef7a737cc2d415748d7800dec49faea6a4aa88f5a356

SHA512
d416f114207d06e29bb77c361d9ba0da2aafce4b59d2f653b07d5ae511b09f9cb6112ea1aa04ea78736c07d575b9137c43eb6b80024e962901111c3b14ba98b1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
0bf210b1c97ecf050e10ccae934ca409

SHA1
9bbb86d02d4fc4d73de60c226dfcb0f26cce87ab

SHA256
dfee5e3c2564776a6d5d825f03b2085afb3e02b2223381d4e8487470df0e885b

SHA512
6f26d6927ff94acf46cb4b985dc290825345fe5dde69aa430d20ec92a4dad3c83cda2945cf961ca491158876ace38161f6d47d316bf6c7e878481fd08d83e613

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe
Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_3900_RUFFZXRFFPFJDBDS
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5168_UEOMZTTXCRFDPTIW
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_3384_TFDFPZCERXQOCQHR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit