hxxp://google[.]com/search?q=memz%20download

Analysis

max time kernel
422s
max time network
428s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06-04-2023 15:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://google.com/search?q=memz%20download

Score

6^/10

bootkit persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\d294b4d9-b84c-42f9-bcc7-7a1ad018e515.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230406173202.pma	setup.exe

Drops file in Windows directory 1 IoCs

Processes:

mspaint.exe

description ioc process

File opened for modification C:\Windows\Debug\WIA\wiatrace.log mspaint.exe

description	ioc	process
File opened for modification	C:\Windows\Debug\WIA\wiatrace.log	mspaint.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133252755856755477"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 2 IoCs

Processes:

firefox.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 1 IoCs

Processes:

firefox.exe

description ioc process

File created C:\Users\Admin\Downloads\MEMZ 3.0 (1).zip:Zone.Identifier firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\MEMZ 3.0 (1).zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

chrome.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4536	chrome.exe
4536	chrome.exe
2576	MEMZ.exe
1412	MEMZ.exe
2576	MEMZ.exe
1412	MEMZ.exe
1724	MEMZ.exe
1724	MEMZ.exe
2108	MEMZ.exe
1272	MEMZ.exe
2108	MEMZ.exe
1272	MEMZ.exe
2576	MEMZ.exe
2576	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
2576	MEMZ.exe
2576	MEMZ.exe
1272	MEMZ.exe
1272	MEMZ.exe
2108	MEMZ.exe
2108	MEMZ.exe
1724	MEMZ.exe
1724	MEMZ.exe
2576	MEMZ.exe
1272	MEMZ.exe
2576	MEMZ.exe
1272	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
2576	MEMZ.exe
2108	MEMZ.exe
2576	MEMZ.exe
2108	MEMZ.exe
1724	MEMZ.exe
1724	MEMZ.exe
2576	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
2576	MEMZ.exe
1272	MEMZ.exe
1272	MEMZ.exe
2108	MEMZ.exe
1724	MEMZ.exe
2108	MEMZ.exe
1724	MEMZ.exe
1724	MEMZ.exe
2108	MEMZ.exe
2108	MEMZ.exe
1724	MEMZ.exe
1272	MEMZ.exe
1272	MEMZ.exe
2576	MEMZ.exe
2576	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
1412	MEMZ.exe
2576	MEMZ.exe
1412	MEMZ.exe
2576	MEMZ.exe
1272	MEMZ.exe
1272	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
5260	msedge.exe
5260	msedge.exe
5260	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe
Token: SeShutdownPrivilege	4536	chrome.exe
Token: SeCreatePagefilePrivilege	4536	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exefirefox.exemsedge.exeTaskmgr.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
4392	msedge.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe

Suspicious use of SendNotifyMessage 59 IoCs

Processes:

chrome.exefirefox.exeTaskmgr.exe

pid	process
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
4536	chrome.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe
5176	Taskmgr.exe

Suspicious use of SetWindowsHookEx 15 IoCs

Processes:

firefox.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exemspaint.exe

pid	process
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
2804	firefox.exe
3464	MEMZ.exe
2576	MEMZ.exe
1412	MEMZ.exe
1724	MEMZ.exe
1272	MEMZ.exe
2108	MEMZ.exe
3452	MEMZ.exe
3692	mspaint.exe
3692	mspaint.exe
3692	mspaint.exe
3692	mspaint.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4536 wrote to memory of 4492	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 4492	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 3480	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 676	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 676	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe
PID 4536 wrote to memory of 624	4536	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" "--simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT'" http://google.com/search?q=memz%20download
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4536

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc9e729758,0x7ffc9e729768,0x7ffc9e729778
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1812 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:2
2⤵
PID:3480

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:8
2⤵
PID:676

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2236 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:8
2⤵
PID:624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3128 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:1
2⤵
PID:372

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:1
2⤵
PID:4436

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3692 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:1
2⤵
PID:3828

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=4560 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:1
2⤵
PID:1108

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --mojo-platform-channel-handle=4896 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:1
2⤵
PID:3272

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5496 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:8
2⤵
PID:1516

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5680 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:8
2⤵
PID:2756

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5244 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:1
2⤵
PID:3428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5836 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:8
2⤵
PID:2068

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5852 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:1
2⤵
PID:3132

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2800 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:1
2⤵
PID:4616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=748 --field-trial-handle=1828,i,16457819200731313336,13836200142152205228,131072 /prefetch:2
2⤵
PID:4716

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1116

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5068

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:2804

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.0.2128699548\1239992393" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c253616e-b766-4d7a-a400-4a4d92d72bec} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 1916 1ece0917a58 gpu
3⤵
PID:2060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.1.1630972840\1626046383" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f66c03d-1371-4469-ac66-a27d4ededbb4} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 2316 1ecd2972b58 socket
3⤵
PID:1284

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.2.975870935\616517660" -childID 1 -isForBrowser -prefsHandle 3148 -prefMapHandle 3144 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce5b282e-05ae-4a20-ac0f-7504ed70ac59} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 3044 1ece360e858 tab
3⤵
PID:2636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.3.1244261315\73232537" -childID 2 -isForBrowser -prefsHandle 2464 -prefMapHandle 1460 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5ee0ef58-011b-4806-b876-f5e31e5aa4de} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 1264 1ecd2970158 tab
3⤵
PID:3436

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.4.677636666\860840836" -childID 3 -isForBrowser -prefsHandle 3988 -prefMapHandle 3984 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {cd33262a-9ec3-4724-b17a-6d2a528304a3} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 4000 1ece3611e58 tab
3⤵
PID:2260

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.5.159231314\651596517" -childID 4 -isForBrowser -prefsHandle 4940 -prefMapHandle 5012 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9efc1256-da8e-48ae-a4fc-3b76e05dfd41} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 4948 1ece357f058 tab
3⤵
PID:3428

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.7.880634972\2064041863" -childID 6 -isForBrowser -prefsHandle 5380 -prefMapHandle 5384 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a604bd9f-8a27-4336-862b-5f74aea4bf5a} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 5372 1ece357fc58 tab
3⤵
PID:2344

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.6.418342648\1360468956" -childID 5 -isForBrowser -prefsHandle 5192 -prefMapHandle 5196 -prefsLen 26659 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {116087dc-0c48-49c4-8226-5fa8f3039864} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 5184 1ece357de58 tab
3⤵
PID:1000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.8.740867320\1778572035" -childID 7 -isForBrowser -prefsHandle 5484 -prefMapHandle 2684 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9303c7cb-9510-4dbb-8c27-ed27852b0601} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 5196 1ece4348858 tab
3⤵
PID:4848

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.9.1268390938\1412984178" -parentBuildID 20221007134813 -prefsHandle 5964 -prefMapHandle 5960 -prefsLen 27195 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0f4f8b4c-f5b3-4215-9184-bcafd11abf0d} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 5796 1ece84c5e58 rdd
3⤵
PID:2104

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.10.1286916675\323210025" -childID 8 -isForBrowser -prefsHandle 6100 -prefMapHandle 6076 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6142602b-98ae-454f-9ac6-ebb6d7dd646a} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 6112 1ece8538258 tab
3⤵
PID:456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2804.11.177060149\1014493101" -childID 9 -isForBrowser -prefsHandle 3704 -prefMapHandle 5644 -prefsLen 27195 -prefMapSize 232675 -jsInitHandle 1456 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fe2f5a1a-f9f6-47ad-b92d-7499d2e90757} 2804 "\\.\pipe\gecko-crash-server-pipe.2804" 5632 1ece357f058 tab
3⤵
PID:4856

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4392

C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3464

C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2576

C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1412

C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1724

C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1272

C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2108

C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe
"C:\Users\Admin\Desktop\MEMZ 3.0\MEMZ.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3452

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:4168

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
3⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffca7fe46f8,0x7ffca7fe4708,0x7ffca7fe4718
4⤵
PID:1468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2236 /prefetch:2
4⤵
PID:3268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2412 /prefetch:3
4⤵
PID:5020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
4⤵
PID:1392

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3712 /prefetch:1
4⤵
PID:3464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3720 /prefetch:1
4⤵
PID:340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
4⤵
PID:3428

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
4⤵
PID:3996

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
4⤵
PID:5652

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
4⤵
- Drops file in Program Files directory
PID:5968

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff6c0275460,0x7ff6c0275470,0x7ff6c0275480
5⤵
PID:6020

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2204,16998365294638781136,4684523541204850402,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
4⤵
PID:6132

C:\Windows\SysWOW64\mspaint.exe
"C:\Windows\System32\mspaint.exe"
3⤵
- Drops file in Windows directory
- Suspicious use of SetWindowsHookEx
PID:3692

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
3⤵
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5176

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
3⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
PID:5260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffca7fe46f8,0x7ffca7fe4708,0x7ffca7fe4718
4⤵
PID:4532

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2124,11015897055384908507,16715833901105676548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2148 /prefetch:3
4⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11015897055384908507,16715833901105676548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
4⤵
PID:5468

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11015897055384908507,16715833901105676548,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
4⤵
PID:1028

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2124,11015897055384908507,16715833901105676548,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=3008 /prefetch:8
4⤵
PID:656

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2124,11015897055384908507,16715833901105676548,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2144 /prefetch:2
4⤵
PID:4208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2124,11015897055384908507,16715833901105676548,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4908 /prefetch:1
4⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11015897055384908507,16715833901105676548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
4⤵
PID:3572

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2124,11015897055384908507,16715833901105676548,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3580 /prefetch:8
4⤵
PID:2852

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5304

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DeviceAssociationService
1⤵
PID:5352

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3584

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
720B

MD5
99c637773911876715529241fb584047

SHA1
9f995a2a998b3b1f14e87fa7e8144d7dad4be9e1

SHA256
56ae6ab3c0795afb82e18658415df58d2a4768539e05fee09ee67b7a59f0c8c7

SHA512
4ca2443cc0a6b47223a38476de4822e07e434a2dc744aec66f1fe8e6ae05b6134b8172f949a4639f5573864d535da84424378dab67851ed4dfebf2df16dab101

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
552afa970533a96ed17b229d2b833caa

SHA1
1094064c651e4ea002c3ec59eb164590aa9fb0b4

SHA256
b9f2ff4b182c020e2ef9a778f1425ab88e9238173762e619f1ff5d964e01a43e

SHA512
90f77dc6e433e2749f4c662a64557e2739551883671c5631db86cdad0980ceea5be75d32b3f456c536d609e51630268eb32bfcb580ebf8e41d9ffc64fcbc4ee1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
3KB

MD5
bde1693224c5ba828c1cd230cebf7832

SHA1
c1611fe48d4d19d36a1dbefb02edb16d25d5a0c9

SHA256
39096c4df21018a972ca4c37dd4261ef823e254d7483ea60d41422e4891e4125

SHA512
2dbb669ed365cc147b2dadecb62946d6c0cdc07a789de5bf7ff196cfc9a48c6b782ab84865f54563a4eba8985066d5d4930711e6f4188ad069686a412dc0ff00

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
e0324af3ee8488223741e5f84ed65cd5

SHA1
6073fe4815400011c274946ebc2f0e209a5efa4e

SHA256
e9a2ce10cc49a26dd39bc3876be9fc1ed6d1a10d1e5a175f497889c56a6d208e

SHA512
e757f2ff0821c45f5e7d33bfa251380a0bd03efe33e6d82af55a3c305622e1fc79e661ce7dd4da050b6a3e89bbb3a03781d6ebdc7298026a9efd3ab6c3ae2fb3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
539B

MD5
3720a121a99110ea1bf8ddb4153d1ecd

SHA1
355a9fe8712e0bf759642d1969041af33647ebcc

SHA256
ec7e529387092b82f3941d0e613c6cee8c334e8ea79061a2a3761da34cefbedd

SHA512
8126b6cbb93673938677dfcb38a902b62beb4b138d6708ecd2372f5ea4009567821f686e0940b4fc3141dc0a7619dd190731bf1f4d8fac7b64d3d9fc8ee7a081

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
706B

MD5
5eacf036fd40d02deb543332c0934350

SHA1
4328850a57b859756f4d5101842eda4735aea17f

SHA256
ad16618473fa358f901492dc0666d641333df8d28902a0f553067d40472fd3cc

SHA512
e50274f9be30ad897037eb5ee5387cc7eda389c3651f856cf8fb6e0c06f3ec5c182b08b5fb3f00b81bac3a4d9fe14b9a6d862f535d7cf86729dd69f8e093f9ad

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
7KB

MD5
97040df73ace5567b982c8a7e67ad3a5

SHA1
c5fe8d438910057a38b24c01c734219b3a88a98d

SHA256
d0a321ddcb004c2199a6aef6bf61158193da07646d16f66b011ce66e379ce48f

SHA512
8f8542f3581b642ec81da0a3221228bbee2901b0dfe4cea86d9d9dfc9ff70f713a62a060b906117c8f5f91d2bc371268b1f0a24ce709238cd3c36766220d2193

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
dc179ecaa3322a920e265e61896d1962

SHA1
e3c6729a04911631953aa2aa55e25782bd35de80

SHA256
bc47d5cb754982fb78618471820a50c5e80186d94e162948e7f20880af83d1d5

SHA512
d2ad6dbaef2a8f297c1bb09dc0663918293e4dc9c63e680fceac548b5666e6cf09d5e2f3b15b21be826b3dc7b7cbc0a4d5ef3367d44782e9ee0754c1c38b84b5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
1717e64158216ac8518b3be186576a12

SHA1
6585ebd86f34c430583329499e430905f21f2b1a

SHA256
a83ec3b03d57518eec3997a2b546e1ae1c924357c148edd44c24c8e4487bd1d3

SHA512
f4c8b4a3f2362b531cdbb22b5c1556f048e780b0ee65bc15edd821ec0977646accd17b2393bcb699ef06251ab55514ca79d5c3b06b1ef87e50d26dbf2c65abaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe56a08a.TMP
Filesize
120B

MD5
a51c3a15bd97bafb29792b213e093345

SHA1
b89484c82a1ecb7a427352b10af0a835e7f6e112

SHA256
77444219c29ca14b926eeb4ae23dbc406850db4f2946baf2ffeda14764d8100b

SHA512
4601128b69660765d21ef928ee7399061a2e825969cf012958d743452dd8d530b856d662af9c4e7b9f66cd95bb092ad6f460c59e4b81cfb3271df25a9c25b5b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\f01dda96-7a75-4c84-a050-a14a313cf911.tmp
Filesize
6KB

MD5
a7770412b6c74d1d8ad130c428939e2f

SHA1
00f4c436f6a4b387e52596a562ca0029465d16b9

SHA256
2312f35b5e0b16e8e19802acc9b4b517aa96b69dbfc43a8bfa49e3d3b078fbdf

SHA512
a0bc5c4d0f7bbb3dd292ae20be98811701d6387f49af62df6de353c989d2288fa0fff8fdea6746191193f2aecd37a90c85435234a088a06715ad72c21e015e0d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\GrShaderCache\data_1
Filesize
264KB

MD5
9adeb31ac3cb3ca67cb52e0a6832939d

SHA1
7aec67a51b1035c434c56bf2fab4acf72914ce25

SHA256
1759b461d781cd9b6570f39fbdbbe82f3fbf20b408851d3fd10885130888b142

SHA512
aecbd8908018a6ca59e7ea37ef4f776ec289f2594680e5d850bc6a05eafd504255bb74c86af4273295280e8c4774d7ae9c0873a2e9af10946bc899f3fb610db0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
baab9cfd1b7a136443d052a914b2e438

SHA1
612af7beecace33117d070afd62fb3bdf4645e7e

SHA256
638f8b0d992bcb27a1d7bf2a05ff983dbe9c890b376ea7239e19ffc9209d3a36

SHA512
360c1193a358119c8bd3deac230f5c69ab157bd0faca7828e8893aa83e3b17839c47c51993d61fa7c78f8861407207969e5710e1a4280efb42481107fffe1c1b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
905ee87fcf89c1483de1ab73a72d70ec

SHA1
67e0608fe542f05b79f37bcb414c5a16ac877b01

SHA256
56c3e9b3aafd7759befe15353c69663f1ea2975bbcffd0c344d8bcdbc7a52caf

SHA512
4782bbe7f0027b791ec215e1f16381bcc6807ee3879671321cf131e3fbba20c493225cdc84304b3f9ad88d0ab74dea36bc91482eb1e7d5707c251e9ddd4457e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
905ee87fcf89c1483de1ab73a72d70ec

SHA1
67e0608fe542f05b79f37bcb414c5a16ac877b01

SHA256
56c3e9b3aafd7759befe15353c69663f1ea2975bbcffd0c344d8bcdbc7a52caf

SHA512
4782bbe7f0027b791ec215e1f16381bcc6807ee3879671321cf131e3fbba20c493225cdc84304b3f9ad88d0ab74dea36bc91482eb1e7d5707c251e9ddd4457e7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
199KB

MD5
9113b7b47495f57dc0b5436412274c2f

SHA1
83db1e26817af0d5c55efff9bd5f194f3c01cdf3

SHA256
9d57dd33a6cd13ae9a47b42bc9553295584b4724ec4ec713054d33215393528b

SHA512
a951c440e64418a895428fb84ce44efb73275d3df041a31bc1d3cc9c56471143ccd867bbbe88f94d89f2b9326affc8d1c22d4449ad71b3cbd2f8ce1c7f31671b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
6137c2c472f24cc8c4192697350642a4

SHA1
2f16311487e67559548e5a44f21b4c20affebacb

SHA256
469b03395742b09c20c943838ce17c2eef91132fe7af2f3f7f232523b5519a5b

SHA512
bc774c5dd7ebc1d3c6d84b840d19f06155e1350dd6cd5f2aaa844acc8aef9ed4f16509be7a36024f3bf36b65d95c07d452653ce052894d738f4b868648bb2d39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
717d04df43d095b712b47d2fe3bc15fc

SHA1
b79b787fb42f93c53fbdfb55b89ed338370f92da

SHA256
297562f8fbfde75a805d764be5787871d0fd92e7f23bbe7d5914193065108d75

SHA512
cc95d97dd6c25a816fc99d28a0671447192ceec7d5980f0eec498eca2a3624609183ddda4c400b27a0a10adeac3de26eca15616300744101f13bbdb19e4765e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
75b2aaa35305093c6b15357f06824159

SHA1
56ab4361e2268e11e7533787da5e46c61634ae90

SHA256
642dcbd39bfb5151245dc56121697df6f3b945e1e8f8af52e29926d65d5535ee

SHA512
2e8a80a636cc3dd1d9760642937ee469bad16855be9d07d7d68503c30d0812e12cc1bb7c821ecca5c23299d99e43738e1ae5aa513e59f1ff0b18f6c5c76eed25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
64KB

MD5
1067041b8fa46bae06ebeac837cb67ed

SHA1
9a1e51cfe25d04692592f1dc13ce75058db813d3

SHA256
e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533

SHA512
d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d
Filesize
61KB

MD5
f71b0894d35d9dffdcc3db2be42fa0df

SHA1
abfcb6ffe0b38228fcf03fcfd01e5ae7d363d9af

SHA256
bc12e3374035e04abc80bec91a6abccbc6f736c3f91ec29fcc5b715fb1b3dfd2

SHA512
bfb99588b5a33da1d78a2b79d0734029cf16cc85cba2c353361fd1187ea4fe3ad9baf250548edd96980ae07167a1026fae106c2f0fee8792d36479aa3b3350ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012
Filesize
50KB

MD5
6d81cd0d857a5d1728e08c77b9b0ae22

SHA1
3cc0e10ffa948e94df63f20a66f5190224c57d07

SHA256
703521ee76a6b56c41ea6bec08e91e25e64705acfce7abfc2ff9e75c3d92b2b4

SHA512
9d0cea67338db2e97b58f30e25c702aaeaa41ea0f480a5b2b0c8e9d2935e4ae65c10b1186507a5bcd86540c6b333b5856fe0902146e1a9ce57cd4ed0eb67d959

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013
Filesize
107KB

MD5
36fe1a732c58b0925c88e9f5516a5783

SHA1
5c442ceeefb55696f32e57c79899ddf6385f5643

SHA256
257a3b8ba1825a852b21df00c49e77d09fdcbcab5a24c92f671ac004f770b0e9

SHA512
f44dfb9e71ef980dacc6e0d8a3231ffb412eafeb734502bbc11fb919ed6e3ce944f21d97918cf50c52aa049a6306c501167940d2edf941084d81be6a76216c8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014
Filesize
613KB

MD5
117a24f8df93cb18f513ca58d426ad41

SHA1
cfc25336c98be31856a0d4a064c9119033a95ea8

SHA256
6914dd9ba2bdc56c2dc31ffa487b61b71240d238445d99d1cfd1ff395dc0692d

SHA512
406bfcf17969f06e17dab79005db344ea3bf6bfde4a0891fd4314aebf7e0f21e49364a7c4c3a160908b9f5d2dba6c93ed481ce32139cb7d17540f0eb84aa8285

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015
Filesize
35KB

MD5
aef13a646c7327cbd4a6d3bcebb034db

SHA1
7d9ee720386efcddc69c6d6f810732f5debfd067

SHA256
e22cf8b805411472bc63a30289ad2fddf603a0d4fb1f7ad6ba5a72511da75412

SHA512
ded8aad01610fd13228905f618dc5f6954fc4a175f4ddafb681bb504b1990d75b6c00d55907f8b25ee8aefbe35fbcd3966dd5de8d69351c83bc725ff554416b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
904926d84110ea1ba617d33855816e8c

SHA1
2f83b80f93601fd8a30cbbdb11ae82377a40d587

SHA256
673589e8a5666e8fa420e45309ad6cd3146afd3e448fb1d594d867aa3d449369

SHA512
fce64deb97d059f2c9ef246729fd4fd76d747e9525e4fa350d5ccca780defcb93563c79b6a9e54098402578ff21379ec93f5e166370a3893d9e91d91226cd665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
744B

MD5
904926d84110ea1ba617d33855816e8c

SHA1
2f83b80f93601fd8a30cbbdb11ae82377a40d587

SHA256
673589e8a5666e8fa420e45309ad6cd3146afd3e448fb1d594d867aa3d449369

SHA512
fce64deb97d059f2c9ef246729fd4fd76d747e9525e4fa350d5ccca780defcb93563c79b6a9e54098402578ff21379ec93f5e166370a3893d9e91d91226cd665

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe5c043d.TMP
Filesize
48B

MD5
61c6d0a7e73664cbafcbfa1e52878ae5

SHA1
a9fc5121d24a3451b58e077b2fb69eb1c1c51bd2

SHA256
c26d8c1cba2f87e2277e10db1468448149f9e041761be5c3a07a750b286de1ce

SHA512
bc7e5e5faf305f3e2fb817ba76cc7250523056db13be9b1feeaea0835e3529868041e7272565752195b304831939235e8d83bf14ccf5bf4e72ad6c474fc3c8ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\wasm\index-dir\the-real-index
Filesize
48B

MD5
1e4b106f3e647fe1e9d883a2464b8adb

SHA1
04910d09c84b676f959f669e525ea99fb82e41ae

SHA256
8592a4f0c35c258e91d92f510fe8315fb612548da33557e0fbc837a039e72a16

SHA512
ba0d1593be6b23842d2bc3cd8cbbf67b52906071e34e1b87751d1ce6cfd4aea1d41a6bfc0b1f94dd341794c5067f4cf88fb51fc79b0323434eb569d6385f6a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
63d564484221caca1f9bc1ec8e8de870

SHA1
ebc3da7dd50f0f792b9f004e4fbd7d82cc8efcfc

SHA256
70e4a44b6f304615de4be8cc53cf878dbff9349bb1646b248129661559783806

SHA512
2e7afec557193a2882c1473e34e48283852ffb5bc190c31b708cba3d03ca76df42b745abe053806e6f3c776cd9763ef3f5466007acc70445d52362c808cca83c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
3a9a456a23ce04f9e7f01d9df28b218a

SHA1
0f2cd55575f8c47669bffe45c35804db287b1a77

SHA256
ddcbb2be4da8313fadc7a3aec019b8e740c10f018b624b6ad66a8b55cfa47aba

SHA512
274fa737791a1411513b1d7c6d1ad08fe1e88601e52703aebbbfc83400c71ee869dce800425e44bc2737363f285dd44d907c0aadc081a39a23b7eb6c6c850383

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_0
Filesize
8KB

MD5
cf89d16bb9107c631daabf0c0ee58efb

SHA1
3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b

SHA256
d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e

SHA512
8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_2
Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_3
Filesize
8KB

MD5
41876349cb12d6db992f1309f22df3f0

SHA1
5cf26b3420fc0302cd0a71e8d029739b8765be27

SHA256
e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c

SHA512
e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\index
Filesize
256KB

MD5
84edb2481cb8a42505eb5ea97ed950af

SHA1
c6188a720d141d9cceebe722dcb862ecb7846594

SHA256
0ec103835d6b81f70c32f199a15ad882030338c0cb0848b0972e44de04f8dc75

SHA512
358e2304f50a0aa320e7f4bcdf533867eeffb037076dbc3e7d96b4892a249569c652fa6e22ebbca959b38787b97e8e1e584f15c368b87f83d784d435e1799030

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
124KB

MD5
9201b7730ca6f5a6f8e8e1becd26f71e

SHA1
0040c653a530b673ce22e67ad758cb5ba7605acb

SHA256
152206a46229e4554745d56a7ba88fcb413987a3d3be42a0cecec8bb8febbc7c

SHA512
1af26948eeb3cf3353a3ab5cc8b8f3283446283d245e18c947c7512079d732ae3da52be2230ed339adc6698841200f7f20cc670211cebe512caedb05811a6444

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
958B

MD5
935f748636c1194832acc81b80c1451d

SHA1
b5f0eac1095822f5afae7816d811764d98922401

SHA256
32cadb6b04e41875cbc07a5317e4af713a4208613bc2098d9bf1c3ef173780c3

SHA512
9935ce70f0c68a844d23d0035707c7cffb2117d27dd05e96baae0def11f367ef666bf15cab45b37ac04ca1bdd0a7659a96b0325122360f24bd6ad4e7efc22e95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
15KB

MD5
5fde7a5e898bf64c2fc2825cdb40db59

SHA1
95303f87e1091923c911d4d84ba32dcbf7d2ee64

SHA256
e4ac9835a161105b8322d3143326dfb9e0aabd38a645b894c94c5849afe6eb2d

SHA512
0ef71431a6e2b4ccc82641987610bba3a02b81825b599f39e8fe0513e0dfa4e38e4c6daffa429a4e471e69d04cc56aa29708dde3b65ae0ad5d52da99e66d4a84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
868a8d5b2ae7a396c6a78b92d0d5d39e

SHA1
1d2224c7cc49ff890800cce933c51462d0bc93a0

SHA256
d409c45729354494fd2f536bec75e517dcc62188c27407ce5206add51dddda63

SHA512
3246ca54dae64faa5d72782e819997c214ff5ae99115ac615602c86cd0f9bd084b5059e37ffdb31a5d5f248d1d1edade7087adabb548cd6b5a71abd99aadbe0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
704fd6f0333d33fecb5457889ac4cac0

SHA1
c4eb4fe8fd8516d29a0d02a76f3b049f5c72f1ab

SHA256
bd9ff34415e5d0650c25eea31679bd0734a715cecf6befedd8310a32d2cf8c6c

SHA512
a677c2971be564d690b857740ff4cd5aea439c5e68e48433f5da23ebc6b8e87ebbb8fbcfe8c7546f4f036857020e56fdda567ffa04648c6f6fdcd3a01091d690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
3KB

MD5
6a4912e85521d3d72c7ff7a5f513c0e0

SHA1
d6100c0641e9c3b810ccb1c3b805e3c25521fea8

SHA256
1922afbac1a51931b6a7a3e19cc9f861cf506cdbd16bebeedea60450db50baaa

SHA512
32ab8a4437f5264f7b50f4a245a2af6a8a57ac76af770a796d8d1e8df62df6f7f02aea4b4a6b5675ad34a3189782c127d5d0dba320366e7ef67a570d4617564b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
f6bd0295afcd7b82a691eaa636f2bd38

SHA1
2a39ff8e0ca847c8fb127285b62d70b2dc9a7c40

SHA256
26481e2ab977c7019b95146ba1c61bd7ebed9c2e860f9b4947dc3e409295fe44

SHA512
5516b5da44180840e5f127f749488146880f006a3957e37fb9ed931e19c34a47d19b1ad701a3f8fc47eceec29233dc52ab9302c9eaa0384977f6e860e37ad5d8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
58a82f53147abf881c96d66120fb29b9

SHA1
df6bbb7d99041c56a6d8d48e768345bbce688766

SHA256
78486b833400ac9bde7728120e63a6abf61ac6efd76882d0037d72aa9e3f9758

SHA512
36a9c45aacda7fe1cb9332260b1ff4f209755893c1e0c18ff9b1f706d499f0c4163549a75e1f1f8a4c555417d9d01469205b712e1739cfb6112ec3030b87f7ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
6c0e58e39b9b96d716a82b134bb4c9c1

SHA1
20397cae3103d45e6a208a61f799d3399a003a56

SHA256
5d2720d04e00f78d611518d2788b140c2cdcf63f5268d91d74744a3ed419fefe

SHA512
adcd7a0e5a01412d5dfe4c2f5b569409d7977bd5cd3c6a7fa9aa1ff516897361dc3a1a14efaa21aa684575224c2d970b8362c8abacd68dbde6af72cef5419059

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0f0ad7dccd0d178897f7c72feee1db24

SHA1
79364dadc89715a1620bc6adf1f00ae30580beee

SHA256
cd2f9fa556de92309573ac5018588e2d9e38864ec66b1cfa8edf086d850869e2

SHA512
c059d3c52cb52b5e8cfe510cb514f000481ff82592ded94fa7bcbbef6db5d0c9eac9d486f3ca58ad9f3430830da50330a8d7281285ed1b44fa940eafff8b9249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
0f0ad7dccd0d178897f7c72feee1db24

SHA1
79364dadc89715a1620bc6adf1f00ae30580beee

SHA256
cd2f9fa556de92309573ac5018588e2d9e38864ec66b1cfa8edf086d850869e2

SHA512
c059d3c52cb52b5e8cfe510cb514f000481ff82592ded94fa7bcbbef6db5d0c9eac9d486f3ca58ad9f3430830da50330a8d7281285ed1b44fa940eafff8b9249

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
b3a2524f73b869b2a06334d76e2ac7a2

SHA1
71136ffd8347c13eb1a6bbe0438134bee380d063

SHA256
ffd481bda0f1b58618a624d2c11e0b3e5ccb88d55202f5a81ba794debb1c71cc

SHA512
f3dcf2365b3629944137f69e08e4618a1db59dece1e237c56a198825d784580742438987dc8e12da52d2ac1f0d3548fefe27d8e9bee91c16099fd0e5d2a9eeb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe5bbdfd.TMP
Filesize
90B

MD5
cdef57571eddba555a87e064af97301e

SHA1
0305739b5aa1e3e065af2aff17dbd0a283802dd6

SHA256
520cf5f0b55f1049e3257f4ba8e23839bb34088362b318081a3e5d9d57306647

SHA512
f0d256d80d26a0fd47d820faecaefacc9efb619a39729704b8a5c57707e4545f1364761812d82be71f518f60f9a6c03da6474a66694f0a56b0f05808b33c4f0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
2KB

MD5
5f28c6d2ec28b6ae1f37313b12c94903

SHA1
e3bfb3aa5e5f02ce34131f49f975e48bbfc66491

SHA256
943ff65d78a587937ada4ca3b44dd84a46af7bd4b9185adfbaac4845de1445f4

SHA512
e7fd52ef4e187787eeb90a097b7e0500f77e690369fb5ad413407e6c8822200b80e64e838be738e5eea9bbab3237347a655950955e107477505b5fa4f1db7784

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
279B

MD5
3fca51ee6638cdef00b6913c23a7ce7d

SHA1
5c2cf48bc19a032dfe3902b94635aaf3ec79ba26

SHA256
14dbcf2ed5a4a11d0699a917e2a287248680fc4d08be58da32dd688035d4609d

SHA512
09df79e99968318b6e40ada0fc7141b3f6fe4682b498dd5d0bb63c7f74c83d7f8ee436fe96e92b8d28856827e4c83d29f503df7d9564b7dc2057d4d00541d048

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13325275936648216
Filesize
4KB

MD5
1fdd2cbf770dd5fefa67fac594e951a9

SHA1
ad60c9a45a2d07959e2f8622a09d0064dd10a258

SHA256
af48d4d3843ba196516f15e12cdbba6d284205b19da7fe49d900990f4c86933b

SHA512
ee40c25b863c8efb3185e979dfe46bc677b1003456db5b15cca3e8ae9b0713e08b2a6aae545bfe713b12639189d1bf9a59c4e1fe430d147ccfbc85a300e1f59f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
8afd494d105905560b81898bb2ce8ca7

SHA1
3919ed183bb43b24601cc69c625e4f3a10f2643a

SHA256
67773e99f58bf8bbeac72ac89ad86e17f1b7830ebb07623bff6b559e963a9181

SHA512
67afde44bb86875adf279f02a1d85bd97834850e7fad07bd8b44bd9152d162ee6931ec0d7f836b8962011dd6c4d379ec78982b3028d663b25a234baa975b7b74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
51229fa70395341c71d369239d76fe41

SHA1
93e5dc7176c7ab5ad65e79b4d43732aad8b9f758

SHA256
cb05fa2c97047f2e73dadc1d75fb7abac0d87ae0521ac911d218aba8a363e6e3

SHA512
9924ad9b60fe6467269459bcb6b103eff21580dfd280b97c418367a57bd1a4d1d4a6911247441ac0077a1562da60ad513aaff18cfc79493db36924e46a6365eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
02e2d7c76ec33d27a26065a770dd4f6d

SHA1
80fc1d1682d4f6115738060fbc5428311ab39701

SHA256
15ab89fe5a673410986de7912db74801cc172f20309d9de037413363c6bc14f2

SHA512
fbef7b70e484acc2d1d4713d9d4a011625b84a67e8a5960b1d6124449fcfd5b024b71e269ab4e8816bcaba76b1aa00e64a0e295ebe0061d3fac7f7d53937335d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Top Sites
Filesize
20KB

MD5
f44dc73f9788d3313e3e25140002587c

SHA1
5aec4edc356bc673cba64ff31148b934a41d44c4

SHA256
2002c1e5693dd638d840bb9fb04d765482d06ba3106623ce90f6e8e42067a983

SHA512
e556e3c32c0bc142b08e5c479bf31b6101c9200896dd7fcd74fdd39b2daeac8f6dc9ba4f09f3c6715998015af7317211082d9c811e5f9e32493c9ecd888875d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
dc210caeb19e0b5daca6eaa6601d9094

SHA1
54190a06975bddfaf66978aacebc91143585e291

SHA256
721dff957b30ce3447dcd4b0734bb51a3628ca49704268eb0d7268e43e4c12f1

SHA512
8118df6978bf771f6abd8c626943d93bc5d5bc94adc0050ecfcc9abe66f505369c2b96713eb04a2cb025107c357fdd377a09bd0147dad617c1c4aa835667e289

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
116KB

MD5
f70aa3fa04f0536280f872ad17973c3d

SHA1
50a7b889329a92de1b272d0ecf5fce87395d3123

SHA256
8d782aa65de6db3538a14da82216e96d5e0a3c60496726e3541a8165bccc65f8

SHA512
30675c5c610d9aa32a4c4a4d9c3af7570823cd197f8d2a709222c78e2cd15304bbed80e233e3674ec2f6e33d1961c67fd6a46dc8ba8b1a301cd0722932c03c84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\dcbfa452-7933-4e2f-883a-69a7872e4feb.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
b602a17e0d399310a5f0b887165df566

SHA1
e66525a5293b84b4a66d75b2afb5e7fbca966e06

SHA256
b6185c76376cdb205447a743e56aea267253ed43acb8bcf98b041e72c421a4f6

SHA512
4f3bf26b0c183c3e25f859a014e8f8bcc6dc51dd82939df4d42acaa941c724c7f8516fb880906af9c7fd59c75e6ffa70369e2986d788e31146e30d2091ab2580

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
187B

MD5
c2d8d85234df1286358dc2c4c1e25d97

SHA1
c136b62b873568c36d44a1bba7ebf50afeddff5f

SHA256
7585ab88e4edf9854752056b0a199fc29ad65e50512520ff4404c9f24d776662

SHA512
4be306c4d285add922d2c1481ca78f89c2ab736d20d0044b8407b41c85f90791ef42c0ec6178e9e7fd98f81a8a9d79a78576a5b71156f7d13b7ff100c951701e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
279B

MD5
e4d44d395dbecd0d7be45a07579d8a02

SHA1
ed4b557f9304c63288b85639e88cd676857c6a60

SHA256
772fcef1e7c70980d7970550b4261154df71eaa7639c066e128d003e1cbd64b5

SHA512
eb202c0d9ab99ae7ec32ff33d4622309d8e3c2fbb26ca6d736294a9e480e5c008e1d24b082a7d00b550861a5d5cab975c5d91a20062076058db78142cafdaec2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
531B

MD5
2218337ae98963ca8ed3f1d234f8bb66

SHA1
57b1946c4fe4b42017a8c7e098038c351acdb4ed

SHA256
f03ad6fdcae023d5f1edbcbb6660f19f7309449ed984501246eb9e3d3cbbe8b4

SHA512
43dc5b1458073acffbdd3081f6e20fc2d50fbc294d43c428fd5888e5baf0aacae3eb4f91f010a63318dabe9a3bea96ad3d32f7f3571f154e036bfcd933cf23c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
297B

MD5
97879186d6fbceb1ba2d8b94ba80897a

SHA1
20ca9962a63f1569a8be1923e976a715761281bd

SHA256
4e1a8be60a76fb6513456451691a1a6b243dc27b5678c4b6bb0711e13cce6aae

SHA512
9a5d884c1096806710843464a401f7296985e4d1c57282dcdf0689723d0787751f03e2db26fc5cc77467b473c2b84f170d85bd59c34a20751a72a1272de4b0be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
55140b7f6e53704bf3f1193ef2970a50

SHA1
c8740722daee3fb36650d9e8f3ee5fd153b121b1

SHA256
b582d212b559ae9cc354a6b2c94dac8ee5efc90320a36347b817f5b8fb41c4f7

SHA512
5d26a83574da1c181bf6f8fee092c9474bafd4e759163d7877693b18733fcda3fc69cb20566a96cee81011dfc6ba30a097e294119bbb5cfba476233cd3a6b625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
69b289e493d4db07e0f046ea0eb52c6b

SHA1
8a296afd371da124e6be9eda48b943611cbcd9dd

SHA256
eb74f935e8cb49f542605e8056201072ab158c52655502623d175e3dbd513b5e

SHA512
877a75ef835223d770a3f60875ce653ef17e0ad2384f60dc55bb3a15f7bef0a99030e702fb16ffba978c232996afa05e9472cf440f4051032b799fe7b9c43471

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8e66da73017bbc9e3a0c492903d05fa3

SHA1
4d0ee21d0774145db584f7b9257ab8fa088247cb

SHA256
df1baf10fd35fc720a785d2c2436f6662464cc442526ece71f88bb99bdbd5bd2

SHA512
760c3e8d7bb3d5fea6366250c565340c5dbaf8d5b5e299cc326d5c276162f450f6225d89f043fc14359d19f2a9660e140abe69027569dd8cc6357e837ca308ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
b8f3d12dd5d342a1520dd44bed0a03eb

SHA1
2a3fc4402d15e093d81cec27cba85a064572e722

SHA256
1ee539515e425fd89e6fa00b0efd6e27134a6b38ee398943e339b461d9c14573

SHA512
2e845e46614fac3d1925734e89e72bcdeaae66122df702c9f42e58158e6afc336b3d72dfb8a2393622d08ba783590e549f4fbe25c978dd4f218a592e6ffdb74e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
8e66da73017bbc9e3a0c492903d05fa3

SHA1
4d0ee21d0774145db584f7b9257ab8fa088247cb

SHA256
df1baf10fd35fc720a785d2c2436f6662464cc442526ece71f88bb99bdbd5bd2

SHA512
760c3e8d7bb3d5fea6366250c565340c5dbaf8d5b5e299cc326d5c276162f450f6225d89f043fc14359d19f2a9660e140abe69027569dd8cc6357e837ca308ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
Filesize
136KB

MD5
a3b1ead14851fe1509d9bb2160f2b286

SHA1
820beaa6ee9d2702255c2887bbf103f478a7ddff

SHA256
85a36b21ddf76c6aa4e86d1eb60712e042d5e56d33a88076837cd0c19ec2fabe

SHA512
416f1d1fff0c697f645210050153932f9e3d77af598bae8c6192a57bae7e8514cf7f674ec4cb12e8c02e92ba5e76aa7df4f95fbe9469fdabf616891c6c327ccd

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
2e141ae48a7e9b743acb2f8fe9530b53

SHA1
4a45b2e1b1df2285fa9f8efe1cbbebbc54cd2dfa

SHA256
d23bf1171c8287fb67dcedc56843b5b62e2b0b33e1dfd5f348c445ada43cee41

SHA512
2ac443f601f4b4bcda0fa8b401c28dd19bd435e0bf8efec2ba211a0943d559f36bd0e31d9ffa4522f6310dd42fd7802d04a0516b1e02e1dac37d3b19e82c1d77

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
33c77f272cd9bf1b66515b84e029f1a6

SHA1
2fd3de4d220d60dcd5907e163d435576ecf37a31

SHA256
eb1f28daf267a90c94a228b604038a9187f17b8d0b028273a4a2b4cd3fc61e5b

SHA512
08e2929c033b7559a35dc669cb8c1437b229cc9adb0bed5bc632745a539e6eeabdc01907a581d7de5e8c31c4d50594e7c2f374ad0688557816ae36a89b826bba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
7KB

MD5
f8203bb35a179b080693588a029aa469

SHA1
f84daef339e720a3cf76420de5f5c32d5109c4ca

SHA256
6487792645d12b4511b0f15c6e213df534d6b6fee50481b3a70453dfe2509876

SHA512
9a253a3a90cb1bd508b764204dec1616d9cc7e5687e2043ab5c0688343b7f1bf3345ca24bfb79adca6abae8ef0d7033031e156dab9471bfb4b97e826d1af9f44

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
7KB

MD5
78b6aec1aa1e33d44b3721b794bb9ff7

SHA1
916df241eb841988b2be26218a69be933b16b674

SHA256
3916b669271e7d00d13b9f397704eb880bc01241a7c83e40b8b7cd73b8d12554

SHA512
d0d9c7606ce144a5c5b78038d170ce363eaf257dfb6ffac472e851e90ac7913d1b727b8bb995dfa2e3d72c194758d3bff2ebce367558f8a6189cfbb4643814a8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
4dbd3900ea2e02e7b081a0bb02458b1c

SHA1
81873a30484a51e99145e03309991d106616c672

SHA256
ebabbaca0c31d12ac40ad5d7003d4531d066b861c6a9650b74e8f1854626ad15

SHA512
2b71bf411394a0dbc724ce98afec142e8020b58f79f08f3670b1855c64df00de2bbb0dfd35a9204a860c5d90c349995e249355f63d2d8feadad67911edb7b1f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
a90e5e108bab08cac551a00cdf6c4762

SHA1
f0941642aa103e51d538d9dbbf5063737a96a2df

SHA256
5bd1b4e59ca5c5683fb906ab1e99c327cbcd1edcc700c0a2d720f7043d343e30

SHA512
ac1933b91b2f62c6da8b5f9fbe5de8882a3f8274e363e4ef469e213f06bc8aa83388da7942d12e7192a02d2d04ed9f99304ae78a253978303edd2b07ff3b85cf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
7KB

MD5
527bec2efecc9caff075ef46eb5dbcfc

SHA1
a60829784ae9b1e77db36a8a2d1743084b68f4f4

SHA256
54d87e8b37d57fec7184604f9b67eef20e3fa0af6ac9ff22e56452c48e5c4859

SHA512
bc417f682ae3142838a9d65c4353accd1f74e26cd7f2d6c62c119f170844bd1c057dc9c74121fc90cb4727b3fff31fe510de67e8b4a7fdff83072b24ed26468a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
c2e68e0eacea9f321c8baec0aa8450d4

SHA1
09bb46e2d5eef0e096b45c8a85914fb7e0ea70df

SHA256
faf7bf4ef0dcc68424a359cd63fe1a8e2ef2b3b7338cc67a55b431071f47bce2

SHA512
9db67267ab1edb32c8d2e23229807153b74f0b2ff1b2ce2c40b6916700eb189dfda86f73729f6d1b03d235378beff7be6ebb766f238827f0010a706f3f18dd64

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
3KB

MD5
a3eedc01a2d56bb8ffd2ba9529cb05af

SHA1
d965afe62b45058914a4643fc63fab649e168169

SHA256
033d90d993fd2aa7eb98c15516cf2d66b78a0521fc5572862fb83029955b0060

SHA512
f3b81144a0f1bc6de14bb88dfde8fb5937d89e45a79c33a9dfae69cf3a40c067ef85a5872390a2fbd2adb6a0929c7f30f574f9c0c37936634a42cd7e73b6d48b

Download Submit
C:\Users\Admin\Downloads\o_nQ62Oy.zip.part
Filesize
15KB

MD5
230d7dcb83b67deff379a563abbbd536

SHA1
dc032d6a626f57b542613fde876715765e0b1a42

SHA256
a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

SHA512
7dff68e3f9be9320872ccb105b2e87f15b23807af96ca195a38a249d868468632c3d5811d9a51295ec89fe702d821c9466f93994993951d1238f07f096fb7d77

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\PIPE\wkssvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_4392_HDSFOPRLEMFQTIXR
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_5260_PLPBPJFXKSEFSFBB
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_4536_CXQMZJYLGOKGCFYF
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5176-2640-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2639-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2645-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2646-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2641-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2648-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2651-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2650-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2649-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download
memory/5176-2647-0x00000000059E0000-0x00000000059E1000-memory.dmp

Filesize
4KB

Download