a9cd3d966d453afd424d9ac54df414b80073bb51d249f4089185976fb316e254

Analysis

max time kernel
249s
max time network
187s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
07-04-2023 08:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ 3.0/MEMZ.bat
Size

12KB
MD5

13a43c26bb98449fd82d2a552877013a
SHA1

71eb7dc393ac1f204488e11f5c1eef56f1e746af
SHA256

5f52365accb76d679b2b3946870439a62eb8936b9a0595f0fb0198138106b513
SHA512

602518b238d80010fa88c2c88699f70645513963ef4f148a0345675738cf9b0c23b9aeb899d9f7830cc1e5c7e9c7147b2dc4a9222770b4a052ee0c879062cd5a
SSDEEP

384:nnLhRNiqt0kCH2LR0GPXxGiZgCz+KG/yKhLdW79HOli+lz3:nLhRN9t0SR4iZtzlREBWhuF

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

MEMZ.exeMEMZ.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

4976 MEMZ.exe
628 MEMZ.exe
2428 MEMZ.exe
2852 MEMZ.exe
2516 MEMZ.exe
760 MEMZ.exe
3040 MEMZ.exe

pid	process
4976	MEMZ.exe
628	MEMZ.exe
2428	MEMZ.exe
2852	MEMZ.exe
2516	MEMZ.exe
760	MEMZ.exe
3040	MEMZ.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1060

Modify Registry

T1112

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\616254e6-ad73-4b2e-ac84-afc618c6fb41.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230407100140.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 17 IoCs

Processes:

chrome.exeLogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133253352788406878"	chrome.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "241"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe

Modifies registry class 2 IoCs

Processes:

msedge.execalc.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	calc.exe

Runs regedit.exe 1 IoCs

Processes:

regedit.exe

pid process

5840 regedit.exe

pid	process
5840	regedit.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
628	MEMZ.exe
628	MEMZ.exe
2428	MEMZ.exe
628	MEMZ.exe
2428	MEMZ.exe
628	MEMZ.exe
760	MEMZ.exe
760	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
2852	MEMZ.exe
2852	MEMZ.exe
628	MEMZ.exe
628	MEMZ.exe
2852	MEMZ.exe
2852	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
2428	MEMZ.exe
2428	MEMZ.exe
760	MEMZ.exe
760	MEMZ.exe
628	MEMZ.exe
628	MEMZ.exe
628	MEMZ.exe
628	MEMZ.exe
760	MEMZ.exe
760	MEMZ.exe
2428	MEMZ.exe
2428	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
2852	MEMZ.exe
2852	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
2852	MEMZ.exe
2852	MEMZ.exe
2428	MEMZ.exe
760	MEMZ.exe
2428	MEMZ.exe
760	MEMZ.exe
628	MEMZ.exe
628	MEMZ.exe
760	MEMZ.exe
760	MEMZ.exe
2852	MEMZ.exe
2852	MEMZ.exe
628	MEMZ.exe
2516	MEMZ.exe
2516	MEMZ.exe
628	MEMZ.exe
2428	MEMZ.exe
2428	MEMZ.exe
2852	MEMZ.exe
2852	MEMZ.exe
760	MEMZ.exe
760	MEMZ.exe
2852	MEMZ.exe
2852	MEMZ.exe
2428	MEMZ.exe
2428	MEMZ.exe
628	MEMZ.exe
628	MEMZ.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

Processes:

regedit.exemmc.exe

pid process

5840 regedit.exe
5952 mmc.exe

pid	process
5840	regedit.exe
5952	mmc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 30 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
428	chrome.exe
428	chrome.exe
428	chrome.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe
4528	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe
Token: SeShutdownPrivilege	428	chrome.exe
Token: SeCreatePagefilePrivilege	428	chrome.exe

Suspicious use of FindShellTrayWindow 33 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
4696	msedge.exe
428	chrome.exe
4528	msedge.exe
4528	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe
428	chrome.exe

Suspicious use of SetWindowsHookEx 13 IoCs

Processes:

MEMZ.exeOpenWith.exemmc.exemmc.exemmc.exemmc.exeLogonUI.exeMEMZ.exeMEMZ.exe

pid	process
3040	MEMZ.exe
3004	OpenWith.exe
3040	MEMZ.exe
2764	mmc.exe
5952	mmc.exe
5952	mmc.exe
3040	MEMZ.exe
1596	mmc.exe
1688	mmc.exe
1688	mmc.exe
4972	LogonUI.exe
2516	MEMZ.exe
2428	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeMEMZ.exeMEMZ.exechrome.exe

description	pid	process	target process
PID 4620 wrote to memory of 4052	4620	cmd.exe	cscript.exe
PID 4620 wrote to memory of 4052	4620	cmd.exe	cscript.exe
PID 4620 wrote to memory of 4976	4620	cmd.exe	MEMZ.exe
PID 4620 wrote to memory of 4976	4620	cmd.exe	MEMZ.exe
PID 4620 wrote to memory of 4976	4620	cmd.exe	MEMZ.exe
PID 4976 wrote to memory of 628	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 628	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 628	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2428	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2428	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2428	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2852	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2852	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2852	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2516	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2516	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 2516	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 760	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 760	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 760	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 3040	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 3040	4976	MEMZ.exe	MEMZ.exe
PID 4976 wrote to memory of 3040	4976	MEMZ.exe	MEMZ.exe
PID 3040 wrote to memory of 4128	3040	MEMZ.exe	notepad.exe
PID 3040 wrote to memory of 4128	3040	MEMZ.exe	notepad.exe
PID 3040 wrote to memory of 4128	3040	MEMZ.exe	notepad.exe
PID 3040 wrote to memory of 4744	3040	MEMZ.exe	calc.exe
PID 3040 wrote to memory of 4744	3040	MEMZ.exe	calc.exe
PID 3040 wrote to memory of 4744	3040	MEMZ.exe	calc.exe
PID 428 wrote to memory of 4992	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 4992	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe
PID 428 wrote to memory of 3668	428	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\MEMZ.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4620

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
PID:4052

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4976

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:628

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2428

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:2852

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2516

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
PID:760

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Checks computer location settings
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3040

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:4128

C:\Windows\SysWOW64\calc.exe
"C:\Windows\System32\calc.exe"
4⤵
- Modifies registry class
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=internet+explorer+is+the+best+browser
4⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4696

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0x114,0x124,0x7ffc99e946f8,0x7ffc99e94708,0x7ffc99e94718
5⤵
PID:5112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
5⤵
PID:1472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:3
5⤵
PID:3336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2684 /prefetch:8
5⤵
PID:4920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
5⤵
PID:1736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
5⤵
PID:2680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
5⤵
PID:5436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4748 /prefetch:1
5⤵
PID:5776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5692 /prefetch:1
5⤵
PID:3512

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
5⤵
PID:5172

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
5⤵
PID:5328

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
5⤵
- Drops file in Program Files directory
PID:5380

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff725de5460,0x7ff725de5470,0x7ff725de5480
6⤵
PID:5460

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6004 /prefetch:8
5⤵
PID:1932

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
5⤵
PID:5640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3796 /prefetch:1
5⤵
PID:2272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3180 /prefetch:1
5⤵
PID:5884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2092 /prefetch:1
5⤵
PID:3700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
5⤵
PID:5992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
5⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
5⤵
PID:6140

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7236 /prefetch:1
5⤵
PID:5232

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7100 /prefetch:1
5⤵
PID:5240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6976 /prefetch:1
5⤵
PID:5220

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6872 /prefetch:1
5⤵
PID:1088

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
5⤵
PID:5180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7568 /prefetch:1
5⤵
PID:4484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2416 /prefetch:1
5⤵
PID:888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7928 /prefetch:1
5⤵
PID:5916

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7916 /prefetch:1
5⤵
PID:6024

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2160,13963752847308086228,7717426023692247595,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6352 /prefetch:1
5⤵
PID:6080

C:\Windows\SysWOW64\regedit.exe
"C:\Windows\System32\regedit.exe"
4⤵
- Runs regedit.exe
- Suspicious behavior: GetForegroundWindowSpam
PID:5840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
4⤵
PID:5524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ffc99e946f8,0x7ffc99e94708,0x7ffc99e94718
5⤵
PID:3448

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+2+buy+weed
4⤵
PID:1956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc99e946f8,0x7ffc99e94708,0x7ffc99e94718
5⤵
PID:3660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=my+computer+is+doing+weird+things+wtf+is+happenin+plz+halp
4⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc99e946f8,0x7ffc99e94708,0x7ffc99e94718
5⤵
PID:5984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+get+money
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
PID:4528

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffc99e946f8,0x7ffc99e94708,0x7ffc99e94718
5⤵
PID:3968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2236,32605145248505822,12427395147096879969,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
5⤵
PID:4260

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2236,32605145248505822,12427395147096879969,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
5⤵
PID:5768

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2236,32605145248505822,12427395147096879969,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
5⤵
PID:5808

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,32605145248505822,12427395147096879969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
5⤵
PID:4668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,32605145248505822,12427395147096879969,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:1
5⤵
PID:5472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,32605145248505822,12427395147096879969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4740 /prefetch:1
5⤵
PID:4692

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2236,32605145248505822,12427395147096879969,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3800 /prefetch:1
5⤵
PID:5868

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:2764

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5952

C:\Windows\SysWOW64\mmc.exe
"C:\Windows\System32\mmc.exe"
4⤵
- Suspicious use of SetWindowsHookEx
PID:1596

C:\Windows\system32\mmc.exe
"C:\Windows\system32\mmc.exe"
5⤵
- Suspicious use of SetWindowsHookEx
PID:1688

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:3004

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:428

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffc9ee19758,0x7ffc9ee19768,0x7ffc9ee19778
2⤵
PID:4992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:2
2⤵
PID:3668

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2152 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:2140

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1364 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:1748

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3144 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:1
2⤵
PID:1464

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3280 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:1
2⤵
PID:1416

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4472 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:1
2⤵
PID:4900

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4620 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:4332

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4748 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:1076

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4932 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:4176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4756 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:3504

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4716 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:1508

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4772 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:2168

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5404 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:4072

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5232 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:8
2⤵
PID:4704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=940 --field-trial-handle=1772,i,4249675537867141567,11371921013070369128,131072 /prefetch:2
2⤵
PID:1956

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:2272

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3620

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6000

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x474 0x410
1⤵
PID:1384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5152

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5748

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1688

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa3889055 /state1:0x41c64e6d
1⤵
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4972

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Bootkit

T1067

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
028ca75884669a3d8bc7677327c547b1

SHA1
00c3602db124ff4ea295c8b07c7265de44e832cc

SHA256
683e27f9adfda1911354a15820b2f6b659cf570e4eab56617e6dbbfb50eb0493

SHA512
eee170cc4039eae59376c7f2f918278b38edd27677eb6327eb2348fbd5c726aecf54ec9da413545f1e44ae9bfb28a80eea9b43fe931376cba8d1576a704d5f9e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
369B

MD5
72af134edbcd5c457f46bc114d169c59

SHA1
c3a6ce8906b90a27d003bf6d00600d6125f3a1d8

SHA256
4b9546f006a424dacbc616af4622bb9045dfec903cfb0a06bcb0ad6cbfdcf6bc

SHA512
e00ac342b0d0c43cccbbe52ea73783c62d86c26091a126fec666b3885abd8f9caaecc5322396840a81ce6383a4c5b1c91e342143001c2053dfc774ecc6f325b2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fe3e8c9f1ad3595bc64d3ccd027e634a

SHA1
346089b51ec00cd2bdee672d0450ae07153a05d3

SHA256
e0266fc812dc751ac77677ce14d46dd93607ef7810413b25b6fd4f5ada4d5d26

SHA512
17d1a95279ad394e57c862fd98aececb47fca567c8baf293e817eac083988044832e48cf5128bc7e4f75cf28c6949f7471c515b3d45c9cc1a0c571da704ecba8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
b4cd76322ea0bdb37087e274fe49bf23

SHA1
9b46826381a60ab4af6fa20c73f5a84b6515f41d

SHA256
50d27e8ec4b418c73b1216bb0cdb77a2bee671ea3a0570aaddba71e58c5ac39c

SHA512
15c6e1b7872dcd138ad2390f7b66d21d9c144ac4890cfa650792a848b2388c27ea3827e7462b04275f58afaf8c8f55610d0688115a8b110e64261564da2898c0

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
3f09c713f91a7ddb6d447f33341ebfa8

SHA1
4f0f64652fb74a4c06060331a04a8e4fcd98af1d

SHA256
9ad2651864ca3e1d905785ba5246c16fdcf5e40f7313e6e5cff39925bb828398

SHA512
0007d97f531cc341af35b268314c6604b9e03660957a2ab26ad6290eb1610ad52f399cbeeb39246179d90b076b52a045007bca5fa414bfd89984ed54bd2b69bb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
Filesize
15KB

MD5
d7bca659ee5e7ba3ccc9a6ade24602bd

SHA1
43ef1ca671a1aec1d5606f0599aef7adc02d9854

SHA256
61fa24b9771bc8aa998706055a42fad3f6ccc2d871a16e5886013923a6b5a1ed

SHA512
25a894d4f46ec8450c05f902c648b7e952c9b9a58369fa24927d6275baef496abbea0f74d127e445fcecdeb68ae23cc23491be8d188805d70aec0df31b06fbaa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
d5368923f6348200168bf868ee7be7a0

SHA1
7f722a2b34041ba995fde72dbec7143dd2bc29b7

SHA256
cac5e1470a7d21326e4c36e0504cc4cc90a3fa0c625a77ab18b187692574d4e2

SHA512
3d620dd6b67d417e2591a7c91c3b6ef9a3f64a8dcb3d4d0c68883aa20ddd4c37b57eceaa02102ef69863210856d65d27e085b1e09d4316d290c8baade4a0543e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
7bdeae40fdb215df4c06b4e9524bae72

SHA1
1538dbc5796ffae6819de6a33eb35578528b2411

SHA256
10cda7a6c405a14094211667789efaca7bebfd70d1fa764689e17a32278e370a

SHA512
b401919ae95ac24ae4843e7b256faa4cc626ee092fc8e0844820a6faaf4cbdc9341930713848826af0a5ce3639db1c76b5942cc7baccf6c572f1eb5b9187eb2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
200KB

MD5
7bdeae40fdb215df4c06b4e9524bae72

SHA1
1538dbc5796ffae6819de6a33eb35578528b2411

SHA256
10cda7a6c405a14094211667789efaca7bebfd70d1fa764689e17a32278e370a

SHA512
b401919ae95ac24ae4843e7b256faa4cc626ee092fc8e0844820a6faaf4cbdc9341930713848826af0a5ce3639db1c76b5942cc7baccf6c572f1eb5b9187eb2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4c7eb8599cb69ab9c2c93109119c1546

SHA1
ceb70768ad5f085994636ccfac0e123a0e9b66bd

SHA256
386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642

SHA512
b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4c7eb8599cb69ab9c2c93109119c1546

SHA1
ceb70768ad5f085994636ccfac0e123a0e9b66bd

SHA256
386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642

SHA512
b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0546df19c7db5009272baec2c2fb6a62

SHA1
3a8ebacd3467a886dfec8d4c6d5ceeda90f3825d

SHA256
45001310161749481636913d74c55d77ab02112b7d238ee8bf9f5c0f3febf053

SHA512
70cae37117c408d3dffb1149b12aaed8f0ed66c27b364f53e6635a2c525f64c7f552956f09dc0895503c61a4f41362fcb7687f97e1da24a8017d0bdd8ff52835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
c1a3c45dc07f766430f7feaa3000fb18

SHA1
698a0485bcf0ab2a9283d4ebd31ade980b0661d1

SHA256
adaba08026551b1b8f6c120143686da79f916d02adbef4a8d1c184e32a19fd48

SHA512
9fc93f01ab4b14f555791d757ffe881787cc697102547c61847552e597e206e70c6d35fedff559c72a0a67d1b95e769095ecb0a8a7d4f07cf58a7a0d57d3e9f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4c7eb8599cb69ab9c2c93109119c1546

SHA1
ceb70768ad5f085994636ccfac0e123a0e9b66bd

SHA256
386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642

SHA512
b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4c7eb8599cb69ab9c2c93109119c1546

SHA1
ceb70768ad5f085994636ccfac0e123a0e9b66bd

SHA256
386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642

SHA512
b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4c7eb8599cb69ab9c2c93109119c1546

SHA1
ceb70768ad5f085994636ccfac0e123a0e9b66bd

SHA256
386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642

SHA512
b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
4c7eb8599cb69ab9c2c93109119c1546

SHA1
ceb70768ad5f085994636ccfac0e123a0e9b66bd

SHA256
386fbed2ec27163dd16df71e9d04b30581431b75e43673ec879bf08740587642

SHA512
b5e758bb90e9adebff06f6189925acfb1a5dda3dc4c6f744ae8d8c9d708541f16abd630127d9a3c249115c4dabbeba432f39ee6b03e530632a0f3826193f5bc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\674f8dfc-0bbd-4b38-94ff-ff0556e100d9.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
20KB

MD5
923a543cc619ea568f91b723d9fb1ef0

SHA1
6f4ade25559645c741d7327c6e16521e43d7e1f9

SHA256
bf7344209edb1be5a2886c425cf6334a102d76cbea1471fd50171e2ee92877cd

SHA512
a4153751761cd67465374828b0514d7773b8c4ed37779d1ecfd4f19be4faa171585c8ee0b4db59b556399d5d2b9809ba87e04d4715e9d090e1f488d02219d555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
333KB

MD5
de039e24b5bad3c322bfdea682e8aab1

SHA1
a38d76b4207dd4fea8336d37547cdbd2dbdc16a1

SHA256
afb63ab8209c4f6f278e67d6add1a6745d4e3b5ed2bf77080914f96172f1e207

SHA512
7cd658ed7f5d37f4a316cd17033e0ef1a7d2c2c14e9a934f2844eec92f72fe4dddc94a08bb91411a70c19d7e3ff57b44a5ac03a2e9744ae3219df3d6727a1f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
64KB

MD5
1067041b8fa46bae06ebeac837cb67ed

SHA1
9a1e51cfe25d04692592f1dc13ce75058db813d3

SHA256
e6f3a928b555e72664e65ac8d3455b7ace51ce76f205975f98daff89b3a5d533

SHA512
d16c71f87ebcdc4553cb5aa4283f84ba02178e80d237a99d56ec416377031af4354582d459abac88df5b06239e3fb4625466b478bbf67ac5f6f001e82fa58882

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
37KB

MD5
47ae9b25af86702d77c7895ac6f6b57c

SHA1
f56f78729b99247a975620a1103cac3ee9f313a5

SHA256
9bde79a1b0866f68d6baa43f920e971b5feb35a8e0af7ffadc114366f8538224

SHA512
72b5296e3dd1c5b4c42d8c3e4a56693819779167b9f02bc2d5f5a626b519a9cf10bee59846d614c929c42094b65d13039f6024f6cb1c023e740969aaefd060c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
70KB

MD5
90d230d64325e13b92aeaa7ff4a2f11a

SHA1
b8277fcfa42a9f2f28e0371a7f9d998dc283a382

SHA256
f44d36e4ae90afa154d98c4c8035ca605cfa4688358d02ddab66e518fe399b6f

SHA512
766ee6c0490416ff2b7fb091cfc3cf835f57f25b02ed6fac93c77f051a3dac4bb5f11f47803d3583275048fb8fe05ad9838eb943db1b801aa8ce92a0ebf12835

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
48B

MD5
be03bf4cb5aefc9426b6fbda5620b659

SHA1
7624da569b015fa9e75b2a11c084e921b2ca0d91

SHA256
ed8320409de800bc5b3e6e132c0ab5a647b3672377d3e8bc9ca71635ad04183e

SHA512
78ee9cac6e7e8804eea322434ada0db47def35ca6de3c3db936ace02ee073c6301d2fa160a05cdc53be059c03d80a0f848f312b9e0feb5fbd6b26c2cf6ec2d53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
3ea889ebc466d9f7f90b9d81e7b1b98c

SHA1
b9998952678c6ac2e5fcd415a53446bbef4cf5ad

SHA256
b9dcf59061adb5b1140e0a1b83f1330a02e5037619d017760ba8d60816686746

SHA512
dc336f7aea4657953f348f7255fd88a0eb4ded7d83a82a6eab7e7aea38ed9aef844d2bf6074e245a2228812feb6ccca941c53c34a3b150ac6d5e8729eb4b14ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
0310db3bd53b560b0c602988531800bf

SHA1
04e4386318d10b2c8ad1760b07c61010005444f1

SHA256
2d6b6cc6ad2bb2492e9900b81df2f7b12c240abf7fd8a813b581a327a1b8855f

SHA512
55e5f8943b245394bc65945f55e6a65c6dcc31bcea1188b4a3e1db1fd9f998e89aa49452cfdb547eede642c9c7e72b1f3bdb3a8f20a2c8530fb49817d7307c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
456B

MD5
bc59924eaadc4b32827832a6439e06e4

SHA1
e28911e147ce64fcbd05bb230a7c12805a0d2e35

SHA256
32c38ebe91a804b8520953b13c20d66058bb77fe8a03ad2c8f30751ca16b95a7

SHA512
c106bdd3366fcd6a9ecbb57a2e5eb70ee75a1fb76d7901fac21f51ff99c9f84dc762a8bcec147d918ca4e1f1c7da602d022b9c524693663e4451956f22da1a9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
1KB

MD5
db15713bca46b2a0d3e2c4f243d9c9f6

SHA1
d839b3e5459b05bed6d2f2db7635e33ac05d30cd

SHA256
1f807616fd18fe0b499c0099af2df06b80f0383615be914daf8f5df3e7e2dc1c

SHA512
bc69f9ca03b21ed6c4d22e02e94ae685fcd701beacc3df6437f0ccbd6474f1644f25b963aa7ca0d7c016be9bce03ac3b961c89fb162d0e4bbfacb4417aa9af6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
b724a02cc882110b61a93854107297c1

SHA1
f98749ca586ca36130f26f7e14a57a71c01eb336

SHA256
6bdf6543f07e902df6a33d1b58d3c1ef65fd5ed0f8f0bc02b5b2a5ba61a55037

SHA512
e090eca50a4114e8c67dc512aee491289284936dd438944b74d4ca4ac75bca7cdfe721901534c029af6c3854c56e7ab5e590da681616cf54a4eac05697108efc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\IndexedDB\https_en.softonic.com_0.indexeddb.leveldb\MANIFEST-000001
Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
e375b4653c6faf9d52589d415de5f53c

SHA1
633e6c5d62b6645c3df6faaa705ef20665d27297

SHA256
055c38500314d5e460ea6361b710317fc06c58457c7377046b9f880512aacdf2

SHA512
76e1b4f0a33e87419d9270b8116dbd6aa30dea8c9e9d92b8dfba8f06a0b04d8dc65fa129895251f193ea93c598a8e6e7b9bfb0f945e3d72e0f7e4f9bcd67bc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
12KB

MD5
411b36cdfbcdcad15e383956cab8132c

SHA1
0a1badd58e893c28e9547eb8450c6d035a7bf255

SHA256
88ca2d8eb38d4594be4eb019a452c907d8ba8fc68c2f8caf294bb418202183c7

SHA512
437230ac736e62e79791cf07f3eb1423e7f398e82f36181a992a79362799746e08ce357d4eed5f69e69b115ede55a4e12f087d4c7e62dceb4630d04f71f360dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
10KB

MD5
81e4ef2d5cfe0a60b6876694b5825890

SHA1
74f3f7f652bf842f02dd56a7045da4775b451a80

SHA256
c205a5288df64e594e4c4735f66b74b0ef2b3b532dbbf08ed1dca1981a5a0907

SHA512
aae75b60a59fe261eb912ddf3e410aac46bfac389ce62a805da1d19b433c43a312c54f0851e27f2d09bbddf53c951275c4a21c639e81eede1c2b1288dfe9dfac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
11KB

MD5
431c7a1f73e5ba2cd10363dbcb98e495

SHA1
1026c554c38561488eec81c3ec76b893320c1e72

SHA256
a5ba95db31f3a7e5626d4919f881de355076e796e419395f06af1bb845b1bbb0

SHA512
7214d08fbc29522d9a4b64159a17fe49aaf081b31df085dc62feb13504a44fa86516ea04179dd17c6b0ff0b22978d5d625c095136e346c63dbe15eea55880fe6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
ba2e26e2dd100a26dd490e2cbe4ee326

SHA1
6f51ab4322470ffdecf50e02f938bf4e66e76a5b

SHA256
67b829464b88840a18985c179f5b4fd529c14c0bd7140204461cac2a5d369bf3

SHA512
d85b3d3a2d4a6db21b9dc76ccbc7683a05c1fd1251c0c468480ca1ae3da1780dbd4efbb1c463ad005a687da162233c5368c918eabfafaf22ab55d9fa28aa1755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
b49cf4028818a902ff4b4fb8a2288964

SHA1
cb79ce2d171824a8604e56de5b597e6d0e042ffe

SHA256
12fcabedcbabfdc0da4e156967db9b95d61ba279b935b244248167903ad33b75

SHA512
7ffafac696e270c7abfab2f44520de08c216cbfd2f637108a5e39f2fe99c9ea8c6c12137d0729dd523bdf54a4cc9766d90b5a250c3f61682a2ea4b509957187b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
15KB

MD5
b2bb4fcb95e7a26cd7b71f43ef94d6f1

SHA1
1b8eafc028c545669bc95ecb402cb565f261fbfc

SHA256
adc2fe0e2ba2a84e54e51bdce717cc2a08ab776f37d4f46431c3dac6f4879c92

SHA512
b27c794ab019ddc9a23d8333b6d2f47dcff6a465f397cfd90bfb609e22cc4d38c8876b76259d66a33d84a7f155e9c960db0cb8a80c1ffbd73d5c0e5e5929c417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
69253818823639cea3d0e111761433a1

SHA1
d530d393521c4dea0678be1a716cea022ac9408c

SHA256
d644e8f66506a72f6ee3630fa77425a9c669f86d548b672d2a2ca5986bd8cdc0

SHA512
1e0bfc56bd6f77fe0d0a3015140ecb160a3db9e51ccd36eca7162038363c6a7503c153f4689e125dda2efd2c80505a6c38b6d207dd138b0294de65777832366c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
302616d2b186e075d448f42462ee957a

SHA1
997961b66da01a896ec08910c73d0ea54f23bde3

SHA256
eea1055e59f8153e108cc578089f1b8875f78b568b7e4309b3b01c5236da54e8

SHA512
c8f6a385d4194d1470d5dc767942f402903603a5450e4fdacb0aa0e32193ca8b2e321e9a3784cd5770043f385e2623bbc99905fa3720e2571bf8f4679a55e318

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
16KB

MD5
551ba8b76b02692ac5149997d13fbebd

SHA1
ed38af3edaa4b91d3b1adf47a53f896e39ae646b

SHA256
9983c118bf307dbf1f4dfab0f7415102db24e98ae4fe180b06dff5c5a505ab8b

SHA512
bd04088c8788d1ad22575a05ca15d41d49bb8a1663fc804091fc70594f148cd891796ef8b07fc2417fd50333baf8232cec807de8b3e9d73b78e535c845fa8ec7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1554ae5bb368dfae56cbad4ddcb655af

SHA1
c15e49a2e6961dd2663e7c6c44db30b29e2975ea

SHA256
b7c1f5273c0322623692d9eadb05d4f7efe6a31bed8d84a2ce04eed36ad84dde

SHA512
672849d35e991a57d888c0958b7511492d3b55c5dd6cf1c1d523ac8af3b17147e94ff5251b1499d5aac4c86edd0a6619d19c323a0b4b64811b4a27db599ec418

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
26B

MD5
2892eee3e20e19a9ba77be6913508a54

SHA1
7c4ef82faa28393c739c517d706ac6919a8ffc49

SHA256
4f110831bb434c728a6895190323d159df6d531be8c4bb7109864eeb7c989ff2

SHA512
b13a336db33299ab3405e13811e3ed9e5a18542e5d835f2b7130a6ff4c22f74272002fc43e7d9f94ac3aa6a4d53518f87f25d90c29e0d286b6470667ea9336ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
7cfe02d6aabd9f51f7094c66fbfceb41

SHA1
2c7acc08baa3a8805c1366ab4fc2dc41bbfa26a8

SHA256
208b2d573beff8bb7f4fd7beb3894f2cdbb183abf539fc971dcc7a599dbf3157

SHA512
44a2ce03e49cb763a55d8f27ef7ed092d81d3e6e1ee7f2eb252fc7dae7bdeedf486f744aa06f233d31f244aa87ee10d696e7cd3de66ff01220c9bb823716a505

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
90B

MD5
2d5f458e44414eb866e69fa4e1de4a0a

SHA1
392fc8633426546a567321db88976f19f3c74bb1

SHA256
3603b95b45b913f8e20644b13f191fb5e93279084eec93dc36dbff2e579690a5

SHA512
fc20ff2838312659912209ce7d311ec59503632055df1d977fa6a6ca278d8b52d64531681442e289cc50e4e8302c71ac0715769a9c2028e5549f64bf1e6952da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe578ccf.TMP
Filesize
90B

MD5
a5936d3e9727f4d4c3fb01dbb90bf0bf

SHA1
0e74d3adc31168296d8d66dda25bb61b2fc9a3fb

SHA256
9e4b664597f3d08f5e359ba0dafbbad730ea0ec3b02310e9bed0edbab211dda4

SHA512
c451d1f2316f6dbd83279551c4c8c24b201d35fbc786215988f06f4859c870d84c0a6464f70466228eebee9ce8cdab6ab9100415792867aeec28f9754255b6b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
185139792931ac03a8f2b5c20b5551a3

SHA1
ed36bcaa64f7430de1a4b0b8a456bd382b5b6476

SHA256
e6657d9b7da946f1e324b1845214a131718d8cad6b74289766f793cfaeccc2a9

SHA512
f01ed04562a9df22de5a714f2149c9449fb9d42d51cbd171cdb7949f7977bf21d8499b7133b7312b0a17d1bc992dcdbf18c63b9814675612ae5114578def9297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
0c94a0b369f22a2267a5047a0dd80307

SHA1
43e20f34f69688247f1521dbbcfa38e6b6e89a8f

SHA256
738aa3412725f57712f284200d046776930527ebceb4224203b188987552e3c3

SHA512
c0d8609033ac2cf4730891dd6eb0a4854e2a6e7fb438e0161c2a06acac2fafd0a4d2f60b88c42e532fe1b727e7d220ef2c43c007258dfd511561db8754f9c0fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
dba37f9789c3312f6db9f6799ecbfc1e

SHA1
dac44874aa82fa60150bbdf9e6ecea50e873e36f

SHA256
58fae4ba13fac04751af153ff0338252cafa4e6084abcbc7ff004b99ab83dc54

SHA512
3d3306293e4227ec20a2db6929a21e449aed74b9aa6304349063840922e14a188be6c6b8ec72a0ce38b1ea788c20d9d2df4fcfbaa9f962b07f8eec6011129e15

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
5KB

MD5
335b9d333c8b2477e31156ed7bdf7ce8

SHA1
250190a4afa252b90c6a05504740d542ccecbc61

SHA256
4f163c64da2059ba8a9645904478541a88cab9ba2024b0c110dd56b3c02628a9

SHA512
f6ad72128c831a53c6f6cd5f5e4c8120329203fc5ba15cd5ed80fe3487f5dd2c9637866e88d372a9c6a96be8ef63936c31ef56de7e68f926509a96a3554c98f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe585f90.TMP
Filesize
372B

MD5
056357030a41449cb7bea3a69c502cef

SHA1
5bd599ab175afa23e1f0df51a64b4dc8ef81bbc2

SHA256
1e624bdd66c2915c641aab37f8a4ef04185f54abf21a0eb238e260daaf1a80a0

SHA512
d5697cbd470831d81265e615d449f153834ad1eb0bfbced8c8a5fcb051ca6793d2df7bef30c37eff8750fcdd8de16baa4ab6c72fe434a2e9f3cc0dc1d89ec42d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3527206-7376-49b1-a68b-4464292d20c7.tmp
Filesize
14KB

MD5
e0308c50f5331922f27478a475a59c72

SHA1
cb8c22831fe059650f6ac32c4d461e4ad23e4358

SHA256
0e0ae132d1d93305bf4224a7e5a26a08989e6fd58d6229f2db6e2f22122f619f

SHA512
fb06ba278731b46ac2f8089924599e3925b12aa05f5b4f90cee2ae2b15d5b1bf0808f67429bb44df5e34ff0d248db6c0826bd43ef21a4fc59f04f47b9236c0f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
adf17dd5931147f4c72040fc7b705ef6

SHA1
bd0163e9dcb153fa8dccef0baf16fdacdf68c20a

SHA256
b1c1c77d962cd9d0d4467e0e8476cca1f03550a6b4daf98b8aac6d1ab57ecdfa

SHA512
1da610fac3c23c15ae1ff6616b3b35a998948db2a9c1522c2034b57a6b9de06c53143856acd36f361ae447273d0db379b90c6bc8a2e1f4ef38d754d1ecea8303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
4ae53b9b5824009cc1f581fcfbc9e02d

SHA1
cd50a3c48cc1f549f76468f7d5c5f52105127e91

SHA256
c11731a30d1b11719a3c843d26c3d1689599747d3e98924253f94c5399c12f80

SHA512
31c57d425c9f4d9af305e28ff0f4dffbeab68d57e8c1a8556fd396de169e4e532114e5413ed08c7b05df4a36bab6b8a947719daca7ec2167a6294e6d88d2dbda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
a3247b22ded5cfd170b5341579149dc3

SHA1
2a09d30c2733945fa2aba6871ec4419a04e7fd16

SHA256
dd3432bbb56b03617607731c2d46b36b0105169bbb1b815de8d22c680592fa0b

SHA512
fe9a90ed9d7245aecd759b22874da0c0592b7606b79e6984ebb5d7c735cfd1b6cf37094a2b1f36f4f1c528e45cacd1b5f3e912070dcca03946f08885371a001d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
84f67ebdf6de28346d138aba2cce7927

SHA1
3efe47e9ff22a6d5cd2f3020da139b9f1ed4d999

SHA256
1045d93629f2366d89a0afe7e7b4b604aef67a4dea7dfc4685865147294603cf

SHA512
4a60b3f51fcb49a8c438c916ac2611d40f18a8b8c99ac57d1920822d3bcd26b98dbdcffb4c6a06c126c6ef9ab9d725ac99e2458891a8dd8596e2d57ae057b35c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
aa11cb7eefc4eff05c9afae20d873c9c

SHA1
431df077fd9dd726817562a05ca9c4be4f2a5d5f

SHA256
60efa5b6a248b43b848b6a4c476a5f4a4f18d67e0e83f67deb05e2c0b6201003

SHA512
9afbe8b3350abcecb966e67944112ccf524cc194faf58a3afad0223141f580143de4f105dd219970790a72a7f4443f1649e368e818d34736e80ae55daf886211

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5a3d1dbb3a39be7bcb98f44200fa53a1

SHA1
958891bb309f5981f90485d21a48c024249abe03

SHA256
4d6fe0c0c838306425a14a337a462406f65b7458a36d660c1148ef93781e815d

SHA512
8d85fb5424bf68507c2f5dce644ecb9dbffcfd0e0564628fce55a893fca634000110c3ffb71e1a2551179b3c8dca587513cd2accc56fa537aaf3ad0b57ad5c93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
13KB

MD5
5a3d1dbb3a39be7bcb98f44200fa53a1

SHA1
958891bb309f5981f90485d21a48c024249abe03

SHA256
4d6fe0c0c838306425a14a337a462406f65b7458a36d660c1148ef93781e815d

SHA512
8d85fb5424bf68507c2f5dce644ecb9dbffcfd0e0564628fce55a893fca634000110c3ffb71e1a2551179b3c8dca587513cd2accc56fa537aaf3ad0b57ad5c93

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x
Filesize
4KB

MD5
b6873c6cbfc8482c7f0e2dcb77fb7f12

SHA1
844b14037e1f90973a04593785dc88dfca517673

SHA256
0a0cad82d9284ccc3c07de323b76ee2d1c0b328bd2ce59073ed5ac4eb7609bd1

SHA512
f3aa3d46d970db574113f40f489ff8a5f041606e79c4ab02301b283c66ff05732be4c5edc1cf4a851da9fbaaa2f296b97fc1135210966a0e2dfc3763398dfcaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x
Filesize
10KB

MD5
fc59b7d2eb1edbb9c8cb9eb08115a98e

SHA1
90a6479ce14f8548df54c434c0a524e25efd9d17

SHA256
a05b9be9dd87492f265094146e18d628744c6b09c0e7efaabf228a9f1091a279

SHA512
3392cfc0dbddb37932e76da5a49f4e010a49aaa863c882b85cccab676cd458cfc8f880d8a0e0dc7581175f447e6b0a002da1591ecd14756650bb74996eacd2b1

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\x.js
Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\z.zip
Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\MEMZ 3.0\z.zip
Filesize
7KB

MD5
cf0c19ef6909e5c1f10c8460ba9299d8

SHA1
875b575c124acfc1a4a21c1e05acb9690e50b880

SHA256
abb834ebd4b7d7f8ddf545976818f41b3cb51d2b895038a56457616d3a2c6776

SHA512
d930a022a373c283f35d103e277487c2034a0b0814913b8f6ec695b45e20528667aa830eeab58e4483d523bd6a755a16a5379095cb137db6c91909a545a19a2f

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
12KB

MD5
a7bcf7ea8e9f3f36ebfb85b823e39d91

SHA1
761168201520c199dba68add3a607922d8d4a86e

SHA256
3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

SHA512
89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
3KB

MD5
dd31c03747167a895e1c718b0c885b78

SHA1
058bb60ccb2cdcf381a1293e2fa0af884fc0b376

SHA256
a7bae6acb0969deb35705b31661dc64c96435cc7ca24fa30a185c55ca3aef66a

SHA512
93494bc11f9c961614ce9334a0aa4c9f5412df3b7400e7f6e34010475d95046102cc0b74231e51eeffabb9761b97fdc1688ba0f7c0ebbe106c33c87c735fdc71

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms
Filesize
8KB

MD5
4b2eae34b59ba1ddab680a1e624528ef

SHA1
05463b2bd6b193d7351b20d8464bac7205529ca9

SHA256
4f8826729b73873ad0ccc16f3a1ed2d6cf13db8be56e85a7f0f25b97a0467a85

SHA512
ce8fe7f9870cd0c6340220ed7c99144197931794339689a230b6b5b9df5a8a88d35c366ee9b0483429a3caa5105ce9951360ec5baf11b2ebfd2f9bf48f02673b

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_4696_SSRDZYTRKADCOQXV
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\crashpad_428_DQVKDBZWZODJRPPG
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit