d788a60643de9286d16d146828701e1014c8be8789afdf741d77b34a0d82c820

Resubmissions

06/05/2023, 17:11

230506-vqjtwaaa68 8

06/05/2023, 17:05

06/05/2023, 17:00

06/05/2023, 16:53

06/05/2023, 16:48

06/05/2023, 16:44

Analysis

max time kernel
172s
max time network
229s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
06/05/2023, 16:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Untitled design (1).png
Size

14KB
MD5

4873dc59b8d3cdfb355eb0f383f20fb8
SHA1

88f763d6fb7055eaa06603bd1822913ff3ea084e
SHA256

d788a60643de9286d16d146828701e1014c8be8789afdf741d77b34a0d82c820
SHA512

3584ce6b6336dfe80d60719e164761f2ac003ba885adcb3003806f71c9e4f621a472dc6f5f4db2a58fa9c37fbe620214c091c22f33d5cf7d4681e5a302bebf57
SSDEEP

384:Uod8JhGXN6N4XoXigB0Jb96+FdH3Rby7dbD:UJGXN6WYSgBO56UdHwP

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 8 IoCs

pid	Process
5772	MEMZ.exe
5944	MEMZ.exe
5036	MEMZ.exe
2636	MEMZ.exe
872	MEMZ.exe
4272	MEMZ.exe
5848	MEMZ.exe
5948	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\2cbf2601-ebff-41f5-a2d5-3e20aed7df34.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230506164918.pma	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133278653825606793"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
704	msedge.exe
704	msedge.exe
4856	msedge.exe
4856	msedge.exe
5692	identity_helper.exe
5692	identity_helper.exe
5448	chrome.exe
5448	chrome.exe
5036	MEMZ.exe
5036	MEMZ.exe
2636	MEMZ.exe
2636	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe
2636	MEMZ.exe
2636	MEMZ.exe
872	MEMZ.exe
872	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe
872	MEMZ.exe
872	MEMZ.exe
4272	MEMZ.exe
4272	MEMZ.exe
2636	MEMZ.exe
2636	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe
4272	MEMZ.exe
4272	MEMZ.exe
5848	MEMZ.exe
5848	MEMZ.exe
872	MEMZ.exe
872	MEMZ.exe
2636	MEMZ.exe
5036	MEMZ.exe
2636	MEMZ.exe
5036	MEMZ.exe
2636	MEMZ.exe
2636	MEMZ.exe
872	MEMZ.exe
872	MEMZ.exe
5848	MEMZ.exe
5848	MEMZ.exe
4272	MEMZ.exe
4272	MEMZ.exe
2636	MEMZ.exe
2636	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe
2636	MEMZ.exe
2636	MEMZ.exe
4272	MEMZ.exe
4272	MEMZ.exe
872	MEMZ.exe
872	MEMZ.exe
5848	MEMZ.exe
5848	MEMZ.exe
5036	MEMZ.exe
5036	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 24 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe
Token: SeShutdownPrivilege	5448	chrome.exe
Token: SeCreatePagefilePrivilege	5448	chrome.exe

Suspicious use of FindShellTrayWindow 37 IoCs

pid	Process
4856	msedge.exe
4856	msedge.exe
4856	msedge.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe
5448	chrome.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4856 wrote to memory of 2240	4856	msedge.exe	89
PID 4856 wrote to memory of 2240	4856	msedge.exe	89
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 3604	4856	msedge.exe	90
PID 4856 wrote to memory of 704	4856	msedge.exe	91
PID 4856 wrote to memory of 704	4856	msedge.exe	91
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92
PID 4856 wrote to memory of 3348	4856	msedge.exe	92

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Untitled design (1).png"
1⤵
PID:2884

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffc483746f8,0x7ffc48374708,0x7ffc48374718
  2⤵
  PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
  2⤵
  PID:3604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2976 /prefetch:8
  2⤵
  PID:3348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3736 /prefetch:1
  2⤵
  PID:4132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3748 /prefetch:1
  2⤵
  PID:2652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5296 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4168
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5352 /prefetch:1
  2⤵
  PID:4804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:372
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4112 /prefetch:1
  2⤵
  PID:5712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2060,10492574707236459303,12136486176124360997,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:5720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:5260
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff670fa5460,0x7ff670fa5470,0x7ff670fa5480
    3⤵
    PID:3996

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault9212bb9dh6d68h461ehb223h16282574b57d
1⤵
PID:5520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0x40,0x128,0x7ffc483746f8,0x7ffc48374708,0x7ffc48374718
  2⤵
  PID:5536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,5913144525617810619,1214396750596762841,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
  2⤵
  PID:5940

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc48029758,0x7ffc48029768,0x7ffc48029778
  2⤵
  PID:5888
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1804 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:2
  2⤵
  PID:1156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:5932
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2232 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:3992
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3240 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:5004
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3272 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4592 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:5684
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4752 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:4708
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4884 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:6020
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5048 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:5340
- C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:3804
- - C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x23c,0x240,0x244,0x218,0x248,0x7ff72aa27688,0x7ff72aa27698,0x7ff72aa276a8
    3⤵
    PID:5112
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:5028
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3860 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:5844
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=5404 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:3604
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3468 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:3192
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5644 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:1208
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=4916 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --mojo-platform-channel-handle=4532 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=18 --mojo-platform-channel-handle=6148 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=19 --mojo-platform-channel-handle=5348 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:6096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=20 --mojo-platform-channel-handle=6188 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:3340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=21 --mojo-platform-channel-handle=5088 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:1
  2⤵
  PID:2596
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6160 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:5840
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4532 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:5756
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1636 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:3668
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6168 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:4616
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6156 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2316 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:8
  2⤵
  PID:1948
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5888 --field-trial-handle=1808,i,11251330379140833783,17706353831209038720,131072 /prefetch:2
  2⤵
  PID:5940

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:6028

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5280

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
PID:5772
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:4480
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:4388
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:460
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:6024
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:5976
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  PID:6036
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4264

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Checks computer location settings
- Executes dropped EXE
PID:5944
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5036
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:872
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:4272
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  PID:5848
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Writes to the Master Boot Record (MBR)
  PID:5948
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:3816

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000009

Filesize
303KB

MD5
02db9592838013ec45865d0fd083855b

SHA1
8d7fad06df7235bc84c662099574b3355eb4b206

SHA256
bdbef33800084e20a685246873b399ac993303a6638c6b2cd1993a017710a45f

SHA512
3791fce201d9df4c2ec16ac0f2f233a082e3fde256dd0c8a3659113c69d3ae293c48741ea04b1c5ac82a4ebe3663bfff2198fac0d3333f8baa0db58157a99938

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
74KB

MD5
7d54536d73085b1dbee8446043709545

SHA1
c87ad44010d77a4ecb7b08ef7e8717f25a4935d4

SHA256
b2e18ad9b60d27e9500f5a48f1d07f69411f0fb3b03a866e7af9fbd45529103a

SHA512
b613cc62084768b54cd93620d57a1e75a5668f505ae1f17059bc69b067e42ee1acac4ae9f8cdc4579aee65587d90d05d06f0c1b47e641a5a22adb83b909a55ae

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000c

Filesize
65KB

MD5
076e8bef1b06c261610aa35aae1d01fa

SHA1
51f02f27b6a9d827bc04497a317e5942930f5ba4

SHA256
40346a6a96b5370e0142b2261746d328a04ca16fa73a223ea521215ec792ff68

SHA512
e42477f5f80b39759615d66b3b59420560c1f08399263884c61844021b2d1a407c571a67742c399d73958f79f7b4776ad1592b0c58fe139427f1f197c8769bee

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
37KB

MD5
519005befdbc6eedc73862996b59a9f7

SHA1
e9bad4dc75c55f583747dbc4abd80a95d5796528

SHA256
603abe3532b1cc1eb1c3da44f3679804dd463d07d4430d55c630aba986b17c44

SHA512
b210b12a78c6134d66b14f46f924ebc95328c10f92bfed22a361b2554eca21ee7892f7d9718ae7415074d753026682903beba2bd40b35a4eeb60bf186dcdf589

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000012

Filesize
56KB

MD5
694cab1993900ba45b4992bbb6cc1360

SHA1
7d1b9ab11bf714387cfa05957289281d6df9ee9c

SHA256
a571b15bb1df3056c7b5cb196d02a3ca4f6a2f93ef596f45af3a3fccea57c7f9

SHA512
f6732cca20df53b16710d7516ae2d5404a8c8c94911b2907e65f77e89544cc88253bd60f4a810791e3823990749e8ca4bf51443fdffe85369f243e8faa38133f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000014

Filesize
422KB

MD5
b5fec56c142a9e8dc9daeeb3e7f33af4

SHA1
a083aa5f90920339bb4cd7cc8276765f2c5efe93

SHA256
4adfd10badc71885375cd96a74325edc9cef34b269d714053daff61b43259431

SHA512
c57263b6c999beb5ad801524f7043bbf243614bd8ecabad58f0584c3ab7e8910a3cb63b750d51922f050cd01db04b5f51874e30313f6cbab3d69adf0d37bfab5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000015

Filesize
47KB

MD5
b76305a3195a2b17053c2e38a8d957d3

SHA1
16dac0d2ba3f6f8c2056a09dd76298c75d093c24

SHA256
913f002e9c004a2a8ab88454ca408d76d15346c544593d6883b5dcf24c4aafc4

SHA512
a8153834112da8164b9d7f0f2dea038ca160cbe17769db34b1ea7527729e87ca82da0ad95290a2d44f95d020e6f57c6d1632c4aa85f4146243ef355d3727da47

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000016

Filesize
94KB

MD5
cb14850cb55c526c98b86ade61bd576c

SHA1
ed90b51fe1e7b2882260a79cab5c1138b8280173

SHA256
e712e3b092e7b329a9df6bbe4f4ee10aba99fe35db4e9365cebe365d95ff7479

SHA512
d39a0dea9beabf7829c5e3e7ace5d6c64b9d3e82bf9d5fa70b674cfa1f9f577a7c3c5c5e756d7fc588f087a39e52177317ccef94176014309f4b2ac47b61af5b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000017

Filesize
728KB

MD5
0469f93b1c77d69a83af62e14dff48c1

SHA1
c369643b6cd35f7075c6ad64368a6ea76906ac2a

SHA256
07d58cb5f6dc944bc893ee7d3c0832b930fb56674575d2574781260f8142fa6e

SHA512
4742680ff0bca44a41f7e64e336402f1e508318d6d5f2256e8581e46aa9ec95c64bbad9acadfddaf4703baead69166ab19be346d5e1e50da14c1e5b011173c35

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000018

Filesize
32KB

MD5
6623147e3400c2c5f18507216679973e

SHA1
48d117319ac326595ee527a2f171167db402698d

SHA256
e3abe48686cc19ad5584bf4b0321d1acf288d6393711c8b726ec94b52075b144

SHA512
31c68606d9836926d92a3af99176f56ec918907124afe4e7c00d35095053342afed9fe0543bd4ae2782e82e9db315d0aa3d2fedf52255a4dde23b4eef1c611b4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00002d

Filesize
29KB

MD5
98107abd60dc23e47e68b3a918a6c20c

SHA1
de62e58d15f6006fd6041109796694f30235faa5

SHA256
2ae28377e9f51ff7493135b563e15984c2b2d0e54bb347b6ebdd70cb507758bb

SHA512
9cd7d7f8ec818fcc89513f85a556bf5cdaae9e26912adf91c33852e25c42ad72fd1db89b7e177ad38c458c93f1e1503db3ad3cf2117818249a6c2ef586ab078c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000031

Filesize
24KB

MD5
ba90fadf28ef582d0bc53b315a0076bc

SHA1
fa139efb523dc6ccd88b66cda7cb89f54e3bfaf2

SHA256
ab7dcac2ba660424378b368af69983666f96243b8de6466565739386f8febfdc

SHA512
6085c58e4a6662a3d50f2193aec350ff3af4c6c4e3a1cc8a24743cad25a3e46e8264c59ed1e824bc2bf062792e385fd092b3f5e29656c49ed475b490e6af7f95

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
81cdfe0d38aa7c126816a575e30e244f

SHA1
876dd6332c2f962bffb2c1e7e02e5b80305b5ea2

SHA256
1141495b173b5cf206eb880c4c89b8a484c74d2ca484cf1bf03284e6beb6f104

SHA512
0ae9cbbb3881c82d0b7a153acf2c98646b54bb5e113eff6f57b45697943f0c8d3d6250f1899862aae90cbe8d8d6376ab9dc4732e5c827bfe32a1372805ed5ae1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\MANIFEST-000001

Filesize
23B

MD5
3fd11ff447c1ee23538dc4d9724427a3

SHA1
1335e6f71cc4e3cf7025233523b4760f8893e9c9

SHA256
720a78803b84cbcc8eb204d5cf8ea6ee2f693be0ab2124ddf2b81455de02a3ed

SHA512
10a3bd3813014eb6f8c2993182e1fa382d745372f8921519e1d25f70d76f08640e84cb8d0b554ccd329a6b4e6de6872328650fefa91f98c3c0cfc204899ee824

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
7KB

MD5
9dbd123edb2e5aa2ad21e66521eaabcf

SHA1
e1886c2acde3dacd6365f08df85743062eb5bb2a

SHA256
4f90b2be43a5f8defa5dd993221df3bf99cce794e27d421ac9be6be2e44ab026

SHA512
fcd1a1fcb413aa73324e164466bf748857a6ca157f959aacff15a4f8c1dd4c71f66c98c72dea1dcd44a8722cf52f72604c5c1dede407625a6c47e4d564c3fe6f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
539B

MD5
e538fe5fdf39eeb0048665c4cfc83eaa

SHA1
48213d27a979cccf8f2807f52351d002ff90605e

SHA256
2311513a1bc3b81bec7482c670667a11d3cbe2a938825f1562bdbdbce4a65019

SHA512
92458b550f5064ed3914b05cabe2e6daafceadc6fd23053df9c46e0b1f83f374c12c6fc6540ece5b5fa9ae0b58c7fec3342c873a72e44fcc93cafa607d622f5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
c8dcfce18e71ce977bfe86f883278543

SHA1
b5a19d4e5162c5ea241ba18a8fe17ffefee9d625

SHA256
16d347e6bbe6fb140051d11c7f1eb167ec7b526c32606ed1e50e7bd285cbb327

SHA512
f7bd6d1d2ab7a306e019441ae2231c8c7a929962c5ef2abe3f6d98af3e96cc6f3f199f2a6db3de8fed920275a7677f45d901f5c6f245b64526a7207f282e2552

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
2KB

MD5
694b01a715edd7b2480183e3b70987bc

SHA1
59c6e4ecc74f9d97182d05958c803dc68a7002c5

SHA256
e06806d23b551e05cb3da867e61c48f0daade7a9a98dba36661206b82c6b30d3

SHA512
77aaea983b119f626c7084223ba31792f9a6b133d27366b7fd0c127b243b5f55837ffe00f5d017c693113fd11b0d36e94c2dda188f1db3075dc03e79688cb2cf

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
d64e7c10dc8ea36edb49c6843330d8fc

SHA1
c957fa17eee9da9d010f5248fe2fc6b43d2eceb1

SHA256
c75e098b16ef16f03b00f78c10cbee676f8b1bce511ce88ae383a266a7d6a596

SHA512
93636927b0b1f4c3eeaad9562fbba666eb1bdfdfc9666ab4eca8bc2123f2755aaa08d9fb8860f5bc6a45a401b2d0c446ad023f077fbcc6a34b3792e67f0f93b7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3d0a335d2f6041ca616b9b3b460238dd

SHA1
b37ff6e8bd58f5bad3b91bd174598ba8654cc8f2

SHA256
cbfb9c34d3d4cbddfe2df7571b58f850de90923fea64f348ee963b30b006f526

SHA512
28cccee292f134c5dc109758a218cef2ad3b37eef8838bdf473ab0315feff94f1ffd0185021e1ed64a38ba11da96fe92a7308ecb88a8f50f09d2ff147958e32b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
10891f4dbebf222a7c69d134b20ac6b5

SHA1
5dcc18637dae1b8d284c9903cc639b6e85f51421

SHA256
70b34448f83c8f17258061bfdf0ba78d5af8a329f9b98f5c7b79117e73dd9f8f

SHA512
8139401b50ffa04355c0ec8dd443d64b43e1ee3743c179a6be1123beeb8c043a76ada53ac9a7c4748cd34c4c41fa7632983c73620e300a52af16a51dfdc1009b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
c3b472fe1be90baea62e6f28531d5423

SHA1
5b09288a4bd626b335f33ff2ca811ba8cf412510

SHA256
f8df697a82bc0170f4a674a4b744892ffefb6e6a06afac03997dbea8deafc7cd

SHA512
4b0cb7c4bcfbb8d701bde10a57f0fa4856ce371d42299dcffb0a20a421d0426014c909d032906cacbf9332fe56d91ad1d7b6b556ca9012f6ac89ca0ab26920ec

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
e6a85f68098e835c212c5cc0aba73c8a

SHA1
52cf775c029a58db68f46f3cb3943553f0fc3e17

SHA256
87b24eaa2354654ec53a26a8148f79bfed55f81547545f665375dbdccc168ba5

SHA512
99b03e07cb08778e0fb6acb7e8c71d5e6dac38302bd3aba736ad38163a34a4efaafced37a1038a85faf858143d29858c3d0152875f3d19aaef614d96b6b9248b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
df8c3b917ed6447efe87a1f0850f56c0

SHA1
f05e5700b3f406d1cf585fb2e8e6fb2ef8c97bb6

SHA256
d2da852c415861689272ed91103f261ed74b3d5d5281c6e9f332d0b78f885827

SHA512
ff803e6c4d0ee752c0ed7c45ede9bbb6975fd7a325ee0f3ed6d7ec5c493c2d5a475040ff469a53c58831569067b223f6e44e31803e2fd217e641e20a411297c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
120B

MD5
d62416f55eca54d66aff417c513de773

SHA1
8e800877e7a193597a6b09620069ed45b35c29b0

SHA256
77d73fec7d6a0e0ab1e9b4448d187dc52847bdf58a376beffd59f5f9609c3285

SHA512
c4f60ea0673de5dce03d37e1fd3a4a7595144d84f4af74e9ce21e9ebe2f7f5c8ce1b992fc91b66aee6ffbd61cbb94d5fec49bf1c0b2885fab27020d68d023cfe

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b6dc.TMP

Filesize
120B

MD5
3e758816be0cb744beca8338a05be428

SHA1
e5a2976bcf2e47ad6678a5375baacaeca0e8082f

SHA256
955e49edb776c50426d798eb087f305f59c7a2218cfa8f231201641514598cec

SHA512
347267e0035d5285c856ca42383cbaff22c64531a05cd17d790e5e4aabc4b3d1fc3d8f5d94896b5ed4bd8ea1a3d75de5e2560bfd0c4e88bc0c68f57ad6041bc9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
149KB

MD5
de345ef7812979e29c291b48d74e15d7

SHA1
20a9e66be6ddf6c3923ee15191028e9a9e178723

SHA256
9118d3cedfaaf10c0dee11af14bd5b5bfc60e9ac57747054cba0b001f81b7417

SHA512
7078dec4b4f9195c9d312b7deec79400c32d807781a4ce2ea45ee2c9a1627ce89cb32842d704eae7912d54fe4436cec38a091d1761d47398f50f05c3220ddde3

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
109KB

MD5
8d6dbc800889fb6b4386cabb79f6f03d

SHA1
3c2b5455eba606c21f85a85157a9574127c0c81f

SHA256
4b0c638337d544f065aafed60c685e42aa2178456446f82e77a7bfc2a622369d

SHA512
76cbcf7d292b326447b9d9f45ad0c249f466c8525cb462d0cec136fb466f0abff963ab395708c1273e41df7f4019802e3ef889c765c68bce5cef907fc183be55

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe5881ae.TMP

Filesize
103KB

MD5
974de481467942d8464c607d0e6276fa

SHA1
6615b855067f6c2407bdaa229da395d2368854db

SHA256
3cddaec04a598d7d0e96ec6b3dffee7faae8b1f7b0eb1953a28c1c9b3940882c

SHA512
144fe0f8ebd3ee346bf1d83a8c618c7882fda5127d4f02b335d588e40c6e80308afa337ae9f5da141ae893b7245b04afccb922beb6ab851c4cbef61e0f63cad7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
462f3c1360a4b5e319363930bc4806f6

SHA1
9ba5e43d833c284b89519423f6b6dab5a859a8d0

SHA256
fec64069c72a8d223ed89a816501b3950f5e4f5dd88f289a923c5f961d259f85

SHA512
5584ef75dfb8a1907c071a194fa78f56d10d1555948dffb8afcacaaa2645fd9d842a923437d0e94fad1d1919dcef5b25bf065863405c8d2a28216df27c87a417

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d2642245b1e4572ba7d7cd13a0675bb8

SHA1
96456510884685146d3fa2e19202fd2035d64833

SHA256
3763676934b31fe2e3078256adb25b01fdf899db6616b6b41dff3062b68e20a1

SHA512
99e35f5eefc1e654ecfcf0493ccc02475ca679d3527293f35c3adea66879e21575ab037bec77775915ec42ac53e30416c3928bc3c57910ce02f3addd880392e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e068076538743d62dbebbbf7d7e2499

SHA1
12c776b76f9aafee6e1e3acb8f17c397d92dea92

SHA256
f14a4d84df6dc971f79343a4beab6944f2e84c1b86f02ed3ef3b92fd201c0e71

SHA512
f59481e8381089246c347229e95046a80d546bcfcd7f47e8dda630aad363265516b5ed006f4fc7d2d1a7bae3ff4f8cae5f081396f791c8a3b5c073ac3d3b6526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e068076538743d62dbebbbf7d7e2499

SHA1
12c776b76f9aafee6e1e3acb8f17c397d92dea92

SHA256
f14a4d84df6dc971f79343a4beab6944f2e84c1b86f02ed3ef3b92fd201c0e71

SHA512
f59481e8381089246c347229e95046a80d546bcfcd7f47e8dda630aad363265516b5ed006f4fc7d2d1a7bae3ff4f8cae5f081396f791c8a3b5c073ac3d3b6526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb17d6d114d03ac2c811654defaa97a0

SHA1
656de5d80f1d889ba1c4f7bb968c94b426f08576

SHA256
7f0262e3032aac35747818fa5a4fd12e1516199c5bbc71573b12cdbb0e153385

SHA512
188b6f8ac827b934ad1d07a294708a100273dc6ff5fbef263375e4bc1cb2fb33dca8089a6da2885eac46154078669716c3181f6d215de4742b3555d8dcd50d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cb17d6d114d03ac2c811654defaa97a0

SHA1
656de5d80f1d889ba1c4f7bb968c94b426f08576

SHA256
7f0262e3032aac35747818fa5a4fd12e1516199c5bbc71573b12cdbb0e153385

SHA512
188b6f8ac827b934ad1d07a294708a100273dc6ff5fbef263375e4bc1cb2fb33dca8089a6da2885eac46154078669716c3181f6d215de4742b3555d8dcd50d35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
a42338ee0b2a458404577fd606d57ee0

SHA1
f3849c026d6ca410e111715498d22fa1eeeb9c7b

SHA256
3331cb73caedf85b5d45b5e1c2056f81a562923eaf212592a0d017b9bb6431c6

SHA512
1273fbd4684ec5cf40b99edff0e02ff359af5dcfed4bc143be68e9c4041f3b183f2b68fa6469c4a1a6747b605e23494ea51fdec4ff14304b6c90b60ac08633ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
9af900b5632a493d63ad06fb8a50c58b

SHA1
90704e24f268ab4a06c46c283ce9e165a243754d

SHA256
f7d1738ef16d6979130da0b7ed18228afaa0a2c1f3bd62974f368903c658844c

SHA512
c5125b0011687e6ca1f62d84a205a29b9988f872cee1887b2f640b19293acc46f77351bdfb286634d00e52fb0336f5962f6afb9fcc623a19be185329a8dd878f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
bdb720b7d2c26c05161cd1acc15a3491

SHA1
bf47f8dac6543e47f22219cb51081e3c892cfc39

SHA256
779ce9e0a041015db7aad004505e21a4ebce0ab13e682bd0de2df42794a8416a

SHA512
65214719246c26648d51fb49fcec9b210b2d95deb3f52345724ec746fb9356becc23d6cb6fa7ea35d61ecd0436a549aff046e9f50a6ab862ffb7d9eaa2bab1c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
5b3f6996964ab1438df2ce3e3a7c1791

SHA1
e7645c522e513e37b3311d56ced085c9706e17f7

SHA256
3aa68aa981fc57bd161374bc99ab20e9d43f04a68c5fd86407942cce997534e2

SHA512
e4fac7a86d4d06784c46c8e0240f66dff74a6513b2e819f7e0e172a72f03319d49345517bd7dc28f6fe1e88a714c910f869fc596dff1f9d5461ebe8fad2f7668

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
459B

MD5
b9e670825b0b2a35cf808c4cc5b11cb7

SHA1
34efb40c4f0a5d6a26003ae70dc50400e3b01f1c

SHA256
eac1900317e9008a2b8e1223f227d91c5f7cc9ba62b62f9a14b248a49020fc8b

SHA512
1f008246d7ac2374740b60b5643f84aa40ccbb3533314fdbec91842fd2fad174fdbc6185ef3658c7cbc779da0643f8162e624d331c853e07cd53a0e41f0f1238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
adc8f7e5677681d00630604c614af9bf

SHA1
d12723d09f2036a6b7a6ebf2963df4b13fded386

SHA256
779f09e89376c962e6f9107bd432c0c983b66e0706e83a47607e72d0b55c4241

SHA512
0ef7e545efe08d8b7698aa7311226c748f78edf0220ea2dd038e3a61091ede120b46ee12123eff90660a9da3c25c91f256a7f27ffc4165664cd4e2b768a7692b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0677e342b60a8f6f8efe74fa8f0f5d83

SHA1
0959a8d8e847882c8f873bc14f44e6ffa5a3c4bd

SHA256
d6ba9ceab8f14b1453955abde8ec2d4839c4bf71a0d0f8349ccc075021e1fa4f

SHA512
63fde15a02582996058690d45ac5134e67cf94140f8153d88af1895af6e5226791f907aa2b040ca63433458d31a088890fc07321f0b02a3701481a47c2e72777

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dd627b431f0049f886cd80cee782e626

SHA1
9c5acc217023389b3972dfd54becceb8c572d677

SHA256
a28d8c63e2617e3b7801a93eb570a73c8a4b34bb3854f097988938bf3fcd9611

SHA512
c55dfbca825a954f12ff6f9280fec07845b7c524f995ca1e7b0e3a85e4f6c4e0103f8768d4d1469aab4a442626f83b12b49a0426c256c065530466440ac1bf4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
db6b66f19f0e2a45e9a5e490e4211cf6

SHA1
b3762f84dc25d7ca96465162b4065ee6dcb375af

SHA256
acaf980dc8e3bcd16bee356571ce8cbbb9c4c14da777cc233ac0fd6629470365

SHA512
e25a681defa529e6e7128c075d0b84267627e076ac85c7b3691900e7f96fbc9522c82501fdea6164e17f3e25bd8817fecb790bac8d6ba7addf58a54642f5469d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
130644a5f79b27202a13879460f2c31a

SHA1
29e213847a017531e849139c7449bce6b39cb2fa

SHA256
1306a93179e1eaf354d9daa6043ae8ffb37b76a1d1396e7b8df671485582bcd1

SHA512
fbc8606bf988cf0a6dea28c16d4394c9b1e47f6b68256132b5c85caf1ec7b516c0e3d33034db275adf267d5a84af2854f50bd38a9ed5e86eb392144c63252e01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
69b72d0a4a2f9cbec95b3201ca02ae2f

SHA1
fcc44ae63c9b0280a10408551a41843f8de72b21

SHA256
996c85ab362c1d17a2a6992e03fdc8a0c0372f81f8fad93970823519973c7b9c

SHA512
08d70d28f1e8d9e539a2c0fbac667a8447ea85ea7b08679139abbbbb1b6250d944468b128ed6b386782f41ca03020e3a82491acb1fe101b09635d606b1a298be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
e5275c277f9228e05e1bb0dd845b923b

SHA1
d360512012b38000d579d0c6c773b5fe258d43ca

SHA256
5c87b3c33cb4e354e4380fb0944055fa4d19ba43d6f7d64f71371b676c24b76d

SHA512
8cec31f1d0c10b3139ee1e9bd4cd3d859f235704b414cdb608c15a6554f10887684c7d3d0ee7c38691aa49a9c60923a502759edfffe35f59b40c7504d6b8e091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
e5275c277f9228e05e1bb0dd845b923b

SHA1
d360512012b38000d579d0c6c773b5fe258d43ca

SHA256
5c87b3c33cb4e354e4380fb0944055fa4d19ba43d6f7d64f71371b676c24b76d

SHA512
8cec31f1d0c10b3139ee1e9bd4cd3d859f235704b414cdb608c15a6554f10887684c7d3d0ee7c38691aa49a9c60923a502759edfffe35f59b40c7504d6b8e091

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7feb2d5a5ac43fabffda78381f599706

SHA1
f3cc96308d2cef20ec8c814586e00051ddce0155

SHA256
b6840b9ad0bb7540dd0d46ca7a381c405fa9424be5c4d342d9ad6842b3f858d6

SHA512
09361c8e9846e077431243e90f96f27b5b180677aec7e976d1741419fc9debbca6263bc260237e01e285d8a72dad40110278b77114dd1aa91775fa86907fa0d1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
68ecd5972f4f8adcd102d849af6851a7

SHA1
1d27ad3a0d9c8ef7a1da6791d2df731924ac89d8

SHA256
3df0686b4154327cbcd76f370980de37fb776a9ff1ef38f92b819ebc8df80ed4

SHA512
c2859b34b2d7e7babd52d5fd123dc089ec0f4bbdebca1f6e93add4a43767de6bf414ea42064c56b2c8be19c8c472ced102e46c80aee060b267ba189912bda176

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
9689c6cd158718b21b8f4887f7f7d34c

SHA1
38568d184c6c3cee45a812786486763881d89434

SHA256
e89818e54341862319b771121e6402797dc44e78646a63a96f652fa52ef76589

SHA512
ac0974092f28fa687b3b050059844f532853723ae384791b73ba7a346277a4ce7c56fb1ee9afb885a2ada801647d8319a5f29e22b6b5ecc80db35528c6a2eba9

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
cc3d0e98f998104289df2d02e1f0b125

SHA1
e5ba80a64418a978b622e8162743dd7e5afa127e

SHA256
ddaaa4f8ffc5c1885e65e146ed7573604994ff0dda240bc216cb683479d1c1b3

SHA512
e6e312723757ddba7dab127f66295b99bf4006f2a906253a736ce3fe0701b55908061ade5a85296f1d7c6c3e70e48f9ea7793799e96742e281111ba2c1c7632f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
e7516dc89187c548b7033b2feddf75fd

SHA1
443d205113d60b6b19645b133bfabd10ccdcb9bd

SHA256
7618d0ba5675f2014ae8354b00ae715955ad91c1536869a41235bb7adfeda53f

SHA512
7ac9f2838438be0712cf2e8d1e637e98131e250428b8080665f8e8885cf05355fd241a40a491240b5197c9138fc3e54b581283d2c021c1536d3854347b00c587

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit