hxxps://github[.]com/cryptwareapps/Malware-Database/blob/main/Malware/Trojan/MEMZ[.]exe

Resubmissions

01/06/2023, 10:02

230601-l23axsea9s 8

01/06/2023, 10:02

230601-l2xqfaea8z 1

01/06/2023, 10:00

230601-l1xdaadf35 1

01/06/2023, 09:57

230601-ly19fsdf23 8

Analysis

max time kernel
150s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
01/06/2023, 09:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/cryptwareapps/Malware-Database/blob/main/Malware/Trojan/MEMZ.exe

Score

8^/10

bootkit persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 7 IoCs

pid	Process
3876	MEMZ.exe
4668	MEMZ.exe
2172	MEMZ.exe
2484	MEMZ.exe
3700	MEMZ.exe
3140	MEMZ.exe
2216	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1067

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230601115801.pma	setup.exe
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\21ba8d58-fa08-435e-a6bc-24460373af44.tmp	setup.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Program crash 1 IoCs

pid	pid_target	Process	procid_target
5384	5440	WerFault.exe	138

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 555932.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 530797.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
3364	powershell.exe
3364	powershell.exe
1524	msedge.exe
1524	msedge.exe
4028	msedge.exe
4028	msedge.exe
5248	identity_helper.exe
5248	identity_helper.exe
2112	msedge.exe
2112	msedge.exe
4668	MEMZ.exe
4668	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
3140	MEMZ.exe
3140	MEMZ.exe
3700	MEMZ.exe
2484	MEMZ.exe
2484	MEMZ.exe
3700	MEMZ.exe
4668	MEMZ.exe
4668	MEMZ.exe
3140	MEMZ.exe
3140	MEMZ.exe
2172	MEMZ.exe
3700	MEMZ.exe
3700	MEMZ.exe
2172	MEMZ.exe
4668	MEMZ.exe
4668	MEMZ.exe
2484	MEMZ.exe
2484	MEMZ.exe
3140	MEMZ.exe
3140	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
3700	MEMZ.exe
3700	MEMZ.exe
4668	MEMZ.exe
4668	MEMZ.exe
2484	MEMZ.exe
2484	MEMZ.exe
3140	MEMZ.exe
3140	MEMZ.exe
3700	MEMZ.exe
3700	MEMZ.exe
3140	MEMZ.exe
3140	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe
2484	MEMZ.exe
2484	MEMZ.exe
4668	MEMZ.exe
4668	MEMZ.exe
3700	MEMZ.exe
3700	MEMZ.exe
2484	MEMZ.exe
4668	MEMZ.exe
2484	MEMZ.exe
4668	MEMZ.exe
2172	MEMZ.exe
2172	MEMZ.exe

Suspicious behavior: LoadsDriver 6 IoCs

pid	Process
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
4	Process not Found
668	Process not Found

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	3364	powershell.exe
Token: SeDebugPrivilege	1632	taskmgr.exe
Token: SeSystemProfilePrivilege	1632	taskmgr.exe
Token: SeCreateGlobalPrivilege	1632	taskmgr.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
4028	msedge.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
5488	msedge.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe
1632	taskmgr.exe

Suspicious use of SetWindowsHookEx 7 IoCs

pid	Process
3876	MEMZ.exe
4668	MEMZ.exe
2172	MEMZ.exe
2484	MEMZ.exe
3700	MEMZ.exe
3140	MEMZ.exe
2216	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4028 wrote to memory of 1492	4028	msedge.exe	85
PID 4028 wrote to memory of 1492	4028	msedge.exe	85
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1696	4028	msedge.exe	86
PID 4028 wrote to memory of 1524	4028	msedge.exe	87
PID 4028 wrote to memory of 1524	4028	msedge.exe	87
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88
PID 4028 wrote to memory of 5100	4028	msedge.exe	88

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://github.com/cryptwareapps/Malware-Database/blob/main/Malware/Trojan/MEMZ.exe
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://github.com/cryptwareapps/Malware-Database/blob/main/Malware/Trojan/MEMZ.exe
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffd449b46f8,0x7ffd449b4708,0x7ffd449b4718
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2172 /prefetch:2
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
  2⤵
  PID:1500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:1912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  PID:1208
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:1484
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff75fde5460,0x7ff75fde5470,0x7ff75fde5480
    3⤵
    PID:3460
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5820 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5696 /prefetch:1
  2⤵
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:1
  2⤵
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
  2⤵
  PID:5456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6148 /prefetch:8
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:2920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6720 /prefetch:8
  2⤵
  PID:5460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2100,14449103038096329029,15097066665172226076,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6512 /prefetch:8
  2⤵
  PID:3548
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:3876
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:4668
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2484
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3700
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:2172
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of SetWindowsHookEx
    PID:3140
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of SetWindowsHookEx
    PID:2216
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      PID:2596
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=dank+memz
      4⤵
      Enumerates system info in registry
      Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
      Suspicious use of FindShellTrayWindow
      Suspicious use of SendNotifyMessage
      PID:5488
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffd449b46f8,0x7ffd449b4708,0x7ffd449b4718
        5⤵
        
        PID:5524
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
        5⤵
        
        PID:4884
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
        5⤵
        
        PID:3908
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2948 /prefetch:8
        5⤵
        
        PID:1476
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
        5⤵
        
        PID:3368
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
        5⤵
        
        PID:2096
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3792 /prefetch:1
        5⤵
        
        PID:4788
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2116 /prefetch:1
        5⤵
        
        PID:3040
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
        5⤵
        
        PID:3048
    - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5244 /prefetch:8
        5⤵
        
        PID:5600
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
        5⤵
        
        PID:5964
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,6332262426061502878,16757667681159382881,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
        5⤵
        
        PID:1284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
      4⤵
      PID:1824
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffd449b46f8,0x7ffd449b4708,0x7ffd449b4718
        5⤵
        
        PID:6104

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4348

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:388

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -pss -s 452 -p 5440 -ip 5440
1⤵
PID:2748

C:\Windows\system32\WerFault.exe
C:\Windows\system32\WerFault.exe -u -p 5440 -s 2936
1⤵
- Program crash
PID:5384

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1632

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5936

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8e271c67ff538473dc52a7b4c317949

SHA1
f7102c55539b556858612511ef996e755990c8a7

SHA256
9c133629c40a07c76d34c17c3f82fd1304c0c88d2533a39357a1bc3b1a032c5f

SHA512
fb5a86c817bf03583ee4bcc9cdc6e6542ff4a2b016697177f62690651c51b5c3c7393fb14a570bb580f0c374bf3b1525173184b2c86504b9a78bc81ce6888c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e8e271c67ff538473dc52a7b4c317949

SHA1
f7102c55539b556858612511ef996e755990c8a7

SHA256
9c133629c40a07c76d34c17c3f82fd1304c0c88d2533a39357a1bc3b1a032c5f

SHA512
fb5a86c817bf03583ee4bcc9cdc6e6542ff4a2b016697177f62690651c51b5c3c7393fb14a570bb580f0c374bf3b1525173184b2c86504b9a78bc81ce6888c83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5193696cbd1d09f29016dd6e0a3d03f

SHA1
889f09b1e02046d5209a79ded17729b39c67be10

SHA256
6b57fbcc0637f0ec0b9bc0d5d6e2255cc37618d562043f7d0118fc951ea89e6f

SHA512
71f689f6b38edef8fbf08b61c405b814e0bb839ef83c3fa97e4dc60d197d57024156b0c6cf205205cc74afce790a4f6d4176989b3b4aeaa2c17e325b4a704adc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
162KB

MD5
44ec03cb3248c903b67751ea27df310a

SHA1
c57e9cf90caf30457e9d57db750b8a0eb8856770

SHA256
d4de4a836d11828dd561db1eb8d7fd48a7e0ce9afd8645e2eabb19a1267b6894

SHA512
657e8958d97eab524224bbd8903e0bd7d0c2640805f77da7546060164fe03f7b6ece99a005ef44e41b7233a2e24ffc63430b2fe3c87f61a1b26e0d7c7e52c365

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
369b9e0fe3ce318a0829111ec789d2e3

SHA1
bf37a3a32a6d4db783a8a3994a2a4847a9c2b791

SHA256
cd81d5a225e82d3c8341a3b61be1285ba8f41066e2b49aa1cdedb28add64765a

SHA512
cda33b55a41e285ebc381ae251fbfdd3081ade2bf9a9bd6f84a537e9da27da31735be9bd2d957987cd6d41f861ee21130bfa39d21386397d86ff6c57d35852e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1008B

MD5
3ded9c1ac22828ea2006e9d051143a5d

SHA1
8dcb83c63b9e5b4610f0db1e049dbb09ffafc1d9

SHA256
d3bcfe984ec11bc7be1e79a75df5a55a8a859a7f8506344404749276468ddb9d

SHA512
7b6bde757b4c71a3932dfb2aabce88f83b31e0a0b7886654e5dff8dd61edebdd6478324a5ecb061da524a1e046f048e556b5ffddf2cdf5886eb59186118cfb59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
0e332218022192a4e3c3b1112f53f86b

SHA1
8d1c991e68e480fa182b58d5efc2dab3d4951a53

SHA256
1221d20e5213df591af2ddb612bd4abf7fbe467c695115f5bdbefb16f734ce65

SHA512
6d1afd1a114becdb5a66ddddde2245dbc0eae8debe26569046bb76cf6051b846e873fa8ca84d172ff56fcd1c8cd8b974c936d2a309397ffe5b41d7c7788413df

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe56eb30.TMP

Filesize
48B

MD5
5b478b3d159cca8105d220ab1b47abf9

SHA1
5297bf03d46fce8258bf11b5ab52be339aee69c1

SHA256
fc494364090caa34b1f5a889aa8c19580ee2474f1ac59a73e7a54dbfebce6f1d

SHA512
c1546597b1e0121bfccae649c2bf2a25d587fa45a394ef1b817f108a635f0fb04d6e8947f8021282240c8940f8ce64ad2e321a05ca8585713a3a63cf352b4556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
cee1d66cef920623538c207fdbc0efb8

SHA1
3221cef040a5f357d5163d2777f71b58ace08ed9

SHA256
af96acb91660a89053a097069a7a8feb2a37af530a721a741cf5163560f430eb

SHA512
6f24386c71225ab759b284019bb084d8814ec3cbdee8935d5068495cfa6d1972fbeeb29a412b22ffda65745f568aa58a8bef278e9a3b6b618f8a6a54bfe0635f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
5f64506687b0fc48ec933ab2283d7831

SHA1
4a24af38d5fab4385328e8c081ff732b4f04d139

SHA256
6d57b561ae65725eda72e9444f5075c963c3e803719cb5299652861b5fc2d84b

SHA512
d708fbf3579bc76dd11ac2437809821334de47ce0f4b6851f17d085abcc7846dd2cab6eaba5228eeec925334918939e1eb26663fc973600e87bc099fcf20f899

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Login Data

Filesize
48KB

MD5
88b66a34830af669f10ef2f09b61b1b4

SHA1
236b91e13c5db986a9947099cc9681f2e0e7c6dd

SHA256
98f0400cb3fcf6fa680ccd39c6b2bea4da5e24552b904ddf0d8b17bfdd5b0884

SHA512
54b3c266f2c910d311609a0af7c780c7ecccfd1c132207fd5b17c758f1d47fb2119183132846105bb8310acdbfd42f838f7cef2f9d1f919bb4c9cab45264b6ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
54de73819f365ef6ce85dddcec722fb8

SHA1
b3bc0484193fa36c2f6e0a26b11dacd36a36d545

SHA256
5c3d227b1eb68f9daebd7a5ade1e23c78a8e75eee87364ff9fed0fcc15d8b8ca

SHA512
c8b3616a80d99db49e827f269b4d5fa07c237b05318c3a95fba1281ea4104892886bc25e1f75216445962322c2b9eef6ec31fdfc88ab401b411a61ccd18afac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
65141ee7de186b38be5e1fdaddb3d501

SHA1
455647ecf2fe6d59ac8b378758eb06b9b7a4e69c

SHA256
534e5e7800ffb87965af22f5b6137df74b4cf5ab7c061b0a325bb5f62c157465

SHA512
d0625d5c88c342ebf59235de6d9ce14e2e9c054d6aa15cc3658a8f9fd913642374f817c41d594b77bdd17218b063047a572d1eaf4ff5c33f638550dfb9f14b37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
75237b876e4ebf0cf587313ae92b7952

SHA1
ef712d6b1e678d091b39cd593b8d4a2a5520f139

SHA256
d7abd571a35eaba20a7c57d7ac93cbb59b8d4b417f4b67590ee1c29ff561442b

SHA512
0c96b1f590a69141018c2112e36de65fb30ab57320b4b76da3a672b23c716197fc06e0f381491975319a8ad4ae138660469d3149cfbb69be96a2cfdfcaf802b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1912de7260605d9305597082abae851

SHA1
b4946ed5614f699d7cc9e90979c3e3de4b98f0d0

SHA256
fa06353cd35e2b2ee58787629d68057369532f947bc8a07f8a8433c09f35fd8e

SHA512
674436800336f1c3d6b063e14d0c09ed633f2504a88d6a2f225bf10dfefb8181b5174848de4ab8a4752434c3cec258822a6d1c5ad884057536f87ed3070bbaf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b1912de7260605d9305597082abae851

SHA1
b4946ed5614f699d7cc9e90979c3e3de4b98f0d0

SHA256
fa06353cd35e2b2ee58787629d68057369532f947bc8a07f8a8433c09f35fd8e

SHA512
674436800336f1c3d6b063e14d0c09ed633f2504a88d6a2f225bf10dfefb8181b5174848de4ab8a4752434c3cec258822a6d1c5ad884057536f87ed3070bbaf4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
2b39ab22b1f58060378a1eaed50bf079

SHA1
552de7f1c6028c48b4e8d07c2f9d25cbb8a20b80

SHA256
0ac18e093f59775269a5b28e6cdc20547d1cf274a37d8cd98504231c185f3810

SHA512
49bccd4dc30a9e4410165005d891508fbab1ec3ff1af233e645c4f4d6e3c9fd18c9137865366c97acc581bf5c206c481c211d1cd4a0b3ef2aa0b130e709c18e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
60f1d97fc8f9207ad95c1d67d09fc089

SHA1
a650b2405f509d7dedd2efcaad750b1c0be4b18d

SHA256
bab6ebcabc7027e1c346e430800601f0415105a3215458666f9e021026704288

SHA512
c3a47285721d40ecd12f05b31102a2dd7953682eb07068923b7be3e487d1389db75e774f684a5e1ed714de220e0f9f09fc1c40bf804324768d5314d67fda4b0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a9d3838110350c488a1256caf793a07

SHA1
c53054513154772774a51c2dd26a76d20fa1b1cf

SHA256
0e7acc3640074d899347d3426993fb8547e4228bb77a3528b6ae1ff7a125f748

SHA512
0f5a32f93d09ac7aedf2ed4621ca4eae1dbbdf60e9ba84db272f25aebdc29d145ad231cb967abf92aa835a4696710cbfe0297e1245afd38f1ea9d837d1b5df2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
125d1e6a359fa6ec55d8d9610b82b5df

SHA1
af429d811bc6064512fb33720427fab467cf7074

SHA256
f1e687886b3cf54723bebb3cd520126820b1aa786856e2e188c683437a5c57a2

SHA512
bbdf44e4f548cc58c60580d14f227e4f8ae65187cdc32f4eebc307f3570838d8cafe4b34174c0512f806f74be766fcd60558ef40513870098a8752fbabf5877b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4cab35fe16deb091eece5075e19d6af2

SHA1
feb6e072a5a604aba7516004fc9fe05e7c820230

SHA256
38b48fd976e8bd97b167a7e3163922b2b9031df6306871d8d7fa9aa80257cabb

SHA512
d9775419cb375f8f536b5cde1123060887310af034205781bff70882517f33bb98966d45b87be3fb7cf93d4419be532c9f5f2e05740fe55903e65ee5d4a525d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5001c84b4b53b42c5915389124d4ca16

SHA1
a8a35f52c1d6ee91fc2228c13a8aee07237c78a7

SHA256
baefcdc460c4d448d80dfe4374b26c1312f8b780a9ed5028d343b7165d083807

SHA512
9e8517d3c3d8f7a28a1a01885eca447a1a3b40046a694a0d6669126c67add687012339fde2a0960c117e957ece538422db2d6421d56522eaa0db8fc2b62c34bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
62622bb5f26cbf51d6197638fdc7ac14

SHA1
d97953c1f75fa20a866cb64d2ec2889f483a5c4b

SHA256
271cdb732d65c947870ea9d4268b709ad35b75a2aab9d1e66959be20ec347445

SHA512
c005c7119f995d4bce5d9b7f0129209b8f53ec821e1a7ba383dc66281710811d950a67106b044f3083aaa7536ff8007a52bf3c36a8b78fb653e047f9548f9f7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
28e9df2384aa7fd7cb0d0632dfd35a10

SHA1
58ece60c7bb29a486cb6e3ae987f3046c0bde7ab

SHA256
9d63551202d8ac8288a95495afb0be5fea518770c1dc42066bd520186a6ec1ca

SHA512
d9995771653ce89bb5b0863c851af96c8fc26c305a3cd5158dc9bc41f939c4cae387da75e8d3653b76268c642abb5eaed821d8ce8f44bb035fb09f48a682b5b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
7ebf8801a7e8431d8135ab503a3ccfe4

SHA1
e0eca768feddb2e894a780c68e00a807f3e75e36

SHA256
d6ddc5c31029642f86d5e5382745a8be848a437e6518652a56c5e2acef444073

SHA512
12bdc2a228c97629b126146da046e0567f930114d07201781e2ebd0b63a1e2c494514cdf7e5691fd137b65e92a7261979d05bf4a6da1de223314f9ef2317097f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1463bf2a54e759c40d9ad64228bf7bec

SHA1
2286d0ac3cfa9f9ca6c0df60699af7c49008a41f

SHA256
9b4fd2eea856352d8fff054b51ea5d6141a540ca253a2e4dc28839bc92cbf4df

SHA512
33e0c223b45acac2622790dda4b59a98344a89094c41ffdb2531d7f1c0db86a0ea4f1885fea7c696816aa4ceab46de6837cc081cd8e63e3419d9fcb8c5a0eb66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
0a8f60ae05051d78ed12068704ac7bae

SHA1
008536c5eefc315996ae780432aca27f56ac9c98

SHA256
f19544eafb30b4fe2ef957ab041663905a5a5058ff3f1c5d9732737e3f2f1d12

SHA512
13c273347d3fdd6320a5c5496d6202bc7c3e1255b8f892042a36188bf2700f54318b6e6de20e47a759b951a00b8e6ba2b47413ae6d04249c2b09aead77fe6550

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
1e79203d0f70092bf25058099947d5c6

SHA1
20d5e2bd3a2ef807207bc3981bd5494c34839c0e

SHA256
decca6fa6de1f0dcc2b46a7c45e62d1754fda43b509d92393c628d56930851a6

SHA512
b06c5cb26083e2ef7a407be262f37d83d9fee4788e30a94ce258639f7c1fb2ccb4e37ca9b77e4fb30c0fa0a9e80f94a5b9719efd2499c87deafc87d260eb0568

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13330094345220573

Filesize
5KB

MD5
9e5a70d3ccd1fee1ad34923884ababa7

SHA1
9dec24999af9cf2b8459838d0970c071a955bc1c

SHA256
84809fee4cd0b8317532d66427b47be0efbc3d22c20cdb42e48462dce5ee3d54

SHA512
8e112d4c6d99b7aed8ae10fda36450f0ffba4947a3a0dace04fb04e5f15c3bd4bd7f3233fa4d31f6647938a82b2d6e8b3aedec47ef2d17e7d751989545b8a93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
3bda3fa92a8cf0caa1a456c17a20a024

SHA1
0060f243796b20c48e960e626cd4e86014203388

SHA256
406a835028d30a7cc3b7e2dcec649d54920d234b77ff7b368de8b5002be20cb3

SHA512
0c89fc40b9f529b471da0eae74b73eca9d128bbb6cce65147904d3442eba6f8f534313f3c67fd464bc3ea0c68f7332fa2ed68a3b4e9876a4607fa9f011389304

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
9178dcce039d383c880b7ffa824e5dc9

SHA1
5118d5817b6c2118af5ae1c437dce2dc145213f4

SHA256
2b828efdaf685c523a1a8dd3a69becae661f36ff051e4be0bbe83c3f9471bf8c

SHA512
9965019f0d89fbd9612b5e9f4849dfd33f76275659360bc7a252cfbb61e420bd29abecd13256eeb2c92f6816a3fc3b97d3bb8404a4f91fcf6e39a873aa5c2d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
e318cd321a0f5f3a0763a5cc999aef49

SHA1
34d5e63fd7e6fbc4d63bf0aed45418c6e689e4e3

SHA256
f88168eaefad47b13f1f4627c449220aef857a092c1560da2920067a9bba493e

SHA512
a5bc58c6a0b6bf2f94e732fefc09a64912ec8cd4276421c353d7b60eb53b04227ef367a768032c3e110a6aa730c1142a6339c086c06625fce0c74587fb455bb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0aae44a1faa5faf98ee24842c8fc9c63

SHA1
8d47aa51ddb35e63b9acb8ae7bbf797ed34b9e72

SHA256
ba5cfcb3eb67acf3b33d5a891f099cb174f1e7b72a8ea4b61718ef54d76b4c86

SHA512
5e6f8e265d36404169d729d530d7d898fc1caa98a54e5fbfbc531b36a9f83a420fd762434575681d749f51be40aab731ed8a3fd652c0d85c8051d0b13ec7bf48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
9a0be4aab8e5647e4425c351d6fb7d4b

SHA1
19386e84a79eb89b80911637247c096d451f5f48

SHA256
99ee496444e3e914aebfeba62bb1de910473c139e304864f0ff32f32efebeb27

SHA512
acd663f1e33f2027647b62503ca7bcedb6fdaa930b39d59a0c4fe53dbc14c129996f9fbd315a1308bf2654b10af654336fbc79247cd32348263b48fd094cb750

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
698B

MD5
676d269c2b1a40b4547434acfda2c103

SHA1
05f3b253692b50c1c7f7abb2e72acbe66eee8145

SHA256
dd026e1c60d488934e939b841fd1ecc2358f7b45f2b7b0279b5f3fabb8ceae63

SHA512
a70efb6e127931c812f55b34a6d2f9ebde920b85205b1e830ce0b9bdafba97618b3b6eb156b020a2261cd50070be0d65d2e92982924bdd3095e3a20fd2cff821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2d499ebc7d8257f4abf940de87fd5af3

SHA1
e186049f8a97990320445163f282bb68c659ea3f

SHA256
b20b5f61546f6073815e44d90ed309fade0c32d04aee33da9d403e5cdb4a2571

SHA512
8c53b152424f95768c9bf46ec17970df56214fab9202bea5a44f9452e2dde8f27d0d66cbc6e80f01394819c66071679c6a5ec64c29eb8e3d0d06d77faa362edf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe56ea55.TMP

Filesize
698B

MD5
37c60683ea7cb975b4ccbf507dc904ac

SHA1
fb451669491729b156f28f40862ee4de6bf1d1df

SHA256
0e64fb70f11e6c90760b369f8993ca9b90300360f93f7ac4d222e739bb2936de

SHA512
f1d5556a2832e31c0c7e367461b44902e07b0699aa71722730607cd8d81cc670c6179284175b10489a9b5e595d22ec4eb1b63b3a6506404f6c303511d7ce4f3f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
60745abf279f353a9d456557ff625c29

SHA1
7f65942f982d16d44579b614c30c1f4199678a86

SHA256
f039ac87ed37eaa296c7bb5bcba8c02760ba8905bfc2de509a1ad53805072eab

SHA512
4fd279ea7330551cf88884db7a6f0f68ff1cda73f9173655104a93cc5cd7d902c981154d04cd8dc17cbc7faf4493f66808b8a06317d264f001c7488abbb35eff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\db92d7c6-9d53-4e20-9c25-423fcd7ff54f.tmp

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
67bedf28861d5062fbe8d31454cc38f8

SHA1
575023361944daaf6b5f3afe98ff4ac8f77ba70b

SHA256
a6aac2b177cac76564df306623d5f1b5ad61b93a1a29be5e7ef386e856cb4012

SHA512
feb7b790179a9984e32359bf5f489fda0827e80942acee2f0322d68f57b7f3a12fb16852b25d9eb88077258f2c02fdc3d68889f425dc82b7327ff18da121fcf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
66aa92bd82ad4661baa23ae0936c4261

SHA1
0016f7268cf51268ef15e5386c3b774376f32d08

SHA256
59ba661918b9f0cb333aa8266120a68b41bf404b204ecb39d03744a870936d55

SHA512
2db95220ead417482deb27b7dc1d29819ed5bfae050c410733eb042d5ea49ba6150dafa98584197ae11977f3c2f1145ff9648dcbc11d31d16372ec9dc818f77d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f073e3af1a7252bb66bfb84042f484c2

SHA1
5c05269d0846077e966e2371154f7554c2231008

SHA256
12aeb54fe05b8a90a0fab05b131145dd428f624d7514fb43cc2c065f2cae9df5

SHA512
f6167a7cd6967fad150e1bdc89908071ba1b7c83f25a3bc0da7c30c524296bdc6007c04bec44cb5d2b839b2d2874db5b960ee4d7e8c11c3728927ffa754d570b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
fcfaf7bfaa2be403eb8e70a6a8c260bc

SHA1
41c33ee582591199dc5cc9d854894c3dba0ab83a

SHA256
3c0c80296e2109fb63f76cbbafd99c569389fb0864c5532fb995f7c374f39aa3

SHA512
6955c13518ebb0d6649cf84e486ab48cc1544d4f3e07f0af5d1c9f879c341110c19a2234358e4bd2b86572fecfff2d5a2ee7d74e5d797eaf0d0a8c15b8cdd4ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
01d82907d6a02ce7b19897a37b2732e1

SHA1
db22ab4c9fabc186b368b20023559a4c3e57f350

SHA256
44b75cbf202452f432ad1f342a652bc096c95cb75483841df5583325e33ce88d

SHA512
8afa469420b2747d7a8e59aa0b912ee823a9cdc84d3bf35a52fb48ce010efababd9bdfb48015503961d051be7e199fba1a2e120403aaf52a3c7a88528917a074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
01d82907d6a02ce7b19897a37b2732e1

SHA1
db22ab4c9fabc186b368b20023559a4c3e57f350

SHA256
44b75cbf202452f432ad1f342a652bc096c95cb75483841df5583325e33ce88d

SHA512
8afa469420b2747d7a8e59aa0b912ee823a9cdc84d3bf35a52fb48ce010efababd9bdfb48015503961d051be7e199fba1a2e120403aaf52a3c7a88528917a074

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
9ba3d01d936f1d1c4972d1efab7d73fc

SHA1
cb012a93c880fd3587f2f8f7eb33d591e43449a7

SHA256
3e4fa52315d8cedc3a524331238d486c199ed7743184c34c30d6074dc707f9ca

SHA512
7a94c33317a6f32932c9616ba8658cc63c21aabc3723197f0df7ffd60ed0e3df93c5cd38c8c71842b0ff3df3b2bae9a4a2bd676eae98e43849be4aaabc98c0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
bae3ee13a82ef60af20f35df858ee15d

SHA1
068ee101f79de33aa44d18b39abd4e7e5b5669b7

SHA256
220ea7c8da509d42ec6b59d2431fc8df3f5139c8a1f3175c189e738ec23f9b03

SHA512
8ffe631cc2703f75a7de65051b431fe565c37fb5b0893838fe0f20d70fdf613684916106a79e6ad157b96f7f42e1667510df626c1b7f647afd264ef2ac02377e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_35sekvvz.da3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.dic

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
11da3441fbb475c58cd64803482ea908

SHA1
baf84fa80cafabc2d8e524e93ffe8210cb61e66e

SHA256
bdeec790eeb699405dd2bb93ebf690507409501740c80fdc46ea39c49306fedf

SHA512
cb20d11730d7cf07737e1dff6e9d3a5dd6c8a8c9145546fe43dbc6894f3fe76ffa519815ff960d4168ee5d3e978f843d1e5cdd9da1773718dff88be01ad799fe

Download Submit
C:\Users\Admin\Desktop\AddReset.xsl

Filesize
239KB

MD5
f426ac2dcf56cba564f63442ff1f7312

SHA1
71f6c7d931f8a2caa24c6e2ee8079810e75ba479

SHA256
3fc1fff23b664918a325518b0b877dc70bd8774a722feecbc7c8322fb9dbfa06

SHA512
feddce4bc3dd29b3db14f4a5a92cbc12f463dd4e488f2734a85564e2c81e73b63bb2b7983b0a498efdf2bbb8e3b7c4fcee16a177d1bb11775b14065f8d933c5d

Download Submit
C:\Users\Admin\Desktop\ApproveDismount.xls

Filesize
266KB

MD5
f2a61ab579fd8347493d6999700a4e88

SHA1
e4280695476d3cf678b797fcd781934380905390

SHA256
62ca2f26432d442de651e46d927b22d6c9a665bbfd89f6d6b2a8ddf1e355ad0d

SHA512
e0c6de1009ec441bce7b542ec6a2b678f1e48a8c5b32054dea6f567c925dc682ae14dd7b9910fcba93fc0e355f953a178520b0136407a2a36c52001759401a36

Download Submit
C:\Users\Admin\Desktop\BlockSync.rar

Filesize
257KB

MD5
03145b1349bd016a3898f2dae5b56c01

SHA1
368fb63ea3a6dd382c41cb4d3e4c3b8c77d85edf

SHA256
99cef284fbae70c440e064fa6c9d8ce3295c4da32c5bc2d678558b4fa7b33c22

SHA512
8ce9c3911f44251b7d54a80e884e8b68bca413e7ac0837be7430a4543a3e358a1655abd9704e9f74765f4365235cc1ad176b5d4c21223f83169a93c2cadbcfd1

Download Submit
C:\Users\Admin\Desktop\ClearConvertFrom.raw

Filesize
133KB

MD5
e9e7584c5cf7f5aab66416310e92c842

SHA1
7e473a90790a1ca1b35172af79d3623af9ef745f

SHA256
45a0d2d28f219a8d50875c295ada11a77470a85bc9f786a685f4f6f1f3b0a617

SHA512
a897d45fea361929f1fb1f33fd36d44f73d2208a09dd0199153ab85b06cbb11e5c2119a2c8607d49cd5cf6c653e4a3a0841a618d83b5a2d6c638375418f1d307

Download Submit
C:\Users\Admin\Desktop\CompressGet.M2T

Filesize
168KB

MD5
0fb51e41fc0203290b5ebe07efbb5b0f

SHA1
4bf1fcb4002b6deb3841f0ae0b7220f432ddcbc2

SHA256
7818101d35c54bb4b52a327655c2dd8f33ec75d67276f9e54a117f353d160c40

SHA512
ae9b956446fa0693c83d5816ce80c0e115bcae37dfb01ea5f74cb722c8205bf0440b0c6a7b59a02a038d72c7bb9536262155e665aa97188cdb1c74275ed72650

Download Submit
C:\Users\Admin\Desktop\ConfirmImport.vdx

Filesize
275KB

MD5
37268087f5d9b708c91bb8560d3d7586

SHA1
951c02558fb2072cca3f33edbde8f4a39bafb013

SHA256
808d28a26647217f6d8de76b4033835ddbf5f2b1fd57a0840edce185d0f512d5

SHA512
c4d2b07d84805ed81e529b9d1db591c62d759ae3a9b0e5933f5b1ebdd5de6ac0673c1025eb4523305e0a6688e9d7cb23b632028c3c8dbee91a08a0c38a2324e4

Download Submit
C:\Users\Admin\Desktop\ConvertHide.mpe

Filesize
177KB

MD5
1fca6df18ac39b75c0d4083966b83be4

SHA1
5fe2339999e6038589aa507de71ecd2b4014e45e

SHA256
0ef32535bb5c38859dc67ea3a429a9d351af639c043655ab458973365d9b9429

SHA512
18a8dcbb0030288fd30c12be2c7f1e01f4ff263af57f3c669bec041dd89e9f334993e033ace37c18889cec8ccc16536c2093578c14687f383732637502817348

Download Submit
C:\Users\Admin\Desktop\ConvertToTest.eprtx

Filesize
151KB

MD5
8f20552e5706dd77fef9e33dcd0ee2be

SHA1
9b88efbabed3283baf031aa683430182a68eea25

SHA256
7ae08bf8d6011cd0bf93f1e1c374601b8a2d42f5fff4f314f134e2a3197bb423

SHA512
49e3fe13e7c3f8c778fec4bd27e46560e0f8843701ae191d1e5f80ae04c3c495cc0a6511b966f153208722075f68f5cd506b6043c479ef8ebe2a1db756bb57b9

Download Submit
C:\Users\Admin\Desktop\ExpandMove.mpeg

Filesize
186KB

MD5
bbcd86be2a38a56ebf3e5307816789e1

SHA1
952851e77fe7a0fff76f71e6c4db9d7779031f04

SHA256
c492105a5739f2f5328ebca43ee998b3536459e75ad5e9e10916f1d722bac1a2

SHA512
adc2e6fccb893a9edf96c9f89334659256d763cbe394375420270c66c33c9b3ad3892872461c9a87eeb52a8d302d4bdef66f8b5706f5e49c5f28c92c35ad8be1

Download Submit
C:\Users\Admin\Desktop\HideOut.svg

Filesize
284KB

MD5
9e333e3796438ad3ad4a7c7a6ff0d9b1

SHA1
d6979ad71165bd43199070550b571b897e826c73

SHA256
f6430cd43222a84b02363980758fc761d797c7c23594e6b41f7e5f02cf1a8017

SHA512
1279e3d663409b7d14e4d72a7e7d4dc8a7e4a4e96893214399beb60dea5b330e1c306783d58ef76d11c83f19736dafd78a9822f9b0c6d24a0d88e65fd1025d0e

Download Submit
C:\Users\Admin\Desktop\LockStart.jpg

Filesize
115KB

MD5
76d65f086c431e815d23200126415a4a

SHA1
3c0aa972603fff71d6198081b0ce4f58278827cc

SHA256
b3a0ac08495eaccac87ee171372377d66289acc53c0e79c4a1ae5d93887ed94b

SHA512
08336fa78f34b6a294cf53dbcfde75249d9df06a8f33e1f46c64da3907157f26304cde31ab0609e52142a004204ee7f9b273da678d41deebca89e490de377766

Download Submit
C:\Users\Admin\Desktop\PingEdit.mpe

Filesize
222KB

MD5
6d5974a91e0dbb182d0ffc2147311b91

SHA1
02c17e5e8a1ce510aa031cdd9d7f747bb7519968

SHA256
d1c18d2a726579a6636905ff6310b8063307cf2cc96acb59ee7a5f55769fc26b

SHA512
c7f95a00a452338b5adeb77a8fbe0630d80bbe2064fd172a8b05d91a649633988305e629bdde0f8fd2b110f3f2e9635e861833ca91104f33e9ed8de968a434e3

Download Submit
C:\Users\Admin\Desktop\PopStop.midi

Filesize
106KB

MD5
00566cc3633f6af3adefd2aa67c4ebcf

SHA1
bd45cdcfde5835ef6d03ddaa3a2683a6b04f92ee

SHA256
d212502d057f69755e88d31e72287e4000448f02aa518b59269c1b0e4c8b3f66

SHA512
3359602af79628fe0606484804d3bc24e35bfc0972859143768075e92c807253f389a02f3dbd61da7294a4edecf6d01a90ce86b07578c8a06723b276dab3ca83

Download Submit
C:\Users\Admin\Desktop\ReceiveComplete.cr2

Filesize
195KB

MD5
c000e18a297fba45c15efa789918f294

SHA1
c8309245960cca461c23f22ac4163338be23b4dd

SHA256
f0166d9668176c437412e3a3e3ac14ff03691a6ccd82fcaeb4756bcbd163da05

SHA512
bf517f030f9fb15e878d29863202bf7eddc432c56a3ee5eeff6c4e1b161401e70252dd9c3d89797d678ae8814029c2d9eee9f09cf4ce2a690e16b5daac498ae4

Download Submit
C:\Users\Admin\Desktop\RenameExport.jpeg

Filesize
124KB

MD5
fa734ea971581f21e90fdab2e624f2b5

SHA1
fbdf48303a4c93a6198c078482144b9134de0006

SHA256
9a52369cd5fadb60a7de022e02fcab951d10e08bbf782f863e5cbec93cdec679

SHA512
7050d86bb950820055e77deb1c6475fc763bc365e04c7ca331bfb5ee563ab923b2a1f4e202547cd3f913509cbc05655873afc3c7ad98ae9a1742614cab4596f8

Download Submit
C:\Users\Admin\Desktop\RestoreRedo.ADT

Filesize
213KB

MD5
4db14991a82275385e442108b136459f

SHA1
54efab1515a60a24885b7001437c30421d00eb86

SHA256
8085f54394ab5939fb28b44b4f8e814ad845c71bf68be66872be34f85c55df4f

SHA512
24b1e79dd7e3126eeecdb4356aa3d646126ba2dcab019d79b6ebb80737adb546e1c5a5128e51dc159833ed584abfa6d0d5901bb43d5f183c9ba6ae181c4bfe68

Download Submit
C:\Users\Admin\Desktop\SaveStep.xls

Filesize
302KB

MD5
ba5ca638491b7c1f82e4bfe9fe33f94f

SHA1
7c1f6a0c156463c72532d87df4c4070995525b05

SHA256
f6cf95b196c62591dc0aa07e40de94fcef95dab81a089b2b2f9fbb12580a89db

SHA512
eef69e65f7862b49556337d2c09cb3df4dd4b0941a1adb6c88b043ffb35686a5833a9adc1d41aa800b5828480a77959067b7d4961fe808227dcbc8791f11d8ce

Download Submit
C:\Users\Admin\Desktop\SplitComplete.js

Filesize
417KB

MD5
0a9bd3d3ea53c02677dfa3c69ca6705b

SHA1
ec985264fe97c5e2fe8373b1cdfb4e282f9d026d

SHA256
12710f76c58bf7ebd33aeb971b9cc3e89cd3d49600af31708b26e3c01e8110a6

SHA512
c5cf2ad333d979f563a061b3b42c206e1484c4d4f531a6a56999b21f108882bbe27f943d2cf1d6ea733ad7e591181a24cdafe263e9a7aa51109aa4dfebef9aeb

Download Submit
C:\Users\Admin\Desktop\SuspendUninstall.wav

Filesize
248KB

MD5
a5ea19f8de3f11b386f05a95eef37cae

SHA1
be4d1d0c34c5402f211d45dea4eb8212defdb9b0

SHA256
e9604f4553e48474670d2b7fbe5ea52bcdb676e0b1259fcf1142237fd7a2a90b

SHA512
707aa29efe2f44f6af34a0f6e0916151c5b7d0de836d61daa9acf33bc78c253be45af44a63ec78be932dc098bdc352f76c6918dd88a720d64ef1dd1e93476b61

Download Submit
C:\Users\Admin\Desktop\UnblockConvertFrom.odt

Filesize
204KB

MD5
c83f9af81c5c9eb966133478f3a6b937

SHA1
27ca5b9e734cae10beab127ec588a5de99ee0362

SHA256
695b9fa00a661aa2c690e1cc2fbd1749117279f31a8cd01085f7232e6dc17294

SHA512
2bb682e1ef3a53ee2fdf36b5a90964722bc92d0eba79ecff720b9ac762db7a564d1b01c5cc9c645dade83b3ac0bdcc12172c5f3f7c4281e5a3f631621e417e90

Download Submit
C:\Users\Admin\Desktop\UnpublishExit.ps1

Filesize
142KB

MD5
0c0a79f276c94ab72a504b12b6633eae

SHA1
26a20e9325f50929b1049d662f74cd51af7428ba

SHA256
1de169607e64b81786a0e75f745d3c8122c4c6279e37a3c6b8fbdf72520eeb55

SHA512
825304147d0cb1832150a54800669a0e2606463c406abdbf8396d62c3d748ff55afed16a6f2a9d1a5c190f019109b9e399504f3601d34d31c59383c6c13ece5b

Download Submit
C:\Users\Admin\Desktop\UpdateUnlock.html

Filesize
159KB

MD5
dbcf513c0c4084d91587cf7ce7aa8f9d

SHA1
c614f0587fe90af7d4b2c58e29d661564b5e2e9d

SHA256
8130960b9ce5c1682203053ea266cd6fe582d0336223a36cf5c8ce15e726a52d

SHA512
02e953c2a80c2b095bfcfdc3b8978256668e8d4acc131c5bd74bb3ef0a61aecb23960211ee5435a58ee4a45f4da8a809c19f034c4c23a6540a40ad76d8ac0d0c

Download Submit
C:\Users\Admin\Desktop\WriteBackup.ttf

Filesize
293KB

MD5
91100988deb8c2ff0b5d52fde5e1b9ff

SHA1
a617d577cf830e789ebc624168e00cfdabb77b69

SHA256
1c7380658ef66afee1da2c284048483a165f1f4e8f632a76f8df5be84101ec2e

SHA512
a1295b190a24e50b044cbeb24ff0332b8cf07489f38471b3ebf1429c1308d1250b50fd42683e8f4a1c564d5832ff2c51e23f9823ba56543151fe19539b06282a

Download Submit
C:\Users\Admin\Desktop\WriteStart.snd

Filesize
231KB

MD5
f18e018df3d0fa49679a63352874cf0e

SHA1
8f02c6475827ee33e4cb145b9a1d1d4f4514b52e

SHA256
5d4808ae31f484960b36e751b89e35a5f8d2d2c307062bc09205688ded3a3145

SHA512
b3cc6dcd1ea3fd2d057f17fe18875984580cf6de7cac271b9f98fe1d1eb2aec29aafa57deb6aea545f978290b113baed45d2e7512aa0d2b2172f6522853a22c8

Download Submit
C:\Users\Admin\Downloads\2dbf9ca1-1f1e-4877-991f-cbdcdb46d597.tmp

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/1632-829-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-832-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-831-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-830-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-834-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-828-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-823-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-824-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-822-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/1632-833-0x000001F58E660000-0x000001F58E661000-memory.dmp

Filesize
4KB

Download
memory/3364-144-0x000001862D150000-0x000001862D160000-memory.dmp

Filesize
64KB

Download
memory/3364-143-0x000001862D150000-0x000001862D160000-memory.dmp

Filesize
64KB

Download
memory/3364-138-0x0000018645850000-0x0000018645872000-memory.dmp

Filesize
136KB

Download