3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

Analysis

max time kernel
116s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20231215-en
resource tags

arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
submitted
10/01/2024, 18:46

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

MEMZ (1).exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

7^/10

bootkit persistence

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation	MEMZ (1).exe
Key value queried	\REGISTRY\USER\S-1-5-21-768304381-2824894965-3840216961-1000\Control Panel\International\Geo\Nation	MEMZ (1).exe

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ (1).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1568	MEMZ (1).exe
4780	MEMZ (1).exe
1568	MEMZ (1).exe
4780	MEMZ (1).exe
4780	MEMZ (1).exe
1568	MEMZ (1).exe
1568	MEMZ (1).exe
4780	MEMZ (1).exe
2128	MEMZ (1).exe
2128	MEMZ (1).exe
2128	MEMZ (1).exe
4780	MEMZ (1).exe
4780	MEMZ (1).exe
2128	MEMZ (1).exe
1568	MEMZ (1).exe
3720	MEMZ (1).exe
1568	MEMZ (1).exe
3720	MEMZ (1).exe
4780	MEMZ (1).exe
2128	MEMZ (1).exe
4780	MEMZ (1).exe
2128	MEMZ (1).exe
1568	MEMZ (1).exe
392	MEMZ (1).exe
1568	MEMZ (1).exe
392	MEMZ (1).exe
392	MEMZ (1).exe
392	MEMZ (1).exe
1568	MEMZ (1).exe
1568	MEMZ (1).exe
4780	MEMZ (1).exe
4780	MEMZ (1).exe
2128	MEMZ (1).exe
3720	MEMZ (1).exe
2128	MEMZ (1).exe
3720	MEMZ (1).exe
4780	MEMZ (1).exe
2128	MEMZ (1).exe
2128	MEMZ (1).exe
4780	MEMZ (1).exe
1568	MEMZ (1).exe
392	MEMZ (1).exe
1568	MEMZ (1).exe
392	MEMZ (1).exe
392	MEMZ (1).exe
1568	MEMZ (1).exe
392	MEMZ (1).exe
1568	MEMZ (1).exe
2128	MEMZ (1).exe
4780	MEMZ (1).exe
4780	MEMZ (1).exe
2128	MEMZ (1).exe
3720	MEMZ (1).exe
3720	MEMZ (1).exe
3720	MEMZ (1).exe
2128	MEMZ (1).exe
3720	MEMZ (1).exe
2128	MEMZ (1).exe
4780	MEMZ (1).exe
4780	MEMZ (1).exe
392	MEMZ (1).exe
392	MEMZ (1).exe
1568	MEMZ (1).exe
1568	MEMZ (1).exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of FindShellTrayWindow 51 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3244	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe
3224	msedge.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3864	wordpad.exe
3864	wordpad.exe
3864	wordpad.exe
3864	wordpad.exe
3864	wordpad.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2960 wrote to memory of 1568	2960	MEMZ (1).exe	94
PID 2960 wrote to memory of 1568	2960	MEMZ (1).exe	94
PID 2960 wrote to memory of 1568	2960	MEMZ (1).exe	94
PID 2960 wrote to memory of 4780	2960	MEMZ (1).exe	95
PID 2960 wrote to memory of 4780	2960	MEMZ (1).exe	95
PID 2960 wrote to memory of 4780	2960	MEMZ (1).exe	95
PID 2960 wrote to memory of 2128	2960	MEMZ (1).exe	96
PID 2960 wrote to memory of 2128	2960	MEMZ (1).exe	96
PID 2960 wrote to memory of 2128	2960	MEMZ (1).exe	96
PID 2960 wrote to memory of 3720	2960	MEMZ (1).exe	97
PID 2960 wrote to memory of 3720	2960	MEMZ (1).exe	97
PID 2960 wrote to memory of 3720	2960	MEMZ (1).exe	97
PID 2960 wrote to memory of 392	2960	MEMZ (1).exe	98
PID 2960 wrote to memory of 392	2960	MEMZ (1).exe	98
PID 2960 wrote to memory of 392	2960	MEMZ (1).exe	98
PID 2960 wrote to memory of 2680	2960	MEMZ (1).exe	99
PID 2960 wrote to memory of 2680	2960	MEMZ (1).exe	99
PID 2960 wrote to memory of 2680	2960	MEMZ (1).exe	99
PID 2680 wrote to memory of 2940	2680	MEMZ (1).exe	101
PID 2680 wrote to memory of 2940	2680	MEMZ (1).exe	101
PID 2680 wrote to memory of 2940	2680	MEMZ (1).exe	101
PID 2680 wrote to memory of 3244	2680	MEMZ (1).exe	110
PID 2680 wrote to memory of 3244	2680	MEMZ (1).exe	110
PID 3244 wrote to memory of 3184	3244	msedge.exe	111
PID 3244 wrote to memory of 3184	3244	msedge.exe	111
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113
PID 3244 wrote to memory of 2764	3244	msedge.exe	113

C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe"
1⤵
- Checks computer location settings
- Suspicious use of WriteProcessMemory
PID:2960
- C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1568
- C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2128
- C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3720
- C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:392
- C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ (1).exe" /main
  2⤵
  - Checks computer location settings
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of WriteProcessMemory
  PID:2680
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:2940
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=vinesauce+meme+collection
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:3244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95db946f8,0x7ff95db94708,0x7ff95db94718
      4⤵
      PID:3184
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2212,9025643814554368667,12461543490502114884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
      4⤵
      PID:3208
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2212,9025643814554368667,12461543490502114884,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
      4⤵
      PID:2764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2212,9025643814554368667,12461543490502114884,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2704 /prefetch:8
      4⤵
      PID:2244
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9025643814554368667,12461543490502114884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:1
      4⤵
      PID:2824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2212,9025643814554368667,12461543490502114884,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3212 /prefetch:1
      4⤵
      PID:1408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,9025643814554368667,12461543490502114884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
      4⤵
      PID:2036
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2212,9025643814554368667,12461543490502114884,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4636 /prefetch:8
      4⤵
      PID:1440
- - C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe
    "C:\Program Files (x86)\Windows NT\Accessories\wordpad.exe"
    3⤵
    - Suspicious use of SetWindowsHookEx
    PID:3864
  - - C:\Windows\splwow64.exe
      C:\Windows\splwow64.exe 12288
      4⤵
      PID:3896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3224
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95db946f8,0x7ff95db94708,0x7ff95db94718
      4⤵
      PID:1412
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:2
      4⤵
      PID:3476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2608 /prefetch:8
      4⤵
      PID:1532
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
      4⤵
      PID:2536
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3232 /prefetch:1
      4⤵
      PID:1408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
      4⤵
      PID:2200
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
      4⤵
      PID:1152
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4600 /prefetch:8
      4⤵
      PID:4056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
      4⤵
      PID:1272
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4660 /prefetch:1
      4⤵
      PID:4904
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4448 /prefetch:1
      4⤵
      PID:2968
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:1
      4⤵
      PID:4488
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5024 /prefetch:1
      4⤵
      PID:2700
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
      4⤵
      PID:1148
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
      4⤵
      PID:264
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:1
      4⤵
      PID:2276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:1
      4⤵
      PID:5056
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3464 /prefetch:1
      4⤵
      PID:1408
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1780,13121111479852526552,7036196871249369804,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
      4⤵
      PID:1948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=batch+virus+download
    3⤵
    PID:720
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
    3⤵
    PID:2136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95db946f8,0x7ff95db94708,0x7ff95db94718
      4⤵
      PID:716

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:712

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k PrintWorkflow -s PrintWorkflowUserSvc
1⤵
PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:64

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4524

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff95db946f8,0x7ff95db94708,0x7ff95db94718
1⤵
PID:3324

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x418 0x2cc
1⤵
PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f41f5fd667c6e12ab1be1db071ca8578

SHA1
feb36538f9a759929af7fb4d1c306cc48aaa463b

SHA256
69465ecf167184b1f8232be378d2ce1552a45d9d8eca0f49990fbac332facdee

SHA512
ac20ab362c1029eb791d54e098b3716ab7903b82b7d5c5b7cb13aea1b8b79a4cf53d471cb3f3b7ac4de49c8962ef356b87f764cf49a87a363e4e2617756fc063

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e77545b7e1c504b2f5ce7c5cc2ce1fe

SHA1
d81a6af13cf31fa410b85471e4509124ebeaff7e

SHA256
cbb617cd6cde793f367df016b200d35ce3c521ab901bbcb52928576bb180bc11

SHA512
cbc65c61334a8b18ece79acdb30a4af80aa9448c3edc3902b00eb48fd5038bf6013d1f3f6436c1bcb637e78c485ae8e352839ca3c9ddf7e45b3b82d23b0e6e37

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
c66ca8825f4e0bb7697279cd28d3cbcc

SHA1
dfdad2c81c21aaea2335e05ba05fbb9fdb68fe3d

SHA256
03a499ed27590b7051a0bb4c32a31bd674da8ad598c4316ba4ef48e048856722

SHA512
8985601714a9c23dc7ab3c32bad68444537b1e359af6e89a812db31275014a45efb91c3ce5ab71efc78747cb6c7b9153302daed4741aab952db8263bcce06266

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d0fbeb15cecaa3153e5f49649e0baae6

SHA1
72d73a84cc169d105dd2d8e6fb361f32f3d83fb7

SHA256
dbad6fe1dc935b1368cb2ab9659a1bec877af0971b560c2235f6cb9ea65efaa3

SHA512
8ec1be1e41b70d0abe1d4c7394e6b5471ed297d5561b4753141a3d13ad51704e4e6bcc4ae3441d539c5eacf0067ab13768d35081e3649576aa0ae76f0afe5606

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
1559241f9cd9d7b03ead39d5a78d88ef

SHA1
ad0a649b35f7debb9cd3d44384c35298326cc182

SHA256
f4ce8a576a3f01e1b7f0c58d287561097c7736797c79c2700659b7ad3e9e9085

SHA512
0e7a4ed9af54e9070e673baaab435f331eb20139ba1182e8597fa7f60136b3310c085b90c3f4f570a0076018fd659c204f59ae600a8e3d20390da76c9fd49275

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
36729ae5afec64f94a688df79dab5088

SHA1
2a5fa3100094334695675165eb3234fecf7b532c

SHA256
c4786b466f665b33f48f059cf9065b623837596f9d55a4c18457747084f668fd

SHA512
1ceeb27edc2b70685f3616795c42688816d2eccdd67cad5ee01d2c05dab588c410fa10f67aed82034398709e40bd392aca256e607bc644a637290a89e3cdb725

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
af292d74728523e1f9170875428327e4

SHA1
7bca3b5377b12bf176c5ca3f09727279e64a5cda

SHA256
d2a8004430c5bd0de9df84de3607f49d17cde170fbb2cd1d269c242e03f92bbb

SHA512
dc0e83efe567a26f015cd6e5d1d3b202454827f90c5ba5304d029b3bb78401201cb1e9ee9c96287e0fa6282f378124bd0c794f054be04e95d15ffeb1c5580f95

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a810310578b6ce09e3300b2e55c92c50

SHA1
baebe4b38cf19149c526934286b3a73e36f943e5

SHA256
a4aa4b4ab538a65213c5556ca0a7e61096ef0b5125755a3aed1c1a30aabeaf5a

SHA512
254d92e5db9c779f656b4c5650e8192b1a0aaef9a2c22b6dcc4b87993672544fe8c90f5e0d43f1eddebf9b1ef35edf364a749af087b92414e799ca362bdaa49e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
91adbf7818a5aafa279c729b5f853dde

SHA1
341940059dd0b2e2d065c40d80d158db42fa4eb2

SHA256
a4b6f14eb5f777bbc2c640ac6d08f5e42dcacdb544c5d09b9983089fd452759f

SHA512
0895197bc58936396256bf72e0a40b4f860c2c2adb1b8136bab446b6ca0f3f8e446b538413a437693584f351f896c8617295ffd25d2b0410923109e6023d1a72

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
ce7668d764a00e23b71afb5a339821bb

SHA1
98d16467ed79d195fa727776db759b29946cabe3

SHA256
57874f5465ec53ebed23182bab3db5415f5cdfcf28212c0319f2ccdc1c8f8c9d

SHA512
628ad2065cc3d17e0e12da9c6982456f160e49228e92bcd85900d0a6d6538462d5a9fe3db04e180c42396b544a3f8df132c67e97ab3e84baaa8cf524b90ebaa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
b00cd7d69ca973801f036ed14b4632ee

SHA1
e795247e40beff76feeccc9e0ac6fcdd638b9fe0

SHA256
d9c00426096262766b47b17dcf3cdbf904cb30fbd79c06837d1782e3fa643262

SHA512
d688701e12143036e82dc058ee262372f930a86510d35dfdd8bc5ee1d2349bbc235cad1a32143173b95bac3e4f5227950833c86d9bc2c606d5065c99ab7fb872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
99B

MD5
ba92e5bbca79ea378c3376187ae43eae

SHA1
f0947098577f6d0fe07422acbe3d71510289e2fc

SHA256
ccf4c13cd2433fe8a7add616c7d8e6b384cf441e4d948de5c6fc73e9315c619f

SHA512
aa1d8b7eb9add6c5ed5635295f501f950914affc3fa9aa1ee58167ed110f99a1760b05e4efb779df8e432eab1b2a0fc9cf9d67a05b2d5432ff8f82c620a38a62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
950b640ed831e2d7ff0edff19fce839e

SHA1
4efa416b66a69666e2a766f1795155abc356d1f6

SHA256
bdb2b9eb6d02a2564f24a07baabf2a2c0d060e439d97d8a78e6f84f94568883e

SHA512
54fef56971ae87ebe96ebb40bf6c8fc2e6b35de6d0889b32180ba739c7f61d834790b87575ac533419931097154409fa396b57f0b079b9b9871f0cb6f9e51c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13349386066886423

Filesize
461B

MD5
0b8a67b97dcd6c002374c5df4035ad5e

SHA1
138828fcbf091ae15e12d71f2ee736dc9681cacf

SHA256
b5b2039053caed8527d51c6b74ef571cd9ba8a010bd7cf8ad8c48b098429919b

SHA512
d8a027537ef96515871067675fadaa9c5a0cdf0a9bd9694ef4a0c0c9ac30db909ca1097b4de75fdc481ff55f25b7f7b4df732b7191ffc48001093f2efe9a711d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13349386067054423

Filesize
1024B

MD5
1e9cc9bd634d3cabbed6d89759979888

SHA1
60c0b611e8c14029a157689f6c1507b23367273d

SHA256
a41937da553fe52834367e22b930c261350df85fc312ff502efdcddfe9a1ace9

SHA512
94e36d27caedf6e4399122b7447dd21e9ac5688425eaee9e70a528f7b6945c3726559643d7c803702c8fda715a30e8546531bbf30089fb804337a8565bb1cf18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
f104e7e7796026e88254834d56dee20a

SHA1
a95bd626fcb66eb8b470ad1b1cbefb7c2ddf3d56

SHA256
1f0302742fbf8d731ea7132eadd9d6a619c4e7acd108d8f0676d081bb0153641

SHA512
66a7a24d4634cb49470b8ff29c7eae69ce01fd69d69749474a308c7c2ebed819ed237ade618a70dea0369c99b2938a0e83ea07c1c1b1a08a2ffc2f766e9f4abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
8bc41c36f367f416041ca3ee25b1b195

SHA1
ebf1a5d30a20d54858495b2c41983430ca6d526c

SHA256
9078c875a7b0a9e36ef74c855a3fc8a26a6fc2340db4444ee50a85d1eb079ba2

SHA512
f7f1451d1905f0f179c0d60a52dbce9657bc2e95a62a236b5ddb1ccfa77d55f2a30a9c0bc11678da0d0ef815464e9f0a4f594a37da6def2c9a77c2ad68c38e88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
139B

MD5
b995a58f6c5247915f38e44c449d3ece

SHA1
32bfe48fbefa39afe4c7737fb5d04136eb173bc0

SHA256
46ddfeb24a5a98738a29666bcbed02bf00fe0f2c57f5423497e016a62f762d76

SHA512
589b66564f947bdb94455e44ed40fb539c85b35e31b0002183695ce200a27bbf6e072c0a97f6358b98e8dd5e6063eda31ad1e272883cbf75b6efd3f8e5c7dcaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
dea332a99a995832d9086d8431656659

SHA1
6d2147b2f803c3cfb356f074ed1b14f4651b4313

SHA256
767a49e4158884a47b7fc8243097dc4720fa3b624db746b2a382cf17b0d668e0

SHA512
e2cab50e5ff01f419197311dee4691f4c650f615d72cde3d371de1c0409d0839c599b957f4e978809809f02b99fb97b86b7b86fef2d707d04ff4586045197c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
206B

MD5
16765787860a3628ed104a525d986992

SHA1
d27ef2d38d6dd848cc508702c26b19769493df0d

SHA256
c277e165f0008fc8f6e14bd6017908ec66eae2c875601ada3f6df79ebd3e097e

SHA512
83d6869dafa1a1e3e201cdd1e4044227d64585b2e54d745729e7c454be23d6cfd5ced1e1deb851360c857dffc672d20978cce354fadf7e578be002068f0df63d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
a3b6dd4d797feeb01b9fb74a97b77140

SHA1
f7ad5734a98375477683c276c4cc1b8d33280f7e

SHA256
4f660cb98ea62273d0597bc82e958dbdfe85abfd19978ced239788719183fd36

SHA512
ab10b7c5ef2edb3c6f1b21446dab6a527580e2a2622309b590a4fc75974cb16b2d970efea6b173aa2735521a102bf57e4b1c79282f6097b6a4ff630e9f4cab8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
35a03c793c05fccc737c6986d968980b

SHA1
75298a435050aebb602c65a6ed12011f60f80c03

SHA256
5506112b3682e3911892b7cba1c27caaa6fb32d8bd5577aafe9cf44bed7b7d42

SHA512
4a826c6715c4c347af1cd5b1d5bcd53eef37db826f790030ea5ca0ba323771375af8a5645a6c41848c2b6c0c06ceab3b909a7bf1af90f8461d75bbb5899c5164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
f70bfe506f639954ceca983b5e7433a9

SHA1
349d2e5e11ab38f0f5959467e513bbf4412135e4

SHA256
7d6cecfb8ea6f5b43ad81d172554c72b623e7368a1a6608351eb58c1bc3ab15c

SHA512
c27a852e80fe32b130f30b4f78661e32102ec8c8ed5884aa0116579589e9cf70017a82fd5b4c1ec03272bd3ccb099947f5fe1d5d7c30f0c120f69f538ecf4032

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
4ad8bdab72bd09d82d47fcb4a52018fd

SHA1
48e39ebd8b2f93e3860ac603a656246b1ec5986d

SHA256
061d36ee9b3a6a95c76f732d9cfbf7c84fca9646a2f57459913e338e7c291172

SHA512
f211102388a9d739992f5228a17f3a41a482894242978e70d75bf0dabf998c5a2a0c0c7a7fd6ca4aefef55101d2469ef4644805dc53a74187db222a050a36c51

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
81KB

MD5
e8444f3fc6d3347860762ba5b08d19dd

SHA1
49a376c6a51f9991a5b61812724a3cd2cdd1486a

SHA256
89313ccf9946a785da6d7a02f7f2b0944b61c558ddc68d1abe506ed73f5bb158

SHA512
1c5b53774207d4b85ee8e6080546f0cc8198b29167614f785972019c683f0606c4b13215a73466cb04ad5781e831b93997ba11b4ba70ae2b1b9d59936783b14b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
64KB

MD5
5f14fd9aff3b4a97226d5150fd3ce378

SHA1
ead877ea6ae322fe6c581b63c49332464cb948b0

SHA256
ac6df1df4d014062d6170217fbdf7a6ac8d8b4672437197f3892f7941a44fde3

SHA512
21be3978bca05f439385854ad64d82265c9f92d135f4500cb89cbe782d0b0c666e02aaa17f9d8793829ced7e4add852a234ac8fbd87eb36c31e0009cf0267a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Browser

Filesize
120B

MD5
a397e5983d4a1619e36143b4d804b870

SHA1
aa135a8cc2469cfd1ef2d7955f027d95be5dfbd4

SHA256
9c70f766d3b84fc2bb298efa37cc9191f28bec336329cc11468cfadbc3b137f4

SHA512
4159ea654152d2810c95648694dd71957c84ea825fcca87b36f7e3282a72b30ef741805c610c5fa847ca186e34bde9c289aaa7b6931c5b257f1d11255cd2a816

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
add8b1a661d9e5ba5b76d22bdab68f90

SHA1
ef14b026140ed9319e408d7ebaf303ee59810e5c

SHA256
e400c7e31be32a05efdcb8d181311dcc025259bdf5d421c0f1f9db1421dfa350

SHA512
7083c9b8f7c0e8dce1d9f1aa1b38cb40996587207973c94369d5c48d79c2b0c08db1dd6381676ef526d8851eb0c15f8f2c89563db5416ae5547a62ed50010b04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
0c1171886ee6fdafe8776268545d9a4d

SHA1
f8db74d4624cd251ca8e8aac9e9b4d006c4b5718

SHA256
a8697928102045061f0269cdf0c5033ec2863b6864c2118b8b08950075e5c340

SHA512
86c707bd03bbdcd51f887db4a46c01a0e4dfecf010543d82d4dbbcd758f730c1b2fdd3dc30677786e510eeb93125fe685eafc8dccf43a8bf2d87e2f54f3d2184

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
8117a1d2d466ca078c959618a17bfd40

SHA1
eb3aa59f750e0f78b024e0bf5356fceb66b0b7a5

SHA256
22df4b73b5932903a91bc2d3624c31a3630b9ada10780abf803426905a9b64fd

SHA512
2a2a07da810bd3eefd7e1aa9f51452d815d1135130522eb5860792630800e9b019df442413fe6eaa06b453f85dfa613f4ddf4187bfde0f8cc8a4c02abbdc78d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
9ce83af6a2c68cb80c93e82e74f05ad0

SHA1
dcf64a024bc46797d9c4221be4bbe0fa0d42ae99

SHA256
83f7e271bdb6a8d6b13b2a9e08249f096dd02ffba1fbdc6264fd73aa996618e0

SHA512
32b99aaf3e2d3af78be9ac9807fb450b92718fabe1f0aab31b9568189befa558f36d339cfe24e16468ced9d3615d186934a9d4f38742d9181d782221f96a8167

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
4KB

MD5
b94be96dbc2d07f667c041df6b5373d8

SHA1
8ab6970647195ad80659c668c67f9ad3e9c3932c

SHA256
ce017970deb1021514e9d113df36c3a67c7c410bbcb4ee31d1b0a12ff584d1ca

SHA512
502eef8fd4fdd0515379fd6936ae21a7eaf5b24385b07f2d8c6b293d7b640bdfca3a0528513302019a883872d8ae488cb373b6061632d305091e3ac63628e0f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
e86ee5c7e440c8bb970890ba3a8b3afe

SHA1
53b637e69f0239afbd1be1716f0d17a798663efb

SHA256
002f380a6da033d2c99ab0313256a4b7de6669ca65afe6d94b3b62ebc072e7ba

SHA512
4f0f981a317a04038e6499133bf6f19a5b74f6c0001e23acd86382d2ead4d55350872a17cfcea77ab60672ae2e9fe625a865859df3f5b16c44908fbca3846555

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
7476fbc6056a124d44aa9a7af67bca17

SHA1
4f5c5d0ef02a11880aba3566e941c8cef9f2ddec

SHA256
463abf0750587ec33743a94cc672079e3b7a9d1a28cfb131a9a3960cb293e85b

SHA512
51eb7f62eed231ac01ea2186347c542b25d60a99cf99f62696b3396776567bc8459dce6b0a10e4cb16f5a2d0450a3ec6c0d72b256473f9f199042a84ce0df6c1

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit