630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc

max time kernel
231s
max time network
225s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
04-03-2024 19:04

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc.js
Size

475KB
MD5

b3466ea07dc83fcce7eeba0dbc1c8aa6
SHA1

1aeee7429327e3241fccddd4b2f06b8e6fb67ab8
SHA256

630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc
SHA512

f8b4f246112071a91c125ce6384a0b86d6be1b9631801e53e9e4f2b8027b4b5acd9aedf8b4fab7c7dd69e1729f1ef27b2aeea1f940ffceaf8f2abd320fbb57e2
SSDEEP

3072:VVnNs48OW0kT97kFUxj3mKMABR3R7DyWvEXNemiS0KPMID5whT0bMNj69wrVRs3f:nbkw83zLJtMtwmIj6ERCcXhe

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ-Destructive.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ-Destructive.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ-Destructive.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-627134735-902745853-4257352768-1000\{D2841913-1008-4F86-90FF-07EE403C1162}	msedge.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\memz-master.zip:Zone.Identifier msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\memz-master.zip:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeMEMZ-Destructive.exe

pid	process
568	msedge.exe
568	msedge.exe
2240	msedge.exe
2240	msedge.exe
3632	identity_helper.exe
3632	identity_helper.exe
3436	msedge.exe
3436	msedge.exe
2452	msedge.exe
2452	msedge.exe
2940	msedge.exe
2940	msedge.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

MEMZ-Destructive.exe

description pid process

Token: SeShutdownPrivilege 3512 MEMZ-Destructive.exe

description	pid	process
Token: SeShutdownPrivilege	3512	MEMZ-Destructive.exe

Suspicious use of FindShellTrayWindow 37 IoCs

Processes:

msedge.exe

pid	process
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

Processes:

msedge.exe

pid	process
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe
568	msedge.exe

Suspicious use of SetWindowsHookEx 23 IoCs

Processes:

MEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exe

pid	process
444	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3612	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe
3512	MEMZ-Destructive.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 568 wrote to memory of 4664	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4664	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2364	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2240	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 2240	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe
PID 568 wrote to memory of 4784	568	msedge.exe	msedge.exe

C:\Windows\system32\wscript.exe
wscript.exe C:\Users\Admin\AppData\Local\Temp\630a2dec95e68275d9ffa75a87d4809a9da69434c30cd95099fa401c9e4c9ebc.js
1⤵
PID:4116

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:568

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff969dd3cb8,0x7ff969dd3cc8,0x7ff969dd3cd8
2⤵
PID:4664

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1880 /prefetch:2
2⤵
PID:2364

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2240

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
2⤵
PID:4784

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
2⤵
PID:1836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
2⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
2⤵
PID:2012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:4948

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5344 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3632

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4104 /prefetch:1
2⤵
PID:348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4080 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3436

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5396 /prefetch:1
2⤵
PID:4036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:8
2⤵
PID:956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5028 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2452

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4072 /prefetch:1
2⤵
PID:484

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
2⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5108 /prefetch:1
2⤵
PID:1880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
2⤵
PID:1504

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5956 /prefetch:1
2⤵
PID:1900

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
2⤵
PID:4840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
2⤵
PID:712

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
2⤵
PID:1212

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1856,9673905339041977964,9922969938125317647,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6480 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:2940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5032

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4228

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1096

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe"
1⤵
PID:4340

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:444

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /watchdog
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:3512

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Destructive.exe" /main
2⤵
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
PID:3612

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
3⤵
PID:1416

C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_memz-master.zip\MEMZ-master\MEMZ-Clean.exe"
1⤵
PID:464

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d4604cbec2768d84c36d8ab35dfed413

SHA1
a5b3db6d2a1fa5a8de9999966172239a9b1340c2

SHA256
4ea5e5f1ba02111bc2bc9320ae9a1ca7294d6b3afedc128717b4c6c9df70bde2

SHA512
c8004e23dc8a51948a2a582a8ce6ebe1d2546e4c1c60e40c6583f5de1e29c0df20650d5cb36e5d2db3fa6b29b958acc3afd307c66f48c168e68cbb6bcfc52855

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
577e1c0c1d7ab0053d280fcc67377478

SHA1
60032085bb950466bba9185ba965e228ec8915e5

SHA256
1d2022a0870c1a97ae10e8df444b8ba182536ed838a749ad1e972c0ded85e158

SHA512
39d3fd2d96aee014068f3fda389a40e3173c6ce5b200724c433c48ddffe864edfc6207bb0612b8a811ce41746b7771b81bce1b9cb71a28f07a251a607ce51ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
69KB

MD5
a127a49f49671771565e01d883a5e4fa

SHA1
09ec098e238b34c09406628c6bee1b81472fc003

SHA256
3f208f049ffaf4a7ed808bf0ff759ce7986c177f476b380d0076fd1f5482fca6

SHA512
61b54222e54e7ab8743a2d6ca3c36768a7b2cf22d5689a3309dee9974b1f804533720ea9de2d3beab44853d565a94f1bc0e60b9382997abcf03945219f98d734

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004
Filesize
31KB

MD5
acd3f8bcdca044e4382c0bb6246b0234

SHA1
1c83d89a3c40835a82f06e6bea0af86f52901bc5

SHA256
cec8af8be960f3b13ad0f554c338ab88688ae5b4ddfcda5471fc8268ce66db25

SHA512
3cbf100cc72f4a63c7aebe0ec029fc3635b97addbb0a4e83febbd127e00ff1455fc0b4cb90839f3bec498a7cdb848d8fde4d6991cc6a1f479669e70ad220b5a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005
Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006
Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007
Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008
Filesize
1.1MB

MD5
764666e3debd6fe7ff0c0b625a41a62c

SHA1
d89070fa6d0ce0f1d23a734d7dd59df17857e002

SHA256
eb96750ea92f4a0869b8bc96e6da246127aac54b53a336c924c7a7bec891258a

SHA512
ca32adb6382b05f136afdc5328729ec2af14afab7a55fe777e06499ad2dd11550a09d278432fea9d9ec831ecf5d4952f08a8c1abbf299f2db9f226dab1bdf1c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009
Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a
Filesize
74KB

MD5
bc9faa8bb6aae687766b2db2e055a494

SHA1
34b2395d1b6908afcd60f92cdd8e7153939191e4

SHA256
4a725d21a3c98f0b9c5763b0a0796818d341579817af762448e1be522bc574ed

SHA512
621386935230595c3a00b9c53ea25daa78c2823d32085e22363dc438150f1cb6b3d50be5c58665886fac2286ae63bf1f62c8803cb38a0cac201c82ee2db975c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016
Filesize
32KB

MD5
1ab1cedd4288d83c0024c488baca3c76

SHA1
ba240bcce85cbd88434aec61076671723662cb28

SHA256
7f265f4d41820a583b05d272f6e6adf4dfcb9c00c4f4e2521348567839d5e7a9

SHA512
3c60dd28dbaa2be4764a404d3ccf597c3d5eb262413ede20bb44c0e75f9b056dda14ddfa4443c01a3cc813a2a9bf59d948c95badde915a0bbc3955361ac3fd7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0
Filesize
3KB

MD5
ccff472a861768452e6ac5f2bf68e2e1

SHA1
71dba8af7adf9bc1df22e33a5a1a284465ee590a

SHA256
02cba5a6907e9406ba9d65f5cc4c33c26494cfc94743122abcbe4e339f426e10

SHA512
98ae581c58a83df2d36045a5304f1565ea01bc72ca1ecc715dced756a8c1b43740cab231d7ffb04cbfdcdadbca50f3dbd6cb385d0e4917c9d31088d213868b3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0
Filesize
3KB

MD5
de1aded3d228e203e98a5c4371a44ac3

SHA1
4dbe0bdd557409c7c1dfb35733c735d45cd5fe28

SHA256
a833bacf5d3f8926c2ac546eff20ba8d1d05d6ce74c501e2466d2a5ef8051279

SHA512
91fa0de59e3d25bfe9dfda1e51a956cd152fbf2c54c7c6ac7d2fb11cdab2ad1707ec0b83a4bf9e79da649b5c8cc979b7c7fe6045a3a2ff88d7fc85ec49863ee1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\693a63a9fc641d93_0
Filesize
3KB

MD5
985dc8dc62691b958dbb3540560f1029

SHA1
1353b13935e5ee9d0a0847fd35c3606c7b1f3d89

SHA256
3ea03a0dd0c7ac2a6533a5cd834c0b50c28c00f635b7c12c86dab9b525132fd2

SHA512
1bb9675df56d53a154e20523b97219e57d30745c9e809be544b6d08172af21b91bcaa88313fe4471b15bf7c51377dbf2abfcb78214cb5d31751f660c04b457ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\695c42f61090a800_0
Filesize
13KB

MD5
91c6bc919c289f4225ea94a2fc49badd

SHA1
f66fd8dda7574d796194a4066af5c8b49158c9fb

SHA256
3d7395a6127e1c3db7a059b4f615209f13e936b41571f8818c2f2e25a2ba898b

SHA512
fbc0c080209f2019b7980a2f5e8b1c784442166e9c370c847057e06032346e7cef262cc3e1a28f7d91725318e2e98f4981e94cab0ad98c9ebbfd62dc06768010

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0
Filesize
2KB

MD5
8d325b6d09ce9a8f7b02796c98aa74ba

SHA1
b137f83668527c22aabbff08fc20eaf43ccfe702

SHA256
9437ad6792a0ca49adf220d2ea0a84891af5c43be23dcbfadd8442ab8b9f3851

SHA512
e46c1b2f1ab5018bf6bde6393268f838cd74d9b7289be12e7792cbf5a3f434aa950671f3527170813abcedd7d94a597f69f067c92eb3f84c929f4f0c0dee4573

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\794417c96d8ffeee_0
Filesize
5KB

MD5
e2bbd1b39162d82f408b8ad1782d94f3

SHA1
c914f90c021dbcfc85e3c167e253db558e4fbc1f

SHA256
02f9ea068ae9a2b24582a666343a09b52b523764c264f6d8fbcdc4a03449e38e

SHA512
b4e76c3d86b14ab81f6f5250020aee46dfdff2c45d8c08659d784ebda6dbefe0375a239653a71c4e4ee2f81640e4fb7d39d098802a9744a5191852d6d4e890ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0
Filesize
2KB

MD5
1cd6bb1337a687dab117d22ebe76cd11

SHA1
fb89435c39353f0c50328f177dacd6d189ac8be8

SHA256
c32112736ea8febb273152273b808ff6688ad6b23839b15d577dba07d651a386

SHA512
9035fdf5378ac2e4c29278d4ea34f2ea99132f2bf20d0ca4c1c277300489b2736cac3147777049cbec60be6fdf1ff4c3c001762f2b2a4b5818dca676397929c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0
Filesize
5KB

MD5
58cfa56533a22bbafe94656e2449ec4e

SHA1
604f9b7478654ee5e9869325cd48f807ac387586

SHA256
b0eceabbb223aa7165c064180a9106de77f476939783005396a5843a4a05b014

SHA512
43e34eccd564365b35372164f09055cf5b958fd3dc122b91960a7849bece9523bc0b0cb5234f5bd3b32503131f2871e2c864a3d640130a08067c9dd521e30fc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\da1be081e56403ce_0
Filesize
6KB

MD5
c92c1609ce430cb7026dd55c77e1c686

SHA1
0f32bdcc4d34da69958d330cfedbd55190e94a17

SHA256
7379a19c77b773cda56c54ba752c7520f419af5830a9e69c9cab92d3524cedce

SHA512
e208dbbcac57c4768d6e97bf036f5f4f1d56ba351148be5a006c1644d155626b039876287d3529946951df2eb57834d1c71ee8485fc63b74ac6764c5e21e3906

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0
Filesize
3KB

MD5
ee2290050c377cfe39bc298e2666fc20

SHA1
9e9142ad9e954cbfe5cc1aa221073a6878bb1687

SHA256
e797aaa49e584238428934dda499bd0d91d03c9c86e4fd18ce24a538d1215f01

SHA512
564b69bca3fb73f3f92488b964a27a97e6b1d64faf3b2c46a7744e9931dc824138bc7df88501d2aa19de94777c7b77e3247c1b6d8e646ca97203121d04207251

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
9cdce6c6d765fb8354f2eade25f6c3c2

SHA1
3c3c1a49c0c3d14f8d7a92223b8d3f33fa607b22

SHA256
d97dfe9406177ee9a107ea84f994d5e3c8da2a835f8279a3f4d42419713e5b37

SHA512
84fb03748467c34e0c977fc5446e266a145813754ebd5fbec1805b3d036409491084bc7d4750323be69c77dd56e11e4f3d3a6d185f0333041d0b6212afce0fb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
2KB

MD5
f40408754a68bc8cf45b1585b5578944

SHA1
2ff5ac8195c2ad4d75abc533ee536a374c253f47

SHA256
26391b834a7f0a6d5537e24ed412c606ec14f9f569d9e37d41dcfb3f53a0cc87

SHA512
956c1ffb27278dd18789796bb271d7847476bee94c2eecbeebad39dfedfe102f0e576c182c1099f372b1a76b49c497a93a8c684e2e41b388d5caf3b8cbcdc919

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
472d31b232028cbfb1b4e2f0e4b0c1d3

SHA1
3e2ae8591ce3ec105b7fe639d0ecf56767d2e821

SHA256
a67b49c19587810043e718a52470e71a8ab0fa6f47e25d8d2604058532c721dc

SHA512
4d8c4c0b21c8d8abeb76975ec5fd2e0295cfff3b30da16b5b348a348cc2d37787f60f5c97c396548248038aa82806d591704269414197b21962e1d69b7deb226

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ede093900edd515a3fa10b837201711e

SHA1
dd57b5fe72bb7afbdd9000f721765ec124cf3351

SHA256
085c628a96eb6e23386cfcfd4aefc7205eb9bffaad7614e5f83c5427c7ad4f17

SHA512
afe824e21bde50c23a5231916bbcdb1894dc289a72b04f6689b03f87236bcc657a9def134bdf1f830b9bf0e6d7b8e3077ee5484c8e605001a9810be6d4b9cb5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
64fef35e0f5eb9e2ee7e4f2ab37a9a22

SHA1
2c0001d86088fc1b1beb7bbfaa60f1fe211f9e07

SHA256
4b361641e82d3825fb45eff877d81021390a9b61998409ac6196b5b5a60b66a0

SHA512
d2750b46fb4e13589ef8cd51ba4f4778dd4ae2a006bb6cae2e25d9deec06aa7c89ff9a9013aa9df6cf13708af116570fea050e8d064027975a2e5bf349621dbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
50ff03e88329e79f294798efc7a963dc

SHA1
98db69f2f71e0ad1ab0ac2996ce33476c45081f8

SHA256
a98236cbf4252b677940d5f8fced85954dc123091d3d07f56fecf9075eb08647

SHA512
fc16677b6dcbb61ce909bd12d4871f83f8eb49eaf7ad0f7d272d14e5e67d4ce8ceba1487c0aef70b004568b165b2837f170008abd1599017bbf3326a9c52b964

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
dd09dac90a732b1345cfda2244f079dd

SHA1
ea4c42e6db6490e67878e55d4a637a33abfa5a98

SHA256
0a0846a0f8ef75f8a60d587c7508e3b7692c37a4d6364aeb81dfff6d1ff52e14

SHA512
084572705a22f2c8473949f0a8515566e544bd0ba95745d2d9d161cbd92e1de5c2053f074802627573024206f0ac932641376a2678a91b35c3c25e4690a5c98d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
be8dbc3cbddc9c4f122f3f66f9716abd

SHA1
316863a209d22e9d35a0bc18ef64406cd1b111e1

SHA256
8d5c389d127d144ab5189e9e37e2b2b85d255712bdb1a596e9be33b559a22728

SHA512
cb43cd4fda3b703752a2ad57864aa41cc94983819df72b15b557d19ced2c9ba09185d5a67ffd5644f80822acb9407e5485920cb08a03076991f8113c7ce361ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
871B

MD5
4ec75eb343bb3fd926b6df0f1b46e2ed

SHA1
1576772e67a2f3781b2b950d1881a985d4a84037

SHA256
e1d8f20585f3a919ada248d996f3aaa805000f277bbcedaf7e789c91a8d032a7

SHA512
5904c05056e633dc0b4020900dc5cfcecdd208613474294bc31692f8ece1dc283a61f9f8c72399dffb2faa6172135f979b029ace7fa4883b6824a52370c52684

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
e4aeafcbae4c7901a01e5067abaee191

SHA1
514978660a40296ca012f9b9951157f2cc551aed

SHA256
35a62a526a6c0a3fa2ab1f48163bd3f85b859dd0e855f5b5fbc57180c2840982

SHA512
5305e1422e5afecc5661e8d4ead58aed0aee5ba2bd6b3fa0b6b7060acd6a56e151a6393d2516ad450d967dc5dafd7013f88b8d0e2344feafc2c0437ea89a638f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
536B

MD5
7ab7dceb1dc64244f1cd64760dd5eb80

SHA1
f1adbeff241bada65333659c778ebf207aa4d7fa

SHA256
43c0d0e5d0400d0bcdccfab71bc976ff9fb9a169ca558eb3b3e7462de810f1c5

SHA512
2933e93f0641e6cb6380041d381193a5265cd245737ccdd11f57e5587d668cb838187cba70ac7253aefd7ced385c43ad558e9707b66e6fa7b951ac52a0083a20

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58aa45.TMP
Filesize
536B

MD5
caff43a53230f0edd311c01a2c743f47

SHA1
996777c650619233594c66464613a04bcc07f1eb

SHA256
a0a95980c76fb00e82f9f6c0b3bb913070a97e53d1b0ad6250b7dba78ec77792

SHA512
021ddda14883ea979357896d2c36c8ca48cacaf79e0b68a8ef2a2253f8e77fdaa66c0505748e01896ad66935c6d2b06413333873cfc9eb1e5d29101308c0789c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d5efb444-631d-4939-b1c7-42a2f07b76de.tmp
Filesize
6KB

MD5
fa5110e89970167b5ca0b2944f599a1d

SHA1
e76a7ddcf88a2e6b6d9735b95614da1b1c0520b5

SHA256
b5abe1685f2cb9cdb675894f61809d3356e741881eecf6456e2ae8023ca09a2c

SHA512
8daf162f1cb9d95a848de1846885419b15e396d480b7dcd1627aed32464501d724227f3854f3751498fb08e46cef1027e607619f974066ad2a5a30c8307d0537

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
894ff702cd4f0761b98cde02c0a3879e

SHA1
0a0bba0c3020b6140fd403e948d280c1ecc5ba25

SHA256
cf17711c54d6b9295ff603bdb6d9d417017a9f8e6bec9ed860128b20fd3889f5

SHA512
195919d43dc14bf99532767e697e1271e021687ec15b923020441ec927452e7c651c80459647ff10ca6b9d39421ceeaff9d33c872a3f6238de7455d73ff0d0e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
c0e550d6f56b6ddfe06ee9f92cb96bb2

SHA1
a58b6c4bd0d8d6f2771ce772915b20174710c02b

SHA256
da588046359d5df386508ff79bf05f95dbaa0223525ba7ab16f68b34b10cbb92

SHA512
0ecc097ef3ca64f5b2ac311a1a7f6c3b9a917c1e2f92d609d4fe29b56d3ed2c74bdc182eeb2cf9aa5ed4cd840de9ca4266388303b7882464e054c3f60a311aa2

Download Submit
C:\Users\Admin\Downloads\memz-master.zip
Filesize
17KB

MD5
4790677e05d72ef7429dddf35562bf4a

SHA1
4243d6ea53db7e8cc0c355e70d6cffb54787b90b

SHA256
319bf6087040d17b87f46cd05f5ee064c291ba9ca46e1910f28d1f4c57cb3d96

SHA512
a93c5f691938bc1bdd9ef20b975f0b22cf494543e7df82ec31838bf811552ead5cd855959be4e47186ee7de944be005030f52f58b9dc85e7cde719cb97b794e3

Download Submit
C:\Users\Admin\Downloads\memz-master.zip:Zone.Identifier
Filesize
167B

MD5
48aa202d5600ab0160ddf7d753b4a177

SHA1
4d1e68a6908f66faaa15d253130aeff6fe323c3f

SHA256
832b62b5324e24a4e7f43cc66e1610f2e22871acd1a930b9991b4d79e5930154

SHA512
1a51b931c974ad6c54ce5167535f17df75c5fcf11b8314d3a55dbdda777d826f3d27032b51308725f6af925163dc0b22095ca62523375850cd63349fc7148c79

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_568_ZNNDOUMTJFFGKUYC
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit