092129f26834f0f3453c3c0cf6fc450c8d9c00e8521a464affb3b5696ae7263c

Resubmissions

17/04/2024, 16:38

240417-t5dqqsha6t 8

17/04/2024, 16:29

17/04/2024, 16:16

17/04/2024, 16:13

17/04/2024, 16:11

17/04/2024, 16:01

17/04/2024, 15:53

Analysis

max time kernel
470s
max time network
465s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
17/04/2024, 16:29

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

settings.json
Size

717B
MD5

9524b55958a0e976a0b97cda97c12516
SHA1

c27592c0c683be473ccc0f1299a1a464f9f4792b
SHA256

092129f26834f0f3453c3c0cf6fc450c8d9c00e8521a464affb3b5696ae7263c
SHA512

cf122e2a291baa58a753bccc0f7cc0d93ab35f62bd39ffce5cba29e9455f904727d7496f70154254c154481adcd25f59137d993b81c0f8d7c2642a6624ec5407

Score

7^/10

Malware Config

Signatures

Executes dropped EXE 1 IoCs

pid	Process
5980	MEMZ.exe

Drops file in System32 directory 5 IoCs

description	ioc	Process
File opened for modification	C:\Windows\System32\x	cmd.exe
File created	C:\Windows\System32\x.js	cmd.exe
File opened for modification	C:\Windows\System32\x.js	cmd.exe
File created	C:\Windows\System32\z.zip	cscript.exe
File created	C:\Windows\System32\x	cmd.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 15 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies Internet Explorer settings 1 TTPs 2 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\Software\Microsoft\Internet Explorer\Toolbar	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000\SOFTWARE\Microsoft\Internet Explorer\Toolbar\Locked = "1"	explorer.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133578450201927707"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fhcpl.dll,-52#immutable1 = "File History"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\NodeSlot = "12"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\FirewallControlPanel.dll,-12122#immutable1 = "Windows Defender Firewall"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-102#immutable1 = "Keyboard"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\recovery.dll,-101#immutable1 = "Recovery"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-1#immutable1 = "Troubleshooting"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-52#immutable1 = "Set the date, time, and time zone for your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-5#immutable1 = "View and update your device hardware settings and driver software."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\Sort = 000000000000000000000000000000000100000030f125b7ef471a10a5f102608c9eebac0a00000001000000	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-1#immutable1 = "Power Options"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\RADCUI.dll,-15300#immutable1 = "RemoteApp and Desktop Connections"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-1#immutable1 = "Phone and Modem"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\srchadmin.dll,-602#immutable1 = "Change how Windows indexes to search faster"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-10#immutable1 = "Ease of Access Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\inetcpl.cpl,-4313#immutable1 = "Configure your Internet display and connection settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\systemcpl.dll,-1#immutable1 = "System"	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\4\MRUListEx = ffffffff	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings	chrome.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\Vault.dll,-2#immutable1 = "Manage your Windows credentials."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-2#immutable1 = "Configure how speech recognition works on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-2#immutable1 = "Customize settings for the display of languages, numbers, times, and dates."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\Speech\SpeechUX\speechuxcpl.dll,-1#immutable1 = "Speech Recognition"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\devmgr.dll,-4#immutable1 = "Device Manager"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\colorcpl.exe,-6#immutable1 = "Color Management"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\fvecpl.dll,-2#immutable1 = "Protect your PC using BitLocker Drive Encryption."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings	calc.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings	control.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByDirection = "1"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings	cmd.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-160#immutable1 = "Uninstall or change programs on your computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\DiagCpl.dll,-15#immutable1 = "Troubleshoot and fix common computer problems."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\accessibilitycpl.dll,-45#immutable1 = "Make your computer easier to use."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:FMTID = "{00000000-0000-0000-0000-000000000000}"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\LogicalViewMode = "2"	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\GroupByKey:PID = "0"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\telephon.cpl,-2#immutable1 = "Configure your telephone dialing rules and modem settings."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-103#immutable1 = "Customize your keyboard settings, such as the cursor blink rate and the character repeat rate."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-1#immutable1 = "AutoPlay"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-300#immutable1 = "Sound"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\mmsys.cpl,-301#immutable1 = "Configure your audio devices or change the sound scheme for your computer."	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\autoplay.dll,-2#immutable1 = "Change default settings for CDs, DVDs, and devices so that you can automatically play music, view pictures, install software, and play games."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\intl.cpl,-3#immutable1 = "Region"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-101#immutable1 = "Customize your mouse settings, such as the button configuration, double-click speed, mouse pointers, and motion speed."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-2#immutable1 = "Check network status, change network settings and set preferences for sharing files and printers."	explorer.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\Bags\12\Shell\{DE4F0660-FA10-4B8F-A494-068B20B22307}\IconSize = "48"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\main.cpl,-100#immutable1 = "Mouse"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\system32\appwiz.cpl,-159#immutable1 = "Programs and Features"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\netcenter.dll,-1#immutable1 = "Network and Sharing Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3001#immutable1 = "Sync files between your computer and network folders"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\usercpl.dll,-2#immutable1 = "Change user account settings and passwords for people who share this computer."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\SyncCenter.dll,-3000#immutable1 = "Sync Center"	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\timedate.cpl,-51#immutable1 = "Date and Time"	explorer.exe
Key created	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\NodeSlots = 0202020202020202020202	explorer.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\Software\Microsoft\Windows\Shell\BagMRU\MRUListEx = 03000000020000000000000001000000ffffffff	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\powercpl.dll,-2#immutable1 = "Conserve energy or maximize performance by choosing how your computer manages power."	explorer.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-2288054676-1871194608-3559553667-1000_Classes\Local Settings\ImmutableMuiCache\Strings\52C64B7E\@C:\Windows\System32\sud.dll,-1#immutable1 = "Default Programs"	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3944	explorer.exe

Suspicious behavior: EnumeratesProcesses 24 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
5920	msedge.exe
5920	msedge.exe
460	msedge.exe
460	msedge.exe
4588	msedge.exe
4588	msedge.exe
5936	msedge.exe
5936	msedge.exe
3184	identity_helper.exe
3184	identity_helper.exe
5948	msedge.exe
5948	msedge.exe
4624	msedge.exe
4624	msedge.exe
3452	identity_helper.exe
3452	identity_helper.exe
5604	msedge.exe
5604	msedge.exe
1412	msedge.exe
1412	msedge.exe
6080	identity_helper.exe
6080	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
460	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
5936	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
4624	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe
1412	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe
Token: SeShutdownPrivilege	4100	chrome.exe
Token: SeCreatePagefilePrivilege	4100	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe
4100	chrome.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
4896	OpenWith.exe
5980	MEMZ.exe
3452	MEMZ-Clean.exe
2696	OpenWith.exe
6060	MEMZ-Clean.exe
6060	MEMZ-Clean.exe
6060	MEMZ-Clean.exe
6060	MEMZ-Clean.exe
6060	MEMZ-Clean.exe
6060	MEMZ-Clean.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4100 wrote to memory of 2504	4100	chrome.exe	99
PID 4100 wrote to memory of 2504	4100	chrome.exe	99
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 2972	4100	chrome.exe	100
PID 4100 wrote to memory of 3504	4100	chrome.exe	101
PID 4100 wrote to memory of 3504	4100	chrome.exe	101
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102
PID 4100 wrote to memory of 2816	4100	chrome.exe	102

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\settings.json
1⤵
- Modifies registry class
PID:4652

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc81b7ab58,0x7ffc81b7ab68,0x7ffc81b7ab78
  2⤵
  PID:2504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1684 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:2
  2⤵
  PID:2972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:3504
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2228 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3088 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:1
  2⤵
  PID:4156
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3104 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:1
  2⤵
  PID:2332
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4300 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:1
  2⤵
  PID:460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4472 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:2512
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4504 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4556 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:4552
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:2748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:208
- C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
  "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --reenable-autoupdates --system-level
  2⤵
  PID:4196
- - C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe
    "C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff7b30eae48,0x7ff7b30eae58,0x7ff7b30eae68
    3⤵
    PID:2924
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4572 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:1
  2⤵
  PID:1968
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=3208 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=2380 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:1
  2⤵
  PID:824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --mojo-platform-channel-handle=2760 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:1
  2⤵
  PID:1640
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4916 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:4460
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5112 --field-trial-handle=1864,i,890689393726218244,15369225144787153561,131072 /prefetch:8
  2⤵
  PID:1932

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1040

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:5280

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:5336

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2072

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\Temp1_MEMZ 4.0 Clean.zip\MEMZ 4.0 Clean\MEMZ-Clean.bat" "
1⤵
- Drops file in System32 directory
PID:5908
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  - Drops file in System32 directory
  PID:2364
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:5980
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:460
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffc8a2a46f8,0x7ffc8a2a4708,0x7ffc8a2a4718
      4⤵
      PID:1684
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,4107680710923213902,14145084736439004149,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
      4⤵
      PID:5956
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,4107680710923213902,14145084736439004149,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5920
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,4107680710923213902,14145084736439004149,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2920 /prefetch:8
      4⤵
      PID:3360
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4107680710923213902,14145084736439004149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
      4⤵
      PID:5612
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4107680710923213902,14145084736439004149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
      4⤵
      PID:5772
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4107680710923213902,14145084736439004149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5052 /prefetch:1
      4⤵
      PID:2896
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,4107680710923213902,14145084736439004149,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
      4⤵
      PID:4492

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x158 0x49c
1⤵
PID:3540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2928

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5840

C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ 4.0 Clean.zip\MEMZ 4.0 Clean\MEMZ-Clean.exe
"C:\Users\Admin\AppData\Local\Temp\Temp2_MEMZ 4.0 Clean.zip\MEMZ 4.0 Clean\MEMZ-Clean.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:3452
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+2+buy+weed
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8a2a46f8,0x7ffc8a2a4708,0x7ffc8a2a4718
    3⤵
    PID:5020
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2120 /prefetch:2
    3⤵
    PID:4684
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2908 /prefetch:8
    3⤵
    PID:3028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
    3⤵
    PID:5528
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
    3⤵
    PID:820
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
    3⤵
    PID:4356
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4216 /prefetch:1
    3⤵
    PID:3600
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 /prefetch:8
    3⤵
    PID:4364
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,4048372497371745495,10793510381282432341,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3332 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3184

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5132

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4780

C:\Users\Admin\Desktop\MEMZ-Clean.exe
"C:\Users\Admin\Desktop\MEMZ-Clean.exe"
1⤵
- Suspicious use of SetWindowsHookEx
PID:6060
- C:\Windows\SysWOW64\calc.exe
  "C:\Windows\System32\calc.exe"
  2⤵
  - Modifies registry class
  PID:6084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:4624
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8a2a46f8,0x7ffc8a2a4708,0x7ffc8a2a4718
    3⤵
    PID:4040
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
    3⤵
    PID:4856
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2932 /prefetch:8
    3⤵
    PID:2992
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
    3⤵
    PID:5848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
    3⤵
    PID:5920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
    3⤵
    PID:2284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
    3⤵
    PID:6024
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
    3⤵
    PID:5940
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3544 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
    3⤵
    PID:5320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
    3⤵
    PID:5652
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4156 /prefetch:1
    3⤵
    PID:2928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2216,5195880580688580853,3017716879406424490,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
    3⤵
    PID:2596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+remove+memz+trojan+virus
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  PID:1412
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc8a2a46f8,0x7ffc8a2a4708,0x7ffc8a2a4718
    3⤵
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:3612
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5604
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
    3⤵
    PID:5704
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:3948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3368 /prefetch:1
    3⤵
    PID:5048
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
    3⤵
    PID:3892
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:2612
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8
    3⤵
    PID:1820
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4612 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6080
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
    3⤵
    PID:2004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4308 /prefetch:1
    3⤵
    PID:5216
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5256 /prefetch:1
    3⤵
    PID:4676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
    3⤵
    PID:2732
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
    3⤵
    PID:1832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5436 /prefetch:1
    3⤵
    PID:5232
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
    3⤵
    PID:5680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
    3⤵
    PID:3400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
    3⤵
    PID:6108
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5612 /prefetch:1
    3⤵
    PID:4296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4556 /prefetch:1
    3⤵
    PID:4292
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6176 /prefetch:1
    3⤵
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4524 /prefetch:1
    3⤵
    PID:5688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2064 /prefetch:1
    3⤵
    PID:5676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=6568 /prefetch:8
    3⤵
    PID:2324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,16171587315625676970,7699838947717043847,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1.5 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6276 /prefetch:1
    3⤵
    PID:224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
  2⤵
  PID:5692
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8a2a46f8,0x7ffc8a2a4708,0x7ffc8a2a4718
    3⤵
    PID:2184
- C:\Windows\SysWOW64\control.exe
  "C:\Windows\System32\control.exe"
  2⤵
  - Modifies registry class
  PID:4484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
  2⤵
  PID:3832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8a2a46f8,0x7ffc8a2a4708,0x7ffc8a2a4718
    3⤵
    PID:2864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
  2⤵
  PID:3180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffc8a2a46f8,0x7ffc8a2a4708,0x7ffc8a2a4718
    3⤵
    PID:632

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Suspicious use of SetWindowsHookEx
PID:2696

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4660

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2720

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4360

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1800

C:\Windows\explorer.exe
C:\Windows\explorer.exe /factory,{5BD95610-9434-43C2-886C-57852CC8A120} -Embedding
1⤵
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
PID:3944

C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe /Processid:{06622D85-6856-4460-8DE1-A81921B41C4B}
1⤵
PID:3484

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
600B

MD5
168e92c3dd1c04a8f51dca1bbbb766e2

SHA1
5b65e3e7076e362bc620d5109f8d81a46e95acac

SHA256
70145ac2fa3738c3f8756439d11ab6dfc045d6b19515182d68896d8013d8d009

SHA512
bd51f9f8e472bb98566ad0ac34daea2e8cd6b24dc46dae82ce3aa1e5019c3a7fe6efdb68d9c7c4b1ef89d3c8729216d6288e8225e620a0cc59cc03478a259133

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
fe8fa23a6775f903927af73e4037acbe

SHA1
20b6ecbc93c75db709215529c3068873f180ca9d

SHA256
b17e441ca26df880fdbd1ff72f909801ae6bb3afaf1037bb8082f70e2eed13bd

SHA512
1da39f2510338c3c79602fb77565cf05b81136e26c8c9c6afd791bdf262506190118f0bae528e7a48b381beecaa327a70dbb30e469bf3dec29bddb27f3bb4258

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
6d81312e8acad7fc3169eb85c0435936

SHA1
47080f656c4dca6ba410d715dd153fc5b89428c4

SHA256
3aa7375fd04167848b8aa1cb70110c2dd6adb93dc101f98a560ccabc98aaa996

SHA512
5d6e5c738215e106de257ab79aa18f89a52afd4cb2a2de34f570f252323eda8d700b8a07fc03352e4cbba04be758e3d26d7f1e145698184686999ca916a4c0f7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
4KB

MD5
3f0c14c5a1e8f4ca4473284044a69c2e

SHA1
2b7f878486a53cfbdcc172d8f584ee8f3c09fb40

SHA256
eedb325445da28b6f4f38528d6a5c37c4cce7060cbc8d5fd038eb4a9056db925

SHA512
09d68553982ea362f52711d1f06963ec51c8d5c2f2565b66d90380c74fe96250fe53dbca416e6557c447be2d5539acfbcf29f5ae85b7f553d3d19f1a3a3ace80

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
520B

MD5
adfdf141c776d7b8f7b6046f103e4b31

SHA1
7e64cbb35c743f982a0256397ff1ca3266688adc

SHA256
2fd9fa144bc3795c338f1f1fade208d2b57323c0b4c29212ee2c0b8d7c3df70f

SHA512
8ab36c27aea4c811cb031b67d42028a8032253e52a3418b1033019619cf5eda54b40c504ccbb27af81e6df8504037adb9d505fbba8fcd34a43f1910bde913d97

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
cdbcc40998d63553ebe0358d4b2b87ad

SHA1
070b0b60b7a66a2cdc0659c615320c28dca5ff4e

SHA256
38b6d1a512ffda309506618a91a628e0c077a4a399996d47105d87776ea80c0a

SHA512
5c017b1a7a658231a7d7f8a94b6b1e5f4b9b5043d087a1de80920b15de9421e3a084a5121afab8f0d0dad83778667daf1cba479bf05867b14cc008f4ddf3007b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
04c3285f987a6853f1099f390cf7bf51

SHA1
f8a30f6a620d49d21c0eef98771b2b3692bc65a1

SHA256
b04664c245fdfb4358ee2a5976d9dbcc996344838d84ab690879632142174f86

SHA512
bcd48e3da8f34b865f89afd5a76ec8bd7483e5c6596db0118deb7025235ba66b9af22ec3a7b86907de6edd212a0d5db422ef7bb238bbb0936e4470f262777ed1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
858B

MD5
e36cb378a28f87886bc387035b04687f

SHA1
e1087e3c99480837e405eeebec61d4bdca977761

SHA256
c1c7d9b58162c9a5ede9fe37bf9bafe97da2ea05dcfa595e5f2c5243845d5e40

SHA512
295c81497f96889cb96964636006b7b1cb74102b7aed86877ef306e3a139bceec9b9991c138ea350670b4ba1d35ce7c2cc31659543a0b91c1a06588b3522731e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
6e78dfeb0a17ac9a6dc8720e306815c6

SHA1
330447083ac739f07f79e8e692d74778ed02ce5c

SHA256
07e064aa61f5fa65339817021423f2d803bf62849865987aa2e49609b3f5dcd0

SHA512
8a4bf3dfd968146aaf94eda62ee7076663e33fef3bc277c8e2ca3f36246d3c70002ebe99e184ba1439a9948dc08ec99a4efe1d39717b50b3760697f625eb4c72

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
af2c69556fe341126b6845d7284caec9

SHA1
aaee637579c9f3059a84b0cb04a7dd58027006f1

SHA256
99004a708bec4161abe5c39d9c763ce5e817aee5846417d29ef29c6a3572d681

SHA512
667dbbb299fe0810f30b491db9bd346b33c366fd3f839261da84ec1b07ec1ea5c90cf0ab6c7f6a2bc3ab04eccb9f49c2af068eb3bb50db686e51047191bdbdc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
1e2283e21bdd6906b2c6902b61f050e8

SHA1
36a56ccac9269641dd5b7f3bd108690038fd442a

SHA256
6bd04ced83d778e6e94214183745b77afea8e77fb27ccdfa66d51a568f6ce36c

SHA512
ae5fac0ebfc84d3904f17ddebed4869b38ea33c852decd4d85683f1fb44af14a1d3888e307a1d5b2c53804160fae83d9e03472e824e09e86b7d271808b1a2da1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
8bc2e78a7b52e5edb8c9cbad6dd785fb

SHA1
65232aa30b405d222a8891a0109a1e61e8de55eb

SHA256
3d35a2611fe16249704245cd3a4106debbcdb90fdc347e45430dc873406746e9

SHA512
cb908183028759fd3eceb2d138c20449736e58651b39e4da6814eb63de8b28495d7d24f2241709815d5523e74529cfff55e20ad2ccb45014c557f7a17a8c350d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
7KB

MD5
43a8a16fc09bfd5d18775fa196c503ff

SHA1
00383ad9be1e51d685f05015aa746046e573841a

SHA256
dd2e98d20be58689dff5f8ff9b83d26cf74f4fe9c1d617ca515755306e20824a

SHA512
da73d6c9906577989127e61d107e326531723db820015909094a74d40d86ea0abc5243e07390d3de66e295205398983b84de486b28a6032225747f28b8693902

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
8f9c38e0dac09795abe755243e5a803c

SHA1
b2b83d0b369d31462884e6290e37427cb6a2b8b8

SHA256
327ef98c72d73ed81cfd87c4f689b36f7846cd79debc27ffef96f9dfc9419777

SHA512
dd1770daafb47f3d6ed74fa364d3e498eab5633f0cb2ce4071d7acfd784509b4b12cf195b05c497015e6ecd6a48cbe684d8027cc607d3d8cd881f9aceb88c65f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe57b371.TMP

Filesize
120B

MD5
92f9b3cc429b8d192f435f2651e27cb9

SHA1
1bc818a777f0bb6038614c4a92098ec774f12211

SHA256
d9402ac618301ffcfd3bb64eea1b894e02239645bb6d6644f4b09df24dc3ac24

SHA512
34d3e4d746722bae0fc441ffa883fe5a4052e2569657e7cde1533be4e4394f53e7264256e2716d97d5fb6208e017d91278eb7a7f9ed39b2c472006dc4cecbdf4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
6811340ec01b83e97d9e21d73c0248a0

SHA1
d15bd6a2ba9e1813f79786bd86b8521e79ca66fd

SHA256
3795e96f096d1f016dff738983171506ee0e9c64846e327d091bbfc5240ab121

SHA512
3c16addb922c306b6715f07db90661ed359617ced1d9c41ab4150199987422731a9d668ab2c0777b3f055ed01530d921740f152912be40bc38772a1ace5d5af7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
6c486d9f21943393222726992ac4c593

SHA1
dfda118ebfc2d402dbf71c4fdadac7b1293f66f9

SHA256
f49115ab6ceeea0a9b3ba3d8c1452423686e0c1a91986f6e7c6bdd46f600d57e

SHA512
894e1025c751b90dcf287b311ab6588df01521bb4e1829450e4062ed63924ed1407fa3429d8cf182a454e30d5eabe0eff6209bcb45c3c129c161363268984a16

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
251KB

MD5
a8778146432fedd014f22c1a6dd29481

SHA1
45a61035e851f53bb734a91dac652619047578fc

SHA256
2ab0cd251db5402366aacd7254d92f5119f689d678305641ac1f9808a60e6766

SHA512
c07bb7b7b99944da751ee031d2429239b910e5959edfa60bfc4996fe4900507579037b632abd5acc6e0854d7ff4b827cbd36e54be3a015a473fdccd5d8b4bff8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache

Filesize
97KB

MD5
b65aa172a0dffe924d9aac4d16b27625

SHA1
25f9f5d57e0a7a25e8488b836433c6c90a40ebae

SHA256
f36f2c34db7203a6ebfdf6e97e3811da6a1066715f9f48b15395372647f6fa50

SHA512
f014ff061dbf65be139cc524a24b5495699468a80d98681ad45906bdb3efc601710ab56044f37d17973d9a5948c6ecd22451345d23fef1acf199913e30c248d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe59114c.TMP

Filesize
89KB

MD5
ff626b1e2bac33d870c65faa317e8b35

SHA1
6593cc75b0980843f4f604ba6ba9eb7d45418ede

SHA256
3734986105723b8c8c20287143ffda1582883447a33bb51c83fa31894a5c5670

SHA512
b3173daee5ddc72e25dd77b0cb287875441b8454d2071edbe31194fce1d3c8b69031992951f253e6b23b35511f669b61328665f4ed0da1907fe895b439796bd4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
5edb52b5cdb54f76c79933fea2fcd798

SHA1
be0e382b7420aea0a713c3ad2a0d453461ff6b42

SHA256
3c30cdbb680beb2d4890e28e465195f14a98ea827e4e6e1f9cbff2f499f8e728

SHA512
531208a854abb25953bc01302653dd73a3ad6cb65eede65f614867a1dc17426328f351805fd8691f46500d10abb1e85abaafad0445787ec2f79e8a995d30e654

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8fc00819c077a4cede1d06a1d5195955

SHA1
3d6ed3e185ff01922f7ef3dec096581090bdd294

SHA256
e30a7008c7e229c72e2dafcdbfe5b2ce68a9dec35529e13df3b965e586f14174

SHA512
ad32e2ea77cdc1d6b254902ca33cec3bb60139ce381f2fc736196a3226ce38d0f425c1e30b637ab41f032ee658f0a4879ba1d27b62f30d61a8d164b94cb888d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
7e0880992c640aca08737893588a0010

SHA1
6ceec5cb125a52751de8aeda4bab7112f68ae0fe

SHA256
8649a39877c190ec740a5422284ec5f9ff509b30b2d7896635476873dd8824e2

SHA512
52bd0a38ca7f43b26731966035045b1cbd8b60b2d81bdf9aad791cf444da8af8b722ebf3cb364a6e660bebdf23084eb0e30bc23562575b704801669817549f8a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5e2f0fe48e7ee1aad1c24db5c01c354a

SHA1
5bfeb862e107dd290d87385dc9369bd7a1006b36

SHA256
f13b3ebe8d71bd0086d5bb82364c35f59a95d32b39753af251e8639360e291a9

SHA512
140d026437fd5e8a874cd00b03950c8f010e1a0732a0a1cc5bdde477e7f8315ccb95790bb4c15b8dbaab9468ad532eb885b6c429300a64e39412d976d079324e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
430fe65739d0e061400e6841f2dd7c73

SHA1
6b796db9747abfdf0de81ad6becb1c4b1c2905df

SHA256
627df08eac0d377b2783fff75759a6bb337b34a3110eb4db963ca7e4973a4ef0

SHA512
f2f964d026339a62156ac599eed7fc2c1ec4b6db29d7ef44ff778b6c6c4beb2bfcf8e0955bcc60ecaea1a61891d26b6bf5b23ee258d9404597d2574adeb9ab76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
22f91e36e2107599df0281cb15a6df26

SHA1
97a0378a20241036bf61f4266cd7c7e3997481fe

SHA256
bdc9fd553c357e3952517f544b0325bff0d1e51e1bea3f3b2c6281a17accf026

SHA512
cccf68cbda577dd94dae5f27131158b864846c3313122680a735e25cdb86143e8e3607cb8322f91dcead5a061d5373da9d8f871b4e4c5243cf3d1f94ca7578bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
2cfb1c150da362cc360d1ca6805c33e7

SHA1
893dbb9942d1f861e1d6d25862e4c93633a039cf

SHA256
26a757df760618c44798e352301a0aa8edaa82472eadd4fdcdce5efa3543f52c

SHA512
ba2e15ebce4955850cb6b92ad7bed55602584e69f59234556eff90e794a8ae7d13d4bca8727e07f9b7d04c463d5b38879064dfc7da76ae46b1e4b88778884667

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\2eed52f5-8ab7-49b9-80ea-4a196b257367.tmp

Filesize
908B

MD5
8a2b538175a907e005db2fb40f26992f

SHA1
a4ee29a4eb842f86bc0beda41303644b197829d4

SHA256
1401712f596c4bbd7c49d1f8c6b6abb36795c644e047c9a5454390e623234ee5

SHA512
4929ac4259bb044783d9903600233f10700617ec0285db12f33891d2a06896d26e2fb7d1dd2286a2126b40514f5aaa9f5d44157f9e0413b2a60920c396bd85af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\592afc2f-5b0a-4a3f-8bf5-9e25171857fb.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9e756b7b8f7d153fbe1559c265875726

SHA1
9ab878519a9d49a01e56303a525d2e8fbfde0bb7

SHA256
d3750f1048c553e005725082b4edf64d19473d74fa3ae7d7b6f2ff0215710ae9

SHA512
6c28b1343238b5f3f69271454972ae2d25cac68c8e5dc63883ed6545d43aaaa66dc613f466f11710f80c1f45141cc237bed746f3c7ea175f488a9ef98e93870c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
d01f214275addcbb0702533c27ca76b0

SHA1
72fd01159837098abf11e967d693f0cae1206ee5

SHA256
1588d75544ab06cc8b4fe874183a47e66a0c4f6096af366f18b596c5460a03d1

SHA512
6b5f51204e1ee08867d0703440559c88c1276b8eb89c76621d272d680a77e317737e4e882601ae3352d0070d681bd5565d2d0b71c223a41c1d7b5361accf446b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
554736a5553a629127a5b6bed16fc001

SHA1
db27b30ddd63e1b131fa1b24330b70137f4a6b6b

SHA256
e74aa942b79883bf281a862efcc3d78800f6493a819ede6a1781f80ab5e4fa63

SHA512
ac83d18d627a64465d955f2bdf7266e594f4ae66d18c46d0041a2602c478f06a131490b180331b40dcd9a0dd4ad814d796c0b4f66d0eaae0c0b431df32d48926

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
1e816bcfec582cd90cec3dfc8bd37cc4

SHA1
0d16909fc045c52f965feef91627c40d6c7255a2

SHA256
d1c460bc6257646918baede482e0e046ce9ac3157470df5502cfe1fffbe9e8ae

SHA512
3905f9b3fc67fd2e07e952ce89776b4da4f9b1c772da40a56e2f56096292141c1fcdf474be67dc49d74228b6e254d4e6a3942557f594b7cb3da518be5855b620

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
198KB

MD5
319e0c36436ee0bf24476acbcc83565c

SHA1
fb2658d5791fe5b37424119557ab8cee30acdc54

SHA256
f6562ea52e056b979d6f52932ae57b7afb04486b10b0ebde22c5b51f502c69d1

SHA512
ad902b9a010cf99bdedba405cad0387890a9ff90a9c91f6a3220cdceec1b08ecb97a326aef01b28d8d0aacb5f2a16f02f673e196bdb69fc68b3f636139059902

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
168B

MD5
0b606962ae352d5a24935daeaff816b5

SHA1
bfa2e5eff9a54e1513f478319534dcda7c1bb616

SHA256
9067e2fc65336bef5144d49e918613fad2986177b98f9b7d86ccc96a307b78df

SHA512
9424d234e6f20fd2884759cb900167f9af02673ffa2f2c792de4fcd7b512766fcfd79babd4bd8ed94e00f4e8b0a1d6cffdbded23c38e8e5edb4d47b279ced84a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
d13cb166d1204a232dd2171919036ce0

SHA1
f59fcea1accb1afa5527249c5a6e8ac8fe7684fc

SHA256
a3b9001c7de1b11e01e3831fad0d5d0ddabd945f1933d24ccfc312c91d91f501

SHA512
f1bc141d383c6a729bb8cde1c76f2a30a100dff6d7ed81cf3fd87b56c8c14f7d036931171808d724402c31f1ccdf49faa362ef65d3147df57d8faf7bd854a92f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
6b075d5a0f90607d297f05acab38149d

SHA1
82b95158a37ba88dfd209fd32b1b1f7bc9443fd8

SHA256
5a86835e59984b7c1ecf1e45c62349d7be9b74bdcd10c2aafa33ceeabde73765

SHA512
70ebfc90e007ff83a0b6e7507ff25f26654fac622e02ccf48ec41cdcb230ef3d64fa405b62501b593a6f27fdbb8f39d9706ae8301a8d98d25f71df4a0f13be83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
816f60c5843ae6eb65c4c33eb1287441

SHA1
52fb25e2d349c6bd5baff4eec4cc209d41ec1757

SHA256
fb4bf811d7b73fc10715367289302279cd54e4110358220889d4b98132b09f09

SHA512
f8bb0e46b3b4f937aa1739473741ffff77b7cd3f16df21d4dbdbbdb0ed3de1cdd0add7e0b1f8e2ed8ca890cae7016824b8663ee52db38710481250c71e7b4412

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
552f2d24aeb22ee252a7fc0c2a4cbb18

SHA1
8f03aa1d1c54affc6faddc44fec99070330b1985

SHA256
e66446f9f32a37d97fb784ce7deccbb6c954d9cf9a7f954a651255b40e965944

SHA512
4ec4d8a900c48c6d31173a688464c4b6f2d2c18d629987354b37907fdc83f911f92112a9df3e9154d633453af90a29425836d60c16cdf2acf6d0538c0b19e12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
624B

MD5
46abd96b646538ea5de24afa61e3628b

SHA1
06de34b34dc9d4821f39e6bf23173583e9d30c70

SHA256
f487a5b3ad365f6d9fd9bbc7b4edf9eb4dd80b264235659d984273103fa3acd3

SHA512
6b622d1c764a9d772151bbf650070a505141cf67b9a3cd30174330e42a4ebb418d012dda8e286f296e6edc8af3a7cfde13887df71c43ff88e9a458a4d87f0298

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
322B

MD5
1d6407a426671cfc5d61b4e608f64fb1

SHA1
ddc12cc3c93991aea08192a855cb336f4bfa3e10

SHA256
7f4bfaa088b50abb41b7af816ac7b6c20fb15481487190df55a9b3871df1748c

SHA512
01c7ae343328e5a13cd903bfece68a5678596c02fe7345705288c34fd7e1a3bf5450c3cf1eb50ab4642f16d42abb1caa87e9a6d4ff71bbabac9d82f07ccc207e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
67bfaef9f0723e9541d7e7311e424242

SHA1
b6893d9c0be0e04d65cc67bb12e5146b4b3eb504

SHA256
325101b4b84b61de369562fdd7e27e0536e1bee2a83392f2596be4ad98a5cd65

SHA512
257ebdcfbedf1fd14ff5e63c8d19df7730daf46018d5d66ca508845e725d63ae16687ba805036ab68498627c6201d7aed9acedc42822537662b55761706ac3c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
39a4fb9a6a585c82c9e3155be6a5b24d

SHA1
0c8890fdb20a097211496fd09ba895936380c41b

SHA256
1f814e95f39ffa4c0272d4d9cbf2e0781a24558da132821147624e6f8ac70623

SHA512
78429400249c6177f04536b5a9f88dc01fb201273a8096f17b6b06af29127753f47534586899d28d8c9d25f40645c36210a80237c7bfdc8592fd6bd6c5567f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
b7e577f2f432479e02a8439e0c7fc212

SHA1
0702e4d4629925b1e2be1c05f97cd95517626f88

SHA256
e4fa52908ebe4979f0c1f9d1f8ade3386d3e1e4cd1466812cf0499cd78230d83

SHA512
cc6f72b433863792c2e171ed22e37a0eee551e5d77723c2d7c83c58cb392d027840205bca86161021f01dde25296d6bc87333ab89c8c1658d8512b11f4c43031

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
0e4bca3e88eeaaa5ad77c0058185e1af

SHA1
a04573c4384119079fbb9c3aad576d5a1af745e4

SHA256
d0b6f9ba6c0b02e2fb40f5c12ab844eece9d6fdfa0469fbe8e7035e642686e08

SHA512
9e1e949952e6b7d4dc664b4914c20ecb5bd644a25cdcd2839c75161909d6e827c2aed3218b9b9796de168338bd970f719118e97e91bf9875360ee8bfcb3cb8fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
f78c360eebd69a38fa7a42eaaed6a60b

SHA1
d631c4efef7414c61f6fa1f7057dd25c584b6eb8

SHA256
d0d0906eb7792926af2a05381d1ac9fa0794b264937488e7f22a10590e126119

SHA512
5f0782254452bde968b2fdb259e7649462b8670d6ec4f97bfbb89d3ee0b729b146160658f8195bb6a943f44cf866e44571b6ea16f71ebf3d602d80d54ae6e0e2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
814B

MD5
1bfa92146b75b6d8eebd5792d270d589

SHA1
0c8820e6fb19f4091acf6822ef822b952803c115

SHA256
40563c605a11db2a7b655aaf8eeeb44d8c8564ced89903ecced9f8c204633d08

SHA512
53a48fec3d8d1fa4b8911168556acdc25d61875327a71f41bf3ca138f5b879b568c0e57342dba32b51136d83b637111217eba25626baf367778fd66a09a55740

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
908B

MD5
acd6835047112082318cbf7696e9badd

SHA1
6e6cd1a26055f3509e398b98f1c23b68d20e68c9

SHA256
9bb7d9b3d1ff4934034a02cf3b1665926d4ced46392d049bab5cf585672edbf2

SHA512
14fd8703ce65b0342d2516a902cc507d238f6289d348154b5ed0b7188a7a66a03e5236688a279b7dddc9b4ec69762b5240ebfa8a6727ddef687afaa0bceb98e5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
2a23ab4cc2428b3a5b2aa81a7cbdf158

SHA1
6cc3f34e0254efb6871ab12947c07f4f5c32ea57

SHA256
8922502315964924b2dc3ff6b77f177b32415d488c6815dccc8332f95c70007b

SHA512
a25c4608acf6953b9e94d62cf1d2dc676c64c2ff4bd4aa53a0c2bda5c4ddc1268fdba576f5fb8c3b86b40b21e8808f7e817ea08d318741b081956735ca3664a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
853e69d140542f018751a488c0e820cc

SHA1
5ab53a949f1a6a74e763fb5a4aaafa5cde2267cf

SHA256
172b5f4cbe2df750583d8ae8e51735c4cf801b87f91dae21545004049b5e5fa0

SHA512
da2c152c2cc39e76f0ad3112305eff6faa8299fcfe02bf6730f96572617ce78830e944247f6207191b66d5115abe4eb69e6198b97a1afe8fe7c4ea68d963016b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
46b5f9ce7f8ba824b7d31e032ae999b1

SHA1
052b0221abe4b605f44ecddde5a1d5c11640134e

SHA256
e087189460dea406ef7a5b01bdd67ecd8e79b586f4181774452ab1b0144398ca

SHA512
178403d193f124c3b43552283a3cc1e52dad9657f3c9356944f2dd38b38440e0910f9de6c858f1f427ea1ef1af122d7d6db8747df23ded863d15272e98e6b662

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
017e43cb1e42037054262ab2169c780f

SHA1
4853cee14b122830f8a308fb67725a53f9bbbc24

SHA256
b82d96c6360b6db528bba1e22abc7d0dbaf4f755122b2bc231cedbcead07b563

SHA512
cfc06b00b3fd21c231e0057126f95fb7232fdb2c8b0fcf1996da7c91bbc7b54b799f902560bd1307659b634367f0530db5e663f98b13f4cd4d8ba1246d335fa1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
07ae01d400b1dd17376ddf06478cc628

SHA1
595301e999febe29d6583b42bd910e96ac379e23

SHA256
b849e9defe88bc5e787710b2d6a25ec393203e91de19ce4c63d6f35e64a71d30

SHA512
56495e948b3cc2935e6debc3ec4b8a3cf7dd91e9374b4326b5ffd1a3a887b326e5cb5306d8c2b2d35a530d5982720f4dbb3f71afda61097a75b5f6003d3354ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3b02f9e92b6ebc14d60e4cbe3bfe6513

SHA1
cf9f5453ce28438690de07b778f8e73c08527488

SHA256
1d86fdcccd44ad75c77740940103a8b5084039021c7ca29bbc113d13ecb53e0f

SHA512
95a67000de42b85cf4447eee122f2906b3285617713182ef5b46aacba94af316bd9216f212c0eae580cc447d85affe7a79931acc3203ffc6ad3afba50c1d7429

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
840f95f8c7a5ad29e51845042c035199

SHA1
bce5e15bc641c6f28443d30faf8330a38fc814cf

SHA256
6475aadb0ff8b9ed63146bd0d236c3b71bfcbf7742650cad658289636652bf9b

SHA512
a41d33875163926e5fdc8658d9256f48b6ebe639e288ad2f16ecb6bacab0972594516e1c2f0e9d3c5ee96d84c5e8d9e945630f236d8b654986a24b0f41f37c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e9849652729c562b08cfac4231155615

SHA1
88e166e0552d9b55714c4fe8b18138eab7e8bf0e

SHA256
6c9cf9b573fb391a63c7a66a75507ae6fd367f6f6fee597a9fd1748ac3c81523

SHA512
d225db854aaba076e0464f695f1f8a6d3535459a2d5e5a0657e28a231f73b34cda5788ed50cc080e58f9ccb16ffb6d13e562fa196f867f124c834256f7e9ebed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7124242a861fab567c65e5c98dd67f51

SHA1
aa7465d05d22826e54b11b75f56290192b1f2d7d

SHA256
3813bc735ba1a06800d7d6ddc3f95391a9c7ad9112a0d7b3ea9523f19258bbdd

SHA512
b45bb1efe3d2cf9dbfb252c7c6b390dfed1f41657fdc5c1ce7e6f2f49a086742d6d6522a4d420c6652fe9a8d6cd3d9ba18137760eed3ff7c3f12ef3b6628ac49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3756c8bdfbc321353ad1f25bd2d3d121

SHA1
d7c3602388d517d185d0164e7148cee82eaf5cd3

SHA256
fe14e17a369ad9615c648be420dc53c3e7d765105239bd8b2273ab01fd9ce2ef

SHA512
f86800db862055ee4668c3b9e68b9837817ccf23b4038ac38136c0900870fda574cf10bab1ce60895f5be85b82b9f639a4ddefe50c912d90521f857d324afe2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
a20ad414e28bd8ec882ae7b6ed26b2db

SHA1
5099961f40f8cf02fd38667c2aceccba6cdc7bce

SHA256
ed0762358ef44e5ba600561593381f1c8629f71bf99e960f19f4382ff31ce113

SHA512
03bced1f25349c7770e854af4d861547a41d2a3c7b31e0b67a34bc5805be3f878a9f0c0b89a3b03c2991f39d0215f8adc6bae6ef5744100b12b7a1750a558645

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
526B

MD5
f4be6b54f092522d1543287395699602

SHA1
b75a1a7ed4b0f9a7deeb0f2c845ab653feca03cc

SHA256
a04c0139b0675dbfea6d171b0763a1bfc43cc2a23da476d259f1ba2a69a7b6f8

SHA512
c92cd83aa094114cc8cbf95d77c661f0f3f8619181e98b884c5dc474877e59c0aa56e341bb257a3d6c6f912746c9abc340eb19c4d7692aa235eb9a17644381f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
eef26e02e218c04b49b3a5f70a07842e

SHA1
32b7c9cfcf96808e720ffe7fef727d49f06fd98f

SHA256
a2f08058fe93a67947bf8da22768659993de9414a5d65deb7b25d9be33579b3f

SHA512
06c17f63b93905b4edb64238597a4575b6ff934b035ca077c2d2969a3c8405b8b05dee8d9ae85fc6ad4339db5501b549648dc0365d8553b876369c20a47fd448

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13357845152599602

Filesize
2KB

MD5
01167312b41e8e7c7b342f2d3978a39d

SHA1
d7febbf7947096a1368a80dc3c7b3f0bf49aaaa7

SHA256
df8e144e68cb5cdce37c798d9687422f2ab70cee4d8c8987261853744b425c31

SHA512
d98ece9b866f1b47164c4b9b9ba702984bb6f03402281232588b288dfb88d5c6c6682e5100a265ab1f25063a43617780eb248fabba53afad6d22cae04a2925f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
1ccf738b222c2f40f01448506f150ca2

SHA1
06c0404fa03daee9f12aceacff207f57381c92a3

SHA256
5332edbf68c18ef54ac6d43fa2a8e4d2f4db67aa3799f25eb2e2a6d0e109f803

SHA512
83cd3493337b05cd5898d52c43ba4d19ebf5a98ceeb1a3f3e1e563b69de07270f64a2903b9c5f7f04477ec0d114b5a73b81ba9869be8bf3dfbbc67b12ff99bb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
d2e45e61206c4cf6f2c42c8a738c5fe9

SHA1
42fa5abb5f81463de84862fbd9038d962eeb1f94

SHA256
bd67dc5c9624b938c14c1521399ce235cd87c555687c12a2913a648e6af78f10

SHA512
2f793ce128e0b80b802197579722a4fcf7fa48c692942ae4b17336e7536018d40577297654bad15420a8b541ae92d9eb813cc8d1f994824579d9e460b952ac6f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bd8cf322a0204c3f60c9fe7d3cabac00

SHA1
76ca92bc1e1f265611c8462e9d1a366432be37a1

SHA256
edc80f3414665e80b3e25ce0c622c5b6044addb73add5c36ee056e384ba53521

SHA512
48cb26e44a77a885d1cb656805dba5b0ea52d7af2234094d0a7b050ed57604f3d7dc11900d2749961cccf733d12e961a7b0b3e4e3db78d7324c71c89550c1a40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
bbbe9104d298adee30cdeba2fc61a9bf

SHA1
3de8b25ac25551bf89d7c708562e47eeaef05123

SHA256
5842fd09caa5bb8d28ff7502acf2cb764c75c8dbd6ae0cdc1c4bfe39ed75abe4

SHA512
7f16c643386aaef3e4ae87c61f5484e7bda836c1843d7fe2b9e443520ebb9ede5fe0ef3782d7fde94c30971c06cac1996edfe7cd3feca509703978233ffdc1c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
011e801c30f2d1c0d02813b286939347

SHA1
ec4b373121b046503ef222462922f641322193fd

SHA256
433db2029ef88de788209104f202121f88427327447e4e270293afbc79e02582

SHA512
c7d6039f1bb859ebdca237655b816528d38c5905d7df4741690375a9a8f2259a6069642c22fa69356f2681d68b7191beea2f2c6dd685be38b29a9aaf2fab5182

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5d76e8.TMP

Filesize
1KB

MD5
b7984d24a378a47abeac84e69500ac02

SHA1
3c36bd57c27fd5ad1a99e8ffba6fb96104621a42

SHA256
ed2bb8d49e8f470821c0fa7fd519780f1491da304f535fb626e55ebdfff02883

SHA512
2eb893b27d977148673532dc242327702df07f9f551c66879b0c54d37c5d226a11f4508582b26c8ea2da83371224ec0f31e97d1b21f82a337abe8cee3b6f10de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
ad323ae8acdb7bb9941ee447834b161a

SHA1
c202a549a71bd97fd77908093f39c31a9f554592

SHA256
2b2a89fa9e6b14a40daa528de5456c5bec368c2ac03ed24dc94f37c82ed2dabe

SHA512
e9ae4658c35da4ba381b188f617e894c5d9b29c1e42cc37f8aa3cfd25f3346d0e1a73715087f570ead38460ae4e3fc9f662a014212215cc79df675622d7953d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
6c84f15e8ea44f4b0016ea38c218f733

SHA1
f5e5dddda8904c2da2a76b59080329d70fb0770c

SHA256
e90f2a80834a596f9fcec775df10f924c20ceaeb98c2eaf24389f838e6615bb0

SHA512
94f9e503cd08ff822828d9579b147eea81d57a4f6847fd3b754c05c2076cb2703338586b54e404f241d03ba06ba4d11c39cd0d8717531f229c2f32ddd5fba737

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
322B

MD5
20492a0a35c741218c87a271ded86c03

SHA1
21fb2a3fa07eb6e04532b21fa7405317be8e4698

SHA256
0006da0659df26ac741cd3081f53894a7d79c0658afa46f3b5c01b0e3ff98afa

SHA512
1f02679e29bfc08acb740a05793744cdd1b1e7b913e9cb5ad7caf034b364793437aa3a707a1785b2856d827603a89c2502e9748192b6799be8e6d0ca58815967

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
194B

MD5
a48763b50473dbd0a0922258703d673e

SHA1
5a3572629bcdf5586d79823b6ddbf3d9736aa251

SHA256
9bb14ea03c24f4c3543b22a8b4e9d306b926d4950cfcc410808ecac2407409fd

SHA512
536406435e35f8204ce6d3b64850ffb656813aacbc5172af895c16c4f183005d69999c4f48f948875d9837890f290b51a7358ff974fb1efc6ba3d1592426cca1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
340B

MD5
01b14fd12d281f343539440c1bcabe9b

SHA1
bc3b3924d65eca666ad7d6ec2c1c1210afb5952f

SHA256
642aeb0c5c3ada248c4cff37b8662dfc70ed8385d89369bf8151993214e6bbb0

SHA512
7700570bb4d82ff1d2c3c0ffe6ed790f1800ffe7ef7acca73c3d8775111fb2a66bee9dc8d05ba8555193b2ed5af3eff60a9c23998d6481d9bef567eb218e1752

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
94328a9d75469139a982c733fc4f4372

SHA1
ee34ee833cee52cdc5a002a3d129b52dc11dccd6

SHA256
5bcf1af8a32128356a7ec1e549f71d1e8198593f8625b2434531a23c0042eed8

SHA512
9d84feee8254f1ca25317d99063c37f61518a5fbd991f6fd487ad2d8fad7ac7a3e98781369c14fba16724fe80c02969b3ae20f98dcf9692872fecc52a88611fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
310e1767b9069bfc640cb459790199b3

SHA1
74d11f9e347700f511c39c64d68a4a57bfcade86

SHA256
155f1d9a8d4425d93c960b4081f23f525df0da05830c8173bdba89b3c623c59b

SHA512
29272f8dc7215b72bc09c163f20d614ce51047cc83bad7766e525ab3c3abf9eb3a56f1feb9c29cdb435e038495a31407990bc7584bcf98716779945ad2266130

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
a68df0ccb6a5bccaadb8133c51960f9d

SHA1
360863746fe2497a74539e927a8602028d2651c8

SHA256
9cd12ad39910797d1b53a1112fb5e4f6770a347eaa30b0323f224f670b10180a

SHA512
cf70ec894deeebfb218d8513de56f3474f664374562bcb2f4f54ab68e5e390ae80ddb1d89e3f6655be6a3960a45a5a031299645ae1552498c0ced66b65218fa8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
88f50a17c0f3566542eaecf28cac75a1

SHA1
aa9d87ab5bddacaf6e4ef0aa9c88c4e62d29cc3e

SHA256
bf568727dab1296c1e59b83071390325e198873de10c8e7b3c65d9440658de08

SHA512
ef8122320ba6ca7e4d38dab2062aa34591a030cc74070886880481cd8f20658cea557344787b095b5f903fa1c33daa2881cfa06687fc35aa2a3f2d2e2d99784d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c03463104baacd0a2a1ee93279bf3f4b

SHA1
dd754128232778d696ad157bb62cd3af158c9a2e

SHA256
5189653913861f4cbb7700fadb90f4908d2f79910306965a7a36fd9bbe904b5c

SHA512
b2f9c2c9769df9293f88352dbb3891b8da1510196131899c81a1986850b4b470bcbe5a184495552afebcb878beeffb8d604d103d1b8cb7318858cea056e6d283

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
eafbce3c96ff7d12cfcccfe46469407e

SHA1
0ff5c93e7f9630bef1b329a2c2232c8f8c4bbc55

SHA256
a9ee89a671b86f1075948aa45b0c074fea727fa56487dc26b0ae726445115367

SHA512
51ca093e25f615fa570adcb9a0b85aaa3f867a05205f69000c7ab35b8a1c2c12140b151825b135fa5f3762c157e91b3f592bee289f485e44cd5b4ae16788dd41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2223520b10cad785a7f958027a910308

SHA1
94d57bb9bbab88726324de5ff831ba0dca37464b

SHA256
f80cdca31c72cdd204c31b5321904542e53a10edbff031c71f3f3c350e636654

SHA512
d1796097710156238b88550cef339c9cdcce7840a4090f3df80a6096468548129139fdfea4c840a6b493816f92c70ea58f0374361a5c588bce1e7c8d23b89bea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ea2a58b63f22a5b307207252621ecaf0

SHA1
aed03d7701038c626c5625cb8dddaaac42d7b4d7

SHA256
7bc0ef16b41a80da12dd9a575d2ae6a7acdf0c13e2448a301440af912d7d34ab

SHA512
b252f46a3c4cc84c814747cbed792fe7f1d973bcdc4c9a984137bb7237532d2d9721a3025fce13bacd7c72cfeb6bda13ee6809ac4806d9a15800a8f038e6c36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
22680eaa8a412c245cb82f7441f9b16b

SHA1
b5447f43531ce40068ae5c5c8b044992b74cfd4e

SHA256
f22e255be80ff9052a1098f0826f45f23eeb97210f63a1a3952e3457c71f76de

SHA512
9e1db4119da80911f6497a179a59d91c9fc4fb54d966b971f24322e431f3bb70ecb404a221ad561d53df72786e8a4164e5738a10d1b603e60febb763ca386058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
55ce35d308b7ec1f7063be4242eb513d

SHA1
ff4f08cb51d7559140016860800ba83b73c5e146

SHA256
90dd499a17444443c22e8db7850d8ed75e08e0a22ae8eb6906c457cadac7d24a

SHA512
6332a702bcba47a41175d8dae95c04ddeec80313ddaf669b1454f8eed404aaa70e49817298fc42f868068e685eb92896b2232a206746930ecdf4e4745aa20bef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe

Filesize
12KB

MD5
9c642c5b111ee85a6bccffc7af896a51

SHA1
eca8571b994fd40e2018f48c214fab6472a98bab

SHA256
4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5

SHA512
23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c

Download Submit
C:\Users\Admin\Downloads\MEMZ 4.0 Clean.zip

Filesize
12KB

MD5
8f40ab355ce87d20b87de8b224242bfc

SHA1
15fe66eced37a3a90821464702725e408644af77

SHA256
2f1c3f37c6468ebb385731ae5867a7a142ebd58cbb6791f3208a19504cc7e822

SHA512
3c1add73c2d1d83e08df101af0fcdeb524b7037f5b16c2cb5aef9fb5e6a1b5fc56398bf69b5379bb1181ddd6da0f930aa9b5c9cb05522d062e9f95b47ed301d2

Download Submit
C:\Windows\System32\x

Filesize
4KB

MD5
20e335859ff991575cf1ddf538e5817c

SHA1
1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee

SHA256
88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf

SHA512
012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d

Download Submit
C:\Windows\System32\z.zip

Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Windows\system32\x

Filesize
8KB

MD5
5ce1a2162bf5e16485f5e263b3cc5cf5

SHA1
e9ec3e06bef08fcf29be35c6a4b2217a8328133c

SHA256
0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43

SHA512
ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1

Download Submit
C:\Windows\system32\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit