Overview

overview

10

Static

static

3

000.exe

windows7-x64

000.exe

windows10-1703-x64

000.exe

windows10-2004-x64

1

000.exe

windows11-21h2-x64

Ana.exe

windows7-x64

8

Ana.exe

windows10-1703-x64

7

Ana.exe

windows10-2004-x64

Ana.exe

windows11-21h2-x64

Bad Rabit.exe

windows7-x64

10

Bad Rabit.exe

windows10-1703-x64

10

Bad Rabit.exe

windows10-2004-x64

10

Bad Rabit.exe

windows11-21h2-x64

10

Desktop Puzzle.exe

windows7-x64

1

Desktop Puzzle.exe

windows10-1703-x64

1

Desktop Puzzle.exe

windows10-2004-x64

1

Desktop Puzzle.exe

windows11-21h2-x64

1

Memz.exe

windows7-x64

6

Memz.exe

windows10-1703-x64

7

Memz.exe

windows10-2004-x64

Memz.exe

windows11-21h2-x64

6

NoEscape.exe

windows7-x64

1

NoEscape.exe

windows10-1703-x64

NoEscape.exe

windows10-2004-x64

NoEscape.exe

windows11-21h2-x64

WannaCrypt0r.exe

windows7-x64

10

WannaCrypt0r.exe

windows10-1703-x64

10

WannaCrypt0r.exe

windows10-2004-x64

10

WannaCrypt0r.exe

windows11-21h2-x64

10

Resubmissions

09/02/2025, 03:10

250209-dn49cstkez 10

08/06/2024, 08:50

240608-krvyesae91 10

08/05/2024, 16:15

240508-tqnx6ach3w 10

08/05/2024, 16:07

240508-tkr3mafa54 10

01/05/2024, 18:02

240501-wmf49acg3s 6

27/04/2024, 08:46

240427-kpfeysff8s 10

25/04/2024, 21:25

240425-z9y55afb7v 10

25/04/2024, 21:16

240425-z4pphafa97 10

25/04/2024, 18:27

240425-w3929sde33 10

Analysis

  • max time kernel
    149s
  • max time network
    152s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    19/04/2024, 10:18

Sharing

Copy URL Twitter E-mail
Report Analysis Logs

General

  • Target

    Memz.exe

  • Size

    14KB

  • MD5

    19dbec50735b5f2a72d4199c4e184960

  • SHA1

    6fed7732f7cb6f59743795b2ab154a3676f4c822

  • SHA256

    a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

  • SHA512

    aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

  • SSDEEP

    192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj

Score
7/10
bootkitpersistence

Malware Config

Signatures

  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

    Bootkits write to the MBR to gain persistence at a level below the operating system.

    bootkitpersistence
  • Drops file in System32 directory 1 IoCs
  • Drops file in Windows directory 56 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Checks SCSI registry key(s) 3 TTPs 20 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Modifies Internet Explorer settings 1 TTPs 2 IoCs
    adwarespyware
  • Modifies registry class 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious behavior: GetForegroundWindowSpam 1 IoCs
  • Suspicious behavior: MapViewOfSection 10 IoCs
  • Suspicious use of AdjustPrivilegeToken 10 IoCs
  • Suspicious use of SetWindowsHookEx 8 IoCs
  • Suspicious use of WriteProcessMemory 62 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Memz.exe
    "C:\Users\Admin\AppData\Local\Temp\Memz.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1448
    • C:\Users\Admin\AppData\Local\Temp\Memz.exe
      "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4852
    • C:\Users\Admin\AppData\Local\Temp\Memz.exe
      "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:5032
    • C:\Users\Admin\AppData\Local\Temp\Memz.exe
      "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:2248
    • C:\Users\Admin\AppData\Local\Temp\Memz.exe
      "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:60
    • C:\Users\Admin\AppData\Local\Temp\Memz.exe
      "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /watchdog
      2⤵
      • Suspicious behavior: EnumeratesProcesses
      PID:4328
    • C:\Users\Admin\AppData\Local\Temp\Memz.exe
      "C:\Users\Admin\AppData\Local\Temp\Memz.exe" /main
      2⤵
      • Checks computer location settings
      • Writes to the Master Boot Record (MBR)
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:744
      • C:\Windows\SysWOW64\notepad.exe
        "C:\Windows\System32\notepad.exe" \note.txt
        3⤵
          PID:4336
        • C:\Windows\SysWOW64\cmd.exe
          "C:\Windows\System32\cmd.exe"
          3⤵
            PID:2376
          • C:\Windows\SysWOW64\mmc.exe
            "C:\Windows\system32\mmc.exe" "C:\Windows\System32\devmgmt.msc"
            3⤵
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4908
            • C:\Windows\system32\mmc.exe
              "C:\Windows\System32\devmgmt.msc" "C:\Windows\System32\devmgmt.msc"
              4⤵
              • Drops file in System32 directory
              • Drops file in Windows directory
              • Checks SCSI registry key(s)
              • Suspicious behavior: GetForegroundWindowSpam
              • Suspicious use of AdjustPrivilegeToken
              • Suspicious use of SetWindowsHookEx
              PID:4460
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        PID:2336
      • C:\Windows\system32\browser_broker.exe
        C:\Windows\system32\browser_broker.exe -Embedding
        1⤵
        • Modifies Internet Explorer settings
        PID:428
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        • Suspicious behavior: MapViewOfSection
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:748
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of AdjustPrivilegeToken
        • Suspicious use of SetWindowsHookEx
        PID:3876
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:4208
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:1528
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Modifies registry class
        PID:2220
      • C:\Windows\system32\AUDIODG.EXE
        C:\Windows\system32\AUDIODG.EXE 0x39c
        1⤵
        • Suspicious use of AdjustPrivilegeToken
        PID:4016
      • C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
        "C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
        1⤵
        • Drops file in Windows directory
        • Modifies registry class
        PID:3532

      Network

            MITRE ATT&CK Enterprise v15

            Replay Monitor

            Loading Replay Monitor...

            Downloads

            • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\BLQDLNEB\edgecompatviewlist[1].xml
              Filesize

              74KB

              MD5

              d4fc49dc14f63895d997fa4940f24378

              SHA1

              3efb1437a7c5e46034147cbbc8db017c69d02c31

              SHA256

              853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

              SHA512

              cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\wcp-consent[2].js
              Filesize

              272KB

              MD5

              5f524e20ce61f542125454baf867c47b

              SHA1

              7e9834fd30dcfd27532ce79165344a438c31d78b

              SHA256

              c688d3f2135b6b51617a306a0b1a665324402a00a6bceba475881af281503ad9

              SHA512

              224a6e2961c75be0236140fed3606507bca49eb10cb13f7df2bcfbb3b12ebeced7107de7aa8b2b2bb3fc2aa07cd4f057739735c040ef908381be5bc86e0479b2

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\styles__ltr[1].css
              Filesize

              55KB

              MD5

              eb4bc511f79f7a1573b45f5775b3a99b

              SHA1

              d910fb51ad7316aa54f055079374574698e74b35

              SHA256

              7859a62e04b0acb06516eb12454de6673883ecfaeaed6c254659bca7cd59c050

              SHA512

              ec9bdf1c91b6262b183fd23f640eac22016d1f42db631380676ed34b962e01badda91f9cbdfa189b42fe3182a992f1b95a7353af41e41b2d6e1dab17e87637a0

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SGZ717YQ\recaptcha__en[1].js
              Filesize

              498KB

              MD5

              e9ccb3dbde79ba5ffdf9cad4b32d59fd

              SHA1

              3a8cd67adc7c885bdf683f1e7f491e6a4a50679f

              SHA256

              8f2c6777c7ccc01ab67290fa8acd5a4c4866be64129f39dfaeb9197dfa15e137

              SHA512

              5ca7c8439030c9b4b966760c660640a094b0d6e30e10df85d7b900c6f9108b0e309298ed93c006634bb3f437bab3cff1b83a5d1b18c666c04346f0856294c461

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SKOC0VRO\answers.microsoft[1].xml
              Filesize

              13B

              MD5

              c1ddea3ef6bbef3e7060a1a9ad89e4c5

              SHA1

              35e3224fcbd3e1af306f2b6a2c6bbea9b0867966

              SHA256

              b71e4d17274636b97179ba2d97c742735b6510eb54f22893d3a2daff2ceb28db

              SHA512

              6be8cec7c862afae5b37aa32dc5bb45912881a3276606da41bf808a4ef92c318b355e616bf45a257b995520d72b7c08752c0be445dceade5cf79f73480910fed

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\IHVKX4E9\favicon[1].ico
              Filesize

              5KB

              MD5

              f3418a443e7d841097c714d69ec4bcb8

              SHA1

              49263695f6b0cdd72f45cf1b775e660fdc36c606

              SHA256

              6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770

              SHA512

              82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\P9R2N2P0\favicon[1].ico
              Filesize

              4KB

              MD5

              b939aee911231447cbd2e3ff044b3cce

              SHA1

              0f79060358bea92b93ded65860ffbc9ecae3dc14

              SHA256

              f35fe126f90cecbb6addd79308e296e8409dbebf6bc589c31749e67713e9bb3c

              SHA512

              8053232364d54966f4b8acdf9af61a1366bae09789d6a76b8e723d7c3f96287460248eda12083795766809569527f4821f7e87ca4a644ae900c3df33002c9977

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\ut76brv\imagestore.dat
              Filesize

              19KB

              MD5

              5a7d7a5eeb475df755f0e659ed67681d

              SHA1

              ab15af22127ce365d40f9f432a641307036a7b7d

              SHA256

              7095421678419917de6e903103a6e471f5e376b81bd31ff9c419ab0d0fa9a9d5

              SHA512

              1e37b999560dc3d796cd497f8f95f704aecb230d0617a02af2e308b47c2715f5b46cdbe16db72fc0b123b1cd13203c392a6c2e0e54dd890dd6c876ec819d3106

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\KFOlCnqEu92Fr1MmEU9fABc4EsA[1].woff2
              Filesize

              9KB

              MD5

              df648143c248d3fe9ef881866e5dea56

              SHA1

              770cae7a298ecfe5cf5db8fe68205cdf9d535a47

              SHA256

              6a3f2c2a5db6e4710e44df0db3caec5eb817e53989374e9eac68057d64b7f6d2

              SHA512

              6ff33a884f4233e092ee11e2ad7ef34d36fb2b61418b18214c28aa8b9bf5b13ceccfa531e7039b4b7585d143ee2460563e3052364a7dc8d70b07b72ec37b0b66

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\KFOlCnqEu92Fr1MmEU9fBBc4[1].woff2
              Filesize

              15KB

              MD5

              285467176f7fe6bb6a9c6873b3dad2cc

              SHA1

              ea04e4ff5142ddd69307c183def721a160e0a64e

              SHA256

              5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7

              SHA512

              5f9bb763406ea8ce978ec675bd51a0263e9547021ea71188dbd62f0212eb00c1421b750d3b94550b50425bebff5f881c41299f6a33bbfa12fb1ff18c12bc7ff1

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\KFOlCnqEu92Fr1MmEU9fBxc4EsA[1].woff2
              Filesize

              7KB

              MD5

              207d2af0a0d9716e1f61cadf347accc5

              SHA1

              0f64b5a6cc91c575cb77289e6386d8f872a594ca

              SHA256

              416d72c8cee51c1d6c6a1cab525b2e3b4144f2f457026669ddad34b70dabd485

              SHA512

              da8b03ee3029126b0c7c001d7ef2a7ff8e6078b2df2ec38973864a9c0fd8deb5ecef021c12a56a24a3fd84f38f4d14ea995df127dc34f0b7eec8e6e3fc8d1bbd

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\KFOlCnqEu92Fr1MmEU9fCxc4EsA[1].woff2
              Filesize

              5KB

              MD5

              6bef514048228359f2f8f5e0235f8599

              SHA1

              318cb182661d72332dc8a8316d2e6df0332756c4

              SHA256

              135d563a494b1f8e6196278b7f597258a563f1438f5953c6fbef106070f66ec8

              SHA512

              23fb4605a90c7616117fab85fcd88c23b35d22177d441d01ce6270a9e95061121e0f7783db275ad7b020feaba02bbbc0f77803ca9fb843df6f1b2b7377288773

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\KFOmCnqEu92Fr1Mu4mxK[1].woff2
              Filesize

              14KB

              MD5

              5d4aeb4e5f5ef754e307d7ffaef688bd

              SHA1

              06db651cdf354c64a7383ea9c77024ef4fb4cef8

              SHA256

              3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc

              SHA512

              7eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2
              Filesize

              15KB

              MD5

              e3836d1191745d29137bfe16e4e4a2c2

              SHA1

              4dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c

              SHA256

              98eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd

              SHA512

              9e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\KFOmCnqEu92Fr1Mu7GxKOzY[1].woff2
              Filesize

              11KB

              MD5

              15d8ede0a816bc7a9838207747c6620c

              SHA1

              f6e2e75f1277c66e282553ae6a22661e51f472b8

              SHA256

              dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d

              SHA512

              39c75f8e0939275a69f8d30e7f91d7ca06af19240567fb50e441a0d2594b73b6a390d11033afb63d68c86c89f4e4bf39b3aca131b30f640d21101dc414e42c97

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\BKT0RXTR\api[1].js
              Filesize

              850B

              MD5

              1613f25e7a73976f440bd3c174bc1dc3

              SHA1

              ffa5be6619ae6109c6e412186e0f12b8d8a73cd9

              SHA256

              091a7de491da06df67c869b9905c1d028eb2816e68360c0b5b7a4fa8ce590322

              SHA512

              4b6186a03368bf246c04af801962c19f4ffb4fc06fc493b6f5027a97a084b3d9094d6371622459ff63772bb86feca587984c4b68f314bc747164f5854a078b07

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOlCnqEu92Fr1MmEU9fChc4EsA[1].woff2
              Filesize

              11KB

              MD5

              16aedbf057fbb3da342211de2d071f11

              SHA1

              fdee07631b40b264208caa8714faaa5b991d987b

              SHA256

              7566a2f09ff8534334b7a44f72a1afaba6bdbb782209be8804636ee8b963c75f

              SHA512

              5cd45dfb0d0ee44afd9b3ffd93c2942c2f04e359d067d4631edd67a2ee09149766294b29c75aaab7436dacc775a8ca02392c5e4cfb8d7fede19c028448507e0e

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOlCnqEu92Fr1MmYUtfABc4EsA[1].woff2
              Filesize

              9KB

              MD5

              797d1a46df56bba1126441693c5c948a

              SHA1

              01f372fe98b4c2b241080a279d418a3a6364416d

              SHA256

              c451e5cf6b04913a0bc169e20eace7dec760ba1db38cdcc343d8673bb221dd00

              SHA512

              99827a3fab634b2598736e338213e1041ef26108a1607be294325d90a6ba251a947fd06d8cb0a2104b26d7fe9455feb9088a79fe515be1896c994c5850705edc

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOlCnqEu92Fr1MmYUtfBBc4[1].woff2
              Filesize

              14KB

              MD5

              19b7a0adfdd4f808b53af7e2ce2ad4e5

              SHA1

              81d5d4c7b5035ad10cce63cf7100295e0c51fdda

              SHA256

              c912a9ce0c3122d4b2b29ad26bfe06b0390d1a5bdaa5d6128692c0befd1dfbbd

              SHA512

              49da16000687ac81fc4ca9e9112bdca850bb9f32e0af2fe751abc57a8e9c3382451b50998ceb9de56fc4196f1dc7ef46bba47933fc47eb4538124870b7630036

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOlCnqEu92Fr1MmYUtfBxc4EsA[1].woff2
              Filesize

              7KB

              MD5

              585f849571ef8c8f1b9f1630d529b54d

              SHA1

              162c5b7190f234d5f841e7e578b68779e2bf48c2

              SHA256

              c6dcdefaa63792f3c29abc520c8a2c0bc6e08686ea0187c9baac3d5d329f7002

              SHA512

              1140c4b04c70a84f1070c27e8e4a91d02fda4fc890877900c53cfd3a1d8908b677a412757061de43bc71022dfdd14288f9db0852ef6bf4d2c1615cb45628bebc

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOlCnqEu92Fr1MmYUtfCBc4EsA[1].woff2
              Filesize

              1KB

              MD5

              7cbd23921efe855138ad68835f4c5921

              SHA1

              78a3ae9ec08f2cf8ebb791a2331b33a03ab8cc76

              SHA256

              8eaae4c8680e993b273145315c76a9a278f696467c426637d4beab8cb3dc4a3d

              SHA512

              d8a4db91d2063273d31f77728b44557612b85f51143973caa3cfd60ab18f8c3e4b8cdaab43af843fe29441cd1d8299bf2f139a78e47bf740277b33a377377177

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOlCnqEu92Fr1MmYUtfCRc4EsA[1].woff2
              Filesize

              14KB

              MD5

              e904f1745726f4175e96c936525662a7

              SHA1

              af4e9ee282fea95be6261fc35b2accaed24f6058

              SHA256

              65c7b85c92158adb2d71bebe0d6dfb31ab34de5e7d82134fe1aa4eba589fc296

              SHA512

              7a279d41c8f60806c2253cba5b399be7add861bd15bf0ac4fa7c96fa1eee6557bf1ebd684e909086d9292739f27fa18947af5c98f4920fe00da3acf209c6260a

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOlCnqEu92Fr1MmYUtfChc4EsA[1].woff2
              Filesize

              11KB

              MD5

              29542ac824c94a70cb8abdeef41cd871

              SHA1

              df5010dad18d6c8c0ad66f6ff317729d2c0090ba

              SHA256

              63ef838f895e018722b60f6e7e1d196ff3d90014c70465703fc58e708e83af64

              SHA512

              52f91e02b82f9f27d334704b62a78e746c80023ee8882b96cb24cb4043f9a256f395d24830b1f4513bd7597f8c564af20db9c715ab014eb2ab752fd697156591

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOlCnqEu92Fr1MmYUtfCxc4EsA[1].woff2
              Filesize

              4KB

              MD5

              133b0f334c0eb9dbf32c90e098fab6bd

              SHA1

              398f8fd3a668ef0b16435b01ad0c6122e3784968

              SHA256

              6581d0d008bc695e0f6beffbd7d51abb4d063ef5dedc16feb09aa92ea20c5c00

              SHA512

              2a5a0956ecc8680e4e9ef73ec05bc376a1cc49ddb12ee76316378fe9626dccedb21530e3e031b2dae2830874cc1b6bfd6cce2d6d0dce54587ff0fc3780041ace

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOmCnqEu92Fr1Mu4WxKOzY[1].woff2
              Filesize

              7KB

              MD5

              7aa7eb76a9f66f0223c8197752bb6bc5

              SHA1

              ac56d5def920433c7850ddbbdd99d218d25afd2b

              SHA256

              9ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7

              SHA512

              e9a513741cb90305fbe08cfd9f7416f192291c261a7843876293e04a874ab9b914c3a4d2ed771a9d6484df1c365308c9e4c35cd978b183acf5de6b96ac14480d

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2
              Filesize

              1KB

              MD5

              57993e705ff6f15e722f5f90de8836f8

              SHA1

              3fecc33bac640b63272c9a8dffd3df12f996730b

              SHA256

              836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d

              SHA512

              31f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HD22TT6X\webworker[1].js
              Filesize

              102B

              MD5

              701c50fe2f9d8cfca61542dee7684552

              SHA1

              952a04f81a291e11f5d4ecd7364a3840412ba65e

              SHA256

              9fc5dfc54de18e9c98733bbea6ebdcbc1f01c0b23f985556f24684ee96dc0582

              SHA512

              5ca3c342f4be563ee68235f32bcb8b25b62215a961b903b3568c496fcad4508b9408fbde00c6592085a819826630462863630f888fe73348f13fc037a9ab2c99

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SGZ717YQ\KFOlCnqEu92Fr1MmEU9fCBc4EsA[1].woff2
              Filesize

              1KB

              MD5

              52e881a8e8286f6b6a0f98d5f675bb93

              SHA1

              9c9c4bc1444500b298dfea00d7d2de9ab459a1ad

              SHA256

              5e5321bb08de884e4ad6585b8233a7477fa590c012e303ea6f0af616a6e93ffb

              SHA512

              45c07a5e511948c328f327e2ef4c3787ac0173c72c51a7e43e3efd3e47dd332539af15f3972ef1cc023972940f839fffe151aefaa04f499ae1faceaab6f1014f

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SGZ717YQ\KFOlCnqEu92Fr1MmEU9fCRc4EsA[1].woff2
              Filesize

              14KB

              MD5

              79c7e3f902d990d3b5e74e43feb5f623

              SHA1

              44aae0f53f6fc0f1730acbfdf4159684911b8626

              SHA256

              2236e56f735d25696957657f099459d73303b9501cc39bbd059c20849c5bedff

              SHA512

              3a25882c7f3f90a7aa89ecab74a4be2fddfb304f65627b590340be44807c5c5e3826df63808c7cd06daa3420a94090249321a1e035b1cd223a15010c510518df

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SGZ717YQ\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2
              Filesize

              9KB

              MD5

              efe937997e08e15b056a3643e2734636

              SHA1

              d02decbf472a0928b054cc8e4b13684539a913db

              SHA256

              53f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361

              SHA512

              721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SGZ717YQ\KFOmCnqEu92Fr1Mu7WxKOzY[1].woff2
              Filesize

              5KB

              MD5

              a835084624425dacc5e188c6973c1594

              SHA1

              1bef196929bffcabdc834c0deefda104eb7a3318

              SHA256

              0dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740

              SHA512

              38f2764c76a545349e8096d4608000d9412c87cc0cb659cf0cf7d15a82333dd339025a4353b9bd8590014502abceb32ca712108a522ca60cbf1940d4e4f6b98a

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\SGZ717YQ\logo_48[1].png
              Filesize

              2KB

              MD5

              ef9941290c50cd3866e2ba6b793f010d

              SHA1

              4736508c795667dcea21f8d864233031223b7832

              SHA256

              1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a

              SHA512

              a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\User\Default\DOMStore\SKIRYRT7\www.google[1].xml
              Filesize

              99B

              MD5

              f93e93b93d2bf6796df42268d62f9c0b

              SHA1

              e6ca4ca756f132727cc8cbe3d64cb0bb7b5dea5d

              SHA256

              be80ea5c798aa1fbe5030b40fe90f892d8613ac627f3156940d098b940cc498e

              SHA512

              39e6573bf1a2f519228d99f0c2b755fbb11f50c77ca07081234d3ff8324f3f71f016a4081447afe6f1010a7b1194563f0b8644aef83b1437aba8f1f0e780cead

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
              Filesize

              1KB

              MD5

              a72be5694b5bbd21fbda4f5a38fa5e7f

              SHA1

              310ffa2dcd3d618d8c63c96e29752417b7519da9

              SHA256

              d1f0514636a583f36fa896093b89e923415f2f7eef9d5a74a7bd97ca8e21f913

              SHA512

              48087e5ac7864b28861e3871dbab96d9be196923b6afeeee20985712e04213ed689420be6fa56c4183f84b8adeb3b12bbd6efe3c7542e03fe1db239572434da3

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
              Filesize

              724B

              MD5

              ac89a852c2aaa3d389b2d2dd312ad367

              SHA1

              8f421dd6493c61dbda6b839e2debb7b50a20c930

              SHA256

              0b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45

              SHA512

              c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_A1F02DC8148108B28D2F0231550FD784
              Filesize

              472B

              MD5

              ff1c38f211ebbe7a1da248d06b1e58f4

              SHA1

              d2f22bf3c840458bcfa8c3ad099f116d51ecd00e

              SHA256

              fd87f2223c0d209b0f41d3543948d36acee7174900d76280e6280e66660d19a2

              SHA512

              ddc73f8766993d5ff03ab954a2b9c76884750c90a36093bb825a5ec9c7bdac5edc5369a588a1930d639b9d5baa2f572797ecdbbaee0a752672bf54eaedafb9bc

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
              Filesize

              410B

              MD5

              457e9abfc3b6f5809e6b3ce99f2ed8ca

              SHA1

              27dbe291714765a3eadcacdc2b827b43ad74d923

              SHA256

              58032dba6d6da4e2f9db380515f4677a2dcb9c9a9566337c518841e0027980ce

              SHA512

              cda2ccffe0910713ab28279e6e200d0a49f638f5a56a3f6f0159bfce64c6509fa772e03ed46ca918c8abb395bbc648f6155c959696862cdfe7e46e57682ddcc8

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
              Filesize

              392B

              MD5

              c877623dbac5d2e829ec5c3455ff0bf1

              SHA1

              dd8a0dc5b1c8c217eed33f6f96394b2428477d91

              SHA256

              d568624da2d2b09c77ca8b601ef48a74e2ed8edf3ac2a4fee5f1a27eb14381cb

              SHA512

              02a46027439a145d3ca44d7fe24862efb579c6bbf90e20b29c81ce19f2360a1746925c3a68c84b7041af5d409d10fce26b0ea425b841095b836513c73092d5fe

              Download Submit

            • C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_A1F02DC8148108B28D2F0231550FD784
              Filesize

              406B

              MD5

              0f96b98b41bb75fed0e13f84d7f7d76b

              SHA1

              2f96104b6ab39c1b11f7c1248b98d412fce019e6

              SHA256

              ea5505881ae605c6c19f30223adba3d3c9cc593e93702efefa9bd0950d030457

              SHA512

              eb750da42ef5f6c082a40c0c42c28e1d8422ecd70f92ed373902685b124fa0bb9c41986a44fc22645b5eb51acce4b6faf118e8d3cda389179b8a9de745052dd1

              Download Submit

            • C:\note.txt
              Filesize

              218B

              MD5

              afa6955439b8d516721231029fb9ca1b

              SHA1

              087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

              SHA256

              8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

              SHA512

              5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

              Download Submit

            • memory/2336-406-0x000001E79A3C0000-0x000001E79A3C1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2336-405-0x000001E79A3A0000-0x000001E79A3A1000-memory.dmp

              Filesize

              4KB

              Download

            • memory/2336-87-0x000001E793E50000-0x000001E793E52000-memory.dmp

              Filesize

              8KB

              Download

            • memory/2336-68-0x000001E794600000-0x000001E794610000-memory.dmp

              Filesize

              64KB

              Download

            • memory/2336-52-0x000001E793D20000-0x000001E793D30000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-270-0x000001FEE7310000-0x000001FEE7312000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-478-0x000001FEE7F00000-0x000001FEE8000000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4208-480-0x000001FEE5C00000-0x000001FEE5D00000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4208-481-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-482-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-483-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-486-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-487-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-488-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-489-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-484-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-485-0x000001FED50F0000-0x000001FED5100000-memory.dmp

              Filesize

              64KB

              Download

            • memory/4208-444-0x000001FEE7AD0000-0x000001FEE7BD0000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4208-436-0x000001FEEBA10000-0x000001FEEBA12000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-433-0x000001FEE9B00000-0x000001FEE9C00000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4208-427-0x000001FEEB890000-0x000001FEEB892000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-423-0x000001FEEB830000-0x000001FEEB832000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-274-0x000001FEE7480000-0x000001FEE7482000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-268-0x000001FEEA140000-0x000001FEEA160000-memory.dmp

              Filesize

              128KB

              Download

            • memory/4208-266-0x000001FEE9900000-0x000001FEE9A00000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4208-265-0x000001FEE7300000-0x000001FEE7302000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-261-0x000001FEE7DF0000-0x000001FEE7DF2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-250-0x000001FEE7410000-0x000001FEE7412000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-230-0x000001FEE7A90000-0x000001FEE7AB0000-memory.dmp

              Filesize

              128KB

              Download

            • memory/4208-208-0x000001FEE5E40000-0x000001FEE5E60000-memory.dmp

              Filesize

              128KB

              Download

            • memory/4208-199-0x000001FEE6300000-0x000001FEE6400000-memory.dmp

              Filesize

              1024KB

              Download

            • memory/4208-117-0x000001FEE5910000-0x000001FEE5912000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-119-0x000001FEE59D0000-0x000001FEE59D2000-memory.dmp

              Filesize

              8KB

              Download

            • memory/4208-115-0x000001FED55E0000-0x000001FED55E2000-memory.dmp

              Filesize

              8KB

              Download