3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

Resubmissions

26-05-2024 05:21

240526-f2elzagd4x 7

26-05-2024 05:10

240526-ft2frsgb3v 7

Analysis

max time kernel
164s
max time network
160s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
26-05-2024 05:10

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

Geometry dash auto speedhack.bat
Size

13KB
MD5

4e2a7f369378a76d1df4d8c448f712af
SHA1

1192b4d01254a8704e6d6ae17dc2ec28a7ad5a49
SHA256

5e2cd213ff47b7657abd9167c38ffd8b53c13261fe22adddea92b5a2d9e320ad
SHA512

90e6eedca424e2ee37c78e0c0380db490c049b0378541812734c134510c40c6e4c48c4e213f395339ed99ff337ef087b6056ac5aafb246c1789ca6082dcabd2e
SSDEEP

192:AOyUySl0UaDz2gWsIzlmj+BxZ3yqueWQx0lZicyC8Sh31xcjBzyxwn7AVhllz3:AVODaDSHMql3yqlxy5L1xcjwrlz3

Score

7^/10

bootkit execution persistence

Malware Config

Signatures

Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

668 MEMZ.exe
2988 MEMZ.exe
3036 MEMZ.exe
3456 MEMZ.exe
1436 MEMZ.exe
3520 MEMZ.exe
4848 MEMZ.exe
Loads dropped DLL 1 IoCs

Processes:

Taskmgr.exe

pid process

5940 Taskmgr.exe
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

pid	process
668	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
3456	MEMZ.exe
1436	MEMZ.exe
3520	MEMZ.exe
4848	MEMZ.exe

pid	process
5940	Taskmgr.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exemsedge.exemsedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 1 IoCs

Processes:

MiniSearchHost.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\MuiCache MiniSearchHost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
3036	MEMZ.exe
3036	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
3036	MEMZ.exe
1436	MEMZ.exe
1436	MEMZ.exe
3456	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
3520	MEMZ.exe
3520	MEMZ.exe
3520	MEMZ.exe
3456	MEMZ.exe
3456	MEMZ.exe
1436	MEMZ.exe
1436	MEMZ.exe
3036	MEMZ.exe
3036	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
1436	MEMZ.exe
1436	MEMZ.exe
3456	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
3520	MEMZ.exe
3520	MEMZ.exe
3520	MEMZ.exe
3456	MEMZ.exe
3456	MEMZ.exe
1436	MEMZ.exe
1436	MEMZ.exe
3036	MEMZ.exe
3036	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
1436	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
3520	MEMZ.exe
3456	MEMZ.exe
3456	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
3520	MEMZ.exe
1436	MEMZ.exe
1436	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
3036	MEMZ.exe
2988	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
1436	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

Processes:

chrome.exemsedge.exemsedge.exe

pid	process
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe
Token: SeShutdownPrivilege	1660	chrome.exe
Token: SeCreatePagefilePrivilege	1660	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exemsedge.exeTaskmgr.exe

pid	process
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
1660	chrome.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe

Suspicious use of SendNotifyMessage 64 IoCs

Processes:

chrome.exemsedge.exeTaskmgr.exemsedge.exe

pid	process
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
1660	chrome.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
4336	msedge.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
5940	Taskmgr.exe
2980	msedge.exe
2980	msedge.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

MEMZ.exeidentity_helper.exeMiniSearchHost.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
4848	MEMZ.exe
5560	identity_helper.exe
5672	MiniSearchHost.exe
1436	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
3520	MEMZ.exe
3456	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
3520	MEMZ.exe
3456	MEMZ.exe
3036	MEMZ.exe
1436	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
1436	MEMZ.exe
2988	MEMZ.exe
3520	MEMZ.exe
3036	MEMZ.exe
3456	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
3036	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
3036	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
3520	MEMZ.exe
3036	MEMZ.exe
3456	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
3036	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
3036	MEMZ.exe
1436	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
3520	MEMZ.exe
3456	MEMZ.exe
2988	MEMZ.exe
1436	MEMZ.exe
3456	MEMZ.exe
3036	MEMZ.exe
3520	MEMZ.exe
1436	MEMZ.exe
2988	MEMZ.exe
3036	MEMZ.exe
3456	MEMZ.exe
3520	MEMZ.exe
2988	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

cmd.exeMEMZ.exeMEMZ.exechrome.exe

description	pid	process	target process
PID 4068 wrote to memory of 1828	4068	cmd.exe	cscript.exe
PID 4068 wrote to memory of 1828	4068	cmd.exe	cscript.exe
PID 4068 wrote to memory of 668	4068	cmd.exe	MEMZ.exe
PID 4068 wrote to memory of 668	4068	cmd.exe	MEMZ.exe
PID 4068 wrote to memory of 668	4068	cmd.exe	MEMZ.exe
PID 668 wrote to memory of 2988	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 2988	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 2988	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3036	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3036	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3036	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3456	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3456	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3456	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3520	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3520	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 3520	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 1436	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 1436	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 1436	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 4848	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 4848	668	MEMZ.exe	MEMZ.exe
PID 668 wrote to memory of 4848	668	MEMZ.exe	MEMZ.exe
PID 4848 wrote to memory of 5064	4848	MEMZ.exe	notepad.exe
PID 4848 wrote to memory of 5064	4848	MEMZ.exe	notepad.exe
PID 4848 wrote to memory of 5064	4848	MEMZ.exe	notepad.exe
PID 1660 wrote to memory of 2384	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 2384	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 1992	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 2136	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 2136	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3848	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3848	1660	chrome.exe	chrome.exe
PID 1660 wrote to memory of 3848	1660	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\Geometry dash auto speedhack.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:4068

C:\Windows\system32\cscript.exe
cscript x.js
2⤵
PID:1828

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:668

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2988

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3036

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3456

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3520

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1436

C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe" /main
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4848

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
PID:5064

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=what+happens+if+you+delete+system32
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4336

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff3f33cb8,0x7ffff3f33cc8,0x7ffff3f33cd8
5⤵
PID:5036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1848 /prefetch:2
5⤵
PID:3108

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 /prefetch:3
5⤵
PID:3764

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2556 /prefetch:8
5⤵
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3140 /prefetch:1
5⤵
PID:4188

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3172 /prefetch:1
5⤵
PID:2244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4596 /prefetch:1
5⤵
PID:668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:1
5⤵
PID:3688

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5104 /prefetch:8
5⤵
PID:5216

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1828,1566746882324836324,16203222570991233042,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
5⤵
- Suspicious use of SetWindowsHookEx
PID:5560

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:5940

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+send+a+virus+to+my+friend
4⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2980

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffff3f33cb8,0x7ffff3f33cc8,0x7ffff3f33cd8
5⤵
PID:3160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,12163587837586266232,16541367653415113104,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
5⤵
PID:1816

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,12163587837586266232,16541367653415113104,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2308 /prefetch:3
5⤵
PID:3988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,12163587837586266232,16541367653415113104,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
5⤵
PID:2792

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12163587837586266232,16541367653415113104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
5⤵
PID:1464

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12163587837586266232,16541367653415113104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3280 /prefetch:1
5⤵
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12163587837586266232,16541367653415113104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4964 /prefetch:1
5⤵
PID:5620

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,12163587837586266232,16541367653415113104,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
5⤵
PID:2460

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffff621ab58,0x7ffff621ab68,0x7ffff621ab78
2⤵
PID:2384

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1524 --field-trial-handle=1804,i,4328936655441933302,9353442117043104857,131072 /prefetch:2
2⤵
PID:1992

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 --field-trial-handle=1804,i,4328936655441933302,9353442117043104857,131072 /prefetch:8
2⤵
PID:2136

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2148 --field-trial-handle=1804,i,4328936655441933302,9353442117043104857,131072 /prefetch:8
2⤵
PID:3848

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3044 --field-trial-handle=1804,i,4328936655441933302,9353442117043104857,131072 /prefetch:1
2⤵
PID:2876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3100 --field-trial-handle=1804,i,4328936655441933302,9353442117043104857,131072 /prefetch:1
2⤵
PID:1176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=3252 --field-trial-handle=1804,i,4328936655441933302,9353442117043104857,131072 /prefetch:1
2⤵
PID:704

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3488 --field-trial-handle=1804,i,4328936655441933302,9353442117043104857,131072 /prefetch:8
2⤵
PID:1204

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4464 --field-trial-handle=1804,i,4328936655441933302,9353442117043104857,131072 /prefetch:8
2⤵
PID:2976

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:1828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4400

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1136

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5672

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004DC 0x00000000000004E8
1⤵
PID:1336

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4940

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5452

Network

MITRE ATT&CK Matrix ATT&CK v13

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

System Information Discovery

T1082

Query Registry

T1012

Peripheral Device Discovery

T1120

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Resource Development

Reconnaissance

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
1KB

MD5
bf62630c51c23765ccaeb5a5f6caf494

SHA1
78244b2e8611159a4e907dd47141790430e5083a

SHA256
dfd048a930310eeb28eba3cd503cc2a15b534bd7c43e3d732662e9a6cee67692

SHA512
773dc8e49edd59dcf5213ab3f46a94da388c7a9237aa44b53ca83bd477576f334b4348bc0423dea37d63f60c292a75ddcf9bf0cc972f0aa6ec6edd96a62ca641

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
356B

MD5
b95eb0a1a0943bd060d3bcc261913889

SHA1
1f8e5fd75dfad431e7a41e4522497eef29757cfb

SHA256
cad362a3c4724db2c27731101de1c4bb2d452c57556d2dff504f7c8cab94bb0d

SHA512
7f2a358d1ea7fd0bfcc0250deb7ec23e070690d42a30e817b6518f1f195ecc609c3967fd83cb655b8b0ac607294bfa457baeed6ac99dae946f40a43379d4b969

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
51e3097e0206cd3c18b40da0e9a9da48

SHA1
3b329d9b41ca8d1d0e01a976e3a4e7a1d328e2ca

SHA256
b01c8ce07717c4b3407333ed7da1543a78ec0f3ffc14bf9a7ca75257663f154f

SHA512
ba62a826c18c33fe40be348ebd1d689d2cf48b01dec2c15c53d2c258b134853bb0a41c7ff919b7e1be94bd2cc107dcb5266eb7aaff6c73b09983b113538fe714

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
9ab090af7540324e8da679265427503a

SHA1
36368bf245cd747e6951c7997a7dde5b8e55c282

SHA256
a02d8b27026a1f20948e1e67933a56f61b75fd794d6b589af1319f180b2ef6a2

SHA512
929cb0b3f9f1c3385eb4aff145bdefa97d3305746b7c5ebbe798bd4e116e6ccbbdb6b7157d68915fe7d1ec84f88eefbd53385fb3b5487720bb5b1d3b11721446

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
130KB

MD5
0fcb37c76be11074273e0ca524129249

SHA1
1db0d8644aa7cbcef8042040b23e4dea47b7bdb9

SHA256
dc33d3bf3f041499da3a1f5ead52899664eb94a1804447b896390e022de456cd

SHA512
2ccd3bf7e6b651670d444ee5be0d03481eccc412fdf0050fc5bcb3fc4669260d77b57a8598aaaaa7c465e9bfe2f3592c31af56245800724c3659fa6fd3a9405a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1
Filesize
264KB

MD5
f63e1e4a8ef3176052a1784f377279a7

SHA1
163b051b1fe6a79226497d22dc7e778aa4dc9554

SHA256
6551d80180ea888e2622ea7d048d2049714fd66445270d9653e5b95992c0a5aa

SHA512
ced5cf1196b13295301eae169fae887f4d32cd32d9e9f074302d7948863ca5e7a8d0b5a17b2489a36dc0f06172cdc91af38e4a578d80ba308a0dd47eadfda763

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
681ca7a860b0036ff7cfb024b806bfdc

SHA1
75ac01ed6582d200de5dca21903f575b637048dc

SHA256
c9248f4f536b536b6ca4c3a5f2981d6bb7960b062898657535cd595a5d9302e9

SHA512
7bb771b076af2e0bd1afddee610b8506f312f96fb37e33652aebf2ef102e1718dac0ca1598f084941dd224209597ceb8bdd8dffeff7843cf43dd2fc6ca88f0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4e9ebd4b-58c1-44c7-abf7-4f95dc07afb0.tmp
Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
54592269f4e5b48cc8c51a46894c9464

SHA1
0230f3639267ea96bbc779e297d023cf4f669f08

SHA256
2deadcdfcbc1fc1b952e595bba26ddd3493e926292d2be2d3113d197ea1c3ddd

SHA512
1a7cbebab4bd5cb040ae1d9b28837dda87c46e4376459718b5cc474e87b08b0ad4f4d45fb11a6ada7e7334c4818a336b295c65582b01fd86214a39b5291b99cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
ae232fc61988ade2f7017e0fa1ed9cdb

SHA1
f22bb560ebc6dc62a76635090430352caace7324

SHA256
ce3520998b4768c3a3affb9fce57c3e734f1ef5277e7388ddc0ff4bfb5b6ac18

SHA512
910bdc4221a6108789f93524cb5f2f17fe46e92da1be13ea96e371ac2a2fba907229e63635010514e111c63e09419059e9f2293632daef62c9608ad02ce543d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
fb48b2439c4f72e820139108bf1aeb35

SHA1
68927ee1c8ac963499fa4715425a41b67c94df80

SHA256
d923084207478bc6c7804b2d0c7fc43b19c8a27083fb6bb91055ad58811f3450

SHA512
846f57cc585d35c6586071e4db63e993088f3f44038e3dc5eefc8894bfcf8fdddb1f796fd8ee687db5f8262595bb86740fdcca9afac4347d1b6e8eb1eb7e4070

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
168B

MD5
e1fdacebf290da9c3ce28ab15557eb06

SHA1
6ca91446ffbf9a125c8eaa3e80dd08106aeeab36

SHA256
d720ea47b4203c777ba953ddc0e47ef38db1e43a1b52d0bf9ca959cf7ff404ea

SHA512
5491998069a67340b5bc8ed1227e55f652051701f5c85f446b9a8587abedf26b28cee5456e98dd72a3dda214367adc853da1fc524f08819730b784497a11f3c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
144B

MD5
e2552c70e9e312560f0838f013cf8eb2

SHA1
073bccb4e4782c354e084bc2a863cc89a295ac79

SHA256
8b983fd7bbb2ba8bf0df8bffc42c20a24d8fed657d24117a2579d14775ef60ba

SHA512
7a765c64698e7788abfe98da61c3e1c1bdb09a49c73efe843d93607faf11c12a4072560a1621b432334c729a6f8debcfd4cdaaef01012486457995de0fc8a06f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
20KB

MD5
4b680ec5bc0eba12bb21c311bdc1d60d

SHA1
8848b4be4890a971731a53ea908985bfc6507147

SHA256
1c1d40bc841861f01a56aa4f52c757897143010f7b6d14a46c1259fdba7fc895

SHA512
574319d28a7bfcddcfa4fe225d0321f880241be8063462cc40344ac08d6a397895e296a752d57af403929227dd4c1d7559cb9f570c1aa2b077c36ab82176ddfe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
20KB

MD5
fd56826b58513f2527ad1de34f225f68

SHA1
97da770b61bb443b58fcaa1e1f91d09c3ed22655

SHA256
f813c3c9eb14657ed7a0db315480dc58c92c91483273057ac772c2baaf2a6657

SHA512
8cb85d83d5897db5bb7bf53fe32905097d004747d664296fba0622f51014729d03e96e6934c44461dd97a1441bd1586aee6e389b3b699032806c5a6b3caeca58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
fcd7d8900c718a5dd7b0657f725233d9

SHA1
b1f08b955d5b353360952c68427e167bc83aa5c0

SHA256
4dc6e2bcffdc5adc7287ef64d72a147a313ea89b53a730b0c94ed8f18675a3c8

SHA512
d57dce84e35839dcf348624523beacb63a47ca64a45a8f39191cd54b2aff4e98f90d6a615f4e2ae8b898a0e92f3997cb6909c53c63a63a1269ea6a27d999a2e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
334B

MD5
0f7d1a1a01dd55f866c4ba621762119d

SHA1
0e01d9e19bfae3ab537a1ea0a1339d88f94a4469

SHA256
34d4a849de3f7c3d1967dc3c597f58bd48033274db7169c6442e2817b472b132

SHA512
8f2559c9bdaa5ae72b841dfb40bb6af7417b4cb2d6f8eb222d360a425cfba778296cdb0cc44a368c9e2be5c834384a91438ea7a5715929f22f316167d0105803

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
334B

MD5
988d77bdbe9aa025520d053a88ce1e6c

SHA1
3fcefae196e883cb05826573998d632b8dfc37e9

SHA256
833340a758c7168c5d422834658f65ceaef4352fed75117e6fe0a336879da088

SHA512
390ea79829daddb38b37d1b44a4f0063a6f9b2410fb2e67620bea8bd257d28f4cc4eaa830e3c42c806f68e604bc09291be79929ddcb29b7f0f9a8d1331e40f05

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
844B

MD5
3800b7a93acd7b90eaf5daa45f56254f

SHA1
f69cb468b916dcecb39fdef29b31451036a78046

SHA256
8af1055a21dbcbf6b192ff54bad9298a15a3716af8de375bb996b12b194545d7

SHA512
2a8af4e00ad5b2f6a3d1428458fca5542caa9dfad355f2a8de780aed1a7016343ffb712921e01fd6d05e0059fc869cae01004494cc479f0ad6e9a006a25b76ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
844B

MD5
2d2caa0bcff685c94c8faa81d2ef5c09

SHA1
3aaf09b2785d80acbd4018a2cfdff2709bbe7631

SHA256
1189cd77c762dee2886d79deae6117e2ead76f33742c0a61ba71138a182df66d

SHA512
22c2f6eb9e4f7eef08253346cdf0070211acda16c00e34b67d324cc110a3ca5ed0a4b86312ee21cba2b2ae644cc8a0500b0366c60603ff375426d1855535819b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
dd1a26e9b7b829853f11a6906e737a2f

SHA1
a45f5a7b58dadceac7164f330aaeee2b11422017

SHA256
62c36aaa9e2216e03810306bb779f9e4371604aaa1d31931961629e690cc53a0

SHA512
7c6e36fec9645aa2e39aff6e5b62659e39dbe1eacf0da425ecf64f549e9c30bb4186ce633b30e8d60222e908ce10f4d5303b506473b4aa77cba1638c51ae0efd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
4eed8fd8e9f9cac0fdefb52803932f56

SHA1
2997e3e7e0dbe1504b89d1e58295c398904ec08d

SHA256
60235b774f12321f2779575f46f863332b049eebb90da71e29c1b4e730d07588

SHA512
a950e1efe9b70db986bfa293bb64f7a5122696d385cd436fdcc692b191e67d2694079ef718fb28044fa63f64e417a4aece1d3eb5edd7e374b28fb1937460b3ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
1c1c2cffe834475a0bcd3d71bfc4d0f7

SHA1
6b454bb68a72b16891932267aa8228134a70897f

SHA256
5456c7ecaa36b4bd176f92c6fd99aaf3e86161bef68f54bd31f7c9c94659cdba

SHA512
9d016cd01b7e64ee1dd4b7430b13063d0025dba881e95e26e3083b11b978e160de976e487516c4bc59dd8a8b7d865b0b2c364f98251699cad2fe668f7dbced2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
597b25d3b2f20bfeb023c1c0901a2a40

SHA1
6171bd729622c6e2de4f2beb1c6c7906bc966983

SHA256
c6811013b535b4dc6bd6b01bfa085b7e508e1cac5d7945f1f737d7b8e38e28c4

SHA512
8a216edd625fc04db58e5776b144052c1b1f8addcbdf8a8e22e7628f733169bcb4444e74481d9ba992d388e8730df518037b8e9319a619515ff1ca83d45bcbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
c2e76c32f45148d5342e161ee5638671

SHA1
03e7bfcae862c3d8eb74f84fed5bf44910c946ee

SHA256
b6b4b2e0134716d66954b5f625ba90b409b90697b57285260c953b17bb485510

SHA512
13f67ec7fd6cd05a42c45ccb2fca675d06fc86a083fc481dfa9cb419496a86aa83a39ff2e743c351d80bc5f95df4f702b5ae65f10d3e6692bb443c4eff851731

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
1KB

MD5
36b46ca33a2de593fd1f71656347bd86

SHA1
f30b088eaf66e20a2000f79250fe76bbbe54d2a0

SHA256
f88262d987e551c19a36543c2426d313e4614a8cb465e12535a362b51e337344

SHA512
9903983e960ffebba16d2bb42c2a7cc274ef47789eb4b96f597c9e7aec78a6dfad1151735ff9105538af848741a77b56692908658619ce5320ddb4eedcdae7dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
322B

MD5
9662791243d155e046c8f49eb321dc28

SHA1
94a4ca14f8dde160b281c372e13f91ebcf0437fb

SHA256
b9c3db183b4927f9e5524bde2f825b9b3399bfa5e41a773ad216d08dee82da0c

SHA512
483ca06c95ef9070cb4a8fe1a0278a5c71f77952a9b8847ae3617293ee3d27814cce2d7ba83d0f8301aa7b11f9e12d7f839063f1e5de8082a2c3beaf2f406fb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13361173974942070
Filesize
1KB

MD5
4c33eee0b0926929da58c6575659ce54

SHA1
adb1c3cf49fd0b45ef0d31eba6d868544d2b09f7

SHA256
0fab07464f172ef444137f12c8bc77ec26c166a426fc691f6ebba8c4102b9611

SHA512
0df408c3b1ff0cdf67220df58411ea56474b305876f7ef5f9a2117bae081c782e0b2c4938bc20d80b526faad05cfcf729e8437472a1cbf818a5561f60fd375a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
112B

MD5
b7f180c73259bfe8ae2cdbf4d8a4faa0

SHA1
cace3b46ba01d62905710433cda51def169b3cac

SHA256
9e1474f96cb616d13f72df7a7a08b57aa55f935e9b6443bd2cf33cbb08e541a0

SHA512
89c46a9873b480e481efc0df898b1088a24c7f5957f5959ac970fd863d83dbc637ae3f68ed511543d67062d02d1df100cc085e5acb0be77a67754c1072aa94c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
350B

MD5
e788aa7ed1c9ab76ae1e16f61934e72a

SHA1
fbc89980ff5a23a79793984835b582864dffab1c

SHA256
4eeb545046154b7c84ab54a5dc38c61bcf40cd96ce1896b7fbfe30a2d139a944

SHA512
da0cd2817164b083914d807f214d2c391f775438c44b4ea10429d99aa2470e40cce0440db967dda81d01f4e0e09f71f019846c682123963a104df367fc0c8df0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
1035611eb62eae64e839935d286b74f9

SHA1
b45575d259671850cca891aac6225465175c1fc0

SHA256
3d627dc391e531f31cadaf47942e3e3913e192e04c22fb000c0841b8d05b6063

SHA512
6425e1591233acabf8ed27e5a1d3d1b5d4181d8e274b080ee4bad87dc652d39841da32f9d059fc9f47be826490a7dc3efd4421a6f28f4d5d795c051c01d185e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
e55f74e2bc59a6a37f149d84382ee37a

SHA1
f260324d912f1dc7ac973c4c87790f18d76aa436

SHA256
eb62a0b29e82fb9e563744c4c8c404371a4b896f1bb2a16040d97a547e7b5c91

SHA512
0aa7624329cfd8575253847fb3d662c52e10aa033e723fedbd3e28a79ee46220dc194aaf77d17e6f5dbbcc31fdc48087d5982382a4ce1f9d8727a00e33161bca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
44KB

MD5
eba7cf99e0e69669506486fe45e2be4d

SHA1
89e091c5a5d251ed15504483d94e706131a1881f

SHA256
913a09d522aacedeff823071ff6d0bbf7c4047f68b11bfce9a336383209ba314

SHA512
eb45f34ae23e6b88e28ba8550d85071751a3f6b4ab6edf510ca470831b9ccc70a485d704203d497df1205492011e40c458f451d1e6c4b45ec9fc868a1e39bf91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
8a2834e658e52a40b9c9a070ab4baff2

SHA1
6b35e6ca1a6434f396352cd22eea663181a1610d

SHA256
cd8fea4338f8e7e031addc340af35df2432a3ee8870928685a6542fcf29a53f1

SHA512
fdd543dbd34cbdddd703562deee2953a663f949639f46328a7c61109ac617e02cb3ccb4adc7472b98968bf6e2f814402c95d50f1092742c437806bec16c2546b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
318B

MD5
cbc17bb48b28c8d0752a359e46e926d6

SHA1
c9b5abde39d0eb13d64225faf38e43c6dcf7f542

SHA256
5cb50a22d12ce65995c55f6a490ae995ac850cbf8caac58540f01ce8db40c19b

SHA512
f1cb51a1ca1ab0d19633ef07879e5f58dc1394168c3003bcdbedbc5968a9bd45e53cfc48a35951dbc9b15e62c40f64e5cde8add60784e70d17d5d5acc059e89b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
1802ddf550bb33042cf250cebae7ab26

SHA1
b206001603f6f4429652f7c84d83bcf11a18f457

SHA256
1c81a954f6be5fd8266cb58345a8648b7ec759a69e68266cfbcebae3e571a916

SHA512
9c470a4c468458f56ff63afe6d4134289c27bb40822ed9a7fa2bdb48b07238d1b3b1683fa98a5940995b64f2d19e5ebf2931aa80bdf3f5be8ed774816634ab8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
Filesize
44KB

MD5
de0d8a5c4ab29ac97ccb988ed8a4383e

SHA1
297e5c3de311075c8367cbc3cf5a4b4631eba701

SHA256
0adef7e5ea1506cc91fd9c949e31ee9794fa3f4780080f3be5ef879bb9a4989b

SHA512
9f88842ce8b73f2fef0ab61c7cb54ed859f57b55cda320e67660d967eef665ac182a762038ad878e1e0db5db7bb20ab9d13a124212d10eeecfb7e2b20c0d7934

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
6c863be317dc83441cc21b36214a9b5e

SHA1
09f0c7843e08283c0dd6b87bcbcb8a79db6e4977

SHA256
5687427dcff2f52538cdbd7eb6aa6098daa63e7f6bac21fef50e0ec8aa73cdba

SHA512
0ecf8841def82e9b68e2477811057e618dff9a0200d91c4dbc5d9efe0b1fbf4819ba2dac109804e9b28d547a15f6207c3cd5106b4667aa5873af04932c2cff2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
e9e37198f161574c6388408e85f031d5

SHA1
d2dedf5e55b2fd4117f2924a25ef18c451f8c85a

SHA256
7fa2818580aebf919305e76ec16bee7f1eb507bb15b7d215a692df0d4bfd5bd2

SHA512
3547f1d81d255728c75688f6e5c31c992c032dea1fc3a34d3abcb81fa4e8c45b476e7604aea0a6319362f22c6e933bd99c2a2fffcc1594563f1d81800039f63f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
71e8aa922f021fa12b0741f97ce93f28

SHA1
5854eb44f558ed7940219594334fa18d21cc3577

SHA256
cb6bc627b696ead95b6bac69e7836804ecb6f3f5f79b366d6079c161dd5d6447

SHA512
2b693935afa608d0fc8f7b0028096fb1c3b3d8689db685e04d38f7ebbccd84ec6852040192f4a89543603045ac4e2dd52455b5f999d64154e2e45f71f09a5a04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ea2f05f1-5c67-4fc9-9a19-2f6c4a167c5b.tmp
Filesize
11KB

MD5
79b99f8fa0389157283ff406fffa2c67

SHA1
a1a78d0ce57d51be5ca19e68628b4a8b51b81a5f

SHA256
97cf9be0ffbcc939c7ee420558bb22d9b7ebaf9cb4f5bb2171b72b52dbbefeff

SHA512
ea4ccbce254e1435e7d17427dd8441c152d4ddfd9e9193c539848217c229a5a1b84481b9d64fb7e7074dee2a1604f108b5807a318726b13311fb0015e2dab7f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\x
Filesize
11KB

MD5
1882f3dd051e401349f1af58d55b0a37

SHA1
6b0875f9e3164f3a9f21c1ec36748a7243515b47

SHA256
3c8cea1a86f07b018e637a1ea2649d907573f78c7e4025ef7e514362d09ff6c0

SHA512
fec96d873997b5c6c82a94f8796c88fc2dd38739277c517b8129277dcbda02576851f1e27bdb2fbb7255281077d5b9ba867f6dfe66bedfc859c59fdd3bbffacf

Download Submit
C:\Users\Admin\AppData\Local\Temp\x
Filesize
4KB

MD5
214f98cb6a54654a4ca5c456f16aed0a

SHA1
2229090d2f6a1814ba648e5b5a5ae26389cba5a0

SHA256
45f18ccd8df88c127304a7855a608661b52b0ca813e87e06d87da15259c45037

SHA512
5f058b05f166e2688df7b3960e135ada25bbcdfbb62a11da3cf9e70c08c51e5589a1e6ca2250318a694d27197f2c5ba1028c443831c43fba2171ca8e072e9873

Download Submit
C:\Users\Admin\AppData\Local\Temp\x.js
Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\AppData\Local\Temp\z.zip
Filesize
8KB

MD5
63ee4412b95d7ad64c54b4ba673470a7

SHA1
1cf423c6c2c6299e68e1927305a3057af9b3ce06

SHA256
44c1857b1c4894b3dfbaccbe04905652e634283dcf6b06c25a74b17021e2a268

SHA512
7ff153826bd5fed0a410f6d15a54787b79eba927d5b573c8a7f23f4ecef7bb223d79fd29fe8c2754fbf5b4c77ab7c41598f2989b6f4c7b2aa2f579ef4af06ee7

Download Submit
C:\Users\Admin\AppData\Roaming\MEMZ.exe
Filesize
14KB

MD5
19dbec50735b5f2a72d4199c4e184960

SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822

SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d

SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d

Download Submit
C:\note.txt
Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\crashpad_1660_UZWDMKTJBDOWPIJO
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5940-538-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-539-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-537-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-540-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-542-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-530-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-532-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-531-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-536-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download
memory/5940-541-0x0000000005830000-0x0000000005831000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix ATT&CK v13

Replay Monitor

Loading Replay Monitor...

Downloads