Analysis
-
max time kernel
220s -
max time network
322s -
platform
windows10-1703_x64 -
resource
win10-20240404-en -
resource tags
arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system -
submitted
11-06-2024 15:37
Static task
static1
Behavioral task
behavioral1
Sample
MEMZ-Destructive.exe
Resource
win10-20240404-en
General
-
Target
MEMZ-Destructive.exe
-
Size
14KB
-
MD5
19dbec50735b5f2a72d4199c4e184960
-
SHA1
6fed7732f7cb6f59743795b2ab154a3676f4c822
-
SHA256
a3d5715a81f2fbeb5f76c88c9c21eeee87142909716472f911ff6950c790c24d
-
SHA512
aa8a6bbb1ec516d5d5acf8be6863a4c6c5d754cee12b3d374c3a6acb393376806edc422f0ffb661c210e5b9485da88521e4a0956a4b7b08a5467cfaacd90591d
-
SSDEEP
192:sIvxdXSQeWSg9JJS/lcIEiwqZKBkDFR43xWTM3LHn8f26gyr6yfFCj3r:sMVSaSEglcIqq3agmLc+6gyWqFCj
Malware Config
Signatures
-
Checks computer location settings 2 TTPs 1 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
MEMZ-Destructive.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Control Panel\International\Geo\Nation MEMZ-Destructive.exe -
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
Processes:
MEMZ-Destructive.exedescription ioc process File opened for modification \??\PhysicalDrive0 MEMZ-Destructive.exe -
Drops file in Windows directory 25 IoCs
Processes:
Taskmgr.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exesvchost.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exetaskmgr.exeMicrosoftEdge.exeMicrosoftEdgeCP.exedescription ioc process File created C:\Windows\rescache\_merged\4183903823\2290032291.pri Taskmgr.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File created C:\Windows\INF\netrasa.PNF svchost.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\4183903823\2290032291.pri taskmgr.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri Taskmgr.exe File created C:\Windows\rescache\_merged\1601268389\715946058.pri Taskmgr.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\1601268389\715946058.pri taskmgr.exe File created C:\Windows\INF\netsstpa.PNF svchost.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File opened for modification C:\Windows\Debug\ESE.TXT MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdge.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri MicrosoftEdgeCP.exe File created C:\Windows\rescache\_merged\3720402701\1568373884.pri taskmgr.exe -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks SCSI registry key(s) 3 TTPs 6 IoCs
SCSI information is often read in order to detect sandboxing environments.
Processes:
taskmgr.exeTaskmgr.exedescription ioc process Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000 Taskmgr.exe Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A Taskmgr.exe Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_QEMU&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName Taskmgr.exe -
Processes:
MicrosoftEdgeCP.exebrowser_broker.exebrowser_broker.exebrowser_broker.exebrowser_broker.exebrowser_broker.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000\Software\Microsoft\Internet Explorer\Main browser_broker.exe -
Modifies registry class 64 IoCs
Processes:
MicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdge.exeMicrosoftEdge.exeMicrosoftEdge.exetaskmgr.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription ioc process Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 5f7b269a15bcda01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings taskmgr.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\History\CachePrefix = "Visited:" MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionLow = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0" MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 0d4b957e15bcda01 MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\IECompatVersionHigh = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify. See aka.ms/browserpolicy\Extensions MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 1d572bc415bcda01 MicrosoftEdge.exe Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" MicrosoftEdgeCP.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 90b49a8815bcda01 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3 MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main MicrosoftEdge.exe Set value (data) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\DynamicCodePolicy = 05000000 MicrosoftEdgeCP.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Set value (str) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packag = "0" MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies MicrosoftEdgeCP.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy MicrosoftEdge.exe Key created \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath MicrosoftEdge.exe Set value (int) \REGISTRY\USER\S-1-5-21-1739856679-3467441365-73334005-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" MicrosoftEdge.exe -
Suspicious behavior: EnumeratesProcesses 64 IoCs
Processes:
MEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exeMEMZ-Destructive.exepid process 1492 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4092 MEMZ-Destructive.exe 4804 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 5000 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe 1492 MEMZ-Destructive.exe 944 MEMZ-Destructive.exe -
Suspicious behavior: LoadsDriver 6 IoCs
Processes:
pid 4 4 4 4 4 624 -
Suspicious behavior: MapViewOfSection 14 IoCs
Processes:
MicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exepid process 2632 MicrosoftEdgeCP.exe 2632 MicrosoftEdgeCP.exe 2632 MicrosoftEdgeCP.exe 2632 MicrosoftEdgeCP.exe 2632 MicrosoftEdgeCP.exe 2632 MicrosoftEdgeCP.exe 2392 MicrosoftEdgeCP.exe 2392 MicrosoftEdgeCP.exe 648 MicrosoftEdgeCP.exe 648 MicrosoftEdgeCP.exe 2824 MicrosoftEdgeCP.exe 2824 MicrosoftEdgeCP.exe 2464 MicrosoftEdgeCP.exe 2464 MicrosoftEdgeCP.exe -
Suspicious use of AdjustPrivilegeToken 38 IoCs
Processes:
taskmgr.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeAUDIODG.EXEsvchost.exeTaskmgr.exedescription pid process Token: SeDebugPrivilege 3220 taskmgr.exe Token: SeSystemProfilePrivilege 3220 taskmgr.exe Token: SeCreateGlobalPrivilege 3220 taskmgr.exe Token: SeDebugPrivilege 2344 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2344 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2344 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 2344 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1296 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1296 MicrosoftEdgeCP.exe Token: SeDebugPrivilege 1812 MicrosoftEdge.exe Token: SeDebugPrivilege 1812 MicrosoftEdge.exe Token: 33 3220 taskmgr.exe Token: SeIncBasePriorityPrivilege 3220 taskmgr.exe Token: 33 1772 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 1772 AUDIODG.EXE Token: SeShutdownPrivilege 2432 svchost.exe Token: SeCreatePagefilePrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeLoadDriverPrivilege 2432 svchost.exe Token: SeDebugPrivilege 3388 Taskmgr.exe Token: SeSystemProfilePrivilege 3388 Taskmgr.exe Token: SeCreateGlobalPrivilege 3388 Taskmgr.exe Token: 33 3388 Taskmgr.exe Token: SeIncBasePriorityPrivilege 3388 Taskmgr.exe -
Suspicious use of FindShellTrayWindow 64 IoCs
Processes:
taskmgr.exepid process 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe -
Suspicious use of SendNotifyMessage 64 IoCs
Processes:
taskmgr.exepid process 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe 3220 taskmgr.exe -
Suspicious use of SetWindowsHookEx 20 IoCs
Processes:
MEMZ-Destructive.exeOpenWith.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exeMicrosoftEdge.exeMicrosoftEdgeCP.exepid process 3520 MEMZ-Destructive.exe 4724 OpenWith.exe 1812 MicrosoftEdge.exe 2632 MicrosoftEdgeCP.exe 2344 MicrosoftEdgeCP.exe 2632 MicrosoftEdgeCP.exe 4984 MicrosoftEdgeCP.exe 3480 MicrosoftEdge.exe 2392 MicrosoftEdgeCP.exe 2392 MicrosoftEdgeCP.exe 204 MicrosoftEdge.exe 648 MicrosoftEdgeCP.exe 648 MicrosoftEdgeCP.exe 2420 MicrosoftEdge.exe 2824 MicrosoftEdgeCP.exe 2824 MicrosoftEdgeCP.exe 3520 MEMZ-Destructive.exe 4960 MicrosoftEdge.exe 2464 MicrosoftEdgeCP.exe 2464 MicrosoftEdgeCP.exe -
Suspicious use of WriteProcessMemory 57 IoCs
Processes:
MEMZ-Destructive.exeMEMZ-Destructive.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exeMicrosoftEdgeCP.exedescription pid process target process PID 1528 wrote to memory of 1492 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 1492 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 1492 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 4092 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 4092 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 4092 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 4804 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 4804 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 4804 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 5000 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 5000 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 5000 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 944 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 944 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 944 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 3520 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 3520 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 1528 wrote to memory of 3520 1528 MEMZ-Destructive.exe MEMZ-Destructive.exe PID 3520 wrote to memory of 2164 3520 MEMZ-Destructive.exe notepad.exe PID 3520 wrote to memory of 2164 3520 MEMZ-Destructive.exe notepad.exe PID 3520 wrote to memory of 2164 3520 MEMZ-Destructive.exe notepad.exe PID 3520 wrote to memory of 2872 3520 MEMZ-Destructive.exe calc.exe PID 3520 wrote to memory of 2872 3520 MEMZ-Destructive.exe calc.exe PID 3520 wrote to memory of 2872 3520 MEMZ-Destructive.exe calc.exe PID 2632 wrote to memory of 404 2632 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2632 wrote to memory of 404 2632 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2632 wrote to memory of 404 2632 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2632 wrote to memory of 404 2632 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2632 wrote to memory of 404 2632 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2632 wrote to memory of 404 2632 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2392 wrote to memory of 4308 2392 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2392 wrote to memory of 4308 2392 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2392 wrote to memory of 4308 2392 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2392 wrote to memory of 4308 2392 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2392 wrote to memory of 4308 2392 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2392 wrote to memory of 4308 2392 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 648 wrote to memory of 2180 648 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 648 wrote to memory of 2180 648 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 648 wrote to memory of 2180 648 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 648 wrote to memory of 2180 648 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 648 wrote to memory of 2180 648 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 648 wrote to memory of 2180 648 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 3520 wrote to memory of 3388 3520 MEMZ-Destructive.exe Taskmgr.exe PID 3520 wrote to memory of 3388 3520 MEMZ-Destructive.exe Taskmgr.exe PID 3520 wrote to memory of 3388 3520 MEMZ-Destructive.exe Taskmgr.exe PID 2824 wrote to memory of 4924 2824 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2824 wrote to memory of 4924 2824 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2824 wrote to memory of 4924 2824 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2824 wrote to memory of 4924 2824 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2824 wrote to memory of 4924 2824 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2824 wrote to memory of 4924 2824 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2464 wrote to memory of 712 2464 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2464 wrote to memory of 712 2464 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2464 wrote to memory of 712 2464 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2464 wrote to memory of 712 2464 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2464 wrote to memory of 712 2464 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe PID 2464 wrote to memory of 712 2464 MicrosoftEdgeCP.exe MicrosoftEdgeCP.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:1528 -
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1492 -
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4092 -
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4804 -
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5000 -
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /watchdog2⤵
- Suspicious behavior: EnumeratesProcesses
PID:944 -
C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe"C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.exe" /main2⤵
- Checks computer location settings
- Writes to the Master Boot Record (MBR)
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3520 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe" \note.txt3⤵PID:2164
-
C:\Windows\SysWOW64\calc.exe"C:\Windows\System32\calc.exe"3⤵PID:2872
-
C:\Windows\SysWOW64\Taskmgr.exe"C:\Windows\System32\Taskmgr.exe"3⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
PID:3388 -
C:\Windows\SysWOW64\notepad.exe"C:\Windows\System32\notepad.exe"3⤵PID:1016
-
C:\Windows\SysWOW64\mmc.exe"C:\Windows\System32\mmc.exe"3⤵PID:2220
-
C:\Windows\system32\mmc.exe"C:\Windows\system32\mmc.exe"4⤵PID:2120
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵
- Drops file in Windows directory
- Checks SCSI registry key(s)
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3220
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Suspicious use of SetWindowsHookEx
PID:4724
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:4288
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1812
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:3100
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2632
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2344
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:404
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:1296
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4984
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
PID:2248
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3480
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:3132
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2392
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
PID:4308
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:204
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:1588
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:648
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
- Modifies registry class
PID:2180
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x3bc1⤵
- Suspicious use of AdjustPrivilegeToken
PID:1772
-
C:\Windows\System32\SystemSettingsBroker.exeC:\Windows\System32\SystemSettingsBroker.exe -Embedding1⤵PID:3128
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservice -s SstpSvc1⤵PID:3536
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k localservicenetworkrestricted -s RmSvc1⤵PID:3572
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s NetSetupSvc1⤵
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:2432
-
\??\c:\windows\system32\svchost.exec:\windows\system32\svchost.exe -k netsvcs -s RasMan1⤵PID:1812
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2420
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:296
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2824
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
PID:4924
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4960
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵
- Modifies Internet Explorer settings
PID:2608
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2464
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵
- Drops file in Windows directory
PID:712
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca1⤵PID:2336
-
C:\Windows\system32\browser_broker.exeC:\Windows\system32\browser_broker.exe -Embedding1⤵PID:2604
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:3140
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:5056
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵PID:3168
-
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca1⤵PID:168
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
74KB
MD5d4fc49dc14f63895d997fa4940f24378
SHA13efb1437a7c5e46034147cbbc8db017c69d02c31
SHA256853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1
SHA512cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a
-
Filesize
171KB
MD530ec43ce86e297c1ee42df6209f5b18f
SHA1fe0a5ea6566502081cb23b2f0e91a3ab166aeed6
SHA2568ccddf0c77743a42067782bc7782321330406a752f58fb15fb1cd446e1ef0ee4
SHA51219e5a7197a92eeef0482142cfe0fb46f16ddfb5bf6d64e372e7258fa6d01cf9a1fac9f7258fd2fd73c0f8a064b8d79b51a1ec6d29bbb9b04cdbd926352388bae
-
Filesize
2KB
MD5b8da5aac926bbaec818b15f56bb5d7f6
SHA12b5bf97cd59e82c7ea96c31cf9998fbbf4884dc5
SHA2565be5216ae1d0aed64986299528f4d4fe629067d5f4097b8e4b9d1c6bcf4f3086
SHA512c39a28d58fb03f4f491bf9122a86a5cbe7677ec2856cf588f6263fa1f84f9ffc1e21b9bcaa60d290356f9018fb84375db532c8b678cf95cc0a2cc6ed8da89436
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\recaptcha__en[1].js
Filesize512KB
MD5ddcffefac58f205ea194e1612e7c22a7
SHA14db6276eccafc0030490f970824b55dc327bfebd
SHA2565f12968474e2995c485a2c256a9819dde04e78b6a13aacadfba935ed7970234a
SHA5124b8561f2bbc596382e9c22515354b94df9613844a2c6b6736dd7c1f6c51305e235c58160d8e5b3d6f5fa289dc55f6fd675332e4a13d07fd35282d61e227adc13
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157
Filesize4KB
MD51bfe591a4fe3d91b03cdf26eaacd8f89
SHA1719c37c320f518ac168c86723724891950911cea
SHA2569cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8
SHA51202f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\Q8D7OW8Y\favicon[1].ico
Filesize5KB
MD5f3418a443e7d841097c714d69ec4bcb8
SHA149263695f6b0cdd72f45cf1b775e660fdc36c606
SHA2566da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770
SHA51282d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize512KB
MD59dd677e0e903b380549326733489bf84
SHA146c733c9a26ae0819fa48df5680a1be339af0ac7
SHA2561a22843b8b37f03b74b1db8e223fc22070672149b4c6f73fdb2ccd514204a93e
SHA512442dd7954613a263ed3b31aee62513a4f889dd9d13dcb08a94fdea57ef13db3de4f904dc3eded9ef72c94496bb814e0a663bcca1528e2f5dccb7107e7eaaa298
-
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF97BC5DB8B7008798.TMP
Filesize16KB
MD5a93c62647fb5168bae83c8e99a714882
SHA1efcb270fd1d3d7cd1c87922e67ec9fa4f0b0ddb3
SHA25624951bd9472b140de27b0f525feebf57298f8110fade4971503df911675078d5
SHA512141920b8fdeeb2afb7176b5ae4e8749f1a7cba3daf9657f3936c233ff3a3ef125f69784e7c799c89eadd4108c778a659ed9b433101cfd09b8a63fbf0168bd30f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\KFOlCnqEu92Fr1MmEU9fABc4EsA[1].woff2
Filesize9KB
MD5df648143c248d3fe9ef881866e5dea56
SHA1770cae7a298ecfe5cf5db8fe68205cdf9d535a47
SHA2566a3f2c2a5db6e4710e44df0db3caec5eb817e53989374e9eac68057d64b7f6d2
SHA5126ff33a884f4233e092ee11e2ad7ef34d36fb2b61418b18214c28aa8b9bf5b13ceccfa531e7039b4b7585d143ee2460563e3052364a7dc8d70b07b72ec37b0b66
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\KFOmCnqEu92Fr1Mu4mxK[1].woff2
Filesize14KB
MD55d4aeb4e5f5ef754e307d7ffaef688bd
SHA106db651cdf354c64a7383ea9c77024ef4fb4cef8
SHA2563e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
SHA5127eb7c301df79d35a6a521fae9d3dccc0a695d3480b4d34c7d262dd0c67abec8437ed40e2920625e98aaeafba1d908dec69c3b07494ec7c29307de49e91c2ef48
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\KFOmCnqEu92Fr1Mu5mxKOzY[1].woff2
Filesize9KB
MD5efe937997e08e15b056a3643e2734636
SHA1d02decbf472a0928b054cc8e4b13684539a913db
SHA25653f2931d978bf9b24d43b5d556ecf315a6b3f089699c5ba3a954c4dde8663361
SHA512721c903e06f00840140ed5eec06329221a2731efc483e025043675b1f070b03a544f8eb153b63cd981494379a9e975f014b57c286596b6f988cee1aaf04a8c65
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\5Y6SHWJX\KFOmCnqEu92Fr1Mu7mxKOzY[1].woff2
Filesize1KB
MD557993e705ff6f15e722f5f90de8836f8
SHA13fecc33bac640b63272c9a8dffd3df12f996730b
SHA256836f58544471e0fb0699cb9ddd0fd0138877733a98b4e029fca1c996d4fb038d
SHA51231f92fb495a1a20ab5131493ab8a74449aabf5221e2901915f2cc917a0878bb5a3cbc29ab12324ffe2f0bc7562a142158268c3f07c7dca3e02a22a9ade41721e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IY3ZUSF4\KFOlCnqEu92Fr1MmEU9fCBc4EsA[1].woff2
Filesize1KB
MD552e881a8e8286f6b6a0f98d5f675bb93
SHA19c9c4bc1444500b298dfea00d7d2de9ab459a1ad
SHA2565e5321bb08de884e4ad6585b8233a7477fa590c012e303ea6f0af616a6e93ffb
SHA51245c07a5e511948c328f327e2ef4c3787ac0173c72c51a7e43e3efd3e47dd332539af15f3972ef1cc023972940f839fffe151aefaa04f499ae1faceaab6f1014f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\IY3ZUSF4\styles__ltr[1].css
Filesize55KB
MD55208f5e6c617977a89cf80522b53a899
SHA16869036a2ed590aaeeeeab433be01967549a44d0
SHA256487d9c5def62bc08f6c5d65273f9aaece71f070134169a6a6bc365055be5a92d
SHA512bdd95d8b4c260959c1010a724f8251b88ed62f4eb4f435bde7f85923c67f20fe9c038257bb59a5bb6107abdf0d053f75761211870ca537e1a28d73093f07198b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVS0P5KA\KFOmCnqEu92Fr1Mu72xKOzY[1].woff2
Filesize15KB
MD5e3836d1191745d29137bfe16e4e4a2c2
SHA14dc8845d97df9cb627d9e6fdd49be1ef9eb9a69c
SHA25698eec6c6fa4dcd4825e48eff334451979afc23cd085aea2d45b04dc1259079dd
SHA5129e9ec420cf75bf47a21e59a822e01dc89dcf97eec3cc117c54ce51923c9a6f2c462355db1bc20cdf665ef4a5b40ffcfa9c8cee05bb5e112c380038bfef29c397
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVS0P5KA\KFOmCnqEu92Fr1Mu7GxKOzY[1].woff2
Filesize11KB
MD515d8ede0a816bc7a9838207747c6620c
SHA1f6e2e75f1277c66e282553ae6a22661e51f472b8
SHA256dbb8f45730d91bffff8307cfdf7c82e67745d84cb6063a1f3880fadfad59c57d
SHA51239c75f8e0939275a69f8d30e7f91d7ca06af19240567fb50e441a0d2594b73b6a390d11033afb63d68c86c89f4e4bf39b3aca131b30f640d21101dc414e42c97
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\LVS0P5KA\KFOmCnqEu92Fr1Mu7WxKOzY[1].woff2
Filesize5KB
MD5a835084624425dacc5e188c6973c1594
SHA11bef196929bffcabdc834c0deefda104eb7a3318
SHA2560dfa6a82824cf2be6bb8543de6ef56b87daae5dd63f9e68c88f02697f94af740
SHA51238f2764c76a545349e8096d4608000d9412c87cc0cb659cf0cf7d15a82333dd339025a4353b9bd8590014502abceb32ca712108a522ca60cbf1940d4e4f6b98a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2YS6MYK\KFOlCnqEu92Fr1MmEU9fBxc4EsA[1].woff2
Filesize7KB
MD5207d2af0a0d9716e1f61cadf347accc5
SHA10f64b5a6cc91c575cb77289e6386d8f872a594ca
SHA256416d72c8cee51c1d6c6a1cab525b2e3b4144f2f457026669ddad34b70dabd485
SHA512da8b03ee3029126b0c7c001d7ef2a7ff8e6078b2df2ec38973864a9c0fd8deb5ecef021c12a56a24a3fd84f38f4d14ea995df127dc34f0b7eec8e6e3fc8d1bbd
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2YS6MYK\KFOlCnqEu92Fr1MmEU9fCRc4EsA[1].woff2
Filesize14KB
MD579c7e3f902d990d3b5e74e43feb5f623
SHA144aae0f53f6fc0f1730acbfdf4159684911b8626
SHA2562236e56f735d25696957657f099459d73303b9501cc39bbd059c20849c5bedff
SHA5123a25882c7f3f90a7aa89ecab74a4be2fddfb304f65627b590340be44807c5c5e3826df63808c7cd06daa3420a94090249321a1e035b1cd223a15010c510518df
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2YS6MYK\KFOmCnqEu92Fr1Mu4WxKOzY[1].woff2
Filesize7KB
MD57aa7eb76a9f66f0223c8197752bb6bc5
SHA1ac56d5def920433c7850ddbbdd99d218d25afd2b
SHA2569ca415df2c57b1f26947351c66ccfaf99d2f8f01b4b8de019a3ae6f3a9c780c7
SHA512e9a513741cb90305fbe08cfd9f7416f192291c261a7843876293e04a874ab9b914c3a4d2ed771a9d6484df1c365308c9e4c35cd978b183acf5de6b96ac14480d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\R2YS6MYK\api[1].js
Filesize850B
MD56a6cc2ad49dfce92ee26a4c0763bdbc1
SHA152eaf8c26612f7707a0b2010df2c799427f260cf
SHA2567225ee91bc032b3b900e8c200b3316ce6a8c0fb9d4b4db962d2dc91d0e044fec
SHA512beed34e45b4b82859d18bca264767b1d1d3f49ca6570c1c724252581e1e6af92e9e2c25613114f9ae13a8d0e44810736fabebddeb3fefb0a776086516532ce83
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize1KB
MD555d13419ef7e00979888e1f36e85667c
SHA19213fd7f1bfe3399f11d8ce56516c9ecfaef50c3
SHA25699a431ec4372e147cbb89b186806b63791ccac196e7c21362affa2da3dea5883
SHA5124cfbbde7606ea5d8c56ab0a540ef2c4c84d3feabf5b694d41838f00cde9fddac90cac1a2d095f53ca597288a48adbf080f1196fe4c179e5b86be7b6ba4968da5
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
Filesize471B
MD5837922a3aef2726e8274fd56034fa4a3
SHA1d8da55042c6766da2a83374d8f1bcfad9a4b7288
SHA25686dcf75b1bc623705bcb2cbcf5e24d5a67d993660c4153becd0478008ae46f7a
SHA512944668386a36856b556804ed7c83cfc930c5c26a180bcb47b8944247ab4190ead7bbf5dadfd0ff8a4cd7a5443ee5f04f0d7c232e1eebf77cfd43765bc113034d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize724B
MD5ac89a852c2aaa3d389b2d2dd312ad367
SHA18f421dd6493c61dbda6b839e2debb7b50a20c930
SHA2560b720e19270c672f9b6e0ec40b468ac49376807de08a814573fe038779534f45
SHA512c6a88f33688cc0c287f04005e07d5b5e4a8721d204aa429f93ade2a56aeb86e05d89a8f7a44c1e93359a185a4c5f418240c6cdbc5a21314226681c744cf37f36
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
Filesize472B
MD5cde50ccfbda63e3f99950cea7fa3cdf8
SHA1fee49cf15b17db0186aed46421f2e70807ec0495
SHA256bdd0f99f88229608ffcba168ffd06ce15985dfd8caec2ce71bb11a3e0b98fa15
SHA512ab31cc051e3ea73de39a673dec52e79a78660da486d36d3483ba3fa232a0abc466337899d6fc2f62027bb2370d2a656ab585ed4020b6e514082aa5a2c134a181
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize410B
MD5b927c7c559e4a51db96c2630a34290f6
SHA146e47501bea080164f4cc7a611b275d6b5bc89a5
SHA256b21114895d50872bba3eaf5e452ef24bdda30d2f232c12ee9b2b167d64a33187
SHA5129166716955422ff0d2c7dc2fc3cce8a5a73aac8486e9e037d950e0f648eb2eb93dc8416635b53da86820b0587552e79f780facc0655a6c5d13beb5298a4a1bc5
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_5E390E1CA50E646B1021D6CAA485D322
Filesize406B
MD5aadd802f073f23f34a46d328d186d863
SHA1b12d0f6264924de5970a3dcfd56107b94236c1b0
SHA256cd33ec39d4d1546fed50af2cbee93f6ccfa17763bee4cc4ce8fb08cc105a3c05
SHA512641cc7739f39f93ad84fb31b2d52191d6f345ea42bd300d70f4e7aa80243bdede7b2a7cc9f6a8bb5727d074602eb4d5ab2f80558d6b06500c6ab3a8bb514fd0e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize392B
MD536b3fa055ced843bb5f47b56ab921162
SHA1acba81abffef7d50090c6798e39ce39ef492f136
SHA2561e7b0ee8708a827bb9de89f2b13960bfb8bfa889c1b13781b6d8f8fa20a0cb84
SHA512c760e5b58bb21a531beb2bcb894a3faa9a206d550ce5b6f65c99b6f4fe87c282ddaa209640da1ceed0ffd43cab3e8b4723ed1ec008e0a0069e381e16e7499933
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\E87CE99F124623F95572A696C80EFCAF_47A43067FD26B14BE12C55F112579786
Filesize402B
MD5b567f9efc2abf3fbd4e25857ca82e03a
SHA159484f3f042d96f4a69b11582f08f6ea4e10a899
SHA256ab74b00cac8beb7a2e6f4742d1dff9f50cc5812a3dc2d4632bf21e038cb21bba
SHA512538c6ee95421d129927d4def6eb4a812435aac76a8dd50a3046575b81e22eeb928bd4897af47e7cbdc0b6663800656245788ce2b49ff9e70f736200a8869cc9a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize512KB
MD558c1644786fb17461760a2c73f1ff87c
SHA1fb6d4d15b181552dd034bdf6067532a7527d7204
SHA256a0d6416e86558a7494e29678da853e4d590a7334688384c0b61b3d1c19b3f5db
SHA5120b4c266a1b2a4d37f9e010e890a03c6a8232b2244a49a11088d1303c8351e99358c70da563b47bf1ad1c97bff3e43bbdca33b804689aa037e7a8caea2e91258a
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize512KB
MD57049e6b1608d32dfffab8e1598470be5
SHA1724952837e969611f5b0f5df00ca98b40d108915
SHA256a85c8209ed29c4ea7c4c98182596cc3e37606d692aa90852ff15bacd55a96721
SHA512ecb64782a93739548cc16f4f0a24b45a60dec196106eff3b9edddd3bcea6adfc19e49d6b04dfc32bfd1cac0845c7db290a48142c654830d02a97efbabe55d2aa
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize512KB
MD5cc8399cbc2094df7c89567ea14bae8c1
SHA1c139dc17311689b7eb3b7c748d15a49826cda561
SHA256be4d84dcafdba31c19719d741e669278d4c6be9ec6cbdac77f13f227c8932ddb
SHA512ecd2c9e11ca31201447e955536e62b55a23a93979f03882a5c9729796db8d0770507dd8b1d2c61f10f60005cf3342ffd9a6b1901b9114b195a093a628937781e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize512KB
MD5f18de85982d539d358fe1ccf3174155f
SHA1d58c265bd724c9de0e9e23d7e798ccf2e75fe2dd
SHA256f35131e2c85595f60f3cb14facc0eb5837db721e8eb2ade8b80d517a4ae1ba44
SHA5122cc5b302a4189bfed08fed5a0970cbdebbadc0db9edb232e84af792aaee3a751247a280ae7efaa45270ab3c5aadee29562deee6056977decda98cb2533038eb0
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log
Filesize512KB
MD592e80c86f12cb23cc080f035aca48846
SHA1d84cd7876488aa718df5da9e702f906b8c8c9b44
SHA256bb77ad8b4314d110ac6354af720acaba296948dd1a8144082891fb7ad76ad9af
SHA5127064d1bc26ea9b9e7f447a2ee9c2b4bcef3ee678d1241f1234fe7e40098f2900a38fe54778514f61f004f0575cdb4c1bf3b99cd89e5832d5ae96f03657cd9dc1
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
Filesize8KB
MD5b53561676f1323576e6db4f6d2819589
SHA1bcbdd0228920b9ba12ad1de5dbf44545365c56ee
SHA256da3d3fffeca5d32fa8ed627a5a49c14fd2262b9166cba8791931e62d3d6abbd1
SHA5123fc9631e46970cbb7c4ebca67a7992d5caba3849da18782f7cd103e0bd80adf64762d5506264c1e8c94c171d071fa3e8449fe7b7c598e81ccee5121a89b666bf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
Filesize8KB
MD52e5ad69bd4dc1fbae8d6a91e3cb2ddef
SHA1239f7b0e554517e5c5c9d78e8544f4d2fd6183f4
SHA256f4b52162d0a143250c2734559d7d8771c88e899f7a49d5198ed68645ea92c8ca
SHA5127fb01766e3357eb63e5ed936629a6cf80304f7f9cb53c7f517df532b5ff5d01ff7607e955733dd6139bdf524424bbc8c71bf246e10bb5477fe9de99c0b63de3f
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
Filesize8KB
MD5871eabc5eda4eba04b3101c6179a8785
SHA11bb31cb9369ff566a34d0fcd85bba57d1e92c3d8
SHA25690fc329c1d3bd3513c80516cab0a628d8d9de47c5d9b8b2dd28a7ed4cee9e638
SHA51234feba7f2e6b2dbe9424df40898422c8209df283ac61cf25e06495d378068028087451dbdd2cb38701e563cde1470eeb219aba6043d9e6bcdb8e33863385be8c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
Filesize8KB
MD5c26c5c57c1b9ee7570a32e1dc8d09838
SHA116e99a39e6827ec41925e01e5139a68ddc1a5b84
SHA256378b61218c73c1e6525f986d1de2e777729709724178e49c31780b8e8c88b821
SHA5126d862ba6c9815c000d4dcc4ad7cbb36f0f389f9d1849e68a3b8738761e93e9998c9a49d3c14947c7e8df7a56c4f115ac53c8541f466e9a7613b732ed73bbb98e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk
Filesize8KB
MD5e6472d4f059d42958db6bc0256f65d24
SHA1b3386a9eb056e4cf84e012ad787927347f56a2b4
SHA25693034fb7e1a7c26ad03cba33cfa8ef2942713e9ad5a8dfa9dda64cf9b100b7e0
SHA512722ac94d3ee8689a94c3156abca2d66cbeb1e292a8c75ebeea23f251f57fa7ab6b73b609450ac298619421c4d615d757ff01ac1a42278af3bbc46d0e81213ddb
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
Filesize2.0MB
MD5615d0f052a26da704cc5f4ce736cbf06
SHA126152a2625cca167821be70c6fc4f1a4d6b8882d
SHA2562fe75883016844c9315691151c8d4876dab9cb8a3744e90398861606ccd6e8da
SHA51221c75dc986a5b41239302bd37e47f449289a4471d91ec64d23edc978acf271c46ce461654e6147e4ed3d1ab571cbef219b3a6d019655c830ab70f0294cee26f7
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
Filesize2.0MB
MD58b3dcfb31bf52f010a4393225c1be59d
SHA16f3c7d1a8768803f7241049fa77d703d6e21d589
SHA256c1cda6c89e46e1503b5b4de517d991d882b8f86b10f6d97b75ab573f3c485fe9
SHA512b06a9a0c7d68f87ed3e281370a7f344146620cde9ce45f593c0a8a7fc57d015bc06ded8fa4836459c3f6c94015b9b04507cb2124168af71b8e9d13d0fc214f6e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
Filesize2.0MB
MD55644bd31887b0777dc18e8422b66a7d6
SHA160fadb943a45e5f3e344b0c5969a79b1b3c54e3a
SHA256b42462c760b785b2a576100508e4f1e06e9bb04509f66f625a50a8e3a6ecbb98
SHA51267da39d989728041c0cbcb0bc30cbfcc83f37e30e69abe23e45df7d458a886b523567663346f850f2d1266dd2a4d8df185549b037c2dcbc340d476997c0c982b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
Filesize2.0MB
MD5c9e111dce97fdc0245cfce7c63000a0b
SHA12949bac6fde5e67057c37265b538e388fbc79a20
SHA25658d85c29c07effb2c71180544e0e3bb3f896b8fb6f6f7aacb746a83686fa2f81
SHA51244d8ee73e96bdd927682708a59ce8da4e79d2bc365f68c9c471d96b9a9a50419e88f25009f0d9b8059a84ef77780cf676128e064b46255202af0a38cb64b9780
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb
Filesize2.0MB
MD578577d5c072fe285ec746795cd6703c9
SHA1b4ad3f6bd3ef9443421fc535d63b4b0b81cf810c
SHA256cc588d26012a834ffc14c1e4512eeb11b32d3c3b8561b95004966ccef705b8c4
SHA5128d4b65025a06768185c005348660808212304f18a7eff7e6c749dadc8d5c121aef4ee85788de6c6804277bc32d18df851d8cfb778e6e12486bdca3592b0b4920
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
Filesize16KB
MD5afc0ea80ee5488adf55dfd9d71137b2e
SHA1dbd0217e67fc82c11cf49f82a08c1e1ab6f82309
SHA256bac06d6b0754fe3c541d9ac538de22e0c2f12026751b237c4e0cf0db05f2c68e
SHA512d24da5c9e3589e84acfa7bf75c042f9c30b02674f794eafccefebfc53d1e337d1c15a79607a987951274ebe1f08ce240276b04a39cb8a6930a9850544f94a5e3
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
Filesize16KB
MD59980e520522d12458c04a22665106dab
SHA188a662729862bf3064625fcd1b24dde397c63041
SHA25641de1c438faafad76d457d2d6bba760884a9c8f70b6a5bc470b8484501099474
SHA51270a2e4da8fb14c901c0927ed0b856ad8f49870f38c0bebb4d48f84e69b5facc11f70ef35c0cb305d8a30f8d9e6fba9ee6a12f563b99b2b4a7948a1f3dea63340
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
Filesize16KB
MD55de3abe3ba7556a8df0c5a1a664c7275
SHA18e3667ef79c8cad1682d9add43a24bc0cc273c6b
SHA25606d7315b73396ccfa9eb0edaaa7da6b41436672541e84a86b8ca4d0409c907b2
SHA51263da9d4eccf923ba80a27fb0cd12c79d4033e2cd0fdb0a09b66d304c76c50731f8d9d56f19c21a7946afda9e5318f5f1137e74ef6dc46eb8023ddf56b9813c3b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
Filesize16KB
MD555a5567422d48db42a0554316a87bee1
SHA1a1c259ffd5a822616088181640ae3a5b64ef9c69
SHA2567e660f30a538de301d508738847b36f7954af6aab9857b7067b8979975d60586
SHA512bf226fd9fb0591def2470400dd4c746c43fb03ec1054a285b05d5bee359ab2e34ebf095e5c5f3651f9e93b6938a190ef7b6527a1e54840492590f9da98310140
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm
Filesize16KB
MD5287ab67315a4234cf3fe5a34b13c75a2
SHA14041e376c1ca4e54ecc072a3e6aaf0fc65ebe1b9
SHA25604de9809e91c84b6b5dd9a0432f1ea51dfb4e7ec0d61fbcdaa164d36ab019b42
SHA512bd5381f7a31ab433190b025da4741751ad9b0dd303f036d22b3b07754f4aa404762d20a98f8b1c327f0741f4eed61e0d5137b59a581ea31c760a21d05d85d989
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
Filesize6KB
MD57d42c854b2e43c07a4cababd0b3ce402
SHA1fe1d4bbb7ddd0a410a0ba7266f1388e05dc32f91
SHA256ab418ea06992b5c4bcd5f9b8a8e89d508de1216cfe1998cfaa0bfd93bc27e327
SHA5127e40c9581220caeb2aed748a66b34c217cee35c1134dad37dabda50c5e10ba186fcd8f8a4da6668046408499cb8cea1b091650b80f2366495fc4fdbbf7e9e446
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
Filesize6KB
MD532978ed02132686000d55450e68a601b
SHA17a0e745e6123a06feb2c2cb7c11344dfe7c67fd8
SHA256b55ffce1748b77afcd5abd26b7086ca63717190bdc37f9ce1bf855a377df3e26
SHA512b66bb5856d4212ea1d51ef29c3e8b2015af0e0a288c0bfc46bb693191ce2fde56d4c3a09ae6b55b7b8fa5081aa4a6c148359ba7b5eb89c828f563bf01df40e5c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
Filesize6KB
MD554b34cb82f6213503ad0fa3c9b079f98
SHA1163700f3d9ccca69632565612697c06df21b61e3
SHA256cfbbbda21cfc772739970ed5ce128e34ec7141695da2ff4defac77dbe025bc32
SHA512c77a6bb65d9df0557fa6cc4d86d32737bd817cc6ce6aa4b664c7ee986e3a9c7595c06ebfeab54685034da8e6591b09461b1fc940e906c3fd913358555880789d
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
Filesize6KB
MD5c29cb33b54f8aaa7837e1be01fe33f04
SHA10f6a625ef178c2b5e13f690fce6cf93e55da786f
SHA25699937f119887ae4e26baf1b60a38273df43642f691d17972aac237ca8f81a930
SHA5127b9c3bb26e3cea7b3bee7a31dc160c74a1feb5d25fc398be1ec6fe10d8aba188587ca5a63e987cafa7331d3b9f79b86ce5eb85aa374ad60b2ac032af08aecef2
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\a07fpb4\imagestore.dat
Filesize6KB
MD561ad21c8b7f4fc4eea5078b3bfea98c6
SHA1df14451dbcee79c98253015dea0d8218171ff918
SHA256fa2c12d0aa0feb190695c83b6273d0ead37093803986375b0612039e2d0ff283
SHA51273f15e426cf781a3fe6e7c3946c5481be8cfb6a3019cd617b35a94483d63b16c645362c78d70d3ec1fcd441c5387a26988f37a077dd575a65842f3cdf4ae6d55
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{0CEBD6B3-AB9E-42B4-B618-382A3BB32F53}.dat
Filesize5KB
MD545571fc1c8bcdd29f2d9ab1e1c3d824d
SHA16dfcbc412523b7c897fa4b1026aa6ea98531d6be
SHA256a2a5b7afdd3ec37049fdd42555814a3ae51adb46172b30aa698b294dbbb7c60c
SHA5125a28d106e6806b94e324440db0c4d7699fd4b20f87e07ee4c0d9c36fcaff49b6fee8c4e21cdad2aca6bad0090829ef6d3d1ad285e588ddb20fcb95199a265455
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{28CC570E-59A8-4ADF-982C-080395A977BC}.dat
Filesize5KB
MD593094365c85242bb4fb6910e54d869d3
SHA17378a4ed0b91bce263db342c4c837d921855e491
SHA256a673e2416e8a96de8ae53508652ed5da7fccee63fc8948be8071f7aff71c9b98
SHA5125a328a125f5effa63cf492bf8256956601941e42ecd0134e04d61ce31b50e67cc74d1ca4643c7ee0f82f0fc93944d1146c2ea47a56acbb2b1462ec18d1b136d8
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{83A2D468-5C1F-4257-A68E-8FFD6CF6FE9D}.dat
Filesize5KB
MD5d4b1b6173fe8be1abfc076d8f57a45c5
SHA19f19ed213b410c45293d8dc67cf7dd2e5b5351e7
SHA2563b25befe556efd33c4b9b1570fe5d98c132ce787eb16f02ed09cb8d7da98757f
SHA512d117c97733ba8330469628a29bff642d16b8f2181f2ceb36d6c7194fb661903434b8814f55e5049b28ed9b068df2df5e5c0219608cdce6f991901e3925657b0e
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{AC8BF516-45FA-462B-844A-7EF90920A038}.dat
Filesize5KB
MD5dc9ad70f9da1f52fb971e3331e6bb4b8
SHA1ffe44f864fb162f74f68ef32c3ee3a49533b7ba2
SHA2568fdbb8e7e68f055f371acfde8d989e46725de4fedfd8dac4b508fd29172d1263
SHA512a144ec119f45e60315a596b20407bd2b74df880bfbd1cfcdee1cfb69bad2c436d2cdd363a22d093aaf06273fde170c1bd3d1a541e2ede9efad2527b123c98fda
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{C35E4B3C-6A26-49B1-B2B0-8826CC10C2B2}.dat
Filesize5KB
MD54a465e6b0ae0cf0a58381257b564e6aa
SHA11adb1a5f1e19c130a1177b7df7c13f70ff486c48
SHA25676a6d3769f68df3bd148c903d7da0bdea225d51d9b0181f64f2a3a7539c66767
SHA512adaf98a7776b2a9f127636a04c56aa85f2ce3018c19d439201a1ddca66af96aa7a091b6af01340856e5fe5fab5434fb5f03a210f9ffd4a1d5889f25bec32c699
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{145627AC-336F-412D-8AC4-679A50A2AD98}.dat
Filesize8KB
MD5017012b7c95aeee330de5807b36a8be9
SHA108b9973599b49cd7dd6807ccb0b398da2e276bd8
SHA256043f28bf5db892c0f7da5d7beaddaea4c2df762fdfa4ec09a7010a15ad5d33b7
SHA512d53d86402cb1dba489dd939b436f273c02811647944bf319053fb82b166b99b705fb13cb0ac04b707e455ba8877425d3d2a8ce04eee2c8c6bc832dba300d94ec
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3A82738E-1288-428D-A8BB-09C433E0400A}.dat
Filesize6KB
MD5c224b3a9d1c698d4ced944413f29890f
SHA1e67f085b47a505abea898af0309a6620b8fa4a6d
SHA2563617d1abe224999ce1776bd37e95c8e775a21397a661164e631d223d8903e337
SHA512a74f77b393f107d29eb6733f577f38438bc40ccb002b94016ffce05eb1b298acf57524b80d601f55787b083f2e0ececdab1e71c6ba3ec745e527ad25c321d4cf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{3D9FEF3F-6490-49D2-8AB1-31D1CA8633C9}.dat
Filesize7KB
MD5e193c707df31be655961509f0350389c
SHA1d67b6d6c53f8a01233ba8cbe58cbee15c4ae68e0
SHA256fda07f628c6c5e6b7d70eeec67629f540b63449e14efa462f5b99cdd9affa2bc
SHA5120e62c0392d0422025cc90d5ce7c05bdf87b52f6cc8e4d105934f2547ac4b700439fded9ef9adaea705b924463bfcf083fbe0f303bd11856a1984884a6d773149
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{4283AADB-8DAF-47A5-B9B5-29A97CCAF370}.dat
Filesize14KB
MD5035eb086297d2983e4a4e0681800ef3d
SHA1db077f38137ac54dc88707b36e799b72fbecc7dc
SHA2564ad90f09cecc88caf0afe5b5c95ddcad63300534c90bbfe321776514e2cb8a86
SHA5127eadb4ee47bb1611b8a78d7fb015f48ef946b781bf7b624a0067789d6e336ffbe43709dc87f96a256d720a5ae04ba7cf20014b6131d24ceca0669fae6fb2530b
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{4E7085DB-FFBF-40EF-8FFC-8D615D1E1E77}.dat
Filesize6KB
MD577a42762b6ea84d52657127c16107d02
SHA1735b8422c62775a9efedb0007c3ab059791d1d9b
SHA256852b9222fd8544e850cb88a70109664c8a6aa31c3c77d03718010e0f776f72c0
SHA51203fd4d56c5406603062b5deb662057ee8cad870f90d185da0ebf615bfcff226c972f2054162d592ba489c1268f67803ad2197090cbdb77074f8086a52045935c
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{88539BCE-0ED6-4414-BBB6-55BB731E4486}.dat
Filesize15KB
MD5e72f30eb8f2c6e5724ba16207848861e
SHA169a28a59023755d7da97ad373343807278f1bf5a
SHA256490a36ffe56c104c705e5bf8c67315512bfdac0d58fd8d27749da728479e8928
SHA512214ea214828d7af69e6c0f06dd545cfaa65a1df87fac7e206aabd0748d568aeb0edcb8567cfb98a689f107f32fda2acf644abfcf10f8b41ab5cb2e062ee433bf
-
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{C1BEC32D-DBD0-4ECE-AFB5-6B490CD7F8EB}.dat
Filesize12KB
MD55fcb944cf0f81b7ca0feb13187d8afd5
SHA10a60077cad20884956a4b3093cbbcd938c39f39b
SHA25604f64705017d2414822348aa53830ac3b5d750bd40a7361f6800e5576c3d8d96
SHA512d7e1df7f265ff3ffc630474a388790a7a3ae8ae0a5cf2d018006c797e79a22f4a1cc8005c026aa738c78b3fda4a0fb48cf8f019dd9a3b30575fa2530f0001855
-
Filesize
22KB
MD580648b43d233468718d717d10187b68d
SHA1a1736e8f0e408ce705722ce097d1adb24ebffc45
SHA2568ab9a39457507e405ade5ef9d723e0f89bc46d8d8b33d354b00d95847f098380
SHA512eec0ac7e7abcf87b3f0f4522b0dd95c658327afb866ceecff3c9ff0812a521201d729dd71d43f3ac46536f8435d4a49ac157b6282077c7c1940a6668f3b3aea9
-
Filesize
218B
MD5afa6955439b8d516721231029fb9ca1b
SHA1087a043cc123c0c0df2ffadcf8e71e3ac86bbae9
SHA2568e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270
SHA5125da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf