3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42

Analysis

max time kernel
150s
max time network
153s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
25/06/2024, 01:31

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ.exe
Size

12KB
MD5

a7bcf7ea8e9f3f36ebfb85b823e39d91
SHA1

761168201520c199dba68add3a607922d8d4a86e
SHA256

3ff64f10603f0330fa2386ff99471ca789391ace969bd0ec1c1b8ce1b4a6db42
SHA512

89923b669d31e590189fd06619bf27e47c5a47e82be6ae71fdb1b9b3b30b06fb7ca8ffed6d5c41ac410a367f2eb07589291e95a2644877d6bffd52775a5b1523
SSDEEP

192:HMDLTxWDf/pl3cIEiwqZKBktLe3P+qf2jhP6B5b2yL3:H4IDH3cIqqvUWq+jhyT2yL

Score

6^/10

bootkit persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
32	MEMZ.exe
32	MEMZ.exe
5032	MEMZ.exe
5032	MEMZ.exe
4596	MEMZ.exe
4596	MEMZ.exe
5032	MEMZ.exe
5032	MEMZ.exe
32	MEMZ.exe
32	MEMZ.exe
2244	MEMZ.exe
2244	MEMZ.exe
2232	MEMZ.exe
2232	MEMZ.exe
32	MEMZ.exe
32	MEMZ.exe
5032	MEMZ.exe
5032	MEMZ.exe
4596	MEMZ.exe
4596	MEMZ.exe
4596	MEMZ.exe
4596	MEMZ.exe
5032	MEMZ.exe
5032	MEMZ.exe
32	MEMZ.exe
32	MEMZ.exe
2244	MEMZ.exe
2244	MEMZ.exe
2232	MEMZ.exe
2232	MEMZ.exe
2232	MEMZ.exe
2232	MEMZ.exe
2244	MEMZ.exe
2244	MEMZ.exe
32	MEMZ.exe
32	MEMZ.exe
4596	MEMZ.exe
4596	MEMZ.exe
5032	MEMZ.exe
5032	MEMZ.exe
4596	MEMZ.exe
32	MEMZ.exe
4596	MEMZ.exe
32	MEMZ.exe
2244	MEMZ.exe
2244	MEMZ.exe
2232	MEMZ.exe
2232	MEMZ.exe
2244	MEMZ.exe
2244	MEMZ.exe
32	MEMZ.exe
32	MEMZ.exe
4596	MEMZ.exe
5032	MEMZ.exe
5032	MEMZ.exe
4596	MEMZ.exe
4596	MEMZ.exe
5032	MEMZ.exe
4596	MEMZ.exe
5032	MEMZ.exe
32	MEMZ.exe
32	MEMZ.exe
2244	MEMZ.exe
2244	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: 33	4820	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4820	AUDIODG.EXE

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
1808	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe
4400	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
3516	MEMZ.exe
2600	identity_helper.exe
1012	identity_helper.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2512 wrote to memory of 4596	2512	MEMZ.exe	77
PID 2512 wrote to memory of 4596	2512	MEMZ.exe	77
PID 2512 wrote to memory of 4596	2512	MEMZ.exe	77
PID 2512 wrote to memory of 5032	2512	MEMZ.exe	78
PID 2512 wrote to memory of 5032	2512	MEMZ.exe	78
PID 2512 wrote to memory of 5032	2512	MEMZ.exe	78
PID 2512 wrote to memory of 32	2512	MEMZ.exe	79
PID 2512 wrote to memory of 32	2512	MEMZ.exe	79
PID 2512 wrote to memory of 32	2512	MEMZ.exe	79
PID 2512 wrote to memory of 2232	2512	MEMZ.exe	80
PID 2512 wrote to memory of 2232	2512	MEMZ.exe	80
PID 2512 wrote to memory of 2232	2512	MEMZ.exe	80
PID 2512 wrote to memory of 2244	2512	MEMZ.exe	81
PID 2512 wrote to memory of 2244	2512	MEMZ.exe	81
PID 2512 wrote to memory of 2244	2512	MEMZ.exe	81
PID 2512 wrote to memory of 3516	2512	MEMZ.exe	82
PID 2512 wrote to memory of 3516	2512	MEMZ.exe	82
PID 2512 wrote to memory of 3516	2512	MEMZ.exe	82
PID 3516 wrote to memory of 4876	3516	MEMZ.exe	85
PID 3516 wrote to memory of 4876	3516	MEMZ.exe	85
PID 3516 wrote to memory of 4876	3516	MEMZ.exe	85
PID 3516 wrote to memory of 1808	3516	MEMZ.exe	86
PID 3516 wrote to memory of 1808	3516	MEMZ.exe	86
PID 1808 wrote to memory of 1032	1808	msedge.exe	87
PID 1808 wrote to memory of 1032	1808	msedge.exe	87
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88
PID 1808 wrote to memory of 4728	1808	msedge.exe	88

C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2512
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4596
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5032
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:32
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2232
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2244
- C:\Users\Admin\AppData\Local\Temp\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3516
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=how+to+remove+memz+trojan+virus
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1808
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9a6083cb8,0x7ff9a6083cc8,0x7ff9a6083cd8
      4⤵
      PID:1032
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1900 /prefetch:2
      4⤵
      PID:4728
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
      4⤵
      PID:3232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2600 /prefetch:8
      4⤵
      PID:1644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
      4⤵
      PID:736
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:652
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4904 /prefetch:1
      4⤵
      PID:1648
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5368 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:2600
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
      4⤵
      PID:2868
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
      4⤵
      PID:1520
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4912 /prefetch:8
      4⤵
      PID:2276
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
      4⤵
      PID:5044
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,6254583554488001227,4015588089001885129,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5072 /prefetch:1
      4⤵
      PID:1204
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=what+happens+if+you+delete+system32
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:4400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9a6083cb8,0x7ff9a6083cc8,0x7ff9a6083cd8
      4⤵
      PID:3108
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
      4⤵
      PID:660
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 /prefetch:3
      4⤵
      PID:3160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2788 /prefetch:8
      4⤵
      PID:4456
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
      4⤵
      PID:344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
      4⤵
      PID:392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=4956 /prefetch:8
      4⤵
      PID:3428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5136 /prefetch:1
      4⤵
      PID:4160
  - - C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
      4⤵
      Suspicious use of SetWindowsHookEx
      PID:1012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4112 /prefetch:8
      4⤵
      PID:2348
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
      4⤵
      PID:2080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,7972154160397309643,17941673673278168311,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
      4⤵
      PID:488
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://google.co.ck/search?q=facebook+hacking+tool+free+download+no+virus+working+2016
    3⤵
    PID:5076
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff9a6083cb8,0x7ff9a6083cc8,0x7ff9a6083cd8
      4⤵
      PID:1268
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe"
    3⤵
    PID:1460

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2200

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2364

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4820

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6876cbd342d4d6b236f44f52c50f780f

SHA1
a215cf6a499bfb67a3266d211844ec4c82128d83

SHA256
ca5a6320d94ee74db11e55893a42a52c56c8f067cba35594d507b593d993451e

SHA512
dff3675753b6b733ffa2da73d28a250a52ab29620935960673d77fe2f90d37a273c8c6afdf87db959bdb49f31b69b41f7aa4febac5bbdd43a9706a4dd9705039

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4984aac55596bbb1a4ee09c6c37e5116

SHA1
f96bf2d3eaee0d474a2fe48ff4161b925cbc60df

SHA256
0a8c3457e0160e4bfdbd520bca23455c99a2b10c6efbcc7b26e477fcffd7d7a9

SHA512
8bb3374899764977e033b701e60bc1b4935e41662fd511636c350c69b0d6d35a571e2fa25baa35a51254111199d9635dbc29d94aa47184cc30b8ad9496ccbbca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a3c09dc2af37641e754bf2f872544c2e

SHA1
bcd96ffb6edf1edea52acad89f312519a202c303

SHA256
25200997d25e8d2977abfe372fa8ecfa0542dde1e3a4d0f27b99832c14a34286

SHA512
93bb874bc5b803199a16b0790b5ff485fa3b8179023ca2dc599c23c5fbb05e6df3c91188b6d10675218203085d38644ce70e3b6e6f678a8cbd3944a30c718e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c1c7e2f451eb3836d23007799bc21d5f

SHA1
11a25f6055210aa7f99d77346b0d4f1dc123ce79

SHA256
429a870d582c77c8a661c8cc3f4afa424ed5faf64ce722f51a6a74f66b21c800

SHA512
2ca40bbbe76488dff4b10cca78a81ecf2e97d75cd65f301da4414d93e08e33f231171d455b0dbf012b2d4735428e835bf3631f678f0ab203383e315da2d23a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
350cf5ca20afa3e8ca4be697253591a2

SHA1
06a8c34c018101ff8ac22245c7524e578a0a88fc

SHA256
9ea69d5339003dfc4f539c1442435acd9f36548bf838caec431016cffd0d965e

SHA512
eac0a329c0b503569220c3c7fd90893d5a980f7b6f03a3fa84d04389ab216dd102025d2cfe77dcbda817e7f6c1f8155d07ec5bc69e584a614f9592931e0f8db3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f4f7659256c83d500c6b215b2ad7bdf9

SHA1
183c5da58c9702ff642bade888471547ea6e3918

SHA256
af745d025df3fd85f2cea8defe3dd57e4e083c321e7ad059bfec963493ebf290

SHA512
13ba611e8e3203e37088263aa83fe277013452fa96e69c16d97b5494d9f34e2d08aa3661e99b72c439dc4d868d7310426f367c27b772659d48de0567ead21213

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
674b7dcac531fb1817bfbd72f25d06f3

SHA1
c8562a7900f3fbf4e41216d17f53a30fb776c722

SHA256
99b74e611136c9c0b5860e892cf3947ac1aec8182915f47e397514e3e1c48de7

SHA512
b543f1d52bbf04354c0b064ee6b1c5389274f7f176e4695fcf4ac5a5aeea1a67f1c05981c865b2d9b95588741a430d3bdb3200eb08bdbdaf99f89248cb1fb86e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
204KB

MD5
081c4aa5292d279891a28a6520fdc047

SHA1
c3dbb6c15f3555487c7b327f4f62235ddb568b84

SHA256
12cc87773068d1cd7105463287447561740be1cf4caefd563d0664da1f5f995f

SHA512
9a78ec4c2709c9f1b7e12fd9105552b1b5a2b033507de0c876d9a55d31678e6b81cec20e01cf0a9e536b013cdb862816601a79ce0a2bb92cb860d267501c0b69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\587751c0efe212ad_0

Filesize
289B

MD5
1dccf3331f22591a44acfa1a4e9ec876

SHA1
01411d1bcde87d7af4f681c85a46827a25af7cab

SHA256
35a803ddf476163eccd9b2d3070927d5e7504d26d437894b8679420a62316809

SHA512
dd74ddcbe10b083523d91ad1a2483841f0ecc2d8d3b5292a79b668febd013e91847acf2ae10225fe3548edb6294596232b09dabf325407621c57f158fae1849c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\81368c0962e37f6f_0

Filesize
232B

MD5
1dc3c4406e6db8628db6c8db6b3fa379

SHA1
e341e07c620369fd978f87cea509a75b2ff714d3

SHA256
71bd5be0e1ae801bbd5894171e7585c29e4a939ae383f69840545858bc36b197

SHA512
08768aabf880bbd7d908a44f6f30d1fcc911ac565c1c137de5cae863e05ecddf9b498d6bafce227684d22f5e4c4bd5454145947975e72f11876a89e5388e3780

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\c050c013b7c85814_0

Filesize
328KB

MD5
b83a88dbb1bdd1d36d8227c00f0ee350

SHA1
1be63d9414070b57fe255151bb9daa46359f4e3a

SHA256
2c6691105735c18d2103de30e1ba955148215adb0bbee9eeda447c6bf53d6408

SHA512
40516a6e2b0ababe34d6509468acd856557e0aa25a391dbb4410c40bd845c82bdd75f1785e8403d4ec816e4d990294d8155dd128dfa340bbb9ac8575e7c40327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
3a433220b5659c84b9e222e8f7054fb7

SHA1
66e37d32a61bef4f273d75403690ed3c52c94bb5

SHA256
b67dec2f3daaf3516ddd0d25b56ab20b1be104d2e4106d3c78b880ef7436f6ea

SHA512
532e84fea9910238cec90d4b22e31b9e892763ceb6f84553830cad71435b71d1a8c30a8ead0a613b2aba01cb8f1999f96850a02ae12cba4b734299e1186500c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
70547dd26a3da30335e9d54524537290

SHA1
b44dc8bbda8a6c538ea5ac729bf64f5dde920897

SHA256
e88e1e64a85a9c9237c7c4e3507c698a9ec6bddb4ab6843d99b3fee39e76f78d

SHA512
4efa5663129ce6feac6da5060aad58e947bdce5a0b27a1c7a5f446aa0406a6447d471bb2be12826761e854703923dbbb2e9dd3c9aeed972f3b3a8cb4653a69b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
120B

MD5
285e3587c92cc31366bba494e78f706c

SHA1
230d6e79ecf6522f45d5c6b723aee9bbe615d57f

SHA256
0cb860e0aee5fc4e0e0a35fffc03384bc65d2a3d1d848b02f479d24228529bca

SHA512
af7b95846f9c0d551d86313e37a8906a44b67c44ec51207724f6bfbd9e486dfeaeb034b71f7fa133c2331a64aa1dde8e7dd2501b6f07bdbd8e85a35778ff05e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
2d059f14c73ca2f24c02dfa11a37a24a

SHA1
0ad8d81ebf6435a385e75f7f07b8632763194401

SHA256
dd1a7f6844a3ec6945cbc8c33c01982372d3c99eb207a5aa16ba9290b0d49d21

SHA512
ca938b0c87465e5cc6a72f8acd292676c19ac68449688caf8c420c0913a42efaf752cfc74851a1c7bf28649c266133672894c49c3f7bb1985bdad384700e79b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
a05fbac2b8f463265ca9c26bacf98aa5

SHA1
dcd56b5269c097b26fd43e7f3dda093bcbbfa312

SHA256
41fd25b1ee64a26d6456a0b29ac13176a3cfff689d4a90554446d0c9d77c013b

SHA512
fd22afeda3960e779abf9224214c1ed7ff1c918bb464319ef7b846e7c13343698b628b18ed6b2981b41b34c8883aa2e39cfd7d0649333c226b391be63e4222ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
6KB

MD5
fea7a7c88b33c392439f5f64722c01fa

SHA1
97e6f8ca0706e1644e1313c7d262f006a5987448

SHA256
597fb61ff3a1345597a330e97305184361b906f83607034ada59b196f878621a

SHA512
723dd1fa7dc9d0a87ebdd32d6b9298046950195c34a33ccf6d12d9f2dd83229313cf2338de9c3e00fb9d81723bb51a333a63c427fd2105963b2a76037ce34bf1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
00649ebc02e9148a4ff87b74f3cc21f5

SHA1
fd0a0285760d43d93b32dbc006dc749ed64d754d

SHA256
8d0b05cb88ad4e27420eb764f8bd9a45f7a4625881a3fcb5f013495fe4f93f86

SHA512
0910b313f34bb11a60713d7fbd27bad6b44e050b5e018c2abc19fd20ab914141612b7a5a769ab0772a3696fe3e344e814868002a066f18ea5009b32d49584b61

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
d9496491e17354098c0d8aecfae476e4

SHA1
6a690fe7744e102348f6235cb994855005b5b484

SHA256
79f5fb9e47cc673d579eb09eec33ec8dbea951c6a48b270bd1a68b82f2e2be91

SHA512
5ee65ccf930ed6b295aa87dcc0471fbaa8ab4de46a83c3d440211f03a89739d63dd6d9908ba7470d43b7cce5bf384710691576c510a9538172ac9a7f9d820eb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
121B

MD5
19f79d61be41ff677198416c2a89abe2

SHA1
dfabad6f6f3ac95317ea71339d1ef5ab2ad9f9a7

SHA256
8056aa436cf7bfbbcb17fac5b2dc8cd95fe467a48cb19606f55da6035700fc7c

SHA512
4ebef5921cee688650cf3349ca7916cbba7af2668ba5c9ea5e2f8445e6a2fa7f1a565950764fa79e7e21f81148b4f3cb6c9ad9af9d0475d8458a86c038994a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
3fdd9e7db25120826cd9108ab8989541

SHA1
c81190e97ea3eae83309418d1d2e746f39107fb3

SHA256
5fff29bf904b70da56c713e304281c1e0c6cc08b6c78609111e2d54d1cebe602

SHA512
766d39165878cdaf1e3565caef6095ad47bd3be0b2b91cddb9d21b904c7407b7cc2f464fa250d29576d9de59425125b606576faa3dbfbce538cbc8f76c9e92b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1006B

MD5
49abf2503e55dd36ef421874060bee20

SHA1
71a6f8cf6fce60e89ade42d84de5b3ef0e94b5ca

SHA256
33793d792408a7227d2ffb3a447f7f2ef7d441b993768874bf07160d02e758cf

SHA512
04b27f2b7c1fd659361fecf0281f7febb9fbeabc9f1fdb3b57a12f9b4b9c84816770529709e2bdc1cf2fc339f11e2882b122d06dbb4a12f83574cefc7a121521

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
3d03ffb76767ac3816af370e4a883311

SHA1
05dc2027131415a0d2c73c0dccc0bc239fad0297

SHA256
ed499a77724609b8a86f6733581b16e38bf93a3eb013673feb86f985e9d51857

SHA512
55f63474b2501b1be3d3fd72a9f99c6f2ad10ecb3d908498bbea4ad28091ae2ff4aabbda838089c485faf14a3f83b7d0f8cf0c0f7baa82a54fccacc52ca49057

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
504f1619f2044e0f921351af59806963

SHA1
55066abcdd1d6b8e35c9b8a8c628bc669db28cb9

SHA256
685577a3f6bd698965a850e55bcf0da00dfa5e5e01b3ddfe7e53ef8f6d776de2

SHA512
0a15ddddf1f6778bf54063ee41e094d1850b0455e74564d1d98c708d7e66c8a2868ce585d185ec869595f86e0bcfbea54767ca10eb8a192f664080118be08753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8a042ff56db2c0e6ee2ffa28744345f1

SHA1
e980984b7a3c33252d037876fa42caac6e7debbf

SHA256
c4b50fbd9c5d71c08fbe1a4693785f47f50d86f0ab2dd33db7f48c1951b4f528

SHA512
85e091a924c32056b53b892a9c0c4637471ee29afe4b894d870735cce312dc25fd394e7421492420a624d2d515e2efbec5d54618cace331dc811204b1a05df52

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
11937dc3aed2481296644e18d515f990

SHA1
3b7970b799abd788345ff8e9ffe54c177a886b55

SHA256
8e0de336b2f503ed6935c32bdab021031bc20d12333744c7d06717f07e6dd7f5

SHA512
c81240e608ed3b4020b933daa5e2bd5467691664877c3be07104e251189db4cb2f34ec93482b9223ab6bb0bd8b72a1d2ba68368014914ed6ec778a6035bd12dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
07c1a97e5e6d3ae055b8355fd950cb49

SHA1
7fe401a342789818a38f452ef2d6d6b74da3fba4

SHA256
ab01ac368fac4663263d0e081db09a86395ebb5cbaa915835cf0206a6b91659a

SHA512
38eaec859507b25ac3fdc6f64619eb2f3c5714f474f800c17fc28e74457594c8839528e705ca3c17af6302e8e82fde695dcb7313dba7fdc00b83839754c26fe1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4bbb979f498536c9454e44b1596ea6bc

SHA1
9ad2801a413f20483cbd656697818d3930228ccf

SHA256
b8966e8a29b21f370ebd12bf7bd8d97a548e62aacc4c2ef0c547bb8409b3f8ab

SHA512
af763a210ed8d89e7083b24e1e75ff896e0703746748757cd68a1116fb48839b2462853734b38c6f1722b4581f3907c8fb84d5a1dc3b50470d9a744c84775022

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22c61f212202950f83f4d5add1d1f775

SHA1
878751c257d31b286c327eebc3cd8bb944325fb7

SHA256
09c3765effa4b221718873024cd67b50041d331fd692c398002d66ed51c3c0a5

SHA512
faa1980f4e05d9833a2effd3e4601b9420d44b7e7dd1b370d1c39480760d273e62635bb23afb71eb500d81dce0ea407b2a6d14d1dd8f39a06c544c45b79e9635

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
800ed6f35038e3d01b74e0e37fce273a

SHA1
a9a4e2ecc4c6cd5ea11623a02be3da536f5a8cd9

SHA256
d3542aacbfaa176fac0dd06f960401f5c85155b2e74f58ae34e53e7be78f3c6e

SHA512
4b87cb17ac09d9c5279a54ee43fd3c70dc8f0bffab6182088cd1ad37dd701cb4d843a758600b0e7a2f44ee6e4b642a3c6cb780e5546f8f9313c09454ae18399f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
965B

MD5
e96f6ebd8da365977a48dded80dd08d2

SHA1
fee56e2f017facdc8ce0b06e8410d41934e84b56

SHA256
77f18f34e4596738af4b717f23fcbbfcc599f22e45327d37794e4f35854a5e6d

SHA512
a53c7429d8e48d7bcbf85c463854305830fa9f9cdb496be1f3706d3d5b18bdef9ecb46995929a262611a244a2d297d87e839dec1b403bd30039faed2ae079a59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
afc96865eb26d046f30ffd723c5d0b82

SHA1
9a395bc33d9184f13b595900360ce49291aa30fd

SHA256
5d9adb1b73fc1c427f273265c33e60c5a483bde0ad939dc4765c8c4938c340e2

SHA512
976668ef4efcba0f443ab6e49d2a6e80aa702c0a7162227de806cb14907888a76d09b1f6ecbd5448ae9cc92d7092f188b2b5f6b180301360a08150cf21f0fd11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13363752745312968

Filesize
1KB

MD5
99e938fe8946e01a2dd76b08dbdb1f77

SHA1
c18d709ba802d3959b2b07d6b9848376d28d3d20

SHA256
2aa0ea3a5e71fc9ce081acc727f44ad31977bdca29381fa145eb01ce46803cc3

SHA512
6bb5056164ac617591a2a3eb04e1f8ce7709c5dfd70ea02ec7c7d1054552224164f7631ae346d678258857071495fb4b8cd53f17072f5e2028a56027ec040960

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
6efe853164a32009c539611c7be8d313

SHA1
1145442709da721b051172f5761f1402ec5299be

SHA256
1a1a7c0b3ddb0ace1778ead0f9e94d6dd56fd9b9270a7082c96c4725c70af922

SHA512
a7bacb1bb3dcf674c077654848c09fbb5216d761b9a48244dcf7d9e9429c3edadc9dc524e148c3859bfc1aab41a7dac1e09d5b0814452b1e69844112d29551f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
a855abf6b97538b80f807af1b9b0c500

SHA1
9ddf147e97b644101ab20d68bd83e91898f769ce

SHA256
17f527d49d878e3a203b3ffccec235d030297ed603cf1e49153b7d29bafb6d1b

SHA512
53a25efe45865202d6eacce95f8d7b4881b1dd7162046c794b3710f0951f1e86b270de823941c8f703be03d27522214bb829eab21c2937720d6671a6983dd142

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
223de7eeb6b27662cb47fec7f6358fb0

SHA1
8f05a33807b7d4ec39c584d6ad958e5dbdc31149

SHA256
f1e0f6c5114ab40b227440ee3dba4c4f74c45cfdc00c54a5249927c1008dff10

SHA512
7f4e1052377932724f8c27bbbe872122f01c9e89758e7d5746aaa1ca02535815b8db522b02770bb6c5b34a32e751d88efb362cd8ff95795d6f2a484cf9b8bc7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
815b840f125340174259a252869c245c

SHA1
d3cd524d3448db652e2c6a640083a1503b02ffc8

SHA256
61c1248dba81e910366cb419e0218492aad7d017ed227cdde579938872f71b56

SHA512
027c36e44b58bf7793c26e28692687425ac6bb32924e7089631828ed70a144a777a2b1563b62537f850764765ccbbb8d0d10d469439f78665a54dc58e5131395

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\heavy_ad_intervention_opt_out.db

Filesize
16KB

MD5
9a8e0fb6cf4941534771c38bb54a76be

SHA1
92d45ac2cc921f6733e68b454dc171426ec43c1c

SHA256
9ee9211a57c3f6fa211fe0323fa8cd521e7cbffcd8ff0896645a45795dc472be

SHA512
12ed22537dcc79d53f6c7d39e92a38f8fea076d793198928f5b7a5dd1234d50a3c0b4815632f3fadf8bc4ef0499773d22bd83f961d2d0ffd8afacf471bd3a5ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
d9e296cb7c5a907822288283ab86eb4e

SHA1
71ff5a409e56a016a2872bddd4e5edf93aeb39e0

SHA256
e0a1f3464eb9052b564dcda9174ae43506d9f77e7a954c8da6ff442768e34fe6

SHA512
c2fd840cc0ba2616830cf9c01a2cb5e8da836e005419d29ab521a16c61397f85a2f3f6c09f719297f3ded62328a300b21774ed3ea26e7240ab0cdbf19e1b42b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\previews_opt_out.db

Filesize
16KB

MD5
d926f072b41774f50da6b28384e0fed1

SHA1
237dfa5fa72af61f8c38a1e46618a4de59bd6f10

SHA256
4f7b0e525d4bfc53d5df49589e25a0bccf2fcf6a1a0ca3f94d3285bb9cf0a249

SHA512
a140df6ec0d3099ef374e8f3ece09bf91bc896ac4a1d251799a521543fe9bdea796ba09fa47932bd54fa939118495078f9258557b32c31d3d4011b0666a4723f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
19B

MD5
0407b455f23e3655661ba46a574cfca4

SHA1
855cb7cc8eac30458b4207614d046cb09ee3a591

SHA256
ab5c71347d95f319781df230012713c7819ac0d69373e8c9a7302cae3f9a04b7

SHA512
3020f7c87dc5201589fa43e03b1591ed8beb64523b37eb3736557f3ab7d654980fb42284115a69d91de44204cefab751b60466c0ef677608467de43d41bfb939

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
5951d41560a09231b1f5dd14ae66d8fa

SHA1
9f253a2799900f2ec0f320736fc829579120df28

SHA256
f15e6f114a97f69ea2446ec0b3d6adb3e185def57ce9166ce17357bded0178f9

SHA512
16d711b8d3fd600a8a70303fec780d7c8246fca8c1921b7072cd74bf65142c648fd12d1ff3ffb581044d8600b60e5131da317f9c98652b1a17a378505ac249f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
a2494b2c10fc11df5080e6b0fd0f170a

SHA1
76e2dcc70c2d3f9c13c6687747ed0335f4cb4fe0

SHA256
c1f20664d37afd79e01814941bc86e1cda5159e196f963e2e1069bb82d1df865

SHA512
7c1c362fd279fed38dbb732851c29a56ce3d0aa5e7b4a196240e6b466910a4809879352d799a028fa74aa0aed6388108995f378fc4db92791bdac33c8b6056a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
bed661e68ae355841742b5a09843393a

SHA1
8ff9f5b809368e0c52a790809dd7cfcd2e0e2c43

SHA256
27fddaf8741ca6943a8294b332746ebad391f803a0c0a2e43dcf2152d446895f

SHA512
b9f6d637522e18334e952077d2c3abedd2e1855a7f4b80d63ad5973b36fb1c394bb3f9255cedf1528d82b7c9028b5ed2d94f7c00a18a9681aed7663f4f8906a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
87a4e9840e6fbc5ccf6665be58dc5b5a

SHA1
44c6257a6a1db07d186e8ae07078274c24e19058

SHA256
a392a732ab6b428ec7cbe6b43030d6e94d551e67d35fa717305e4b06c547c443

SHA512
0b960247710d724fe5e702ec3c311719c9a3d1fab03ccf97faed83e92e13a8b350e710bf411af1c87711b65590db3226e8b39202a5d52e969af3686d55f97e2b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7cc1d329dce2c2f4a4ae66f37abc2c15

SHA1
221b5db0eed011b34220c0c091d580a55c7c1847

SHA256
036fb4f1d52923000e9c80f143222d95c751715d10b2a8868d44ff4cb6784d18

SHA512
97668a96ee628c7cf13818eedc46626db9cfaf09d973c54812aa30c38799682b31530c72c94a368aed6ce134d1e328512005508ecbb036aabaaef48ccae402dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
4fc2eb7b3800f878a670e955a4749582

SHA1
025d10d33b5ec70881d6687a9de78ba9f5c4b1a1

SHA256
bd0d4027586fbd383522b20ca1f312d65bc373587092d0f028ae76fd84717b36

SHA512
a2d7142af58d938b4d341093d025d9cbcac22244e8301dba65a04bcb5b7bfb9c5c31f79526bae130612913a53ab1520281aac267e75a4af994cce0de4a4c728a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
867a7b47dc1ebb18321366ad4fdedc8a

SHA1
c5cf851922e604fb7646d76a3fec6eef498697e0

SHA256
fea80d9a86353f6c75d7518adc07c459cad9024f8dd0932d36eceaffbe28c35f

SHA512
9a6f4c1728983c0ef43f204292e8192b67256984199c8e95360c2f9cd0b39136b57eb53e2bfdde39f7bcd8470e27d246f6c8243968eff19b050a9dc69eced3a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
14a304de991ebe1d858bb7a6efb89163

SHA1
ffdf7f9aa794b6f74a8831ed36d0192ea39af4f2

SHA256
ef28b03eacb96e3211ddc409830958888cd1cacd08b57e97cce41464ad74a9b2

SHA512
6a0f1828ef331778b1714bed23e134f85b73b57605f903282e3cff867a47d06c06232f4e826fb0089ce44f76f25b071bcd0f3aca261272b31b424763610b9935

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
ad8e34747afc4375e3deb1c4870c22dd

SHA1
39233e3035f5fac272177fd1582c4da0965f15f5

SHA256
cea910704e0c1c906b8e7b7df1767d6cf25b0ed964e044e3854fbe266ada6fc1

SHA512
2e7f6181e1b42095c2a3987d42cffd4116d29f3694c5cbfc947525a26dbccd25bdf747c322cf85e683d13fb53c522ed36dc6e94ce191e43b14af0f062a4dbda8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
d44517b359e25437b5be46ad39f2e5f4

SHA1
db431f8afc0a9d5ab282b3d6e457c47f20b59086

SHA256
89ce59257ae75ab85457d72264776b1df35debb12a52f0be88671c1ace22318f

SHA512
2145e14674f7683da218461449b3f6ef6a08906e977472a0a8cb0a865202021770968ffe986c1d04c3f80e0efad536544311c850c8823b6e82dc11e2daf689b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
4B

MD5
d87a48f6b335cee0ba7eefc98ca59ca1

SHA1
de1ab839219bdffc41c0faf2d79a9cd8a066d65f

SHA256
6411c65c46e6019d997caa7af9d31cffabcff8ba6cd5aea599a6c6723d53323b

SHA512
ba91286801123746eab5bb88a686fdaee9dd34800c8e5fc2448a1c5cdd4486980cdd6a2994ef84cd8e1efd4842ee6a6f0720396305d98a2694974c60c7478ffe

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit