c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c

Resubmissions

11-08-2024 08:57

240811-kwnd5ssgrq 8

11-08-2024 08:53

11-08-2024 08:47

11-08-2024 08:37

11-08-2024 08:32

11-08-2024 08:29

11-08-2024 08:26

Analysis

max time kernel
212s
max time network
207s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
11-08-2024 08:57

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

MEMZ-Destructive.7z
Size

17KB
MD5

d91a65636b8d4b7437983e064e2580fa
SHA1

2bfaf387d22b7e9c1a54c35d8ab33fa84006ece3
SHA256

c547f9193b8fcb681dbb93968d54ac9912901097e1912ff7ad11c5a9ee13062c
SHA512

0175a90f980354b6f9a0fb66be6672c18c03a33fb547a0a16d159f18745f59fc5f4d9dae69dfd4d3bcffbc1bd3bbc73901000931dc3c12b70dde6e4e72a92f9f
SSDEEP

384:CxpNbARMGzvkdrUUAhybY4GfheFQb4M4ecf3iQ/FF87u20VoDWXeQT:Cxp6RLzMtUUVMsFQb4ycfiQ/o10XeQT

Score

8^/10

bootkit defense_evasion discovery persistence

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 7 IoCs

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid process

2080 MEMZ.exe
2216 MEMZ.exe
2108 MEMZ.exe
768 MEMZ.exe
3908 MEMZ.exe
2160 MEMZ.exe
784 MEMZ.exe
Loads dropped DLL 1 IoCs

Processes:

Taskmgr.exe

pid process

2268 Taskmgr.exe
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service
T1102

Processes:

flow ioc

2 raw.githubusercontent.com
45 raw.githubusercontent.com
Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1542.003

Processes:

MEMZ.exe

description ioc process

File opened for modification \??\PhysicalDrive0 MEMZ.exe

pid	process
2080	MEMZ.exe
2216	MEMZ.exe
2108	MEMZ.exe
768	MEMZ.exe
3908	MEMZ.exe
2160	MEMZ.exe
784	MEMZ.exe

pid	process
2268	Taskmgr.exe

flow	ioc
2	raw.githubusercontent.com
45	raw.githubusercontent.com

description	ioc	process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 2 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

Processes:

msedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ (1).exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

MEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exenotepad.exeTaskmgr.exeMEMZ.exeMEMZ.exeMEMZ.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	Taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	Taskmgr.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

Taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Taskmgr.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	Taskmgr.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

cmd.exeOpenWith.exemsedge.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-661032028-162657920-1226909816-1000\{7A7576E2-BA8F-4D83-85CB-3A02FCC4CC49}	msedge.exe

NTFS ADS 5 IoCs

Processes:

msedge.exemsedge.exemsedge.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 471256.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ (1).exe:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 597515.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeMEMZ.exe

pid	process
2020	msedge.exe
2020	msedge.exe
3592	msedge.exe
3592	msedge.exe
1196	msedge.exe
1196	msedge.exe
1824	identity_helper.exe
1824	identity_helper.exe
2540	msedge.exe
2540	msedge.exe
1192	msedge.exe
1192	msedge.exe
3272	msedge.exe
3272	msedge.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe
2216	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

Processes:

msedge.exe

pid	process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

Taskmgr.exeMEMZ.exe

description	pid	process
Token: SeDebugPrivilege	2268	Taskmgr.exe
Token: SeSystemProfilePrivilege	2268	Taskmgr.exe
Token: SeCreateGlobalPrivilege	2268	Taskmgr.exe
Token: SeShutdownPrivilege	768	MEMZ.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exeTaskmgr.exe

pid	process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe

Suspicious use of SendNotifyMessage 51 IoCs

Processes:

msedge.exeTaskmgr.exe

pid	process
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
3592	msedge.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe
2268	Taskmgr.exe

Suspicious use of SetWindowsHookEx 64 IoCs

Processes:

OpenWith.exeMEMZ.exeMEMZ.exeMEMZ.exeMEMZ.exe

pid	process
1564	OpenWith.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2216	MEMZ.exe
2160	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2216	MEMZ.exe
2160	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2216	MEMZ.exe
2160	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2216	MEMZ.exe
2160	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2216	MEMZ.exe
2160	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2160	MEMZ.exe
2216	MEMZ.exe
3908	MEMZ.exe
768	MEMZ.exe
2216	MEMZ.exe
2160	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3592 wrote to memory of 5004	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 5004	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2288	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2020	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 2020	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe
PID 3592 wrote to memory of 4144	3592	msedge.exe	msedge.exe

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\MEMZ-Destructive.7z
1⤵
- Modifies registry class
PID:4616

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:1564

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffcdddd3cb8,0x7ffcdddd3cc8,0x7ffcdddd3cd8
2⤵
PID:5004

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1884 /prefetch:2
2⤵
PID:2288

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2020

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2724 /prefetch:8
2⤵
PID:4144

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
2⤵
PID:2988

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3216 /prefetch:1
2⤵
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4032 /prefetch:1
2⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
2⤵
PID:4772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5000 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1196

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
2⤵
PID:4604

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
2⤵
PID:4788

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5588 /prefetch:1
2⤵
PID:1172

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5512 /prefetch:1
2⤵
PID:3348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4640 /prefetch:1
2⤵
PID:480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5512 /prefetch:8
2⤵
PID:1476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4668 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
2⤵
PID:3472

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5908 /prefetch:1
2⤵
PID:2492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
2⤵
PID:4480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6092 /prefetch:1
2⤵
PID:2540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3688 /prefetch:1
2⤵
PID:1076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
2⤵
PID:2880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5928 /prefetch:1
2⤵
PID:3612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6100 /prefetch:1
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
2⤵
PID:2780

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
2⤵
PID:4236

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6184 /prefetch:1
2⤵
PID:2408

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4032 /prefetch:8
2⤵
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:1192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
2⤵
PID:1560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4472 /prefetch:1
2⤵
PID:2040

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6260 /prefetch:1
2⤵
PID:1840

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1720 /prefetch:1
2⤵
PID:348

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1648 /prefetch:8
2⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6776 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
PID:3272

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
2⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2080

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2216

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2108

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:768

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:3908

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
3⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2160

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe" /main
3⤵
- Executes dropped EXE
- Writes to the Master Boot Record (MBR)
- System Location Discovery: System Language Discovery
PID:784

C:\Windows\SysWOW64\notepad.exe
"C:\Windows\System32\notepad.exe" \note.txt
4⤵
- System Location Discovery: System Language Discovery
PID:4820

C:\Windows\SysWOW64\Taskmgr.exe
"C:\Windows\System32\Taskmgr.exe"
4⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Checks SCSI registry key(s)
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2268

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4924 /prefetch:2
2⤵
PID:5032

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
2⤵
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6208 /prefetch:8
2⤵
PID:4644

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1872,4238051311003067936,16038533445373232452,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1268 /prefetch:8
2⤵
- Subvert Trust Controls: Mark-of-the-Web Bypass
- NTFS ADS
PID:800

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2880

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2352

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000001

Filesize
174KB

MD5
d4d64c6fa9ef000d20b8128647613eb4

SHA1
692d6a0e94639561f4ba4eb5edeee8cc42c95f3f

SHA256
026fa13ac8e1a4b1d2245c6108020e96fd46da63c02c47fb53f3bfd5cb8b0dac

SHA512
a2db6daf5a02a7696d2fbf1aca7a352f8f15f05b0d5e5abd79596bd145c499d2a380b352c5dcdd977f5f0f11383ecda7ac87f607ff80e3023a15258c4fee3cae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
a074f116c725add93a8a828fbdbbd56c

SHA1
88ca00a085140baeae0fd3072635afe3f841d88f

SHA256
4cdcda7d8363be5bc824064259780779e7c046d56399c8a191106f55ce2ed8a6

SHA512
43ed55cda35bde93fc93c408908ab126e512c45611a994d7f4e5c85d4f2d90d573066082cb7b8dffce6a24a1f96cd534586646719b214ac7874132163faa5f28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
41KB

MD5
a7ee007fb008c17e73216d0d69e254e8

SHA1
160d970e6a8271b0907c50268146a28b5918c05e

SHA256
414024b478738b35312a098bc7f911300b14396d34718f78886b5942d9afe346

SHA512
669bec67d3fc1932a921dd683e6acfdf462b9063e1726770bae8740d83503a799c2e30030f2aca7ec96df0bfd6d8b7f999f8296ee156533302161eb7c9747602

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
9f8f80ca4d9435d66dd761fbb0753642

SHA1
5f187d02303fd9044b9e7c74e0c02fe8e6a646b7

SHA256
ab481b8b19b3336deda1b9ad4680cce4958152c9f9daa60c7bd8eb6786887359

SHA512
9c0de8e5bf16f096bf781189d813eeb52c3c8ec73fc791de10a8781e9942de06ed30ff5021ab7385c98686330049e3e610adc3e484e12ef807eec58607cfae63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
43KB

MD5
209af4da7e0c3b2a6471a968ba1fc992

SHA1
2240c2da3eba4f30b0c3ef2205ce7848ecff9e3f

SHA256
ecc145203f1c562cae7b733a807e9333c51d75726905a3af898154f3cefc9403

SHA512
09201e377e80a3d03616ff394d836c85712f39b65a3138924d62a1f3ede3eac192f1345761c012b0045393c501d48b5a774aeda7ab5d687e1d7971440dc1fc35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
73KB

MD5
cf604c923aae437f0acb62820b25d0fd

SHA1
84db753fe8494a397246ccd18b3bb47a6830bc98

SHA256
e2b4325bb9a706cbfba8f39cca5bde9dae935cbb1d6c8a562c62e740f2208ab4

SHA512
754219b05f2d81d11f0b54e5c7dd687bd82aa59a357a3074bca60fefd3a88102577db8ae60a11eb25cc9538af1da39d25fa6f38997bdc8184924d0c5920e89c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
27KB

MD5
c3bd38af3c74a1efb0a240bf69a7c700

SHA1
7e4b80264179518c362bef5aa3d3a0eab00edccd

SHA256
1151160e75f88cbc8fe3ada9125cc2822abc1386c0eab7a1d5465cfd004522c8

SHA512
41a2852c8a38700cf4b38697f3a6cde3216c50b7ed23d80e16dea7f5700e074f08a52a10ba48d17111bb164c0a613732548fe65648658b52db882cacb87b9e8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
25KB

MD5
42e84ebcf5470237abd1f9e322b751fe

SHA1
a828a45804554507d9e8521c36109e8bc3d5eca2

SHA256
a9fc7baee3689f0331e46617f60d6e7c3ed631209b7211e7dd09cf20d22a64c1

SHA512
36606d42aee5689819dedf221af3c6c0da06aeb9997b9ce84b42db42ab80a0926352219f1e47f2287dcc850fcc96e4eefd5e487e09e1f1228102eced11271e25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
37KB

MD5
a2ade5db01e80467e87b512193e46838

SHA1
40b35ee60d5d0388a097f53a1d39261e4e94616d

SHA256
154a7cfc19fb8827601d1f8eda3788b74e2018c96779884b13da73f6b1853a15

SHA512
1c728558e68ed5c0a7d19d8f264ad3e3c83b173b3e3cd5f53f5f3b216ed243a16944dbe6b2159cfe40ee4a3813ca95a834f162073a296b72bbdedc15546be8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
21KB

MD5
a6d2a865e9f16ea305950181afef4fcf

SHA1
082145d33593f3a47d29c552276c88cf51beae8e

SHA256
2e5d94863281987de0afa1cfd58c86fde38fd3677c695268585161bc2d0448a2

SHA512
6aa871d6b2b0d1af0bda0297d164e2d685bc53f09983e5a4e1205f4eb972a2017323c99c3cc627c3fb01381b66816e570f61d013d3775cddad285ac1b604cdc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
37KB

MD5
93acf02790e375a1148c9490557b3a1d

SHA1
78a367c8a8b672dd66a19eb823631e8990f78b48

SHA256
4f2513f353c2cdd3177e3890f216ea666e4eb99477a56a97ff490f69a9833423

SHA512
e6354f4e4d35e9b936a7ddaebdd6527c37e6248c3f2d450c428903a32d77439cab78020a45834379cf814a79149c3dddf4e1280b9d06a7f972e5f8e61c463d6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
20KB

MD5
c4b8e9bc1769a58f5265bbe40f7785ef

SHA1
07ff14df16d4b882361e1a0be6c2f10711ddce50

SHA256
2786986a3139e9722e667f81b4902609a4cf458e1c16206cd11feceee0254192

SHA512
a39157460b523ee2b9e1eacccf7aed99ff002767a8f87287c1c4662b6711b97f7d4955df64a86a882417fe71e598719e3934e14f787c1e6b3348c8a4c813e3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
18KB

MD5
2e23d6e099f830cf0b14356b3c3443ce

SHA1
027db4ff48118566db039d6b5f574a8ac73002bc

SHA256
7238196a5bf79e1b83cacb9ed4a82bf40b32cd789c30ef790e4eac0bbf438885

SHA512
165b1de091bfe0dd9deff0f8a3968268113d95edc9fd7a8081b525e0910f4442cfb3b4f5ac58ecfa41991d9dcabe5aa8b69f7f1c77e202cd17dd774931662717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
17KB

MD5
109a8cceba33695698297e575e56bfad

SHA1
2b8c6dce1ccd21a6eea2dd9aef2a8a6bde389053

SHA256
dd82d9ac034f0a06524fc1d5ef884c29a7e4d586a1e7db66e339dc54fac3636d

SHA512
6d51ed30c45560838df921212370a0044640a8e3c0433922106225cb6fec8cc115ac6191c753da13def21c4e0db4deb5782fb7a75ada822ced1db7c7d13beaf3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000016

Filesize
19KB

MD5
f5b631335f170065edf1b148e10b34d4

SHA1
ca34f82af577fec763ed38f0436d20f1cf766f62

SHA256
99be964ed51ca453ccfaa264a1ea9490da11e32b53765919172b6d3749a9f846

SHA512
c66791cbdc7c0d12e7295eb26eb583b26e03692c8986ab7d5dac0e6a561b8b68a8a9e33814121efc700ff6b472aa4f685162b0c75439b144f12286c9e28c7cc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000017

Filesize
57KB

MD5
919d13ecf08e3da7e9f337e7b60d6dec

SHA1
3d9bd4aa100f69cf46ad175259edd6ce9864830c

SHA256
9d4575044d2efd5e90503beda65571b5158a3f32d999191ac1f82d1a5ee62ad0

SHA512
98d8236ed1c44826b4489b9fb7b76c62502a032547374446c53dcf2eee2f5fe3548c6587fce66df9d075294bc2ab6be97c3cb21457bc899451ebd3b476715985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
53KB

MD5
cfff8fc00d16fc868cf319409948c243

SHA1
b7e2e2a6656c77a19d9819a7d782a981d9e16d44

SHA256
51266cbe2741a46507d1bb758669d6de3c2246f650829774f7433bc734688a5a

SHA512
9d127abfdf3850998fd0d2fb6bd106b5a40506398eb9c5474933ff5309cdc18c07052592281dbe1f15ea9d6cb245d08ff09873b374777d71bbbc6e0594bde39b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000019

Filesize
137KB

MD5
a336ad7a2818eb9c1d9b7d0f4cc7d456

SHA1
d5280cb38af2010e0860b7884a23de0484d18f62

SHA256
83bdfb7d266fd8436312f6145c1707ddf0fb060825527acfe364c5db859887a3

SHA512
fa69455b3bfc162ab86a12332fe13322dfd8749be456779c93a6ab93e1d628e246a31a0a55cdba0c45adb3085acd62ba0a094b2115529d70cb9f693f3b1da327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001b

Filesize
23KB

MD5
bc715e42e60059c3ea36cd32bfb6ebc9

SHA1
b8961b23c29b9769100116ba0da44f13a24a3dd4

SHA256
110ccd760150c6ac29c987ee2b8f7c56772036f6fe74ff2fb56c094849912745

SHA512
5c0edd336a6d892f0163aa183e5482313dd86f9f5b2d624b3c4529692d70720f4823808f10ee7870fd9368b24de752b343570419fd244c33ad2d9cc86007bedc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
3e1fe5bf89ff9fb0850f5b316392fce7

SHA1
147ccb5b5136ea6f1bacdbce8d0371bbf6e7d219

SHA256
84c11342bdff5c2cd1d21e1130ad999a0e1615a007601fca26eb80ebf5200ec5

SHA512
d1b771b362665448d2adf669afd5562251abb9e8793cbf2a7bb16fb4da4564032eae7905f406174413e47781d8ce8c7ba401d72ccc27ea697912615a27902016

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1006B

MD5
18d7e7a6c74afa02f68f885d16bc87d4

SHA1
7519617e493e045265ccb02692a32e8cb9dd1255

SHA256
4e104e7e1ac7330ebe375a5497999dd73f3f3724e3ea36c74d17f5a93b67191d

SHA512
2fa025815f6fff6000e9a0c14e125b9d627dfb2ebcd3372936bcf1f2aa078696e7c1a0c5aa3d60e3ec762d7a49d554046336593a5aa51038e141839916179e92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
b75bb4e32d8f5e2f9243f4d91e1ed524

SHA1
117dde5355675a806356f81d20948c57b94ddfeb

SHA256
4b4e5fe5665d1bd0ccc7416c2e60a86c00e596cccc67ed6a25d5fc4e8f596b53

SHA512
58ca4ee030ecffcd88ebcd3572b871dfcec0a3d0fc2b9aab236f132eab7b6c75fb76a2c6a0d6c9250b718ad180695b6f7db4adb55bda270f4ffd4a2c0219017b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
0afe463acb5bbee409d5cbeeb3cefe69

SHA1
8afd746cc6d81b3178907f46d4582d34203c9801

SHA256
7bbf35162625237f9ef4ff066be7325d737d8bc50ca87d1b582f309561cb9a45

SHA512
66df7196e6181bea4703a77425f6dcb3b756b9a5bb0dd7be47020c14963c104609abd4266bb659624c7bc7e019979dc25407f35271fa16bb5164c877ed134510

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
37018aa53caa52ff6a7a5f069cc37f14

SHA1
8f0eb64cb9cd343be657b503061c2bfe4fcc618c

SHA256
d15f2004560bbea550598ae61a68c388141cddd46e96c61315f77361784009dc

SHA512
ce892c96ed494f41695d8926d4329a10b5fdd5b4637f6bb8c883f077e3ad294d5fdfcd2e499cb408209d200101a51c522e1631bdc36ee7873dda5aac4be21fbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e8c6092ae6cdee3b3f539a406a3103ed

SHA1
6e5d41b0f08c8f22c3ee772665436df0e8629484

SHA256
ae0b62bcd39d227fc71ac86cff0bf26c8ced1e5458fa942653acb185398654c7

SHA512
0c3669901b38e1910172650b2adcd868836ddb4c9e0e10aee0884659859afa613ab5644837fea2ba92f3da84a504a7a390e3ce545f1470cf3e12ac9fc75a2425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f1b24170f49ee6a2b1e6597edea9d8db

SHA1
d8113fb368b0b771bdfa2c5965af4c10bc3a610d

SHA256
49e38d22840717a05f5576ae7cdb509c8042e2818a17792ef1f6527e8e996a84

SHA512
25d98a7ed3817cc8272a0a6c9597846511e9f154221e7c47cbfca80c58a124ff213b491b0bdc88a7625aa7ddabfe3b5aa3c910f5010a09cac2a2fdb73cef6b84

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
903d67a94b7e59bd10beb103abe72737

SHA1
c14d8bad42ad7d51e533b85526b34a11326f319c

SHA256
f88438ffd10388fdbd49e3fb20cf3e2737de5bc9707b1d16336472a981477e51

SHA512
64635270d0f5dc7dc3aa90a0215bc1c4315d67e385aa34268f6bb9bc1a7438dce5c46ecf5f1664825632d4781b7a6541d2b57af3282838f41ac8b4162d8b7592

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1278428245b7f98c76938beca97c6ff7

SHA1
21eb6a8cc20c9e0e3ac3669d9df8c6f9cd01f9ba

SHA256
a05e7f875787a1eaeff4cfa8dbf3f160dce8435739d0c5dadded5ed699666d58

SHA512
b20e0910547ecfefbb41dc7a047db3ca19629d96968ce6868f2b662dea4edc8d8e8c56ecba2d56d2344c7c00eefaa1906eb7a0b87592babb8155f19e5f01c0ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6d297f832e0bf3a42dfcabf1ecd9d0d7

SHA1
d12a988513c4d26ec6ce4611cfad5ba1feae7945

SHA256
3f60d88832982537e80b4f74a9285d09233b23b3d034844132e8c418ad563d54

SHA512
6742c172a236602eb0af835a751c70dd298f5fa9b964b02665ee8202852d15b7a00f07266a24f820b0f3432434658819ed48801795da66b2b9d0c3d65afc4d26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
597a5fb9a717c25392f605613a70e90e

SHA1
9f4651d0dbbaa595487c07c7884e23d8c9fcd080

SHA256
c3dc67c2494417ef406a1b6d4494087c6318304e22ac4e591144a1134f654480

SHA512
caa97bc406f487fab9b180f9c36347158115aaadeb0ef9bb781e287b9027850d822d8624e9e9368176155408f9704f317bbcfa775bf28a33e5f9b27cd12927db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
70f5da32f498a8e7cda8c1b833f35c41

SHA1
03fafd5f7c1743613ee529d4b3ec3a6be6348550

SHA256
1d09eccc0a015db5c1facc63149e87deb8c472179908a12bb2fef13046fd70c1

SHA512
d5d1692c9180ea1528ace295cb8067910e3db0779e5d1823553221433ead513faa94a8e6f5217f83007390beb4fd2524a82e7023d090e6dca2af1775a4024c31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b20dcd77f2641d271ea0636187a63baa

SHA1
6d61f4edfa199bb28950d27caddf33ab92334a42

SHA256
07331c8b63873512779418b8a818c99e92ca04c6a75d20c8117218674c15bd8d

SHA512
851dbf2d0c87ffda3efac189516295141ab9b77b84a7725950f8883d4bfb736a8da1dfe9348788937f8f663ac6d0bf0000d7e75946751b0e4aa67321dcfe1d6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1c826a0737451d03578dd63fb79b3a59

SHA1
7fcc90061716e1b2b762e55398a31619cf182538

SHA256
265a0c980616a4eb12597df954034a17635b924ef843ae17c949c4b65f2472cd

SHA512
28c424ea885a31c88dc466534b3a5033f1629afe32e74b1d4f895e252f69eb5ed603c1edd775c69b9be24139bac11abd3b760de9b20445832f66fc0f7aa93196

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2e121c02e26784790bb7fe8fb7fbb4d5

SHA1
fa789fe75750c90af8bf5053de095dcb55a0adc6

SHA256
02b5192637f90a7395b32af84e78af1655c7fcea16237ed7b64f2ce86ba8dd5f

SHA512
77ee36ef98839675b5e19563e5286bd7c9f557ab837efe364a825d22b99331d56b958146469d8848de5c1a5dddf7aa1c502d88a25ab3cb7d3d46f45759782dcd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe583cc6.TMP

Filesize
871B

MD5
1ce57528f9e4ffad1ec2b70a6e0bc243

SHA1
e3d135403d3e90ba935729edf5c197e589483d28

SHA256
ccb49e77ec525519e101e0c6d85e61c1a15cc6ad598029f6f990f8cc21cf14b0

SHA512
64ae8be2f45c8046f3a45e106e76d7cda58191b5c29179afb8547af3d7f8b80ee9b4a8b08ce54eff4e57db12bca89338441f93e0abce7550e97113643bef996b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5169e845db0f74807437785af4e1e37f

SHA1
8e98cffe33a97c62256bfe8ab69eb134eb3c5895

SHA256
1d020e5a51e762e101467940f71185b69ee76c91981f7a59ed359a4a160c4a7e

SHA512
554f926b7f0d8dc3c5c29b90ab259c90278de2cc58dde650889622e85f6539c7a4bb710ccbfa4380612e00084aad8e3dea82e4e8ca8a2b53ca9c48c75f827b42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9a85bf1f8c0b0198bdf858645d0ab2e5

SHA1
e990a258d134abad8ca0df96e9af60d0e84a537c

SHA256
752761c55aa1acd0cd78526b9906e57509dacc6d0ea848ec90e9a026cff2a26c

SHA512
681186837d47b89760d53acafe15ddc0e5b12c1ff8e8073f47bbe6da11930012de69530b06d588698acb5ca54247561acd4a3968603b831c5d0b82312d8fea0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f7f989aa93f3f14ba8c6668508634844

SHA1
e0663ea282446176819c975fccf67295186ae467

SHA256
9610c212ddfa149e27fd39c0b6ca5acd404bd53d11afb5500fcaab2612491b73

SHA512
43701ec85f3656c1c0536cc2db08bb44843325ff421e6fc55ba417960190cefeacfcbbe5416ef8b5ac0f539672db6b6b500bcb2a96c99f8bcdfc08ef28d99ec9

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier

Filesize
652B

MD5
3667d3cca11bf1bd0751a692123a83cc

SHA1
8831c5c8e6e0d201ff11558a32b0a3dede919dd0

SHA256
5c788021bb99057a22ba210cdef4567ddce023d4a02985fce497cd149b5db734

SHA512
44839fe41012b223798a92a4f29e13c965f04019a465a94d766872f09857cfaa730d51c9969423eb4d436c6e2a37d4b1a363600a34e003f0f1482b6a50381c65

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier

Filesize
55B

MD5
0f98a5550abe0fb880568b1480c96a1c

SHA1
d2ce9f7057b201d31f79f3aee2225d89f36be07d

SHA256
2dfb5f4b33e4cf8237b732c02b1f2b1192ffe4b83114bcf821f489bbf48c6aa1

SHA512
dbc1150d831950684ab37407defac0177b7583da0fe13ee8f8eeb65e8b05d23b357722246888189b4681b97507a4262ece96a1c458c4427a9a41d8ea8d11a2f6

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
\??\pipe\LOCAL\crashpad_3592_XGHHEDQIZNUJRSKO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2268-1405-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1407-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1406-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1412-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1411-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1417-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1416-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1413-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1415-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download
memory/2268-1414-0x0000000005640000-0x0000000005641000-memory.dmp

Filesize
4KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads