0acffde0f952b44d500cf2689d6c9ab87e66ac7fa29a51f3c3e36a43ea5e694a

Resubmissions

22/08/2024, 01:19

240822-bpptysvcrj 3

22/08/2024, 01:05

240822-bfwwxazgkf 6

Analysis

max time kernel
149s
max time network
151s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
22/08/2024, 01:05

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MEMZ-virus-main/MEMZ.exe
Size

16KB
MD5

1d5ad9c8d3fee874d0feb8bfac220a11
SHA1

ca6d3f7e6c784155f664a9179ca64e4034df9595
SHA256

3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff
SHA512

c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1
SSDEEP

192:M2WgyvSW8gRc6olcIEiwqZKBkDFR43xWTM3LHf26gFrcx3sNq:JWgnSmFlcIqq3agmLH+6gF23sN

Score

6^/10

bootkit discovery persistence

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SystemTemp	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 3 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 12 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Kills process with taskkill 2 IoCs

evasion

pid	Process
1504	taskkill.exe
4736	taskkill.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133687623748957802"	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2842058299-443432012-2465494467-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1304	MEMZ.exe
1304	MEMZ.exe
1304	MEMZ.exe
1304	MEMZ.exe
1028	MEMZ.exe
1028	MEMZ.exe
2312	MEMZ.exe
2312	MEMZ.exe
1304	MEMZ.exe
2760	MEMZ.exe
2760	MEMZ.exe
1304	MEMZ.exe
2312	MEMZ.exe
2312	MEMZ.exe
1028	MEMZ.exe
1028	MEMZ.exe
3648	MEMZ.exe
3648	MEMZ.exe
1028	MEMZ.exe
1028	MEMZ.exe
2312	MEMZ.exe
2312	MEMZ.exe
1304	MEMZ.exe
1304	MEMZ.exe
2760	MEMZ.exe
2760	MEMZ.exe
2760	MEMZ.exe
2760	MEMZ.exe
1304	MEMZ.exe
1304	MEMZ.exe
2312	MEMZ.exe
1028	MEMZ.exe
2312	MEMZ.exe
1028	MEMZ.exe
3648	MEMZ.exe
3648	MEMZ.exe
2312	MEMZ.exe
2312	MEMZ.exe
1028	MEMZ.exe
1028	MEMZ.exe
1304	MEMZ.exe
1304	MEMZ.exe
2760	MEMZ.exe
2760	MEMZ.exe
1304	MEMZ.exe
1304	MEMZ.exe
1028	MEMZ.exe
1028	MEMZ.exe
2312	MEMZ.exe
2312	MEMZ.exe
3648	MEMZ.exe
3648	MEMZ.exe
3648	MEMZ.exe
3648	MEMZ.exe
2312	MEMZ.exe
2312	MEMZ.exe
1028	MEMZ.exe
1028	MEMZ.exe
1304	MEMZ.exe
1304	MEMZ.exe
2760	MEMZ.exe
2760	MEMZ.exe
1304	MEMZ.exe
1028	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of AdjustPrivilegeToken 13 IoCs

description	pid	Process
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeShutdownPrivilege	2096	chrome.exe
Token: SeCreatePagefilePrivilege	2096	chrome.exe
Token: SeDebugPrivilege	1504	taskkill.exe
Token: SeDebugPrivilege	1864	taskmgr.exe
Token: SeSystemProfilePrivilege	1864	taskmgr.exe
Token: SeCreateGlobalPrivilege	1864	taskmgr.exe
Token: SeDebugPrivilege	4736	taskkill.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
2096	chrome.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3504	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
3356	msedge.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
1864	taskmgr.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe
2080	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3876	MiniSearchHost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4416 wrote to memory of 1304	4416	MEMZ.exe	83
PID 4416 wrote to memory of 1304	4416	MEMZ.exe	83
PID 4416 wrote to memory of 1304	4416	MEMZ.exe	83
PID 4416 wrote to memory of 2312	4416	MEMZ.exe	84
PID 4416 wrote to memory of 2312	4416	MEMZ.exe	84
PID 4416 wrote to memory of 2312	4416	MEMZ.exe	84
PID 4416 wrote to memory of 1028	4416	MEMZ.exe	85
PID 4416 wrote to memory of 1028	4416	MEMZ.exe	85
PID 4416 wrote to memory of 1028	4416	MEMZ.exe	85
PID 4416 wrote to memory of 3648	4416	MEMZ.exe	86
PID 4416 wrote to memory of 3648	4416	MEMZ.exe	86
PID 4416 wrote to memory of 3648	4416	MEMZ.exe	86
PID 4416 wrote to memory of 2760	4416	MEMZ.exe	87
PID 4416 wrote to memory of 2760	4416	MEMZ.exe	87
PID 4416 wrote to memory of 2760	4416	MEMZ.exe	87
PID 4416 wrote to memory of 4056	4416	MEMZ.exe	88
PID 4416 wrote to memory of 4056	4416	MEMZ.exe	88
PID 4416 wrote to memory of 4056	4416	MEMZ.exe	88
PID 4056 wrote to memory of 248	4056	MEMZ.exe	91
PID 4056 wrote to memory of 248	4056	MEMZ.exe	91
PID 4056 wrote to memory of 248	4056	MEMZ.exe	91
PID 2096 wrote to memory of 1928	2096	chrome.exe	94
PID 2096 wrote to memory of 1928	2096	chrome.exe	94
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 468	2096	chrome.exe	95
PID 2096 wrote to memory of 1768	2096	chrome.exe	96
PID 2096 wrote to memory of 1768	2096	chrome.exe	96
PID 2096 wrote to memory of 3980	2096	chrome.exe	97
PID 2096 wrote to memory of 3980	2096	chrome.exe	97
PID 2096 wrote to memory of 3980	2096	chrome.exe	97
PID 2096 wrote to memory of 3980	2096	chrome.exe	97
PID 2096 wrote to memory of 3980	2096	chrome.exe	97
PID 2096 wrote to memory of 3980	2096	chrome.exe	97
PID 2096 wrote to memory of 3980	2096	chrome.exe	97
PID 2096 wrote to memory of 3980	2096	chrome.exe	97
PID 2096 wrote to memory of 3980	2096	chrome.exe	97

C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe
"C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4416
- C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1304
- C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2312
- C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1028
- C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3648
- C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe" /watchdog
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2760
- C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe
  "C:\Users\Admin\AppData\Local\Temp\MEMZ-virus-main\MEMZ.exe" /main
  2⤵
  - Writes to the Master Boot Record (MBR)
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4056
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    - System Location Discovery: System Language Discovery
    PID:248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3504
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd59d03cb8,0x7ffd59d03cc8,0x7ffd59d03cd8
      4⤵
      PID:2468
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1888,13341397911175692453,18409615876935711375,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2076 /prefetch:2
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1888,13341397911175692453,18409615876935711375,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:3
      4⤵
      PID:4784
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1888,13341397911175692453,18409615876935711375,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2676 /prefetch:8
      4⤵
      PID:4860
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13341397911175692453,18409615876935711375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3196 /prefetch:1
      4⤵
      PID:1768
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13341397911175692453,18409615876935711375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
      4⤵
      PID:3004
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13341397911175692453,18409615876935711375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4868 /prefetch:1
      4⤵
      PID:4372
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1888,13341397911175692453,18409615876935711375,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3456 /prefetch:1
      4⤵
      PID:560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=mcafee+vs+norton
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    PID:3356
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x110,0x114,0x118,0xec,0x11c,0x7ffd59d03cb8,0x7ffd59d03cc8,0x7ffd59d03cd8
      4⤵
      PID:2168
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2032,5688216809566897912,15684034758611760592,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2044 /prefetch:2
      4⤵
      PID:3884
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2032,5688216809566897912,15684034758611760592,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 /prefetch:3
      4⤵
      PID:3396
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2032,5688216809566897912,15684034758611760592,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:8
      4⤵
      PID:564
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5688216809566897912,15684034758611760592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3144 /prefetch:1
      4⤵
      PID:544
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5688216809566897912,15684034758611760592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3152 /prefetch:1
      4⤵
      PID:3012
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5688216809566897912,15684034758611760592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
      4⤵
      PID:4824
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2032,5688216809566897912,15684034758611760592,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
      4⤵
      PID:1388
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2032,5688216809566897912,15684034758611760592,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5536 /prefetch:8
      4⤵
      PID:3832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://softonic.com/
    3⤵
    - Enumerates system info in registry
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of SendNotifyMessage
    PID:2080
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffd59d03cb8,0x7ffd59d03cc8,0x7ffd59d03cd8
      4⤵
      PID:872
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,11996219974735076229,4867598722774164609,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
      4⤵
      PID:4672
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,11996219974735076229,4867598722774164609,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
      4⤵
      PID:1576
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,11996219974735076229,4867598722774164609,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
      4⤵
      PID:764
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,11996219974735076229,4867598722774164609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
      4⤵
      PID:2940
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,11996219974735076229,4867598722774164609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
      4⤵
      PID:340
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,11996219974735076229,4867598722774164609,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5004 /prefetch:1
      4⤵
      PID:4772

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Drops file in Windows directory
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2096
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd59e4cc40,0x7ffd59e4cc4c,0x7ffd59e4cc58
  2⤵
  PID:1928
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1780,i,12487497698356074678,6584438745223597636,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1776 /prefetch:2
  2⤵
  PID:468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2040,i,12487497698356074678,6584438745223597636,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2104 /prefetch:3
  2⤵
  PID:1768
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2200,i,12487497698356074678,6584438745223597636,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2176 /prefetch:8
  2⤵
  PID:3980
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3068,i,12487497698356074678,6584438745223597636,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3248 /prefetch:1
  2⤵
  PID:1008
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3092,i,12487497698356074678,6584438745223597636,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:3964
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4420,i,12487497698356074678,6584438745223597636,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3548 /prefetch:1
  2⤵
  PID:4824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4748,i,12487497698356074678,6584438745223597636,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4764 /prefetch:8
  2⤵
  PID:652
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4764,i,12487497698356074678,6584438745223597636,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4972 /prefetch:8
  2⤵
  PID:1060

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:4036

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:1952

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:1812
- C:\Windows\system32\taskkill.exe
  taskkill /f /im MEMEZ.exe /t
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:1504
- C:\Windows\system32\taskkill.exe
  taskkill /f /im MEMZ.exe /t
  2⤵
  - Kills process with taskkill
  - Suspicious use of AdjustPrivilegeToken
  PID:4736

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2168

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4052

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SendNotifyMessage
PID:1864

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4860

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
66ae7d47a452ee732f6be2371ea9226c

SHA1
9c9e3c9e153738f985737574f49935b999cb5331

SHA256
7c51f582adb86e6da48a3dc68253443681b72f3fb36119bfaf9877269d9f43b2

SHA512
e1766495b3f5df97991c9ed3424e8b3b0f7899bd78316692e9da1b529910e0a75a367cbfcea70960ecebf337942cb938258d543b0319f5cd3bfe8ed8ff07cffc

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
322d341089887c4d931ba3670fccc4d4

SHA1
7c065fe573c1967bfaa5dc10521642e0c75f96f1

SHA256
a5bb60a346ec710848bc8e0b5c8f882c534759f1ecde8cbec94c6290edbd856c

SHA512
de79f9a296c93127954837410e248ab8eb07be55b0a13fd332adc7f1c6c6798318ad4e537fa718cca5a1fa8030c7961f091137b2a3a345bff558dc08766181a2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c7908ecaf150a2d69688740ad094f2db

SHA1
eaf801dc0bbb8437d8c42174aef6942fc0eb8a1e

SHA256
340fd2a477d243eacf02f15e13b8a055c565cb4520c937b56070744c45dc6792

SHA512
b26c8c00b7dac8cc8ab600554bbb5f5ef1f951f9b33ea50984c9b6f3888a2781d0ddf724b48fb7e890dc7f5860888c599febd1a73fd75255a88e178ed46799eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
e35f8a9b32bc2106cc6c0186faacc8d6

SHA1
9edc03228b12ba9b98722631f147db32c7abe7f6

SHA256
bdbd343f7b7c4d7a456f57af1b79e2b8c0e41aeb756b68db36ef18dd912f49d4

SHA512
2e57f7cf0a833a061e9c0c04fa3b981e1b93bb7699e19b88ed9d4bd9e5bd4cd17a5bb36a91b1c74f1a38b97cd236a016b83a7fca642fbcafab7ff678f55dda4b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
9e668984236cc1a9b8a1552a7e541a15

SHA1
4bd17ef4e8e2c0f6ef25d815ae51485fe01b7459

SHA256
c9f6fed9a7d85e92ecffb036b6e7832a46c58454cab44247fefdcdb473a6b058

SHA512
79f6e6c4f150dd87780dab952634532a7438807d22e9bddeb4b05fafc131fa96909e8b9b09bbe1655b4f1997e12b9367e54f422870424a1d5b4453bbf23551a4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
201KB

MD5
fe8a58014f59d9899c42ada2fda703ce

SHA1
0ae691de2fb747e393761ab0837b1f44c6a39012

SHA256
b07bc6ace26e2a809f3d20ce5ab9689b2b096289728838455c43e0997ad422cc

SHA512
bc2d797bcc99ec6f3f55d7ecd9a6c3eb908dcc2a6e3a47120d5a6fb81f43301d1bc0929e7cc2936e7cf90966f1b19a74d05119f4592548b00a846da2b029a1c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\37ad0db5-0e7f-4efe-ae45-c22d485ed2d6.tmp

Filesize
10KB

MD5
a940821957fe25d663de242dc1de64c1

SHA1
43d51f8eeaf62fa39efff0fc8a418cd135dcce5f

SHA256
26c740e3d81f2c1ba302d1c1428453db6dafa44cb1d10fc6e3ea399b16f471e1

SHA512
17bde5719ec46e67bf10f4807c67a4ad752c5dcbfd0ad639548be3d2553f593c6b5028d5037e1f5ea40911f400890ac4446790f5dde1e8bc0ed5bc5ddd365bb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
228fefc98d7fb5b4e27c6abab1de7207

SHA1
ada493791316e154a906ec2c83c412adf3a7061a

SHA256
448d09169319374935a249b1fc76bcf2430b4e1436611f3c2f3331b6eafe55a2

SHA512
fa74f1cc5da8db978a7a5b8c9ebff3cd433660db7e91ce03c44a1d543dd667a51659ba79270d3d783d52b9e45d76d0f9467458df1482ded72ea79c873b2a5e56

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
026e0c65239e15ba609a874aeac2dc33

SHA1
a75e1622bc647ab73ab3bb2809872c2730dcf2df

SHA256
593f20dfb73d2b81a17bfcc1f246848080dfc96898a1a62c5ddca62105ed1292

SHA512
9fb7644c87bdd3430700f42137154069badbf2b7a67e5ac6c364382bca8cba95136d460f49279b346703d4b4fd81087e884822a01a2a38901568a3c3e3387569

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
14ca834b924778d8f3231a79a5a4ac55

SHA1
ede34d8927e7de7a82eb7d055d9163955b19bcc8

SHA256
a05f0f9564e1f71efa399df476d40a9851a4b0fa6c0f3592de77a1c24707f7e0

SHA512
6601b36e64a5b3cd87615f0c2241dc7ad2f31426895f560e2183a328942d16aeaed5bb0c7cd3eb01717f6c6d6233a5b0355185d0087813527cdd10b9cd641928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
922ac5cdb4bccfb75cea3666c8d11dae

SHA1
82572dcfbd5178cdd5be483848563beba7046b1b

SHA256
092fbefe4a5236e76c2e91d9175bb8464f79d537265ba79d7ad13bbaa14126dc

SHA512
46cba86976f5e39434e4f33f426f3a56d54b46dd8b267a85b3061c6da9cbf6a03eb0c9d18fe917ae01eb25ebac607766623ac0141a9fe7a3313c65a76010510e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
a7453827d1937ce3150ecd52eb5367a6

SHA1
b406d54df781db63acc466d806c81d241bd62bdd

SHA256
8f3d58b89600ff3f306394c242a3eae89bc155c68516811062f9f8d94683ae82

SHA512
3deaa7ccaa080dac09c2eecc9b7030a10e459a65c883bc0dc7095369bd60c39390179a4acf45d4cbd038558d3079f6de9d1285dab7d44d468205e43153d7e9b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
377766e5502cd586dce48f6290ab98d6

SHA1
52f534707c34026ca788eb47fc7033ee25868bf7

SHA256
8cd2647614e74afc6e8e1d488753fecd91cf1299981b9b7fa55101a9addc0158

SHA512
6b1665555d3e569ed8eec615d653c901713191b4c6bac130ebf5a2d380b214f1ebbc312a05d7941d49773b1ce85b64eba4f39b579f1c233f048a30196709433f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
f7340666708a0459d42889220a3be459

SHA1
dc43a489616910c7db20eb9339e97872acaa3bd7

SHA256
bdbad8fa3bbacfabec4a95ead97135d357a9858c166d6985991395bcfbd0826e

SHA512
995ca9001debbaa14f5c3ef2719a153fbc44e113c676a21ce0a53d91bb41564d2003786502f4b207e090639b51468ee0f59ab095500760fa379cce2d58bc6858

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
55c1dd8240457c56907255cd086a7bf3

SHA1
4cec7f24361ac554e8a521bb3b067973c68986f0

SHA256
f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617

SHA512
9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
22a3bbc9835422928d77c3afd9f61e40

SHA1
7b8436ce947ae0034f7ac131c9a9167342642337

SHA256
f1b21b82b484383bb4b4df647e387ab750f4c8fa66fc74e43e93362d94643a73

SHA512
944ad34b2e928be8ee6efec631fade5a6b63360dd9c4d07d6714aaac4b95648ebd0f4350556bbe17cf3aea7263b10f36e6afd8c5e4cf5b3d07724a5ada6181fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
24KB

MD5
c594a826934b9505d591d0f7a7df80b7

SHA1
c04b8637e686f71f3fc46a29a86346ba9b04ae18

SHA256
e664eef3d68ac6336a28be033165d4780e8a5ab28f0d90df1b148ef86babb610

SHA512
04a1dfdb8ee2f5fefa101d5e3ff36e87659fd774e96aa8c5941d3353ccc268a125822cf01533c74839e5f1c54725da9cc437d3d69b88e5bf3f99caccd4d75961

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
212KB

MD5
2257803a7e34c3abd90ec6d41fd76a5a

SHA1
f7a32e6635d8513f74bd225f55d867ea56ae4803

SHA256
af23860fb3a448f2cc6107680078402555a345eb45bc5efb750f541fe5d7c174

SHA512
e9f4dc90d0829885f08879e868aa62041150b500f62682fc108da258eee26ad9509dcbf6e8a55f2d0bdba7aa9118dd149a70a7d851820d4ea683db7808c48540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1224a3513b186381_0

Filesize
289B

MD5
693f8da6a112b37fa0e583cb185eda50

SHA1
196cdcf252773ba8e50a455c16e1c93eed36ab64

SHA256
e4205975e490623d2200be9fdea3a116eb6542efedacbea4d010913b6d08731c

SHA512
8ce26c53b5b0eef164e82057319a791439e6849181a068251b0b8dd30e3513ba3efb8d5a0d6c76df22cbd33efc2eff22989d904b6e035a999bcb13b52ef7a4f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3681a4b597544fa7_0

Filesize
240B

MD5
7dd0776402eabb2049d23ddab6148a20

SHA1
34fd28058ef94bd9cf27122edc3212f267927eaa

SHA256
4b4e95d4b00b7dcaeb53906bdda620bca601b33068227c7118eb57e0f75fd788

SHA512
1d7011ee6a4051b0a8be1ea5640f9e6565bff1ed2350cbb04889ad80016d14015a88aacdb13cba8850f8e991c028badcac50011a95f9abd2fdbeb2e3b3d58e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7292e42e6842a7fb_0

Filesize
605KB

MD5
e656f6fa34d2549361b40aecc3733924

SHA1
551d1c08bdd402eef62a27ba5e0d6eff14fa0aa3

SHA256
7eacb64d1f57c41fe9bb576bd3cad478903cd84a6a568b29c1d3ab134c6c9e5d

SHA512
76683eb52735be2315999c69f6ec4df447d6e197e38a8a42a1fe4c30c967aa1ddb4fb95ddf4041483568bde612e1d2f605abd81af5011b307167b9a67439c9c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e3b251fb146cc793_0

Filesize
232B

MD5
92d699d47b4d96f516410816c95f891f

SHA1
cd6fe8494ce41aef233e39a99da4c4831ece29ae

SHA256
ed51dfa5f76be4ca1ca055134998a9450a6bbb18acd7fa1a445ecd0f0ac274c6

SHA512
3485ca595eae26b726a2c49a017b0cf8660630a8fb7dd9f7037e7609e0db8f5b1a64486d6ca57626c8e1cb64b0885521941e9820722f73a772092a878fde744f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
144B

MD5
a1987cf5161910fda77ad59b033072d2

SHA1
eef33f7ab4a7d99bf4ffc1517569ac22c533726d

SHA256
7399ab63230aab86bcd3877bfd481d8199e11e835f008da2307662f1eb69324b

SHA512
711c52fef90b9587022e1485d3912ef8a800c35922ee141e8cc5f7167b0c9c4ccba7ccee8165e68df5fd5bbfefc711947117a62aec3bb6f7c570d9ecb0e251f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
168B

MD5
10357507297b98a1b1451cc578038186

SHA1
0dda9967ad56d35e9604bdf369748e8ed8d7bb09

SHA256
113dcbb6544ba114472586cfe420ca055408979264c345c2da01ad88029c6327

SHA512
bfdf3ef6800f4245503a64b382659b868c7d28c739223de34bccc80f6d0e1e01cffa58d8cc940df2b8cddbadb35568afec96dc0f3dd70fc510476beaf6c9e4a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
795057aedb4e92bbb7ea1975716f3239

SHA1
84a76973929b47a1d108bcbe194648da953101de

SHA256
aefeef85f1c4ef01291957ba3f0b3683a10695d8d42aed0399c8ae5f65587e0d

SHA512
38c4d6d5138c0ea0432ab25462a52f1ce04e364c8d9aefceef5e319c3633b48255e063e748af16f3bdd6b43ed0e79ded310d89c090689da95454044ea49a5f3d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
20KB

MD5
7af96a9a79e0be6171dea67c8fde9a01

SHA1
6f9abdf932945e1103e385ff9a74a434264b69cd

SHA256
534468343b5c2ebb3002145923ed1e25c223504d88eb716f90b089fad436adaa

SHA512
8be2caac4857097d0eebfd8fc465be0bd35bc0f301dcd0cbd871a1cbea5ce0387d79374c052ee9340654cfecddb2a0daf6565851ff6363af8b8fbd4624dac01d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal

Filesize
6KB

MD5
cc3aae6d24f7f88f7a159766b54400ed

SHA1
ad274909a1a7c98a91a6a47427bef3d897c04fe9

SHA256
fe5d27d023f7f1e48883559734a29dbe65cd713cb90be57faff6813e72ede6b6

SHA512
60217755deeadf281cd3114aa09d6055604a39a891821eca3ff576a4fecf110f8d7afcbbbc6ff7e63116e04c8e2dc6fcb41dca7a37d23a0283e0457a69e08932

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
b527f1ac8f2c620a4b882aff527267bb

SHA1
3f61d669684d775db310d2e39f70cdb84b734578

SHA256
19462900c77bcaceb90c4779f525d3a90fd2f524f0156effae032b3285a9415a

SHA512
969e311e0ff51d24083861ab6ce4ba56d5a1ce60b38da99e1362412323f6f4e5cd83f4c4c1939f584e49abdb0a749a9a784bec6fabb1954e6ae6b2b5c96ab483

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
6B

MD5
a9851aa4c3c8af2d1bd8834201b2ba51

SHA1
fa95986f7ebfac4aab3b261d3ed0a21b142e91fc

SHA256
e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191

SHA512
41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
9186c091076c30e83e33ee404a16f5ad

SHA1
ae4bcd811a49c59e71f754089a2dc821bb43d384

SHA256
69e94359de07330ae4eb264a7acd05e5bd6d87f77ebf1e423837a1e3319fe612

SHA512
dd8b02290b9f3482ef8c410b08670671270739966bf484d305088c76deee919199ca2105bf924451eade39a8cd71de0e304678ccceb3996f73ddee5bc95875b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
125B

MD5
ae1707d76f39d9fe928f28562eb5060a

SHA1
547d1807addb05628e47613b4642db76501051e8

SHA256
cbb0c4a37c8fd885dea90b153c45f9bac6fce8280b3c6c44b7dba8e089dd2b80

SHA512
c5f5f5ca64fe1b8510e1e61ff449b3194f5e61760cfb5591015088a51b67c11c9a53cb775bef3cd367970d71cb1b1220fbcfcb68fe39a84d2b058a8033afb73a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
38a35b1a997eab0c2f7d5af75c587433

SHA1
ec8fd9f5fe6c3d93d2ee6356b1bd2dbb8f09c4c9

SHA256
9fc656b4b09e4428011fc6429b957735e8fff55bc93d41ef4d19383e35f61aba

SHA512
0736fa117d563f25084d299d495ed2a68d92e3746b95ba253b2d0d91c00677b4586229dfe10f267274ad032f63df1964919d79483c67bed4bcffdfed0d28e12c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
885B

MD5
b4085c6f65c1fd2163b3c5c7e5c8ab6f

SHA1
8964bcfcbd1a77d21e39bd9f82e0a6988cd2806f

SHA256
4151d44b3f84b681cd0239339dd7baa720b6e0fa2cb3a8e9d09d4802d1987121

SHA512
1ba5309e80dfffe2cb5a4706b10d3f4da87957ef037bd9239268f28fee83f19ca492f64e65c043a8a0707248c49e3f4a812acbb6cdbd1759fa600a6ec8fee272

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
815B

MD5
41c164e31dfb298d228889912ff42cf8

SHA1
d1b9e9e48ac9c32041e81daa9854b5fac74c42d0

SHA256
5f04e02de53284ba60a9a9c179687aa1156fa1c933412baa6c515102c736a00b

SHA512
608f65e8093d6cdaa4514232681a11977627d73249a22554872e838ef2eb01e846578bcd5c239364e5f35fd29a3ea8f855d9bc0239af1e8b913f29673ecf9b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
9616656b8d08229d2722e993fa894f22

SHA1
11feee88a380e9c43bfa3fa52410c975fc9d84ec

SHA256
42b468d3010a86a864e0825d4d84502e7a80a14c1d31b5969ddfd762a7400fd9

SHA512
b8374be58691b609c6e20f48bb380bbc8bf5183c5c9e7dcb3a8aa314f40b69cda8da1072527ef3ee4f0b4fcfbaeb3a946663a028588cd5e17f9b9b907a900b75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6f558c4fa67fc6341f0280ff1938afb0

SHA1
2175559dea235a8592fe7870153f5cb765d87bbb

SHA256
13761a6c465a125ed05be0fe98bc984803f4858f0830b07bf2d4d38836b84675

SHA512
925fbdca9c817ad93e8bf9cdb3c1afe6eb55b3c908751d926603139fce72f64148fbcac9b50c59297f7e5bd78c82076ed11ffb2b2b6fcecac64aae3d45ecde5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
c40ee3d715021a65f1d24c53f54261d3

SHA1
f2d50f1687d9a05677e039189932c2c81ecb1f8b

SHA256
6553da0769c302d5a378c11c2fba900afd74b4d8275059bdcda4749c4c537bb4

SHA512
c4c2a788dd3199610dca307f8aafdd1d24808a6dd42a402512be06cd1729df976bd9bc39a57434df14f6c01791114c5b1dba0f07945de05b0f3a0a13177c37d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c278f9e4b026192d7367b0870b43af4c

SHA1
31cb6243fa70022a4390fdb147031157e6a403a3

SHA256
dfc4bceff3f9d89669a82ad6b02f15d48582b31a88ed513b207a5afe7db583e2

SHA512
35d3a55e9deda4b2a2ecdf78b9ce44419fd77aef62ced221182f746a06ae4d041b183516c81d3dfa072a7bb3fb9d63b8e49efd4bd06bad87dd4092f75aa7033a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eae0df025d390aa96798c9f1b16eeb9c

SHA1
45f8a566c482ac0f82696ee6f5b7f9b77b2183f1

SHA256
f4842dca00e7753f560e9f9d10be082bf5845c33951bf1aee6a844fa57e55325

SHA512
16ca2a38bb3ade008b39650893f2ee8b92505493297bcc4396c8eaf443acde60a15d706abd3d6260eadf9f254b9780213253772dc0cb27c37e5a973c34aa9a76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
ee280c07a791525f1834165fa48cd63a

SHA1
e1104b48b3f32cf394dce87a2bf3301f676a04bf

SHA256
078cb93915b42ae0a553311b459a38336e8e02e830903ce328881f3a6497a20b

SHA512
f2889a973d378d22608b897eba96af456262edf208ae623ab434d15fd118300d6b1b21b90ce431ae872afafdce83792900f237138e43e05d65f8107147987821

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de69bc7acafbf3b2b5303634ec2dd0b1

SHA1
4289cd15b1fd8240fcc0b43b029c3b70d63f7185

SHA256
cd0f0aed7a2127efc2b20dc3026b39b0e83311b170a6ef8271d7299af084aa96

SHA512
c797f78f10890748b57338f37a81b688a49e148a8f7a245a61eed84569d391cb0760efff1605e9eaad71f22ee79f54dd63d474c43288bcb37b3e009627944e4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL

Filesize
36KB

MD5
02d1e3b709a64ce7266c62a5d82c4d39

SHA1
f2f31844bba6f4916cec4dae018ce033422f7514

SHA256
0450669d74093fc1e908fd514b080bfd5c334fcae44c3342a716e3b1f3b10074

SHA512
08ab67025a044d1a2dc8680c586ec8e1df69513d23679c69dcbe8e36a87b1f6e1409e2162e6a0b3283cc103251b530f3f3110942391cbe2c9114d711b3e6b2c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
538B

MD5
8f67beb2a437652d852527c3c5bcadbe

SHA1
c1a5bfa80b674b8db2649d88cc92ad9091c35abf

SHA256
f0e0092a7e762918db43c40deef6d73e9c97797f64a3f70953097c8326dd375b

SHA512
74b714c29430f5c37aa38b0cdf654f11e7428da8b7c86f44fd032c9fb4dab281b6c159be6b07d963d32337eb412b856f80e9242976f012ad02bdf988cc906e70

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
86f8a253cc9ef6e86b912ab2504f9ce5

SHA1
93ed8d893befabdebf3dcbe3d43d1fdf572932b3

SHA256
85db81db95cde151ce51cf0e81efb6b23e4f720239a52d87ff75521759f66f5a

SHA512
9fdd7ab1383c237fdcd7231b2b134d3e5e7735158cee8009388e7f877aa5d355324a9f39ef6e8cf32afb87d5facf37ef8416d561589f3062e46dfe04ff24b7dc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13368762393352787

Filesize
7KB

MD5
27efe931a7d9238cd697e23121d00c3c

SHA1
57a0093b6aba0c22957848fd1da28112ba06cafc

SHA256
e019125940202047a24c2830d5d7304995049328456283fb02981cbf59d9b137

SHA512
97486bb4d6339dae1e9a7e75be383b0f942d46774fd40596001fb53fde3f10ac581db97083a095653773815b9ad28ee5a0374b9a323b0963021057a6efaf2a82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13368762393480787

Filesize
1KB

MD5
ca0ea42f1199cc70ccb20354d6dd95df

SHA1
ff1497b78a8950a6062bdc079fa8d2e49528e559

SHA256
a7c6b575c744be6ec28dad2a9c3addde03ce443c0a6dc3974a5985321c356980

SHA512
6ceb9e81b39e39e396306635533ba3c5534fc3fedf04b4e741965a7efe4dd4e2de029c13ffcdb245c135f975b7ba73bfb988dddc3a45ab69524a53a6ac9e0d01

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
112B

MD5
025653e8ab34da44a1401986bf13d5a3

SHA1
53ee752ccb8d03bb49fbdf2842ef26f3241dfdf7

SHA256
7df3ac40cca77407008ac438e65743330be430e4ee2a149747cbb6fda7400f0a

SHA512
e9f020c4d48d0473809b99bf827d2c4b6e597053aeb1c9f441eafb120e4859e0228be2a389855ea4750110360a97f81ea404fb4565710a5ca4fd5d18feef77aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
b4a400cfa8a5ab86211f1b651aed7ed7

SHA1
50a6d389db6cb79d6a890a283014fb331d328e58

SHA256
558286fdeaa0dd5a85709e7933d965124ae6d615317e66c4ea282cec964edcd2

SHA512
7383446e7dcb414a36bd2a7bd699da1a75f88d75aaf5837f301655c0b5aef42875318e97681018c8aa0a5cf2ebc04a103ae766f1b11cf9d27cde05268363ae46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
b89ed04e8187a46e33cb12d2d9520579

SHA1
8a8b6b70d6a5209acfe50d20e9f7b435e3f8289b

SHA256
98887d6062972058be1fc62611744be76ee350e7e50d30846a5b976ecb5e3ad8

SHA512
04c79308587043b77f1ae1d8fedfea5661782a53bf7b17a2cb86fb8c13bae2966a6ca41092648d35aea1b2f75273f5409d264b27d2ded9976224453cf8a841d4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
cd3d3ff3e169ef8d1eb097129acb8d73

SHA1
4bdefa8676cf5a68739487971918b8f5c215c848

SHA256
82e249004920420467094d5b745994af35a007e3c621df24200fe9c61cee19c5

SHA512
49a24af0dc664db03e65ad156b9a228869f16788c62d23d9ffc3052106de807bb9f7a224ec6d6fc916c808f0ae41538165591250390ff9b9b496b552146a835d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\cec9113a-39a8-4a95-a089-1ed15468410c.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
6b1603befe1a77e5fd0ba5d0bfa5df72

SHA1
6f85540f4087f37b6804a2fba453bf058f64279a

SHA256
03f229c67bbd443c207a7a19c7118eebf3f7d06c2960e79c36be303a4b51ea64

SHA512
868411074e48743451427c5230c249d34423e3ddbabcc7be611c48bfd2ecddd5e2ea4ee550876c565f84b9bbcba8cfda213ad4e41fd495f7a0db06309f34190f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
fb8549f2b12ac1e867513dafa9560e73

SHA1
155d1721273c5e7f0d9f1a91a013505760527a94

SHA256
596266f7645ef03dae64070ce851c6969725854b921b341617bfcfb034768fa1

SHA512
09018e63d6b234164a279e1255f4afb75ab31e92399d9394f89b431c8117e11a494d903582d3d46ba410bd9ac0bc199edd2c4d3692d68ab83f031cd993dd821f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
f510457e8f97a77c67b3fadada8f74da

SHA1
3c00a1f1a77e19369ea61fdf5185a9f7feb58b9c

SHA256
038ad5cd72f451fecfbc1b5928e8921a35fb813c0551e662ee85a2c995b792bb

SHA512
3d68b79d3a6772b6631c32c393b53097f7e58db5c597f62821b32681e5d2544841c6cac9b4051bcb3ce1928cdb861babb411d2fdd521f0e25b2b809dfcb43df5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
96691b7a89e0b93a6553fc7a2890f2fd

SHA1
4ad95cd74c77ead24029b60d37ea675b9bc2b09e

SHA256
bd50f5d006ddd13b0f69589d8124832b62be117891a3054cebd1fe52cdc61fdb

SHA512
3be2443e2a590b06ecc3e7843ea02e1240d57646529032689cafa55a3ae7837d9fdf1701808e74bd9c3e33854334434485fdc5e57c62feecef3a89bed90edd1e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ef3440b65253f4e18d047f00d59912c1

SHA1
e2d85e9f26977d41dc15978b23d6cc2fce6b40b4

SHA256
15fa559ddf3a163f5af00f9cd474fcb80f06fe6f918ff1db49d67eba0f4080d3

SHA512
f2bd1ed53dec98d4b4b2d55c64a52fd56978b66d55db239a7e6ee805ed1e8e520e39757a70d530df40877b15432bb3b8428ba136cc9991bbc46cfb8fe4c3eb0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
dd5912d31e5376bf66af33364aa8c753

SHA1
a1769a08d768dab1781f797fdfb73b87b324abfd

SHA256
e43da6723d55c871c7c16ecedd0ad2ed44f69575a8d0c65407e15fd73b896b61

SHA512
f1553767908b784cdb7f2c607c387f86444ee118c53823bbace90c9b5ba832848d872ddce06b0e36bede44b563af4441a1e856624da37fffc475e820d1311c1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
ec8e07f76c06d2991234469e6720fa51

SHA1
0db484e293c77926f638b37332cb246a0f46d01e

SHA256
75cf7537e97c2ea8d65efa4cedde276c582e50ee17c450b67a82a58eae1bc1d8

SHA512
961ac2e5034a49fa377864f768f7bae116119994338b4c11017f6c663c53f2c2fa6561541f2716b4ee6a3151cefc545e676f5ba6a109d99cdc4e60e8e20ab9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7ae7b0e8e9d4013759d00036fe9d699f

SHA1
60db2a7d65b4dd0dd5d0ee35fd271f6ffb839b86

SHA256
22c2ca2842ebc64c65748d0711f06652d800977cc374dabab3981e6e64ea5134

SHA512
7ba9d0ac96e1bd01ee15cd8db784f396474d412b5cabeaaa054de7a2f7905ec1003e7af1ebd0e58634f195375dcf1f24bde754530ca1d0f9c244b2e46462e2f3

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
41ce6cd728e8893a0387cd1d5aaf201d

SHA1
c6c5257c73d52968b03fa7a332f61f050229999c

SHA256
c6ff6212cd4c01ff44605a8339568c3ed2b9dd85c7956873ee9db592e24b654d

SHA512
73c40effe3fa0c521cdd5347e85ac142666a5a7b982d96c80f4c08c079d2f5a8d58c12644af20f27b8480040eb74b28d0696be16fc9566c02bf2d60d08839c27

Download Submit
C:\note.txt

Filesize
218B

MD5
afa6955439b8d516721231029fb9ca1b

SHA1
087a043cc123c0c0df2ffadcf8e71e3ac86bbae9

SHA256
8e9f20f6864c66576536c0b866c6ffdcf11397db67fe120e972e244c3c022270

SHA512
5da21a31fbc4e8250dffed30f66b896bdf007ac91948140334fe36a3f010e1bac3e70a07e9f3eb9da8633189091fd5cadcabbaacd3e01da0fe7ae28a11b3dddf

Download Submit
memory/1864-426-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-419-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-425-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-424-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-420-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-427-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-428-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-429-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-430-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download
memory/1864-418-0x0000015469020000-0x0000015469021000-memory.dmp

Filesize
4KB

Download