hxxp://itch[.]io

max time kernel
471s
max time network
448s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
17/10/2024, 11:47

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://itch.io

Score

8^/10

defense_evasion discovery execution

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 5 IoCs

pid	Process
1212	MEMZ.exe
564	MEMZ.exe
436	MEMZ.exe
4748	MEMZ.exe
2148	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
64	raw.githubusercontent.com
116	raw.githubusercontent.com
56	raw.githubusercontent.com

Subvert Trust Controls: Mark-of-the-Web Bypass 1 TTPs 1 IoCs

When files are downloaded from the Internet, they are tagged with a hidden NTFS Alternate Data Stream (ADS) named Zone.Identifier with a specific value known as the MOTW.

defense_evasion

SIP and Trust Provider Hijacking

T1553.003

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	msedge.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Command and Scripting Interpreter: JavaScript 1 TTPs
execution

JavaScript
T1059.007
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1287768749-810021449-2672985988-1000_Classes\Local Settings	msedge.exe

NTFS ADS 4 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 370921.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ.exe:Zone.Identifier	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2984	msedge.exe
2984	msedge.exe
3596	msedge.exe
3596	msedge.exe
2104	msedge.exe
2104	msedge.exe
5112	identity_helper.exe
5112	identity_helper.exe
4688	msedge.exe
4688	msedge.exe
3448	msedge.exe
3448	msedge.exe
3396	msedge.exe
3396	msedge.exe
2636	msedge.exe
2636	msedge.exe
3776	identity_helper.exe
3776	identity_helper.exe
1360	msedge.exe
1360	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
1212	msedge.exe
4984	msedge.exe
4984	msedge.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 43 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: 33	4112	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	4112	AUDIODG.EXE
Token: SeShutdownPrivilege	2148	MEMZ.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe
3396	msedge.exe

Suspicious use of SetWindowsHookEx 21 IoCs

pid	Process
2184	MEMZ-Clean.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe
2148	MEMZ.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 3276	3596	msedge.exe	78
PID 3596 wrote to memory of 3276	3596	msedge.exe	78
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2016	3596	msedge.exe	79
PID 3596 wrote to memory of 2984	3596	msedge.exe	80
PID 3596 wrote to memory of 2984	3596	msedge.exe	80
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81
PID 3596 wrote to memory of 4364	3596	msedge.exe	81

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://itch.io
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed68b3cb8,0x7ffed68b3cc8,0x7ffed68b3cd8
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1996 /prefetch:2
  2⤵
  PID:2016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2132 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2680 /prefetch:8
  2⤵
  PID:4364
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
  2⤵
  PID:1368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:4948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5580 /prefetch:1
  2⤵
  PID:4336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3480 /prefetch:1
  2⤵
  PID:1900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5240 /prefetch:1
  2⤵
  PID:1896
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5980 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5532 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:1700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5328 /prefetch:1
  2⤵
  PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
  2⤵
  PID:1380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5984 /prefetch:1
  2⤵
  PID:824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2036
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5404 /prefetch:1
  2⤵
  PID:232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5968 /prefetch:1
  2⤵
  PID:2660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5604 /prefetch:1
  2⤵
  PID:3816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5452 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6488 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1988,11366181968902871083,11247921719056842158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6592 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:3448

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2196

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
PID:1408

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffed68b3cb8,0x7ffed68b3cc8,0x7ffed68b3cd8
  2⤵
  PID:1144
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1912 /prefetch:2
  2⤵
  PID:5032
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2496 /prefetch:8
  2⤵
  PID:2728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3160 /prefetch:1
  2⤵
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3256 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4748
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3492 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3292 /prefetch:1
  2⤵
  PID:4740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4932 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:1
  2⤵
  PID:4672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5208 /prefetch:1
  2⤵
  PID:772
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
  2⤵
  PID:2256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5164 /prefetch:1
  2⤵
  PID:4852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4528 /prefetch:1
  2⤵
  PID:244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1344 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2912 /prefetch:1
  2⤵
  PID:5044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6524 /prefetch:1
  2⤵
  PID:1872
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:2820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5564 /prefetch:1
  2⤵
  PID:3680
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5080 /prefetch:1
  2⤵
  PID:2516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
  2⤵
  PID:1596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6584 /prefetch:1
  2⤵
  PID:1356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6868 /prefetch:1
  2⤵
  PID:5008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6940 /prefetch:1
  2⤵
  PID:4712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5420 /prefetch:1
  2⤵
  PID:3836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7124 /prefetch:8
  2⤵
  PID:1308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6584 /prefetch:8
  2⤵
  - Subvert Trust Controls: Mark-of-the-Web Bypass
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4984
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:564
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:4764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,12883220385013210670,15300340248723967686,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2712 /prefetch:1
  2⤵
  PID:992
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:436

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5080

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4216

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /C "C:\Users\Admin\Downloads\MEMZ.4.0.Clean\MEMZ 4.0 Clean\MEMZ-Clean.bat"
1⤵
PID:32
- C:\Windows\system32\cscript.exe
  cscript x.js
  2⤵
  PID:1460
- C:\Users\Admin\AppData\Roaming\MEMZ.exe
  "C:\Users\Admin\AppData\Roaming\MEMZ.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:1212

C:\Users\Admin\Downloads\MEMZ.4.0.Clean\MEMZ 4.0 Clean\MEMZ-Clean.exe
"C:\Users\Admin\Downloads\MEMZ.4.0.Clean\MEMZ 4.0 Clean\MEMZ-Clean.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of SetWindowsHookEx
PID:2184
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=is+illuminati+real
  2⤵
  PID:4396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffed68b3cb8,0x7ffed68b3cc8,0x7ffed68b3cd8
    3⤵
    PID:3848

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x00000000000004D0 0x00000000000004AC
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4112

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:4192

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4748
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  - Executes dropped EXE
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2148

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

JavaScript

T1059.007

Persistence

Privilege Escalation

Defense Evasion

Subvert Trust Controls

T1553

SIP and Trust Provider Hijacking

T1553.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d30a5618854b9da7bcfc03aeb0a594c4

SHA1
7f37105d7e5b1ecb270726915956c2271116eab7

SHA256
3494c446aa3cb038f1d920b26910b7fe1f4286db78cb3f203ad02cb93889c1a8

SHA512
efd488fcd1729017a596ddd2950bff07d5a11140cba56ff8e0c62ef62827b35c22857bc4f5f5ea11ccc2e1394c0b3ee8651df62a25e66710f320e7a2cf4d1a77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
03a56f81ee69dd9727832df26709a1c9

SHA1
ab6754cc9ebd922ef3c37b7e84ff20e250cfde3b

SHA256
65d97e83b315d9140f3922b278d08352809f955e2a714fedfaea6283a5300e53

SHA512
e9915f11e74c1bcf7f80d1bcdc8175df820af30f223a17c0fe11b6808e5a400550dcbe59b64346b7741c7c77735abefaf2c988753e11d086000522a05a0f7781

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
503ffd457c7edc2ace2d27d8211f6dec

SHA1
8c10264dceaab03d7240f43f920ebdfcb523ac5c

SHA256
783da02aa771b285b91f135d954e8ef36783b1f74fab52d1089233a72e9e72bd

SHA512
06067bb822525c9b4550ed3a47afb0815737fd641a733cb432107ad190c328f7c665ea4014b6010c4abf9bedfd15f24b21a47404e7c708f2f6cba156b6d68f64

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d46a9a5d2c480217dfc3d117d10f277

SHA1
1dbd8300090a9e8979c044137b8b160314726840

SHA256
e82eb1f31f70f74dacf2f4f4ac79e72416140c66ecf139386bb783f74c68bb63

SHA512
5353c88a3672c47bbf761bfa0eff3f217393b957b6ef4f33b9901dc63f991fd5130ec087f81d71e729add0b01ffec8dea8793e003d55f040e39846b786f852b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
50e91077bb1fe2445fcbe8c342466d24

SHA1
cea7c7b5704f0f82a5f8378923e83f7b894d27a5

SHA256
f208edc96e34ca28ff5a80fdf0303424e5cebb97ebc8a8a3dbaf9bb6d049c799

SHA512
3cbff56b2b619a26e4cd53b8ed61ed43fd75b9feee013dc865d8c2a1c7341bcf09a056f3692389c6ddb675b36768ece52217713b1949ad3307bb7a77b660a5d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
1316111235042acb4182de9d64bbd52d

SHA1
92625daa7f3242da7f995be4d0e811ccb22d688e

SHA256
1699f401d7b68654b8c3c4b12b42e0b544bf5678bb387de0ef884e453c467a01

SHA512
f99252e9b1920a95e05445d4fa3500b212773941bc236d608b8e26c6b502bac7f8c04f3ca545e878b85d4a5fb68fcc487708d00977d44be9589c3a0df2cddd6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
f083a568c0b2b553cc7304467d6f243f

SHA1
68e027aedd0cdea2a09afeea5a5433991410e43d

SHA256
9d7da35af9550f238b7088d7c373f0570974bbbda471989b87dcec3d74e71a04

SHA512
f9cf5ab3e9cfccf03992716f6e1c84230391c530434f83938063d150f52dfb9ace89034bbde72a824268743785e7fd0354b4fc77023baaa3f013ac4e35705612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
0959a2c641c5bf3ca38d0abfa1288602

SHA1
1df5de293f87ec7016aa3445b5493746f56f8828

SHA256
1bee5c8d2692e02b3c360996237caefc8d6bcbda919a521c387ace6d6a4697a1

SHA512
22bc5811d7da9756d5ceacddef5db9b7b66fe3b56975c982ae1df833bd100ab587e02bdc0c83465ab852c2c3a21b5956418d28fea06835de969c4ec48d55f943

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003a

Filesize
215KB

MD5
1585c4c0ffdb55b2a4fdc0b0f5c317be

SHA1
aac0e0f12332063c75c690458b2cfe5acb800d0a

SHA256
18a1cfc3b339903a71e6a68791cde83fca626a4c1a22be5cb7755c9f2343e2a5

SHA512
7021ed87f0c97edc3a8ff838202fa444841eafcbfa4e00e722b723393a1ac679279aa744e8edde237a05be6060527a0c7e64a36148bd2d1316d5589d78d08e23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
87b2f27daefef3c1f939f8b9cafd3555

SHA1
b938b64fe59d071cf179662774df2a495d988178

SHA256
30e4a65bf94c2012ae246508960c0e413c6df773612ca1a772fa2e8e388ec858

SHA512
695e337816bd3c2a5c521971ca54205d9eabeea14a8d6577c680e9cfc400793dfb03a1e41fcc87b13b8e2f005f2acb193b0e0d1107f73689b05a8a026f38e2ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
2d362e2142ba4a5b910176638578b2b1

SHA1
415802adaf00a1a1badcfb49bc9ba69063b90875

SHA256
9098f481105895d6e94fbb8a886552990acc6b939eb00d1796ea6f2b06ebfea4

SHA512
0e00f0b085bcf2eb8fa78adf49cc24ad656b4ea671685a027487781b1a17e70fb008e45a7d69a345bad454527cccde77a5b0a200de51d9cf1f35feec11ab8528

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4c360fcce07244cdac2847ac776dcf02

SHA1
39cab42049a6319d6a59772737fdc44fc53c8e30

SHA256
eba77989a1e19637a1bba21320c34bf36d5ade041618fb035164796bbe14e3b8

SHA512
8a537948cfc9e877e9cca5d7faa25a96f699a48b66ff00c23ed4aab71c8471517e7545defc2a7e5c41b54411c4498e3b99f582752675412cb59e235ecf1d1fce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
3KB

MD5
b2189d51af143cdfa8aa4ef560555690

SHA1
79490133fff7f5c62b74a2324d5971efc39577dc

SHA256
ebade17b9b8f6776af0ca3482c76cdae59c2c7a677a337fb1b42975484a84724

SHA512
5e4e19eeb70e4aac0e7db219c00e98ca2a19f58c1ddd15e6e12309c54c4034fe33c5bf24de03dee055768ff3dbe929c053fa6ef4cd67bdfa7a1952e2c66bff0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
15d12bf2abe4e70406b20bce144152d4

SHA1
2a87a42a94a1259f0c41d34de3f30e0ac0014daf

SHA256
a01bf7bd02854500b95baf141fb46815d73a5df4cfbdf981539c93616b7f8690

SHA512
dbfe3583f3755c51d66246d7064ca46c5a7b5505a5ce2bb71fb1254e7ba8bf96dd03591151bf356289dc4030cb4ffe7d7480cfbb9737ba0ba7ade9c73812bca7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
28KB

MD5
23edffde611a0d87ca13aafcd83293c5

SHA1
a6ab731fe2871ef58a12f5527949344682aa3230

SHA256
da70b7a47f864dbe97f33b0f6120fec3b7af41429b595dc7bbf9059a7f4a0413

SHA512
2ab3cd509d29687d20647f4d94f23d6ba5b3bf7754fb64206b1e444c84c5fa681d1f3688d66290fff4fa70f5b7bd895cafbd6a4bd59f4925a09c8dd4b2b14d78

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
28KB

MD5
e20fe6d6e859f0f6d75a88cf65387f28

SHA1
f1d7513ea96b08ec4610960f66ef82fd9ba564d8

SHA256
561ec9bb6bd5c8f031d09ccd57a2e4a5738d9ec4a914887d88a3de8fa70a42ab

SHA512
e64c44c1dee62bd7069cb21606f37fa71bf127e1b6aae73402662a72b4895825edf5c80d088519f689ac2c9792654b96ebca240f8354ac2e22ed2c863b983e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
b2f98743bb01f34cb1b5982bb81b5793

SHA1
8226b3ad4f93655c6494686608a46c0a5a3c6197

SHA256
f6f7ad7ba2d179cc7cc5ca52ef5c53302f153bb9e718c05a450abe3aa777c4e5

SHA512
56e8d9cb012673400c98472946fabd846a5e081183908d2e9fae6f43f2c3d63f31d4c69956263a870d1fa06bdc84b535cd853bee443601464ae7b3188f8172c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
116KB

MD5
99998965ec3c8cc9b343d02d066b4930

SHA1
f2f75c62288da2e054e46b862ad86d7c78898f6e

SHA256
303627d60b968bbd44c059fd41b0126b76605e6b76f087b24aa63674d7720956

SHA512
e814c3dd0af06d42b5f8db3f4cb19e4be78209b790f012835b9e90b79279d95ab91ccfb89da9c078909eb1e856600afdd6ca4cc90ce943640e9a281910a1bb1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
81ec4c053ba1640a74b3ecec505029b6

SHA1
8b2e45add16cad41ee9a3cd1530bb14248f44c16

SHA256
3bf20b822e30c38b4db6a7d8b67d9e2311f1e19f7eec303b9bfbece55f24f0e6

SHA512
8fe73578ed43dee5ecb1ec268309a6741c3fc0b474fb2d0d5de1b2e0d01a0fe0dfdcebbbef8a92bd3ddf59cceb2e58e47362260c5eb743528c3b19bac5be33d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
11KB

MD5
1678ed4aab56c3309a770a17edb88052

SHA1
a18aef1414b10011ca3fc63889e0274d24e783a6

SHA256
396fef9418b67819f9734037ebb8c9d5165bc379d2a40851186d8aff7b7bbb31

SHA512
602d5776fd93cd8df3afd7cd8e2fe339a0857e8df53fb40fe35d9218a14b8b74bea9ae475bbdb93b8cebda3b857a59b727ae7b3811498b26fccccb191f1fa3c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
9b2f96812c5aa3497e51c771711b987b

SHA1
10d0739223550517ab8887db53dd5c0ceeb92d2c

SHA256
f9abc0fa125cf893587718e1063c62534561de31f520ff8157de6b02ef44680c

SHA512
010e893562e2b9e05da5b5bf360cc529cb319bfce5c62fe3c155bcdcd6aa851bcab679f2c332f3c72664968fb7199257b809596f406a9adf4bbcffa21e7d844d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
d53daf6c41a68a7e9ed01e9a18e4d754

SHA1
6628b6c727e217551563b19f6563b8b6898b73ef

SHA256
9b68491f8741da3b971fb4b05ea8a13838a2570257d2ddf76b9e3b1cb5ecb9e8

SHA512
a349aa3eb40f206be2bcc532f857e9ac9d8f6ad4ddcb299cb8d5e9f5e564ab13b06dd3e548116c85ee6e48b185c4ddbb613c7195f49ba00dab9d7379867ed035

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e26a183829f2ae20ccf53bb68a2c9405

SHA1
edfdc1082253c0e21380b7bd383d35c5d43c1ab7

SHA256
b91fd4d4f3420927db4b9c61fb78f58b33b14d4e863dbc22a5761a1f5aadfdc3

SHA512
5ca0ca534ab5cf19449008ba4c85ada89b66b67a940a59248e89d827a461e2887fef9b442d36bb67ec44b66f6d9f8213a3aed862b9518afbdca4bf2f24c5177f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
88030399466804f1fdef6a93a8f7a58b

SHA1
71e67860a2c30f29db31270bffac0360e6c1f4ea

SHA256
37a7ccc00cc4b6734f4b275ec91293ffac83c61bcbe54d7a8f7afcc211bedbb9

SHA512
c973ded659a57d4955ced09be154c6a655397cfc12c0ecf48394efd1abab5358ba37e32f9ca986bdfce18b5837a711bc3cba499619259d988b89b3de1226bc53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
862504a04294d921291816b89f6e2ea7

SHA1
cbf4210bb1b9daafdd97c28e61700c8c8d735c8a

SHA256
a37cb2013d7c759de3e5ee1cbc4fbd1028b3d32cca83b8fea878e288dd1604f3

SHA512
ff309a03c2c38c04063675e28c454e4fba2e9af04721ee9575648d7b040046ba555743f36f34670ef42bb8fef6c9d6a81b6467bc8371d56fc0b06b2eedf015b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
88988b0218cae5402db9e192569d1106

SHA1
d5ab8703b68012b9a1ec1c5cb946586d75566e57

SHA256
67f9a62b52e82cde9d2a0846a5e228bbb828dfa66459b9e95c3455438f228c0d

SHA512
6f018f5c76a6aaae26299b1fd0a354c77b3a185f7275b8a172cd8d39accca9b822ba9a9d89637f2fa084e15427d4c2dd811e23069c60126b957b64488f18d941

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98cd056faa2b3e8e4299b5a37ec61a52

SHA1
9e5c923b75c9994635b514621bd2d61dbe8115cc

SHA256
2b920b6260af1399744135dec610d186af72c00a756540f992b80da099e6448d

SHA512
3c7318b49ed01ac0bbaadd855ad42c1727fb3d0cd34e808bfdb1ad15d89083470c3022f71f17fbde553b0479ba6213a1ea1c0cd64c621676e382118748b4f149

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
8689971bd189d56e9de36a4852f7b1f9

SHA1
554456b4692e29b3e950826299b4a155338e5d21

SHA256
5b4333edd8b28ba42f3f16f1ec30a4c50230a982bb2a435b2783c7748d2e615d

SHA512
eae473c34d6002b6ea1a1f07c51467bec77e790ad8d0c26c007f86cbb0eb9e3eee0ae99cbf7e63ae4b8bd10bfd9c0aba5b54016c285f3d1f42bc2d212faedb85

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36bedc66586956a2ef1e20a69d1e8b83

SHA1
3badd451d2fc309f6eda2c93f32765b71ed97610

SHA256
e0043ca39e4590d251485daeeb37a9e42700c3231832d11f9aeb107d0e70d0f5

SHA512
a7a4539683108f99ba068d9989bef3dd992f36ebeb1cf6314212278cb022e62557fc6cca5b1e547d502c49981f92ad791d9436fe569632b91815d0411c22fd23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f28a198afd44656af7ab0937ebb2be86

SHA1
56aa0aae4ea525f82acd77a96743dac2ef350ff5

SHA256
c4f79d9ba8e2216a6a612f3b1431621c296b3cade33df3c4e97e308c2ad2c807

SHA512
77f2cc4af1e10a4826b00932f23fb410d50413f5f3be7e645b94c2e256a5e9f75517538a731de5cb3bef7ec3727289f3cb17e2edeeb603429ae7e637c9045526

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a708d7df17a6a3d6a6fa79c323d565b3

SHA1
e684a4068b193ae8d6c623591939b91a8c0e977d

SHA256
625a40e94dba812580b1d7c0481e187310baf90022617df5181f49d3ea206741

SHA512
9e49ecdef787632923448430599d640e9070133c6f25f4823fdd4310a14a7719dac7e2cddca6cb252e965dc421620204ac2a39cf834244194445657b16d48958

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6adbcd55fa9e49cac1e09e7e95cf4db7

SHA1
3304ebb025927be691ccab53dd1ac3e61484ba1f

SHA256
649eae3080040b28520500134a78d763e2f3a6c799e5c35fbbfd820af629f9a1

SHA512
2704634f49249b44b6326505e93bff90151f37151422f94e484e98ef0309a0d2275885bb733f140a7ac587eeef62d2cfaa710c3ca3a425ad39b4e4b6c12436d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
76413280a44f50814d7b12a4d3a1ffb1

SHA1
4ac1779576a249a2eb1513640db6a7b865f3cebf

SHA256
0ccfbbe8207bb23c0a2037022434350a2bca3795500d232b7117f1211fa5a217

SHA512
e580611f534e2a374b421505a514ef35848e5e1526b97e79bee5ffef12dea964bec14a084541f98e9e6ecd56d0c2f25c2d6db39501af8ddd6f4fed1d1e19e303

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a314d9e88902f18ed5506e70be9c204

SHA1
9f0d44ad4fc944d51911a07da13bb5c66febf14b

SHA256
03f6f7932d5804cd167d6f97fbafcf23e2cfb39df0171eb8ba103e2f8b3e50f1

SHA512
2aa56f93b529d2a6cb295d274baa4c78a066eb14bd6d0f6c63bdf1c83ae1644f10a341a01ac500cd7443fa2e3a5957e659d37e9b95e94ef5adf3ccc1f2cb0b03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
96477df972cd8586e400ca71183744b6

SHA1
95451a532993102ab32c931b3cf8d569e26b1a50

SHA256
2c9f8863988734695c0836dc96dbc1d3db46844a03782f67543c809cfd4dbd87

SHA512
c69c6039a6649043e64d6eef04e3039d4c3c7b1a781f7b9b475c46d85765825e9dbcfba4a15db501cc2efea406c31f144d9fbb8bcde2831d826c913375df7575

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
367d05375b7c20de16d741461f6528eb

SHA1
61095c6f2868c8ea31dd42f611c5b442000d3954

SHA256
78d47b58d2f2da75b9f6a74c5428c5d23200b8b87adfda72f208dfdfe50d2dd7

SHA512
22bfd02eb950c1ae00dd224c7652000be4c3646de48ae0fe2f71b8665ed4235219a58f9e08d25496eb7ca104cdea048dad55513bbdd60fe97fe83ed82c716ce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
90ebff8c9284cd28a294dd614d917bc5

SHA1
0f66e4dd39df4fcf42770d74c1e8e1f4e69e185f

SHA256
939c6dbd9343a88f8ad01e0d7032a51357a505c0752bee6c10e084c1d12f20df

SHA512
21ec857ba7678e3939be7dbabc2f69e0046302280833ddb86036c0764c7d9fec7ed284a0478cc11ed1e751f874322abb6527a0422a6cc2d0f2e3b465ae351909

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
4fb7d7b56479a530f3c50076e986f228

SHA1
8da29ea30af7a20834261cb72fc67bf217e5c55c

SHA256
8a586ea769615fd205b31155bfe207dd16b0550f8efff5e9effb4d7698a11f00

SHA512
dcd96782c8226300c367997ec4094c7d8eac238237af98a4b30cb46fcb6db9c87cd2db32b090f1f3c60145ec9f591c436cc1789cb95dac3b8a674ffc8ab58f8f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
809B

MD5
7c3bf50b7b56e1169edeab066c125746

SHA1
eb644cd65a7c73d07e523c129ba56c341b2daf48

SHA256
c484a985c6beff4956386fba064c53a69c5c236f1ed5b5b967ee1e2e8efc7a48

SHA512
148d84b726bf48ad83dc9809f22f2a31520da92966cd640d2b15cb7c8ea3d9c11318e0f31ece202e3caafb334e3933b1b0d758e1e012636b0fece2191d5c3c12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
8793f7bb70331dd00542872da8d10771

SHA1
bd662f9bc200a4f3549b190d3825fe39067685fd

SHA256
6bee92af994f371a50176bd53492a91dbb5b1d21983738df528c555c97c264bd

SHA512
8ccf72b232efad4fe10175735d368b06fbefeb5d5733d0057ba82292fd2471701057b8d1021e2e30a5685f0cb1baa6efbb57ce4e4f2b37adb196ce58030ff5da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373639288294191

Filesize
12KB

MD5
fcaf454bc09db92143ca0497a143ae22

SHA1
3486d423b7b3f0d4ab79c263d565981fd0ffe753

SHA256
24a6cfac3df01a203dfb42a82aecd2c86cc1163007b547764e6eacf0b8caf728

SHA512
0d9b2b7553295d0d7006f9e2a0348e42f3723c561252ad6122f9a20aad77698685e1d3b5269bdaa0a1d7f2ceeb42c30d6d5b7a1a9c96eaa9c51105a5f62d98c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
256B

MD5
4e9475d48f0f35da6931cdd68b7dfae1

SHA1
a4f18c72deae6a46ba90b8da992708860522d047

SHA256
3ce05f1566b488de30ee4225be982ccdebb4f48e0ad5e4129369ef247d8f0622

SHA512
7649ad4c842bb7fe666cd59b53b31ce42ceec7a4fa3c2864b8bcb5291bcb3b0fc2b44bcf3f779ee9b84b864cf0e4f13960c9799bf1a886ba723e042add7416be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
0e50981e33a27be886676d20b676ee6e

SHA1
7c6a0faf5a1828d7bd31f140a699713ff71876b4

SHA256
0872c5bf9fc97e75905495b603ad2b72bce299f9cc84aef5995941aa28ef5211

SHA512
dcf8a0753cf3ce82a4eb97a5e27d1b57e28c3351a59e1ac2a88365dbd6ea472fc345f198d0ef9822f09edc671c58eaaa8e9f26a005a124e270e87082fe0bf93d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
1110fade0008476f94fedd30da69c176

SHA1
4234a2c30ecbd5335493e17f54caff843b1300ef

SHA256
cbe01c1e04af8cfd5e52057d98d86d0812c0757126253dfb309f8ac2537eceb4

SHA512
77c49ad7cd58815f6192baa5bbeb114a44968a2b51eca102bbe4ab580bf0097c4e4b7108b932edec47e0859d2949dea0c0e5a6145c48ac026ad9f5b36ebda8d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9405f409d5c9b135f9fb8e6a2c26b9ea

SHA1
688346172106a30b4f8fcdcd29d07c797760aa5e

SHA256
9c4ac28138759f899e20d937e3b2f328ba83fee6749a4d67c4e4f3bec4be435b

SHA512
ee9781f40bf5db2936face782eee37f1acde34835204da04d5170d8ac688d57a3d819e53f9a0fbe35f1c4eb14b325902088b27f2e289f9c61ed0d56625db55a2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
041f9811d7f2f94235afaa84117cabad

SHA1
3f893d20ace613c34b4ec5e6acfeb5112bd6351d

SHA256
e5a22ae92d64c075f9f75f7c34aedbb7d03f4b70297868dce642d5dc880bb2f7

SHA512
850eeca96c79667edb1bd0d026e2fbc5b8c40d043fd2dbb19dee90d8eabc8ea2b42290aeb04f06053950140ed72f42d3f5c8504c381d8b9640af52ec35d21c35

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e96a9c8b4aafcd8061561a64c220d3b3

SHA1
88a603ba586e549cc9e49e8c640f486891c59dbb

SHA256
79723eaf9f2311822013cc298d9f9ef61c7da72329b8da84b730e088c25a726f

SHA512
7cf773f32204cca33d15c4fc0158a4198bf63c435fd01c25aacaa83e9f81f19e482553f5115ba9c2f550a794d38f2139fe3d6e0a31cfa9ec2ee5b69c22bbc333

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
24f260435d9038117c7f24aa7ebeb791

SHA1
cfe1085529770fa12430ba4f65333eb03ff899b4

SHA256
caa158a77a511ed9297d0e22b205ad78af6d9cbc342b01a0ddbbe88f7cd42454

SHA512
a47d96d6352f983870db61911ae7210fde3f2c1dee9b50a078e85720e50b3d15ca88f624fc29c2bc44dd686e616094c071551d4fe731de811cbb60753840972f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
870ff34deaedaa24e15855e12f29fbab

SHA1
43c06af5fb738d59f3a9513aee7547de952d2ee3

SHA256
57f8ea22d00dd881d4184fc79c5257427861af73a232f8d950158e360be8e7c5

SHA512
3b69ff63e6d2f402455614a73f7e2acc38b1280405853ccf6ae6b355995b742557baa1465f92f60f37b2c7ac8fc0258b010e2e3ea239b2e0f9585508e42f694e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6cea25d3f779645742a10a207247582e

SHA1
d1911d7d409778536ca7e7b1ce5c4f1770a9f63d

SHA256
6ad8a6b3da7f7dcaf8c646a07b0a74e62ad4dad386e3cd127e90c1331480ca99

SHA512
e6ad234f3c6a9c74182a21ae4f609c37887ff1983cb2a70c9074693359fe3f4934b1f46ec1267342497b2ada7d47cbf899dd79107a6e6e36a17c1fac312f75ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
6ba65685e83e3b9b04e980531bf85dbd

SHA1
260d02146fc1605267f22539c28879cd7b4b6d2c

SHA256
bc641a38fc441887b44cf62fa95d48f9a9d22e84089a41cc3dd2d35e29851f62

SHA512
728b03363df85c98c1aa7d130bb54cffb216c769a9a5574805c9c537fcdbf6cc443321bc46cc3f06065b1374d7e834fd663ac53e3f6d64665af6bb7987d43886

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
091eb4b3bbcdb70c81981c9e5bd7fe34

SHA1
72404d5e3742d8fe840e328758f966086fb339c9

SHA256
74fab451f287ba9ad8f45d49ded52a8612c0e64eed34226e78fe7149cd5277ee

SHA512
4cbe452c4d93874542abec30ab1e50412b9859ad91bb7ef9664ed72bc5c74d85898bb17f748cdb06f3c46b113a1bb82384fd28573d4a55195902e19b3dccb8fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
be2b5c60b1fb6e12993d45cb4da25e0e

SHA1
4ee83a8d72059b33a60961a19ee4359701fdd49e

SHA256
8d9f8f4d898b2613bd27f4587cd8e78c3126574fa3ce0a0b72053113c66ce8a8

SHA512
d17fd1c1d75bb0a9bdb0056ddfe737b18b9c3f4b76e3d9f41d8bb70395d5bfb5af3fab86ad1e14ed71b6668ae6cee04601e5ed76f2f9f3272cec1050cdb7f5ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b950948073b2ade54a0c50545d61117b

SHA1
b015077713a8b0f8c89b2b148784eff8a4c8d127

SHA256
9fd2845cfd25df2f32a1c11ef55de462cf041ae83cf7d1608b70dd20116d57ab

SHA512
6fe9231c08821ebb00f45be8b3b4a2cbd8a1a1b803e51f302261d96ae320a76eda92c9c365600c57a85e43415c52dd339df1dcb90460bcb1b7bbb6a48c6b32d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b32bfed3743c4c30b29aafe138150120

SHA1
8d32cfa32b99c32ded7feed0e5e53b2d292e6bcd

SHA256
9b0c72e37d4706fb805a646c94f7f76cce6bcd38668853d6122d4ba1527fd9d1

SHA512
9fb332172af65de166473e062103d58a3b5752d50b0ed1556f1fdf2d44693f1cc1baab8b83317badad6b8e1f0fcb8952a61cbb32bee741cc02ea504a9f7c6c50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
441826e5e1b3cd678d0eed583ee1b302

SHA1
5d43663ec3d1cc00e31385f702d0d8946b86f783

SHA256
23314a4d92e051ebb6a68e26aba262546ef3d4ecbea7841cbab806f34306a0ff

SHA512
55875952cebb580b256a68de294dbec74d4e733f2eec6c61682eb189a57db0146ed43c51111223ea4d6d881d1697c1984561c24db7976a73f1f0dc4abb1a13ee

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58119f.TMP

Filesize
370B

MD5
1c4ac90135a1d2ae709eea2fc5fd8f49

SHA1
8651ac36b5fb38ffc485068c0c335bf98c9aaa23

SHA256
3c3a4512133488fcf76432957c258dbc1011126db06f794aba2a7b090aa1a1b3

SHA512
7303dee413e9e1cb78396ae585f66c01c4ea4fcfbf6a74a33240cfbe80c8844a9cea85d8e692a03486c5e57fed4a8030160612d0c3505b91db8958be9ac15e83

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
9b8fd230c58c07d1e3789a1a9b03f370

SHA1
f58c7c5b1d4c09036620ff2eed5d24d0b9e28b8a

SHA256
205784722ec76235556cbac8b44ecf9128a24da8b06617b23c3a3e8a3b707b82

SHA512
85d9ac22dc52062c042b04b77733446c7808da0bac857e2e0d128c8f90fee4df8ce835e3a044e55cca8c4dee59fefc63c5a0fb99edd26b14937c1af6bb26a83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
112KB

MD5
c0922b64307ea7d13e9af77db9e84834

SHA1
0dfca9ccc1025d9facc0c3f4cc2bdb9cab5fd28d

SHA256
282a0e575b6e934caf87a0d5b2f9ce7b54cc9dae2a90afa507b6ecc927f952b9

SHA512
480f01507e7b21013944f199d9f610389e049777d07211845bce15d3fa2a8355a4c39a413b0968b07d15d1172ba4c249e143db3447e1419fccf85db3fb403491

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
07c3ac2066142b020bc6570732c33c05

SHA1
e8f2a179908d81f121f83f9c900be58be8669f85

SHA256
bd055ca6f95ee784c278001c9c64e32801fe21bbe8a4125c5593f31c6b8d14d3

SHA512
555abcdbe033fa8eecf8312936d49388456a881736c04ebd1f1e3515372ec778d92c19a45154c7463077f891557b7d7c64b734d8895112cb356a81985daec753

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
9KB

MD5
142a7e9f1ec4939166a3fa0d272d49c1

SHA1
dddb1cf0e7ea25dd93c2f1f896502415a0109477

SHA256
99fdd26d30a42a5ba35575d34b3e981a66c9b827c8af316818e5360de1de32b8

SHA512
91e9ace2d7d8017ef2a147946bedbb658151fae897beb9dedd8f2a7e89d2d633448ac18e2f2530df737e8a06865e90d697ae3bf5e9ec4dd50d0f16a4a6603aca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
592b316f21b33150cf7071f347c04357

SHA1
8465d09252011a18e2c746dff6dc86e5cc512d22

SHA256
1e401aefc8acb18914ea9118e871892965de31c58a87858c0dd9415edf33d510

SHA512
1196bd020b618ddc4a5594e0d43cb7418ef34d07ec32754774dabc3005eb9e643a042cc190199db06cba0501bdf2a1c4b166770bbc146ab855479de5dac03515

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
318B

MD5
17c24bfea0418fd0ab0fbe054ff6b8ee

SHA1
1412565ec3993a52b9ceff61572e734977490248

SHA256
462bea4f6d3fef4d00256b1eed55704bc84e9f35ea212d56660384fe654079d6

SHA512
c972a9242bc826f0b7efa47cf56b48c351f5b9fadda3da5bfaeab113c893be152ecd90508a834d7b2352e03b099786cbe14f210ac76c89ba62c8a93c354bbb13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
6fd5ddd8f00fbc5fa2dd5987170e6d0d

SHA1
a451c2a509f916cfa92da50279bbdd8aa97737d2

SHA256
4419111320a55a0660c588d4e31be9a9d22250d31ab81f2d398a5c33c51b3bdf

SHA512
f54c5d9c1addce540f4b94cb2dcb1b106fc11a4ff7732c54d73bf1e44d7d23afb043298442452c68f9285d93150db364126e75f5b89814ec747df472ec429ab0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
16fec646e8384c6be4dc64b62b892512

SHA1
da57bb97cc212300d1a1da2eef3280cffee8105d

SHA256
1fd69e077578e952c7a611e4a53190d68bb3989762c2820c1901ccfab3f9246e

SHA512
fb26eeb0a8b24a17a40ebe85d96182c113db0ff849ad960934f1d1877b703085e09d1e2eb6b493396d25bcc05e6652fb785e709701097973f44864393ef63884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
14192703efac4591e17cd5e290b109cb

SHA1
7a534a7692a5b11a998c2dc00872f036ca16bd7a

SHA256
e9e680ffc82460fe3ff6c279807448216f3909a33ef3aa586fa8f87d45968018

SHA512
0dd3dd159331ddccd1ca993f5c073472ff07da7d462a92d3972815699904056d65188bd5b57850325234d87980235bea14313ee49e6e87ab259d2de75f5b6e26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
047fa8619aaa27e0c532640aede3a908

SHA1
a5ee16de47bc79094f88e83d65727d586fcfce87

SHA256
82adf601e7dc72abcf41214cd1f925134fbf42b44708894cb2ee7d8d0659d870

SHA512
61e8ae91d645f43906edeea5a0030018551472ff105a44288fd9246d03894a87557e73eae46e9d8fcd45e86bb9637f78c83d0183c619cd6af61f0dde13a53c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f8fb195631a0091a2f096afb5a630e77

SHA1
0514614f7aa0c0192709871c5bfead025ad0e23a

SHA256
c10c5c907f433ed3ef041b684793ad92febe2acbc6eb06bcb2f000fd776ccdd6

SHA512
95476b90a9206055481d21f668bea80fee0a87e49c9fc2fb696fe3ea5763e4d1d83eb3e71043368eb088f68fd0ca7c113e42af10c39115561e5c9594cb7d25cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
4d84a65b573c6bab7aa13bd8c07add9d

SHA1
b4c629692e7d9ec319673e86e1af9ac3e05cdded

SHA256
338606a6ecd59817790ebb3383755abd71b9c671abedcc953123a1c1f25337b9

SHA512
532122defc81b17607ebfb27ca481c50a056a34521e7accf4a8698735e9a8ec260ad85248bea67edf6b67f27b519236e5fa40a72e9b3c07fe911c5811d75564e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
b086c657a6c5d73829dfb7b2cf7fdf16

SHA1
6a8e67e3656e3a4641bf38835da07bdba4812c4e

SHA256
ac19611259114b46b3fe2e6405275437f765c09b34a3d1052ac9c5e52eb06c64

SHA512
c1ca04f0ac1c19f61ed20b8252f2a09eea11e0b269557e93174cc693c339c35942e5bf621d7c83eebb3c979a65c5373e15583a05798d4258b4f6dcfac7c0053f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
6754112e842b86937ce0b6eaff9d8a68

SHA1
a5367e519395465e4235c7c28522a60e10b27f6f

SHA256
c281f6b83ca3222563e06f126aaafd81165214870f0e1ddc19a6734e288a8489

SHA512
1681de2f512d06178a8c51d74e1dd59f56634954479351babc0d872b787cf3780d7081c407ca55b7dafd6ed45ce0d7cc459ad5d9c58dd1426c97732e1ee09d7d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
04770614b04224e83d3a539bc62c890d

SHA1
db8647cc120c213ce9d38e843f943640c73914cf

SHA256
7c9c04c9b42abebc66b016fdb43ef35e5a531ae5f86c237aeaf34dd2098a1f5d

SHA512
d4de89b981185bbca693174163dfdaaa419e023b63c6819f7bcc53a31d71e7c025a743301921a8c580e1fcd9920e8fd320b982f4ed0834af952d67d219af3c0f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
35fdc4420dde8218a07a29f6f3ab1758

SHA1
913424fe67378aecb05d5410d66ea4f8945612fc

SHA256
bb040ef06a512df6f9fd129bd9eb43858d8683da5f2deab50787a58ed7a2c1b9

SHA512
6a51cfb1fc5ba0395e3f751915b3886a6de47116a952dead6bb295c5198cf4ddafb5598b8109d51c88f7e9874f249eaf281e6373f04c907afbe82671ffa7fe93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
079603f37cbb8b682c8d666de7914df1

SHA1
0e9445611da36b444401f036d24a9ea0470504df

SHA256
633dc8bf83842ffb77dd14cd28822463fb98ca3194eab9358cd59f14b3475c23

SHA512
76e8267c5dc79ab31b9400bbee2a3329634b666df9c49333a251043a6ce8ac4d0506e8b56c294dc903275e11254a6b2575b30092ee1ae800914b461a5f30036c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
0522a43c76fe11edde3e4002de6db880

SHA1
8a1aa6f4cd57e358973578faa0a32b1866bf5c82

SHA256
bcdc482e21f550501d29da5d4a13810fef77e1106a44573e22e492618e38592e

SHA512
a41f154e285b395767391290c37e04ad47a0199d03e51e4b36cf8f54d9a329cbcc498c438d1704eff6d9144a7756887972d2e7e92f9118c43bca61b505af0b4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
7227633d85c7c3b0c2aa9c955e939b74

SHA1
93a0dbc144ca4ba609404ed886306ee6443f33f3

SHA256
b410e914640791dffdf2d68d5045cec45f2f348077d97eea4b9f02ebffa82cb6

SHA512
1c2e8ffa696bdfb0d28efa7b53f0a0da05441231509121236409145ad393296745cb57bd12c5b594adff8644b790f816415d5668df62fde5d011193cb3542a3d

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier

Filesize
614B

MD5
d5d13f8f21b15025a9566fcc094713d6

SHA1
092aedffd4d67946d0bc96af0ac042f20342e999

SHA256
3f95933c9e9251ecb75fedfa9b3909005ae08d9356e5581081b767049ece90fc

SHA512
80ef9a061a14f06859700b68e8aa73f1a3c3993de032cd70e960d35470e4a6b72e478e2f614b8203d4a816f4a83eca153adeee9ce00dcdeff1b890fef9b7adde

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean\MEMZ 4.0 Clean\x

Filesize
936B

MD5
33a529d30ff10c8da9368a90d4089b57

SHA1
31418cb9a2b9d37cd25b98fde31a464221991b12

SHA256
61fa6300a0d245f7f3f61eb1920583b7fa6eaf5c2865d8a0fc5eb8845373eaae

SHA512
d8e39c43319baad4ee29930a40e413f72dea0b50696109d0e2ed3646def846ff8a90d66301a90aafedb40fe05d47f9189da7cd69e2c3b104294f0b242570c678

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean\MEMZ 4.0 Clean\x

Filesize
3KB

MD5
21b8586720d931de36fcd54804227f38

SHA1
efd610bb466df053b368299ee6fdb6c2be0f87fd

SHA256
227165f0de5b55e30a10b59f30188f37c38a3afb45880884adcbd321b7ff9a78

SHA512
ec52e7ac75e314a4baaef366fabc0982664ecb9b457eee4069979b6626749f77a318ef5e1803693f62f4e0c6fadff488ec88627921d14f2544fdf8a6b58e6115

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean\MEMZ 4.0 Clean\x

Filesize
5KB

MD5
6725af7fc92b89c0e64c7a9caa13601a

SHA1
fd5c80d5fe3e0b8a3e5aa5876b7ffb734ed2b601

SHA256
76b4e41de6a349c3dfa25de64d45ebe99235812551ac13e0a37aa4ac8b848a16

SHA512
9c703fb307faedd849063ee0c853a3e9079aca70ecc1b4a03ca37ea2608a38b2dd389bd1f1172a35c214a6041dcd3e03d639408e7a8c2034218ad9d8c1bc04a6

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean\MEMZ 4.0 Clean\x.js

Filesize
448B

MD5
8eec8704d2a7bc80b95b7460c06f4854

SHA1
1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326

SHA256
aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596

SHA512
e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean\MEMZ 4.0 Clean\z.zip

Filesize
5KB

MD5
d2ea024b943caa1361833885b832d20b

SHA1
1e17c27a3260862645bdaff5cf82c44172d4df9a

SHA256
39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76

SHA512
7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb

Download Submit
C:\Users\Admin\Downloads\MEMZ.exe

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier

Filesize
615B

MD5
8e7f64fc3dd8653e01dc4020863868c7

SHA1
19ff22b871a296ad3435573824cbc7f5001863bd

SHA256
f2043ec5578c98fc821a00c48c591b738fe12eb981943a5ba648bc19a303aabe

SHA512
fb0b7f8f11c2d1d7ddc98dcfabe8822bd46ae15a66d0fd5d0d8f3f5cd6ffb3eb56aa33ec2f941435d9c744f18ce7dc92bae4ce32f89e8110ebdead11a1a6c3d5

Download Submit

Resubmissions

Analysis