hxxp://google[.]com

Resubmissions

18-10-2024 22:43

241018-2nrj9ssejh 10

18-10-2024 22:39

241018-2lb2sssdlf 8

Analysis

max time kernel
162s
max time network
157s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
18-10-2024 22:39

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://google.com

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	MEMZ.exe
Key value queried	\REGISTRY\USER\S-1-5-21-2045521122-590294423-3465680274-1000\Control Panel\International\Geo\Nation	MEMZ.exe

Executes dropped EXE 8 IoCs

pid	Process
2744	MEMZ.exe
1516	MEMZ.exe
2432	MEMZ.exe
64	MEMZ.exe
2200	MEMZ.exe
3748	MEMZ.exe
3036	MEMZ.exe
2000	MEMZ.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
118	raw.githubusercontent.com
119	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	MEMZ.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	notepad.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 866241.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 199159.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2052	msedge.exe
2052	msedge.exe
112	msedge.exe
112	msedge.exe
5084	identity_helper.exe
5084	identity_helper.exe
3408	msedge.exe
3408	msedge.exe
2096	msedge.exe
2096	msedge.exe
3636	identity_helper.exe
3636	identity_helper.exe
4656	msedge.exe
4656	msedge.exe
3432	msedge.exe
3432	msedge.exe
1516	MEMZ.exe
1516	MEMZ.exe
1516	MEMZ.exe
1516	MEMZ.exe
2432	MEMZ.exe
2432	MEMZ.exe
1516	MEMZ.exe
1516	MEMZ.exe
2432	MEMZ.exe
2432	MEMZ.exe
1516	MEMZ.exe
1516	MEMZ.exe
2200	MEMZ.exe
2200	MEMZ.exe
2432	MEMZ.exe
64	MEMZ.exe
2432	MEMZ.exe
64	MEMZ.exe
1516	MEMZ.exe
64	MEMZ.exe
64	MEMZ.exe
1516	MEMZ.exe
2432	MEMZ.exe
2432	MEMZ.exe
2200	MEMZ.exe
2200	MEMZ.exe
3748	MEMZ.exe
3748	MEMZ.exe
1516	MEMZ.exe
2200	MEMZ.exe
2200	MEMZ.exe
1516	MEMZ.exe
2432	MEMZ.exe
64	MEMZ.exe
2432	MEMZ.exe
64	MEMZ.exe
1516	MEMZ.exe
1516	MEMZ.exe
64	MEMZ.exe
2432	MEMZ.exe
64	MEMZ.exe
2432	MEMZ.exe
2200	MEMZ.exe
3748	MEMZ.exe
2200	MEMZ.exe
3748	MEMZ.exe
1516	MEMZ.exe
1516	MEMZ.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

pid	Process
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
112	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe
2096	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 112 wrote to memory of 3176	112	msedge.exe	84
PID 112 wrote to memory of 3176	112	msedge.exe	84
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 1968	112	msedge.exe	85
PID 112 wrote to memory of 2052	112	msedge.exe	86
PID 112 wrote to memory of 2052	112	msedge.exe	86
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87
PID 112 wrote to memory of 1488	112	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.com
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe11e546f8,0x7ffe11e54708,0x7ffe11e54718
  2⤵
  PID:3176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2356 /prefetch:2
  2⤵
  PID:1968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2416 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:1488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:3496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4928 /prefetch:1
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5108 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:1
  2⤵
  PID:1460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
  2⤵
  PID:4236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5728 /prefetch:1
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
  2⤵
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2972 /prefetch:1
  2⤵
  PID:2612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1728 /prefetch:1
  2⤵
  PID:4224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3764 /prefetch:8
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5480 /prefetch:1
  2⤵
  PID:1600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=2008 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5716 /prefetch:1
  2⤵
  PID:1116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5496 /prefetch:1
  2⤵
  PID:3052
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2336,1990183571641480134,12331157503670759206,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:4952

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3960

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2004

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe11e546f8,0x7ffe11e54708,0x7ffe11e54718
  2⤵
  PID:3208
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:1720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2988 /prefetch:8
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
  2⤵
  PID:2512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3388 /prefetch:1
  2⤵
  PID:3520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4284 /prefetch:1
  2⤵
  PID:4632
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5076 /prefetch:1
  2⤵
  PID:4528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  PID:5100
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5332 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5400 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4544 /prefetch:1
  2⤵
  PID:2952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4480 /prefetch:1
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5972 /prefetch:8
  2⤵
  PID:2556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:1
  2⤵
  PID:3196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5512 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:2836
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
  2⤵
  PID:1588
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4532 /prefetch:1
  2⤵
  PID:4228
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6336 /prefetch:1
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3992 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5516 /prefetch:1
  2⤵
  PID:692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5716 /prefetch:8
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2000,10603037924365269225,7375329076688722205,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4480 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3432
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2744
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:1516
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2432
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:64
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:2200
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:3748
- - C:\Users\Admin\Downloads\MEMZ.exe
    "C:\Users\Admin\Downloads\MEMZ.exe" /main
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - System Location Discovery: System Language Discovery
    PID:3036
  - - C:\Windows\SysWOW64\notepad.exe
      "C:\Windows\System32\notepad.exe" \note.txt
      4⤵
      System Location Discovery: System Language Discovery
      PID:4428
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=john+cena+midi+legit+not+converted
      4⤵
      PID:5460
    - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe11e546f8,0x7ffe11e54708,0x7ffe11e54718
        5⤵
        
        PID:5472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4820

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1552

C:\Users\Admin\Downloads\MEMZ.exe
"C:\Users\Admin\Downloads\MEMZ.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:2000
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:4536
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:1592
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:544
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:4580
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /watchdog
  2⤵
  PID:4560
- C:\Users\Admin\Downloads\MEMZ.exe
  "C:\Users\Admin\Downloads\MEMZ.exe" /main
  2⤵
  PID:3164
- - C:\Windows\SysWOW64\notepad.exe
    "C:\Windows\System32\notepad.exe" \note.txt
    3⤵
    PID:880

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Pre-OS Boot

T1542

Bootkit

T1542.003

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
99afa4934d1e3c56bbce114b356e8a99

SHA1
3f0e7a1a28d9d9c06b6663df5d83a65c84d52581

SHA256
08e098bb97fd91d815469cdfd5568607a3feca61f18b6b5b9c11b531fde206c8

SHA512
76686f30ed68144cf943b80ac10b52c74eee84f197cee3c24ef7845ef44bdb5586b6e530824543deeed59417205ac0e2559808bcb46450504106ac8f4c95b9da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
443a627d539ca4eab732bad0cbe7332b

SHA1
86b18b906a1acd2a22f4b2c78ac3564c394a9569

SHA256
1e1ad9dce141f5f17ea07c7e9c2a65e707c9943f172b9134b0daf9eef25f0dc9

SHA512
923b86d75a565c91250110162ce13dd3ef3f6bdde1a83f7af235ed302d4a96b8c9ed722e2152781e699dfcb26bb98afc73f5adb298f8fd673f14c9f28b5f764d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1cf1e3c58ab3279f49017a2a3ede3e73

SHA1
02c0501121f7278dc63cf2cc9906ddcca4641815

SHA256
e64136362b745db9274a60f7aa6627ea9322a7431ae304df65a8e7f767e787f9

SHA512
6af3ce791f19c341df64277b572dd05ee89449ccc0ee1ce31bad52d8af14fc6e05659f01cb51941e605373e8ef15f1b19105e454c387ff3617ac3ed6e12e739d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
54fd9047c607a7c12db8b9ac1d8f9ca8

SHA1
3047336fb781b68bddbf9f5f302665de68a84e50

SHA256
fbe7c9fbfd43474904a0ff8ea7caf08625f3c3763e65ecb16355cc43973c1b10

SHA512
31d2b0c765e848eaf88acbc39f5e85c82c6022c6a8b802184ae1787c39a0450d094d52e628b84f83a8251e215943b12153cee889e30b57f044c90cae19821991

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
0250da1744ae7ab5588907eace401406

SHA1
d108ad8df702666ea405a7c649c42aebf4e798d7

SHA256
d017ad71acdca4dbcefb19c9554fba975900f6a4a773cfadb8019aafd748ab3a

SHA512
2856e5065732374220b2416fd0f2ba4bda5b5b89979dd2b93932d2a9e0e3bcdee20ba4f085ba8fbfbc668035038e4d4192e6394f14a5c32d75a5b8050aec3a97

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
520KB

MD5
cb48e1618e1882d1de37c195023aa9d3

SHA1
1ec92d95f8fdac26c2f807eced92dbddc179a4e1

SHA256
1f5a9259abd4a32f9349aa5e99ee625770e4a062392ee228a1b3864e03a24e5d

SHA512
3a3f89a3aa9a81588dcc9591a51328f4cde725a462ca2b8e7365bd3e7d160df990139b3dd59c969acfda9246e3abcd3d178d1bcf77e90adaee8607c03d15e93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
2.0MB

MD5
b57f3eb8bdb48f19ac2988a833611831

SHA1
d212d0c058487e6573cdd7562422a551f812446b

SHA256
0537d435b28fcdb5b0ffab9e4be3f0bed3c61c32fc706fdf7e2254cad4d937a2

SHA512
3693f36f1ac6742a5514d188f5cca4147f80420f8893601fb41c7d6486a559ea6b07cefe7e7ba21a3174dbab07f6bc68d23a50a61ca2d79fb0bce3eed8a07023

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
8.0MB

MD5
1edda8d40acc0698ec54aa42587b5d03

SHA1
bcbd8a689299775a02e3096167e3d832588bbab9

SHA256
786494c2b0c8002048f52de5847af449f3cfe2d9a06532b0dce575a3b8fb3fcc

SHA512
ec289da4bc886bd9bfa8cb0ff9ff94cb40145699af268a35a3d382947eeddd5872e49087c2b80a7d41c1af576b6b3f2db03681be9c2724537d9fbcc56d17887e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002c

Filesize
67KB

MD5
929b1f88aa0b766609e4ca5b9770dc24

SHA1
c1f16f77e4f4aecc80dadd25ea15ed10936cc901

SHA256
965eaf004d31e79f7849b404d0b8827323f9fe75b05fe73b1226ccc4deea4074

SHA512
fe8d6b94d537ee9cae30de946886bf7893d3755c37dd1662baf1f61e04f47fa66e070210c990c4a956bde70380b7ce11c05ad39f9cbd3ea55b129bb1f573fa07

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002d

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00002f

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
7d911aac6a71f69efe4b1d1f29e11362

SHA1
79170f6a79d1b5c26cddca5a3024cfd7eb909b27

SHA256
7ad3a742cfbaa1e226a971bf98211afa2c8a933060bd5f3d0d4c8291d7b29595

SHA512
efd2aea2f93681b8cd6977e7b7a69a7eda56a4cfa3bf8ae006312bd508a760efa65a59b688e24f82195543afdfefa14c333906b772dcb5e92a206b839b7c2927

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
288097e97a4b7b89394ca7693d18c628

SHA1
772d595f6a2281314f86abbbc8335eda15a8e036

SHA256
782421286f674aa7ef1d5eec20994a1ded4c261e3a46d284e3668ebef9f3d5bd

SHA512
9fce87dd1e6b2b42d68debf4d396e53efee9676f9c82056fd39c0f6a8a799d4c6943f4b81df879e348b1781b750fcad5905d78d4459ef60e02d4cfab7a516462

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
55605c46a33467b4d15741650a9350b2

SHA1
09cb592a852656484e15ce221dcfb8868a9a4a2b

SHA256
0ea9551647ca4241d116866a2d5740a10dcbf882a3185ed5b488b56e1962fd06

SHA512
a4001082e3064fe0d38905fe9b12a4ac4b94ec30aef4493e806f15d7e62a9231e18e9d70d7b07f4129a6204ba4a2310aa03a37301b3ccd3f1e88d19eccda3be6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
012d80a5dc28eae6f0c4fe847047be8b

SHA1
a6f381f6f1ec8aa1d84557a632596edf06d15597

SHA256
00832c9e23ba780a737fce6e610f6be7635311ad8ab5a649dc05ddfae6be71ed

SHA512
85aacf81a29fed9370b3c06b8e7188103cd457dddde575d519ea80ddc2fb028789683ca4e3a7abe3bccb6990eff36ecd2bf11a533a7c5499ac4964f15ee98860

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
c6a3c537b2ee4e74fb62cc40468d100d

SHA1
6eae8b410f193d1bfd90015da9aa9d958bab9c75

SHA256
34c237e9f1df6a34280545f5dd36a75a05f5a009aa12e9741676c691c6f5ce9b

SHA512
ca150eb22337344010917609ba97f5922fdfe872f4d3943eba63895b1d0627b2ba2449c158dbac68a0917c3f64a309c99bca5c0c6e58e1acd71bc3c8c0db9e81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
36KB

MD5
70bdcdc5abe5c47f3f1e28e3845b0f59

SHA1
4fa82dac3a64da4dd0746d30d8925ffb679c6f9a

SHA256
821772e122aa09e81fe54bbf6ec4b957722eb13addf72ae6481fec353d6c5cc3

SHA512
c2346145d84ce7d7b61cfc3393dba14ec36b755ff15cf6a0e96a20ec32d607ccd1963b46841c598205da97b50e832cf27ad95fabf9cfffc0ab281d23813451f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
be4eae17d430eea25eab9b8498932bee

SHA1
a0c1410784b36f017384d58dd329c6aef03dc215

SHA256
ccfea49a08c723554ae4bb92243dafae8f62a9d5df45e44bbdf2b5d62701e79a

SHA512
bf4db9b3d1b8c858e6d2c9c845881de263e9d4b188c74ec87202a4f4b3920a481733591fe0d7e6efe61aec1b30f87c6b4d0886e9f2a77c7ea3c92fbf22164f04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
be60ed65309dbf448599fc9091b9943b

SHA1
cc38cb5ac016d27dde489a8dd6976524b20615d7

SHA256
191020337e8f82a0f96b42fe86063ee8b1d6dbd7938664df06f26239c54003a3

SHA512
1123d66b69191175bd77d0542b2166749388c55e22c70cef5215297a2335f04bfe9c59b85989213e17f2432276287f840621d2222ac95ce65fc60ab8dce6cdac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
8KB

MD5
5fed54aed3c1079400e1f59f1f62bf18

SHA1
1482a34a3dc919b1e488bfcdce70fa7862464aac

SHA256
015df57dd34ae0ac6d6127acf2d20347693e735df9894af1efd587c0313a7160

SHA512
2cb95ae61cb3812bb79747a55c30de93ba049a132e4977eca3aeb027581930ee3804770bf018ea1dc6e3c93eddca54233c6aaa6bdaddfeac502d5c19e4878b9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
16KB

MD5
c6811714111390c19400de754aa9eebd

SHA1
5c89e03c9a855d46220b3cb7b5cffc65e7f9cc4f

SHA256
c3b5a669194cd55e9b9925b41cb2d79244b9f746069940b6494acb331220ef2d

SHA512
39a42bda7e14f6a12a4ad9d3e3e245d24f20bad0c7a378b815c8ff65bb52a15b7f773068c3512c769a4625be221b7010c2b00c79e633fabb3afc2055a5b0066c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
76f9f5e4b388ad84bb431c3c66f0c661

SHA1
bc2793b71c67205ad4dd745094f5c69cbc18113a

SHA256
962d2df1939c75fa553ea449ce138cbb47758fb9c63f28344c9899719121bb63

SHA512
710c44b29839d28cdd47dd2a7725c6c7eb78eb31fd827582d904928dbe3fd2a18d92e0a27c4cd5878479238a1e53c9c8755c344d0b4d9e1c947641ff044cde1d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
e529894c991a49b5ede0e8fbcb72c18d

SHA1
76358f9495c8dfd04766030424fc7a25112d6bb9

SHA256
0290389a358efcd1c680b128c4ecf420f2713614580ecbc76f020e13b3f0e96e

SHA512
58ed759a732212683084d37d05ac0113404496348fe3fd58af6dbc68db02d91e64f618fd20aaa516a05b635f5be16242cb6b87b416c2343657e6988d7f7bb8c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
70a6f2b581a7d5e1f4fae9dc0420f05b

SHA1
5375cc9a777caa2dc97700b250bb405ded387ea0

SHA256
b5e3bd79607394dc3aefa0cbf7c63b40a39397ba4b526ec919facd587130f097

SHA512
8b3162300372065c1a7c0548b7ffeb3ea69d114001d2c20f938cd9a3664e712faac411ec01b60779fba707f96796aa3031af561c808dbf7ebb108d14417539c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d1054f80d21aae9f162e659ca26e2ef5

SHA1
127a555450ebe9b2cecf234cae6afb732b550fa4

SHA256
b47a3c41e3cc0e7358d0e191a82894ba3dda434b9e042f56c9a3b83fe9f9d523

SHA512
29562b8ad559e198d8364f6445e3fe8c8dfa88a32ac7e42d661a2e7920a861dba785caf9e1ed696f7b8fa49e6baf599f384bc144495e90785fb10eee6669987d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
49db46c294e40a4f444d8da04ed1eee7

SHA1
3abcf851996cbc81df099d8e845200b21701a474

SHA256
1abc8240309966e03ac794875b0cefff7f9cfcf922f9cb1d167b951e609d8df3

SHA512
8f103cbd6c2e229eb6ccd9251cf3306fc90c778dd8af399b38f52c11394123119668737a22943233131ed64b196ec9d7929c44b36866f1c5283351ad4033f622

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8db479411f3cc0ee7f77fe0e3c3bd1c

SHA1
30652e002921142f20c738865c8bbf0652413c00

SHA256
1bdfde6e2008d06ad69ee7ad09c4a50089a14b18744e47b26d390bb8443b1ea2

SHA512
9588cfc6f886af1f209e7964694526a5a515d664c6ce102a3e82fd1d0ebc4bf5449dd8fd84e000b9ed939a8019eeb4213a83af8f865c5e3f723efd70e2da414b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6baa2e0f9f87092ad2b419db31b75baf

SHA1
991b81154af64a63f138522fd7322ea957c85bf4

SHA256
f5ed97775f31ae392b6c466eabc2bd49ceedbe4c5203da14fc033beef01cdb39

SHA512
82ddaac00eb1c8237394e0c342df4473312915d876709d963d39c571b01db6da23e19f919e21c0104ebeea2d838e264040b9d49d69a2c8a7186d9e7a977d4546

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b2d1214c4df8a161209ee3740956389f

SHA1
bf06306b0b945c89781b438b83986a454f4e0c89

SHA256
c0e24c63a4fb3376fc27cf7d6460b9d7190ae5a1b86657c6a49eee08c0ac2d05

SHA512
7dd8caa56db8b4f1e9889b2df980e5fb3aacc660dc4bd5019ffc2d732d0c49ebc7fb5bdf7aab1686919872e5b6744859925fa0adf5d2b6d3a843705306f540d9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
be375c4f299fe1102020682b397fbf51

SHA1
a8650044779ec6c1426cc268a5c39ae5b1bd3a04

SHA256
51e717c3468a601353221e2fc60ccff8cdf84e3ec76f6be620bf00b30b47786e

SHA512
3e56f42880ea711d0a7a6de01f1ecbac8b9b793e01a03391fd016230c1de17d508933084d9e24d24cd6a20ce9b1880592ba4b92090f426af8228adda7a28693f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
39287f7c84b3517fd51bcf579a75ea14

SHA1
d71573e5ece3c73bb0cc9f62d22d92649201ba18

SHA256
b14d706cfbfd098aaa724042ef80067f29029c68971e5beb771a40c21ec97bd5

SHA512
1ac3a08432028b5d38fe7e16c181ee798ee2c232700367d76f889f2d81f1c3078930c2215e61405a84364415f456d196938fd91e947909fe6109bdfb166942fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
60e2f8d87b3e0bf92d5330e23884148f

SHA1
e39a04c2f28df15c3a83b085af7f186a6e33e008

SHA256
ba2dfc7e400385a365d5d7306bbcbf9e3a2477179e266d3e4c025f3f0e003d2b

SHA512
578d0181494b0fe230bd69b226afdedc45899d3943ce649b2fb71c0506bade71c77a43d3612d1e06c4a01298afcde1fcd98d100be5d75086edaf3e648c0f3aa3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
f6b3d46d14d7c40ad32ae8191efcd9c7

SHA1
9e05e6a08b92f6381a4c410e95d7d861ca00a38f

SHA256
88d9d239dd98f4c463ab20500d073ace231bb8ae609511186275104314ae780e

SHA512
af8aa3a7a8d3c38f1f1b8789ce7a027b8db541d9ca6df846312af7e0e7eb87d23752f44f90c6b6d65bcebcdd344dc7b3f68a49bc0e49707136f181b0b4eecdda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
5KB

MD5
5c340fc5ad4c410d7ad0f9e20f756eee

SHA1
140d5becd6e7184c19618b424a943fe676cad06f

SHA256
b53345aed714f54a602f97e833e068df1fe3539c2d93c09bc327304f320e5119

SHA512
3e8d77c0e46da38c33112a2c188e5629cfc841cc5f7ff8fb440709314275a0ebb25b3cee11ad86216abdd90c90931981d79cc7ec7d762e5774e27f03d883e26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
9e4a2208a47e6faf49e233b13a54caab

SHA1
9dadc0ff1eaad8101281743fadce8d53aa7950ce

SHA256
a5a3c023d1e18ea3ba0a131b387f95e90fcc8f71b3d2838c2835f6737dd88e06

SHA512
fbb6ad516f3b55e88f470007ae8022dc76a9c4862112b08deb1a40b8d94b54a8bbc3bb804656be475c98206935fc5cbe02f1a247150fc6fd0b4868bbea315b6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13373764837510297

Filesize
24KB

MD5
04283c56b4420a2962722e69192c4fc6

SHA1
a86c0610dcbe086f92955027de0b320b31c2de59

SHA256
fdce3785b98b7e2c504c74805299b469ab276e52c7fcc40ab7bd78d58db92ea8

SHA512
19c2e942c9c88d79d0e7ca3afdb8a659fdb1043a6d2eb5b0d767c7ef839c5a0bca790e90569fb16e7ca7721dddd413ecbec1462171168a267ac40c96abeb3fbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
172B

MD5
8ef0307c187aa311a1216756708d58e6

SHA1
c255a3dd36eb40638cdbebe626c58ecf1bf3bb27

SHA256
841f9b2157b0ab09b28b7298d15f1ccf9f6c4b379554d18d732bf8fb8d5cf3f2

SHA512
f859749a565d2fc43ddeefbfca5c6571a92ebd7b0d04ab228744d6212ab65f4477d0487248f81343fdbf8c1877372074014444bba382e6c86d7f290172a46987

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
774c58f21cbe545c5538a6eb9aedb06c

SHA1
81b88e2ad2b049451ecdb728a6d2d4b6620dfad2

SHA256
6d92ba5745889e6898007552faa13bcb8d1de8d5a3842f5ecaf3286b30e48f63

SHA512
e74898e244d7b14eaf52c7e7e06bff9a66e486f62303476514f547d20f89a8b56fac7e3129946d8193bdacdb4333382e4e15946ecf4e1a2ba1713a6fc59a72ff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
dac35c6f0b763292652481538c38ce50

SHA1
0ac1865142dffd5dc54eb9d4de0e3fbf263d3765

SHA256
70f2586fc67a9bd8386680344c1e07a7a9a4e2019be8a606837b718c4db4e025

SHA512
fd59aa2c4ed437c8598585d094981184b2baa4da3f898f993c98b8df52e042176c60b8484f74a21c2ab28e05e5a891bb9a4492ae3a929e1932eb978a05a56c53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
204B

MD5
524f81e350134e733d37c2de8e242e69

SHA1
83c2b7a5967ee44aa2dd62f06668619f09939ef7

SHA256
79dc34ac704c1358b6a0fcfad3ee107e3e790d2bec3204b742527ed25114c1c2

SHA512
f184dd090163a3d8a8707efdbaf748fe0190ce5be269da94cbc99e7f82c2f43a99437057a0eabb45af2bd5619bd48ea17ca3b3a6be34aadd1979b7017d0bb402

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
904b5b182764ffb6103dd55459e05fed

SHA1
0c0ef0d405d73ff68f022066c6ac68f06ae35245

SHA256
c591aea3fd2f272e7ba8d8ad29ff9d8cf8f0bb064b8f4c7905aac24e84478997

SHA512
fec530c0719de529ffdbb29bae0c0b7a5fe69072c50a4608adff885239f12a1c94074ebff752f260dc2c0c93cc179bfe2c3c2bb9fa378a4102515aa5678b343a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c423715313de7e575fb3671a545d585e

SHA1
131e10fa3cc24c40f43ee531efb1badf06647853

SHA256
f9a94be0bafe2ea3864a28580e86cff29c0ebeb885fbd943c8b1712368d760a1

SHA512
ef05a61a4fac58211ca5b0ed97aa2ad9a6565e8691a9b08b47b528db9fffa5a27777fb3f18c0c0490cce5a1b744697ddaa422c4bce27626158c8051565e43192

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
9ca172cba78215aa1750823c0a5e0ebf

SHA1
bd42ff8ff30293bd5d2332c83672f6a9d547701e

SHA256
5cff8be22a306602228bf329552b9d1c395d1544ec5fb7c300299b285d15d060

SHA512
77e419d916ab2e3303c610877a80167309375d37282d36339ad9be6cf935c8edc271d705871482a304238bfe785023c9fe1d5743e7bd1bf97d4ccbb84a89e866

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
47d06c39e248fd7896345e0b2e68e26d

SHA1
c3d94d31dca5e57ea12dae0f1fc8775e7acdb938

SHA256
f7e643967a88b195d850faf583108e2fc185d22f2b06d9fc23d881bd4f231399

SHA512
5813fb55e6cdeaf86505e0fa70288bf57b305297878d950a2cbed540a74780f86824d9686539150c02f7779a6383963474f3e4dde5673c1af50d9ca57e88473d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
594a527ea6d4b7b54d0e71830d1b18fd

SHA1
0ee6a5926e76dfbde2b78c6ec5671d0136ad95ce

SHA256
5d96b1f993e6fff21b2aa81a2063f3109ef97ad586d09d5eead832695d5e3bc3

SHA512
61d82a709a9da6321d284d3afad0ca409cd98e801950b8f0b4543575014729ee231984986d86d6dbbbff2d5b537762d8b54de65b868c1d3d2dac26778083f20e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e88ff149eade277baa9c33703300f81b

SHA1
32c0e70270c086260569bec914f8673c11c49d54

SHA256
ea44c991622794cb073d5c15158206c2a2ac9b98e8fee45624b074425fdd48f6

SHA512
fca1c6893820552695094a033700f2ce43aba8285883137feae083a0a52eb52910063eb89b58adcc676e2cc2211d6898aa41f0cfdcd0f346102008b72a7facdc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe580d59.TMP

Filesize
204B

MD5
c17350910f00b20ea45bca64481c68f3

SHA1
c63e9bd5fe389be1117bd5500afeb2be83b8fcbe

SHA256
b7a6c11e32910994da1da6159c85c438b0071104e1decbec1e390eee019e68e2

SHA512
3361e75ab46766a44f694802d682a702bf140f15a7118fee7a74d12c774a2b813315de20bf66b5fb3eb2e338ae0769ca279949f7da31bc92ef586877efe4328e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
f4eccb67a1f59e9aa4df16976bf80f60

SHA1
0e258408209274700b684dce2b4e0a8702da0ae8

SHA256
3bb90dfdc69a06f2fbb4b9b56f44989d9bf076e0302d0cb217cdd9071292a279

SHA512
0f5662bfca0f89b5f2cdc1cace5d6d23fc3cd2d3eb0528e8e28a0dd033048df7b2bf11247cf0344eca67bca1f7a695e339110b46bea8652705f654643524bcfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
1a58f164aa7f23f0d3c3356212ed5ef6

SHA1
4620614f7b115580f589cb0cceaa910ccf50d470

SHA256
2eb2e260c8c71ea1cb1bb4c044d2e8b1497214dcaa0de39f4c4f8b3a6c693a0a

SHA512
49fffb502db8d6759d4ec327f7d9ab592e904ca5fb48d766d009fa8691141943a71b7a0abb5b9c3c54d529ebfc4e8573ef3d10e87545121dc3cbaa994f929a36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
80KB

MD5
71144ebed46859ef2bf5cdb4fd23f434

SHA1
19378395c2a420c2e5e059025b0655f8290ec5d9

SHA256
70304bbaded7ecc655c46a950da92a3bf4cad5726f80c095b402c7245195a9df

SHA512
a8bef83a684556c6e770d5512727978707b4fbddd05e147e9ee70f3e04fa5fc2569cbe74751619798464e53a0b2fa03a3da5cd98039dcd6a735d713a404cb7aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
1KB

MD5
8da78b51949fada60076d092edf658eb

SHA1
3a0e4522b1f7514f91adac0625111a155d29ebdd

SHA256
3389f0e4f73a654d8323ca1223fae02ca118dd23a760b05bbe2799585645e065

SHA512
b8116abb770762a873fb14e2a8c5b52271ebb23fc889fd98d17e08a29c0002e41ff8809784a2bc6059da915d1d72055997db07da312e3d1ce0746056c60c4766

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
a39b6a80040c9988ed2f40a4d255956f

SHA1
e2bf9e0309344359b39478d85d74dda10429f938

SHA256
d90c8197e878f2eec17d313b3195c031b0ec3f8a4f65d9f42d1b268c895ebe5b

SHA512
ab86e9dae7dab6de33a046ff4989aa29721cf4615c592cb395aa88238a04491a008d2df798e657b9914db06e25d86a7a8fd8806c81c2cc19182b705b22761abc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
610d3ab461ee47a2741cd16dca532df2

SHA1
c11fc31a00b58baf463204eebe5439c2ba27f856

SHA256
e71576f69743617f1f3197062013429fc7eeec902e07b359f503fff7c46822b6

SHA512
6bb048777b64550c6b84ec189675cdcf5c216a39fbb25e788043adbf3fd8c4c1e7e6fa47d74167987d0d1b44261c9903cbb72b22ff5b26c85b6db63134c934ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
ff702df42837e9c36f5cc73c33fb7089

SHA1
706bf10e76bfe81312665fe45bf368caf136267e

SHA256
ef3b0eb496d0c5458c22852201078fcd0c8ada906018eed41c9dda12ce88854e

SHA512
5655493744de7723f16c7430640042d29dcd3dc237af0c88adcf793cfcc0fecda49c925b927326d8d38156b32da0ff582b370acddeb50e21d56fbc7995a4443c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
9dd6405b1dfb5d336eeb0f6286e479d8

SHA1
4ef19ce9f0882cc8f0f9ed15e1fb309e899449fa

SHA256
110fc024bb8124cf2a4253eb407e91a4438f7c6712c0d3b698022b4faf25c893

SHA512
7870078d62c0dafec8dd4e35c23557a25f79ad8821f6b35f64f51168a30c8bf558cbd1eb1858f9a127f04e88c6ab462d2adec2ae85f60fc3298e9d8d80d0c512

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
ee69c1183cae577b7533d6ab94a4ff39

SHA1
671e1f3bc8f76b72270026ec88db9178e36a4e8f

SHA256
ce0239b611bf42d19c7fb8d4fc98f559a362581d25b63df008d2882424e85156

SHA512
f1fa295dfaa9dedf940ad134aad95a1e112e08ef801930c0579ac51e3e3aad92364984fa4c74779e539b356458e56b8c3c85b6729bb0c50d1795967fb72b0d0e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
e169c3b77996975fb156cb5fc31765b9

SHA1
1e5f7361fe0531419028e03f6d13b92ea896ae7d

SHA256
27ba753fa08af540b40a78b8a68ec01b8f717bfc685595b64930103fc0c867bc

SHA512
da45558b44bebccf72da3b97090386b3e3c71e6bc0d1dee7636084a55c5c07970328063e8fd6dfaddd9efcaa776b6461b3060895c61bcd7bd215dbdd9c27b600

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000006

Filesize
16KB

MD5
f55234db88c6538e3f4ad45c114435f1

SHA1
c4dba9a32f50f2d9a27ce81a1d62f7587751e6b6

SHA256
bf139ca7efd187c36f3ec33691f427205a63ca2707af18bc25430637928d713a

SHA512
8a621fa5044977bce987b8259dc850faf83f4e82f4df1a7a689dbbb0b9b065676842f7ac462b77f66c3ef892c3272960bf5de4c0dd4f02e85430b368867feda3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000007

Filesize
17KB

MD5
913728da90cf90d8e78af59c60b47c3d

SHA1
f42f2a545d4fcaf4f76d0f060f52e33a47df7f1e

SHA256
b0b478f9aa6aaf8d5811e296047ae1f8ee07f4c4998fe9d7b960755ea1fafb82

SHA512
3af86e053dd56aef03e6f967a49b1a0d492616a71e2e49090e0c8e5cbe58ff37ccc55e91f06bf34096059a49f3de84b0bca587f3f17c366f97c0f7a0fd17c974

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000008

Filesize
16KB

MD5
17e965b44957a8d118aa90239875ca6d

SHA1
d350627653b5259ae7f13d0b36345717bb7d1b81

SHA256
fe3c09558dcf944e7440b47114cb2f812f22ea972e87f570c1c23165f851b61b

SHA512
39c7fa018660bcd300264305728fb627fb6326319645d09245aaa8dcddde4b5d50c1bca5073eabfcfc54b6f39dc66ac07d1ad04980b53068ec50b34d65b93f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000009

Filesize
17KB

MD5
d22cb8682c6c279a568ed39bdc634f0f

SHA1
677360e899085b1fe7af0098575842261a6d854a

SHA256
78b575d52c9342adcc7b89ee8545e0577169b0d520a9924c7d53bc3587b240e0

SHA512
2ad0f705556abae3edb620d4370c1e72c749935d6ec079a10272ba2cbfe42d06a67f6fa1c3d80755aef9419391f701e98d479e946708e26980497f438b154ce8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000a

Filesize
17KB

MD5
cee822f498eedd3a752cb16a76e4ed99

SHA1
bec6f9c9325134c983a82a16f5bafdd33a9ad84f

SHA256
dae2b9c7bddd3688303dc6a3a9cac80e444c71074bc0986f90f8356ec6a5463c

SHA512
2f55348944aa090fc754d4cf3e66fdc4816b493fdabdd909b3ecab98ade9b00711dd4ed1005d1229ac813f15abdc622fe6bdee948e8c2e846efbe7e3d2e92df4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_00000b

Filesize
17KB

MD5
ba999e542109e66c12a4102940df9245

SHA1
6c6848752cbb7544e76c1a8c7eb7af0f7c827a98

SHA256
47edcf4d8d0ee5cdadd611f5ab4e86393c09c0cea83dde5295877198d83c7575

SHA512
c52f7b85fcaaa1c6590d364ed98de201621f9d45e1036c6f90f39c3e6b3d301321fc7a893435a53a91e3f84cdd16dc45e6e164e8873588f7f3d1a97e9835697b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
7229ae89a4977ed6439153874a7c0776

SHA1
46f223a8049d1f49111fcf4a630e9fc0af05bf21

SHA256
627afddb22379b063e5bff635884d128a3a7c3c87703eb5908e25a139ab31e11

SHA512
8812738285adb322d389eb0f3feac8c5ee4b655631c792537b718ef50034b69ff72995134dcd6cf77e4f4edfb0e104d1b77e82eb850b158f6b55af88d446e3ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
db79e41e7f72c6a95f1415893b657209

SHA1
d8faf0e2fb04ebcaaccc549e791d6f03a75b143b

SHA256
e3cc5717bbbf3565d0314d5a3c9d264edfbcaee88b507c053e416ea6e5fd50ae

SHA512
c7197c8a64f1e41fad9d2c84e374e97f39a7b48e0970fdc556700af380ba8c2309d94d0473514c7d4608e9330809a730294781882f5a5564db4739be34b3dfc8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b82d06e6791a98d6302e546074ee9c6c

SHA1
9ae2b2e4e8f2d78424c48f0d3bf5fb1341995de8

SHA256
235a9e92f7db0c1b75a1c7b4fe6cc731ef6b1e52c23abefcef9c801aeeb5313b

SHA512
862a1bed7b2c6ccfbe3f73e43b95931a6ec20316a11b34b93e256072c39ad8a4123984edf361b83c2c5b8ff124d6c58c8be2c71c99b9da5e328c709fe5b569a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\cb90e178-e4c8-4c36-b724-31437cc73d2d.tmp

Filesize
12KB

MD5
03ef3272bab2e8650818e394146831db

SHA1
e30227fca103f97c1d15f77abf4f404ec6da9849

SHA256
e71799a5b8afde20834ad76de4fa89e4aade5427ee7605fc002ca6ae13fcbf7d

SHA512
033f2c3db6ef7ff91630600e759fabecb0c151578e4c18b087a342b86eabbc94e31168e8fb3ea77c88eb6f857e931ef5c2cf6002a93776ff02fe1356348b288d

Download Submit
C:\Users\Admin\Downloads\ed672194-b0b1-48f2-be09-c0f4069f8449.tmp

Filesize
16KB

MD5
1d5ad9c8d3fee874d0feb8bfac220a11

SHA1
ca6d3f7e6c784155f664a9179ca64e4034df9595

SHA256
3872c12d31fc9825e8661ac01ecee2572460677afbc7093f920a8436a42e28ff

SHA512
c8246f4137416be33b6d1ac89f2428b7c44d9376ac8489a9fbf65ef128a6c53fb50479e1e400c8e201c8611992ab1d6c1bd3d6cece89013edb4d35cdd22305b1

Download Submit

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads