Analysis Overview
SHA256
5c3fde60c178ed0306dd3e396032acdc9bc55c690e27a926923dd18238bbd64c
Threat Level: Shows suspicious behavior
The file MEMZ-Clean.bat was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Executes dropped EXE
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Command and Scripting Interpreter: JavaScript
Suspicious use of WriteProcessMemory
Suspicious use of SendNotifyMessage
Uses Volume Shadow Copy WMI provider
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Uses Volume Shadow Copy service COM API
Uses Task Scheduler COM API
Modifies Internet Explorer settings
Suspicious behavior: CmdExeWriteProcessMemorySpam
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious behavior: EnumeratesProcesses
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-11-10 21:21
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-11-10 21:21
Reported
2024-11-10 21:24
Platform
win7-20241010-en
Max time kernel
149s
Max time network
148s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IETld\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\GPU | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\MFV = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b131900000000020000000000106600000001000020000000208684c29764fb6fd0d807a21c5d0cf18f59db80c343f495c3c478d1cd891b8c000000000e8000000002000020000000031f991b02c6a17d996aa5c3f7b45370aba5a01a203f6924372918d05fb9aaf7900000004f61ee81b4ff22e15ca30f6b87c35c4df0829c0d0e7c161f0e79e1344492d2a3a1c30b46af2683375075fd169b98ee5026979d6ea21bd6696876a95d4ab7d0dee8728f0f73a37288a09d71f96c65bed9850a6e46aedc6b66d7aeec9f8bd01d746149440a2203506f581e09da71ad516b76880d7dd258e29de1cc06913e7fd3cf72ddc22c569ec58eeb1fab282a2773904000000047b34029489a0415d8bfeb62cde8f58beea10d00f8c962c7eab27d5cff850204f3ca38161136c550744b4ce281652979f46f43f324d55efee8cc4c0c0526ff76 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries = "2" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DomainSuggestion\NextUpdateDate = "437435580" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\PageSetup | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = 808d40a4b633db01 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\IntelliForms | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Toolbar | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Zoom | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\InternetRegistry | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\Total\ = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\Total = "25" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb010000004ecf3e4259aa05419b9c0951a15b1319000000000200000000001066000000010000200000009a430ae8752ea169eb952850d74da07375338f7d15101017d7969164218e2467000000000e8000000002000020000000348c2fd17d36c4b10ca0b90eb1dc3beea83838180676fbec1425d2c1c1101794200000009be190d428d74cae24d720d55b8aab413c8ba4214966b32318d53e5a2b22657e400000000451646a7092525d6d9bdbc8af3ffe5375eee274a053c7667834c38398626eb833c42c79648a7558d67056234cd927e40518f7096c217903551fd49fad09a1a7 | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CD8270F1-9FA9-11EF-A276-7E6174361434} = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no" | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\google.com\NumberOfSubdomains = "1" | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\DOMStorage\www.google.com | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3692679935-4019334568-335155002-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious behavior: CmdExeWriteProcessMemorySpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\cscript.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files\Internet Explorer\iexplore.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
| N/A | N/A | C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\MEMZ-Clean.bat"
C:\Windows\system32\cscript.exe
cscript x.js
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" http://google.co.ck/search?q=half+life+3+release+date
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:275457 /prefetch:2
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
"C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:688 CREDAT:209935 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | c.pki.goog | udp |
| GB | 142.250.187.227:80 | c.pki.goog | tcp |
| US | 8.8.8.8:53 | o.pki.goog | udp |
| GB | 142.250.187.227:80 | o.pki.goog | tcp |
| GB | 142.250.187.227:80 | www.gstatic.com | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\x
| MD5 | 4b3df13992e0396b7c177e92f1681d51 |
| SHA1 | c83ab930eddb5ba3ce11e6639f78c7ce2ae90644 |
| SHA256 | 9b724672ccbf94154d18a0a1101ae6665166c420d9f373bd22c2f3fea41f043d |
| SHA512 | 58024fc8bfaa93b9b58c6ef86e8056658d62dcfe74e914e177a3c25901ba8b2a094457b05a860cb52f741d2df77858998d0e06f6c83e1666b9d158b2dce1921a |
C:\Users\Admin\AppData\Local\Temp\x
| MD5 | aa1d15cdd2b9ae486690eb7b8218cc7b |
| SHA1 | 6ba3de524342345ed398fcfb046375f904321b61 |
| SHA256 | 1be0d3e2c6f054d1fa6e78b683fec21ab938f48c8b9e8ff02eaa42d76dd2d047 |
| SHA512 | 11d3de7820cbc86ebcf75abb8d0703a192b9592af4b02badfa90275a4618d0862b7f7628bcfaa85087a63523882f4b324afbdd711218219de3ebb207c279c210 |
C:\Users\Admin\AppData\Local\Temp\x
| MD5 | 20e335859ff991575cf1ddf538e5817c |
| SHA1 | 1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee |
| SHA256 | 88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf |
| SHA512 | 012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d |
C:\Users\Admin\AppData\Local\Temp\x.js
| MD5 | 8eec8704d2a7bc80b95b7460c06f4854 |
| SHA1 | 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326 |
| SHA256 | aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596 |
| SHA512 | e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210 |
C:\Users\Admin\AppData\Local\Temp\x
| MD5 | 5ce1a2162bf5e16485f5e263b3cc5cf5 |
| SHA1 | e9ec3e06bef08fcf29be35c6a4b2217a8328133c |
| SHA256 | 0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43 |
| SHA512 | ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1 |
C:\Users\Admin\AppData\Local\Temp\z.zip
| MD5 | d2ea024b943caa1361833885b832d20b |
| SHA1 | 1e17c27a3260862645bdaff5cf82c44172d4df9a |
| SHA256 | 39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76 |
| SHA512 | 7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb |
memory/2040-120-0x00000000036E0000-0x00000000036E1000-memory.dmp
C:\Users\Admin\AppData\Roaming\MEMZ.exe
| MD5 | 9c642c5b111ee85a6bccffc7af896a51 |
| SHA1 | eca8571b994fd40e2018f48c214fab6472a98bab |
| SHA256 | 4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5 |
| SHA512 | 23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\favicon[1].ico
| MD5 | f3418a443e7d841097c714d69ec4bcb8 |
| SHA1 | 49263695f6b0cdd72f45cf1b775e660fdc36c606 |
| SHA256 | 6da5620880159634213e197fafca1dde0272153be3e4590818533fab8d040770 |
| SHA512 | 82d017c4b7ec8e0c46e8b75da0ca6a52fd8bce7fcf4e556cbdf16b49fc81be9953fe7e25a05f63ecd41c7272e8bb0a9fd9aedf0ac06cb6032330b096b3702563 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\melo7gx\imagestore.dat
| MD5 | 2632819a588986123080c28d5704f626 |
| SHA1 | fdab4ef77eedf82c3fcbe037da2431d80d5d525b |
| SHA256 | 4baaaa7f23765a5eb51dc20ab37af0985d946a428c322372973b0874d8f6ad8a |
| SHA512 | f10024b893744e2bce2b3c728b255ca1c17ad1bb151c284151dc73631b2096b305e58a2b1f356cbe4af700dad7267afd0788db7e0a45a1a8e92f26e6d16dbe17 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\recaptcha__en[1].js
| MD5 | 88a5fed5c87b1d3704ab225cfbe7a130 |
| SHA1 | d64243c18fbaa356e4abae8414ccc4772d64060b |
| SHA256 | f8e5f5ce9ff44073cff24bcd3d2b8aa4e67b67891b14ff929fe4743880fdf82e |
| SHA512 | 8b8d1c9f4c36fd2383c96d0d484a6692f70422934bccd3db1f0787e1b753f7d5a8f0c91934805c4d865aed3d4673ff478f0ae23746d0c0e005e60848543b3d33 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5bf0ebff71007eda13441f1d148ed042 |
| SHA1 | 67016eacbc1699763c7d12994d16fde2ee2117b6 |
| SHA256 | 46b1486f61212bc691ec21ad01f16e61587d1132036f8545b5611fc48348a4ff |
| SHA512 | b056c80fbc14f6ebd731f42309685ebe7b61b884e1ab9470a98155a2d96edf8a9769209674446089109aa177e93c75b43a0710158c847283107c5820447ef82c |
C:\Users\Admin\AppData\Local\Temp\TarEED4.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
C:\Users\Admin\AppData\Local\Temp\CabEED5.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 434f46b58862ef7570007a456911635a |
| SHA1 | 3f918d7b0c3d4a02e44ad5e03f7db4ebd93bd172 |
| SHA256 | ff4dc123331a5af12c83a963c05c18092fcb552637731c9761e44712f29581e7 |
| SHA512 | 1a3f0e3d0b43923e723ada1d67d2666a7630ff5d2cf1d38840a5e925a2f93e647b7891a5ea79d1c38a6a49c957a339f6f21a0c0b8aec01eeeadebc2bd18e703f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f25f998f051d658da19900f328e66993 |
| SHA1 | 9570f7267730984137ff2119498e890cef14d128 |
| SHA256 | 8c4588775902023dad98b330ded6574bed67e7c874c8ce35efab0f86b342d577 |
| SHA512 | f4982f00a41fe4c9a65fdd064b543ed2fc698c0e597386b24623c112484e9d48425f93a441f6d36a5748953d4f8da4e03465ef507d1ab9066f1e709a65e5337a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fd01926946186517784db7c0b1797c49 |
| SHA1 | 46fc67fe49957ab35e229bd4c851264e9e7f75cc |
| SHA256 | 12caf873bd18e789d4e7553669d9dadc8b8efb20188ce7266343e2c15f718bb9 |
| SHA512 | 7be2cfd90baeabdf4003edd098545c9a236d9cb77892ddcb5150033f6d044792eff2bde4ebcfcddaddb0cff0f5766cb670cfc64ba0d521ff995057cb4710973b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | c54fc16ed9f1a2e6d79459e6642341c7 |
| SHA1 | 737dddba8abb79e978dc27c52c752bc629c1bb9c |
| SHA256 | 085a7a2687917f5033631a11aea7cdb0de12ed4aa4483d243434638831d518e3 |
| SHA512 | ae0bfea049edc266f79caace837f16cdd81d330bbdff59e81ebbcc029dc54c90fac77766e54c54c85da4d08c2cb2a60bec2822d042bd8bc10daa819cfd7091fd |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | bc77d875340b658f29a474e86b917f05 |
| SHA1 | e9c3500c54ecae045f967e8515e12b32d7527cc1 |
| SHA256 | cb83eac7a521cb8455f3b8a8e340c74161290534b4a941e2f9335aa6078a3744 |
| SHA512 | 31c58c3c1b264ec12a1fd010d9107411e41016965291accc82cce0d48eec2b04d79bac7fcdee458b380f0febb45d086db8588759d6b50db995f912468752a3c1 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 3f2349a39104d84c1da4ae24aba99e1f |
| SHA1 | 004e9a1a324be4c94c066ba0f5c652e194575be2 |
| SHA256 | 734ed0d5f5e4d2ddd55767d76dcbf4891c8589099b40b58649c3177b81106815 |
| SHA512 | 2684e75d856d98c6251de30bd67c25d9fbc5229b5be669e6b8c9af6a41bbad7b2b6d2ec6237c550195410b841fd691d2f2592165231a38a5905bd0a494fceee3 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 75e3954a00542fc694ecc42f073af90b |
| SHA1 | f4d63eb3abb1e5c6f4e20ca1a50f40be5df628d8 |
| SHA256 | ae67950bf6b73ac499d92e17eda504b6b879ba51a9a734e859c89512fd498d77 |
| SHA512 | 2ca2b9273af913447ecd7a4cacf84cfa34be15b5df455d4b9c8e3ec77446344be23094d93c581620ce27a30c61576ca3604ddaa83d4fb50585e07869bce11b56 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 0b11a78db75bc5b87de35ac0a912a3dd |
| SHA1 | 6df24297d2661014c0d34ba3c666821c2686d1a7 |
| SHA256 | 3d34517a951679ef6a86b981839f6386b2538488cc426dff64a38f0145b654ab |
| SHA512 | f92a1908791861d55943536ea6848c7454343014c2dfbfc3bb34c381a082eb8424bcfcfd0048a1803e3ed173d826a4354d668647a913953b3424bcb6d7e893f0 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\styles__ltr[1].css
| MD5 | 47bea70318b724b1a99a1d571ff58807 |
| SHA1 | b66ffe704ad2fe84da8211d6351727568fd68b78 |
| SHA256 | 11a188a204934185ab5649a1f838fe771c3d84c928bc8286ef999fb5b8deda69 |
| SHA512 | 7995460ab00a68e3433ea72f19fcb1bcd8485bf4caf978ff5c47193f110899aa824ac4a697285e908a5f66c693604a0227e60b3d3d948115c4c3490022b82e3d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52a048ec67cb7b3824cf07dff0e5e427 |
| SHA1 | 3786c2c407d37653001ed4cfd1261bc2eee88c5b |
| SHA256 | caeaf9eca94531d1fc13fe7065d389fd3e57710d202044e088eaec22a2d060a1 |
| SHA512 | b1e0f69c8a8566edbaebf550300197ffefafbb6a4600573723d8280ef15b6f32f2b9417d2c9a8e939d9c1be9cc684153b35775aa6cec06375d5d0eeec160083d |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Cookies\OD8BU519.txt
| MD5 | 181e7a451ec90ddacda88402a1547505 |
| SHA1 | 75ff7251ca469f9084f09f6cd571d07cffee4913 |
| SHA256 | 4721d1ffbdb203b2593a469d0ee241f4c86df1a4d7bebfae46d3c99eeb1386e4 |
| SHA512 | 36a53fd5de13ffaa094494220c0e9aea29bc50187e1d88d835645107148b955b1d9ebdd90f6020c7aed7f4dfe3258f9ebe4b2fd8bd5f9a839fe30f37ead37c64 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B3513D73A177A2707D910183759B389B_D9127F9BB4C9955D58AD28496EF9AD71
| MD5 | 9e9a4efdcac0d83d19492dac793ad890 |
| SHA1 | 65b0d5e69df52f3c63dd8a0b14f25492e3e6fc0c |
| SHA256 | 0b938696e8ee6b7f6c2b6e1576061ce4529ade40aea2bab365fc3b5b24861fad |
| SHA512 | 232c5b3b07cb9604c709dc44d1911034f9a33b0177b17ed290d0b9b97c11efc6cb35f24fb34d6d87376ad67e6ff9d9bf54c4fc58e52f7d266384e30a33183e18 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B3513D73A177A2707D910183759B389B_D9127F9BB4C9955D58AD28496EF9AD71
| MD5 | 8df15da357aa19949750cabd37d520f0 |
| SHA1 | 65a58323831f9aa9504ceae1c2479bafbd284035 |
| SHA256 | c9c51fe09932d3417d9af6e931547f1ba8bd513bf333608fef19d5059ae7a5eb |
| SHA512 | 59b19ec0df7b9b0c607c54711c1cc1e0a9f392cc8094e3b8c58e50ed735433a28fc2eeb3f212f07d2ad4f1edd4949555eb6fe06dbb77383eef6ed8fcb5426ca5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | e935bc5762068caf3e24a2683b1b8a88 |
| SHA1 | 82b70eb774c0756837fe8d7acbfeec05ecbf5463 |
| SHA256 | a8accfcfeb51bd73df23b91f4d89ff1a9eb7438ef5b12e8afda1a6ff1769e89d |
| SHA512 | bed4f6f5357b37662623f1f8afed1a3ebf3810630b2206a0292052a2e754af9dcfe34ee15c289e3d797a8f33330e47c14cbefbc702f74028557ace29bf855f9e |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\05DDC6AA91765AACACDB0A5F96DF8199
| MD5 | 19f2029a99b84b13e8d193d05b99fe08 |
| SHA1 | b36e280f7bc6a0a3ecdf6bb76de7969bbaa40444 |
| SHA256 | af8997f45eb23beadf72f1a7ec65778ff6d2f1e2c505d5662fa6789e0e375e49 |
| SHA512 | 274d0ae5dc10da01ba6c57266bc15c75493495da665472134fc7a9c57fb4a733539dd8248ffc6c8890d50334f872a535b313cad4f1d166ef8bd845296483e83f |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 0f09f5935e00cac1f54f247ab7e1361b |
| SHA1 | 776db8b9360603fbfa4a8036586452b4db5049b6 |
| SHA256 | 6787648fc9fa5588add4a42c59f0948e7383696e669945772c34d933c7ff6d6a |
| SHA512 | be77f47baa9320afce65dbc618ab5872644281c69ee2b8bb4051e45dbca114c24a51f4957e7b0c6cbfd67c53066e770dac4e39304ae9177c67b063597bba13d8 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
| MD5 | 57b3b3fda3ac18f783e69bf5eb51ae1c |
| SHA1 | e44c2dae81ae955015679fb4023c35dda2722f92 |
| SHA256 | 46e1da5fa564672cf506cdce5533d73ade9563957f4897969f1915edc0752430 |
| SHA512 | d318dcc0cc6fe8d316cc5f80ec945cd5bc168a3e62ca536b80476c3cabb41ef2277d2b44c4ef6abda74fb33fadf0c7d53ddaa37fd00f3ae59506aa606842faed |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 5076edf3dadba2dd564f6803e1d3e9cb |
| SHA1 | ed72b40ef89e0686fb8c66eba5718612c7e27fad |
| SHA256 | 2cd7ec4044459c1796445015f44bc2f73d9aed471b401b2d271941a1fe13b215 |
| SHA512 | 6af28e9572602c20198dee12284259f2f43b83f1171ede64ca11524d3271bddbb84c513cc4e61057153ec4a8ece3fe39cfc899e15cc8a827c41244f44e22c419 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\api[1].js
| MD5 | 8ac1c2471617deff8206bba27f33b074 |
| SHA1 | ec00bac5a85a330265321158435458374a1b3e2f |
| SHA256 | ad88bf4bd30c2da821ad99ccb27a53e789175b8626df2ea3b0e5815f64b9b39e |
| SHA512 | 68e648000a4c0cd30b77ab12cb4f1fc56eefa810c655e24009aeec7b606be353ba0d0313e0d038fe0ff371e13db2b6c245998d8800c804974b4b4b828dc19f1c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C02877841121CC45139CB51404116B25_6C4EDE6B4E04AD6FDB8E61232C576EF9
| MD5 | c41e2d87c7482e62d1d4b2d9985beeb5 |
| SHA1 | b30bfcc0c4d286aeec4df9bdbccc2ea58bc9610f |
| SHA256 | 7d8fcd6eb76ea6e08b8c1395bc0207dfb2979e7486c72f5bd163d0f65e3d0183 |
| SHA512 | a375ceccf03f9439c09c86c771054f01dbb4eb9eb17f793bce5ef2b90915ec53f13f0c096fe28416c034a5e93b2f3032ccaba11e2f952554e09cc51486b06f73 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C02877841121CC45139CB51404116B25_6C4EDE6B4E04AD6FDB8E61232C576EF9
| MD5 | 6bdaedc49f31f8d20c952b0d2cb93896 |
| SHA1 | 9d5519109d32b55543b7a02f572222ce7b959429 |
| SHA256 | 42a222270a12c6c3d9a7d9e2b4a4466046d1d42bf05054da88f6fdabb60aa9d1 |
| SHA512 | a893df80012d561a3e7ad2aa91c3893edfe8f52e1a712ec13857349d96ec157902492c59ab66bdb0150ed1640e4bd9180df0f60817cbb38a7933c63e7332fe51 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\KFOmCnqEu92Fr1Mu4mxP[1].ttf
| MD5 | 372d0cc3288fe8e97df49742baefce90 |
| SHA1 | 754d9eaa4a009c42e8d6d40c632a1dad6d44ec21 |
| SHA256 | 466989fd178ca6ed13641893b7003e5d6ec36e42c2a816dee71f87b775ea097f |
| SHA512 | 8447bc59795b16877974cd77c52729f6ff08a1e741f68ff445c087ecc09c8c4822b83e8907d156a00be81cb2c0259081926e758c12b3aea023ac574e4a6c9885 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7BCOPU31\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttf
| MD5 | 4d88404f733741eaacfda2e318840a98 |
| SHA1 | 49e0f3d32666ac36205f84ac7457030ca0a9d95f |
| SHA256 | b464107219af95400af44c949574d9617de760e100712d4dec8f51a76c50dda1 |
| SHA512 | 2e5d3280d5f7e70ca3ea29e7c01f47feb57fe93fc55fd0ea63641e99e5d699bb4b1f1f686da25c91ba4f64833f9946070f7546558cbd68249b0d853949ff85c5 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttf
| MD5 | 4d99b85fa964307056c1410f78f51439 |
| SHA1 | f8e30a1a61011f1ee42435d7e18ba7e21d4ee894 |
| SHA256 | 01027695832f4a3850663c9e798eb03eadfd1462d0b76e7c5ac6465d2d77dbd0 |
| SHA512 | 13d93544b16453fe9ac9fc025c3d4320c1c83a2eca4cd01132ce5c68b12e150bc7d96341f10cbaa2777526cf72b2ca0cd64458b3df1875a184bbb907c5e3d731 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8P9TO0C6\2vtLQqDb0X1LzFM1CIqWo_gNeMh6R6IfoRLxoUU2_jU[1].js
| MD5 | 8f995846e3aa2752d542e787c7a64667 |
| SHA1 | 217024f811bc6ea2d08d557ae4127bb720d1a23d |
| SHA256 | dafb4b42a0dbd17d4bcc5335088a96a3f80d78c87a47a21fa112f1a14536fe35 |
| SHA512 | 5d6e26d3687b244f44d7c367d9a6692bf8fd64e06df9330d2d5b133965e99d7bee3890df110cfca5a79c102537559935d6036fb8a22d8b4efa876242844d5857 |
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\DOMStore\0KOG7LQ6\www.google[1].xml
| MD5 | b11b43de11275703a6342ae4240b7be0 |
| SHA1 | 97fcd5f6b3bc2904a27f7d2d5122bccfe683be30 |
| SHA256 | 15f376c6918c108bb66c24cbd176d4f795cbf65fa16c15233ec3f94dc72e8fdf |
| SHA512 | a4edc44cc831219731e1997dc3996f09a87dd993a3e4db01d1eb41d64f5ef2e0256d4bffbe1d7065739b75275f5642c1871c16f6bf459507b5d6c6c45ebc375a |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DUME8XYE\logo_48[1].png
| MD5 | ef9941290c50cd3866e2ba6b793f010d |
| SHA1 | 4736508c795667dcea21f8d864233031223b7832 |
| SHA256 | 1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a |
| SHA512 | a0c69c70117c5713caf8b12f3b6e8bbb9cdaf72768e5db9db5831a3c37541b87613c6b020dd2f9b8760064a8c7337f175e7234bfe776eee5e3588dc5662419d9 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\NT668XG4\webworker[1].js
| MD5 | 9afb0d35bb088b3036561313bf7ce1f4 |
| SHA1 | c7f3fde34c537242969fbbd736b5b129611f1694 |
| SHA256 | 6e4501ce6f65a1b8671a9d31a8f5ab56dfa4e30aa7a4a971daa1544ab2eb53c1 |
| SHA512 | c08fab7dd122743f8f942ac5f0f1a05a2a44befd7da677074cc3d2d464a106ce88047c1396f4c99dabbf99541230ca37b05158f448e7014b36e1e9fe38c572af |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | a266bb7dcc38a562631361bbf61dd11b |
| SHA1 | 3b1efd3a66ea28b16697394703a72ca340a05bd5 |
| SHA256 | df545bf919a2439c36983b54cdfc903dfa4f37d3996d8d84b4c31eec6f3c163e |
| SHA512 | 0da8ef4f8f6ed3d16d2bc8eb816b9e6e1345dfe2d91160196c47e6149a1d6aedaafadcefd66acdea7f72dcf0832770192ceac15b0c559c4ccc2c0e5581d5aefc |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F0ACCF77CDCBFF39F6191887F6D2D357
| MD5 | 1c6568fcb5b68d6232e66fb3992739e1 |
| SHA1 | 2722e98a2d9916588e5cd4e9f9a6c3907553d804 |
| SHA256 | 42b678f561e387a53e2bd1a44fbfc193de4e7e9c4448fac9fa11fd11b4017f09 |
| SHA512 | 778bdf092771f10afe3c251a5e3113cf36b2beba6eef5d11eef7ab6de00d81290b6985ce96ef589afb0997fae7144321d62bdf41e4a7875fdead186fa76e588c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | f6aaeb729cef599380253d88cceffcfe |
| SHA1 | 0d8407c60569e8a5ddce73a13dd418e11a7e3e29 |
| SHA256 | 41c2f3aa923621bc6444d362a781ed00e7207e7f14119f727c44a523e5a32918 |
| SHA512 | 83781b386709045351d348ee5c17e7104e1551ce215e0db99ef2292a4e65214f0c06f421b463f8247101ce1456828f78630d842523a1bf109f15173efb39654d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 166569b0a41910f27be998e841242116 |
| SHA1 | d82a75079eecbc29b443e69996dea92d2245a9b1 |
| SHA256 | 918afe2ae3e78dff2f740320bb8ff092eb9e16cc08b940326c884476b3ddde2e |
| SHA512 | 87c0657ffecf2a3ac4f82f1f338baedead493a558bd96cf48cbd5f43159b62b49bb03131ab03a9735814bc2c5c9821cca1a61decc9323735a32c76c3586a951b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 43df17ffcf21a2fc87ac1fab9ca96ba5 |
| SHA1 | 90819937493bee7b942cc67757459eabcf811f9d |
| SHA256 | 15b76c8ff8631f90c66faab8828a7f8382cb0ecb6ec86c4aee8881880080a9f0 |
| SHA512 | 2cfacb24a50c368764152b5beaf6dcb6b52f9e8fe326307ca1855eaa96e1be1213d768cccc9cd7e9b4c69cbb5bc662356f20934b57a2f29d8b5d4139a5101158 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 52d59bd50ec23b3caaac4a46b8d20fc7 |
| SHA1 | 85a59a4334dde0bb066b9e03007d26291a382fad |
| SHA256 | a42c94515143cfd59b33f1744acff7391f7527fbdf38738f9b7267f7924211c9 |
| SHA512 | c8894176cbb22b20374fd6e7c0a7e0eb7056285407ba7908c4b660e6fdbc082ecb510a5d3069f5221927375b127dbc48f515b175e923365d66e9203e72831b9c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 89b7192574a66af18ece5ced8cb0d1ed |
| SHA1 | 3b5ea955f7f54831f8e5e650cc409562b6ccdd82 |
| SHA256 | e4ad264d85f6f8b860f2433640a9fc4748f9be490274b8101973807c015b7dfd |
| SHA512 | cdc5733b8025cfbf29a43a0153182e559f7770096e6b5e16140bd76e90e4f531c43c01187c5019a0abf17f8cd67dafd766d0f05a246b05a0a084309483df8491 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | eb67290edbe7ffcd3615415467b05ce4 |
| SHA1 | fefb9c1c512b28e6444108fc0fe09fa6fa95309d |
| SHA256 | 904e63de53142f69519c765af709919b7a953d29d1da907320eb44e01f5a3d8b |
| SHA512 | a606b21889938b8c343e64f7706fcc331c48443647d8cb8c8a2412ed95be5feb2dbc2488ffdaacc7bc9fd1c598d8b52005c234dca4f424001fc8d356ad744134 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | e4a68ac854ac5242460afd72481b2a44 |
| SHA1 | df3c24f9bfd666761b268073fe06d1cc8d4f82a4 |
| SHA256 | cb3ccbb76031e5e0138f8dd39a23f9de47ffc35e43c1144cea27d46a5ab1cb5f |
| SHA512 | 5622207e1ba285f172756f6019af92ac808ed63286e24dfecc1e79873fb5d140f1ceb7133f2476e89a5f75f711f9813a9fbb8fd5287f64adfdcc53b864f9bdc5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC
| MD5 | 36f63c06214a543a1d91f274afb3fd83 |
| SHA1 | 182ef9e4447d69ea8015eed3fc92672cc8ede4f7 |
| SHA256 | 035483f851e13757467a247c68fa0d911f3630a741dd0ee67d9d4f9ebca371d2 |
| SHA512 | bf5354d1018757062c5ca6a9cc05786a73a848c26003921b1affc29c8e09357ecf6026537d6d4970a3a90ba05f72ec707287fb6189552ad75d08c9adb6921a58 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 40124ac46247b39b8785a71933ea1af4 |
| SHA1 | 0e1307c459890fa44d477f86101269bae6d0b8ae |
| SHA256 | 92d6132f57ca6b5e9965d5b8e584f95becda97de49c0808873f8dd3fbbdf3874 |
| SHA512 | d73063710e5a073bb3a8b9274b6885a67e6218874a776af05a68e9c49b038a6e6de85681a0285c927ab99eb1be9a0e669294c8bd4c56e1b3b6c921ff777b3d3c |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | fb309af9c4bef5df0d415ab4470cf8aa |
| SHA1 | 3b1c00504ff9bd5f92a3d2acf0e2214753157ca5 |
| SHA256 | 33741dd1c8471dc18c387a3028bdbdcb71c1eb61c65272f4d3f5045b403727cc |
| SHA512 | 469b4a21175863702e675124f933899ca1915a0f06b892990e8d1f53f702b87a27f4ecca784fc303f1518593e708145b3f67237cc37a621c26e6a9e43d27988b |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 42809b908d5b0de17cb8bb62145c8415 |
| SHA1 | 56a6676bdd3d6265081d8082cf68e90634e87d79 |
| SHA256 | 0b12d34a18b1089cab3067ff4592e7d09dbf29d100ec60122f62a0e91e9fb0df |
| SHA512 | dbab1389bb2d96dad712a00fbf7e789d812fd335b946f26a5449ff50d3e813b06e071982d9a3aee852a3e954208677501d7b07cd4e6bb83a65b749ed3a67c013 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 7b44bc7212d2eb4aac3a4e8196b517b4 |
| SHA1 | d50deb77a7a17237434d813f9fed73fe99f2ca45 |
| SHA256 | 71602d2b342a0212063b7cb250bc600de9b846b54805caf47ff51db61eca6730 |
| SHA512 | ecf971f9cd95705956216f68ba666e07f1f9eefc6451a6450654cf6ed634f13cca07ff9192c8fd34cf00faed8ee14eca3f00f411a4d887cd862f87d4d408b9fd |
Analysis: behavioral2
Detonation Overview
Submitted
2024-11-10 21:21
Reported
2024-11-10 21:24
Platform
win10v2004-20241007-en
Max time kernel
149s
Max time network
145s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2878641211-696417878-3864914810-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Browser Information Discovery
Command and Scripting Interpreter: JavaScript
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: 33 | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
| Token: SeIncBasePriorityPrivilege | N/A | C:\Windows\system32\AUDIODG.EXE | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\MEMZ.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\MEMZ-Clean.bat"
C:\Windows\system32\cscript.exe
cscript x.js
C:\Users\Admin\AppData\Roaming\MEMZ.exe
"C:\Users\Admin\AppData\Roaming\MEMZ.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6df646f8,0x7ffc6df64708,0x7ffc6df64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2116 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3312 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4008 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2012,4679311752478976524,8584687084257026538,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5508 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+create+your+own+ransomware
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6df646f8,0x7ffc6df64708,0x7ffc6df64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2124 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2176 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2912 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5212 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,13247290998226985603,6219063570839935735,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5500 /prefetch:8
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x3f8 0x464
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=montage+parody+making+program+2016
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6df646f8,0x7ffc6df64708,0x7ffc6df64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2212 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2280 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3208 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4916 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2196,17499921034922022632,16442053227157566549,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5272 /prefetch:8
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\System32\cmd.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=internet+explorer+is+the+best+browser
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc6df646f8,0x7ffc6df64708,0x7ffc6df64718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2692 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4984 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3644 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5912 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2024,4408325713967284893,1329368566238069885,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5920 /prefetch:1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 133.211.185.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 154.239.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | google.co.ck | udp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | support.google.com | udp |
| US | 8.8.8.8:53 | 4.180.250.142.in-addr.arpa | udp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 212.20.149.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 98.117.19.2.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 0.205.248.87.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.243.111.52.in-addr.arpa | udp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.187.196:80 | google.co.ck | tcp |
| GB | 142.250.180.4:80 | www.google.com | tcp |
| GB | 142.250.180.4:443 | www.google.com | udp |
| GB | 142.250.180.4:443 | www.google.com | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\x
| MD5 | 20e335859ff991575cf1ddf538e5817c |
| SHA1 | 1e81b804d67d6c0e22c0cef7e1cb9f86ce0ef5ee |
| SHA256 | 88339750431112ed60cdf9bdb7697434ba9b38e2d15ad604c4462705bc1bdfcf |
| SHA512 | 012251b342722cf35ebec2c7d071db505a992d81fc4b3492cd87640b5c955dc084825fc5e72edc821f4c481867183f21d26cd904fe7f0373d1156332f87b031d |
C:\Users\Admin\AppData\Local\Temp\x.js
| MD5 | 8eec8704d2a7bc80b95b7460c06f4854 |
| SHA1 | 1b34585c1fa7ec0bd0505478ac9dbb8b8d19f326 |
| SHA256 | aa01b8864b43e92077a106ed3d4656a511f3ba1910fba40c78a32ee6a621d596 |
| SHA512 | e274b92810e9a30627a65f87448d784967a2fcfbf49858cbe6ccb841f09e0f53fde253ecc1ea0c7de491d8cc56a6cf8c79d1b7c657e72928cfb0479d11035210 |
C:\Users\Admin\AppData\Local\Temp\x
| MD5 | 5ce1a2162bf5e16485f5e263b3cc5cf5 |
| SHA1 | e9ec3e06bef08fcf29be35c6a4b2217a8328133c |
| SHA256 | 0557ea4c5e309b16458ca32ac617b76d1a55f5f0103e368d05c0f0386b7a0a43 |
| SHA512 | ceb5e270bdbcab5be645e50705e3111a5c4751a7a865580d53fa86580025201264a49dd0ea9135b10cff28d7bb21b767ac5d4aff40e880a866ab35df273b5de1 |
C:\Users\Admin\AppData\Local\Temp\z.zip
| MD5 | d2ea024b943caa1361833885b832d20b |
| SHA1 | 1e17c27a3260862645bdaff5cf82c44172d4df9a |
| SHA256 | 39df3364a3af6f7d360aa7e1345e27befc4be960e0e7e7e060b20f3389b80e76 |
| SHA512 | 7b7cfb5e689feed6a52eedf36b89a7b5cc411191571c0af5e5d704b5f24bfa04afa62d1daab159a7e5702d80e56f3946bf32db0551d256419ca12cd3c57dcecb |
C:\Users\Admin\AppData\Roaming\MEMZ.exe
| MD5 | 9c642c5b111ee85a6bccffc7af896a51 |
| SHA1 | eca8571b994fd40e2018f48c214fab6472a98bab |
| SHA256 | 4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5 |
| SHA512 | 23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 34d2c4f40f47672ecdf6f66fea242f4a |
| SHA1 | 4bcad62542aeb44cae38a907d8b5a8604115ada2 |
| SHA256 | b214e3affb02a2ea4469a8bbdfa8a179e7cc57cababd83b4bafae9cdbe23fa33 |
| SHA512 | 50fba54ec95d694211a005d0e3e6cf5b5677efa16989cbf854207a1a67e3a139f32b757c6f2ce824a48f621440b93fde60ad1dc790fcec4b76edddd0d92a75d6 |
\??\pipe\LOCAL\crashpad_2968_MZSPPAZXGREHAMWX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 8749e21d9d0a17dac32d5aa2027f7a75 |
| SHA1 | a5d555f8b035c7938a4a864e89218c0402ab7cde |
| SHA256 | 915193bd331ee9ea7c750398a37fbb552b8c5a1d90edec6293688296bda6f304 |
| SHA512 | c645a41180ed01e854f197868283f9b40620dbbc813a1c122f6870db574ebc1c4917da4d320bdfd1cc67f23303a2c6d74e4f36dd9d3ffcfa92d3dfca3b7ca31a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3eb419745ff4f124dd3e9d7e16c29a16 |
| SHA1 | 6ba6eb198a37527363bfaaa41c7d8277274a247a |
| SHA256 | 63cff540a2819687d06ac91b9821aa4e261373f516efce6950e949881732de67 |
| SHA512 | 1f30ce03f156ac401dbc74d5905358b8001252922e65f64a5e55b3975727c2d243e7c3d205c25a8ef8865863ee61daeef2d66afbd6c36a9209119a249d2ee7a7 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003
| MD5 | e579aca9a74ae76669750d8879e16bf3 |
| SHA1 | 0b8f462b46ec2b2dbaa728bea79d611411bae752 |
| SHA256 | 6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf |
| SHA512 | df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 87f47db02465faa03fd916792e141e29 |
| SHA1 | fb2d5b41fcc7c2c5cef06256d6e8d3b05531cc0d |
| SHA256 | c1ef0abca722a98519d4de5af65e4e336a6beda6577a1510386703a9e029e2a6 |
| SHA512 | 7557bce1376403ab4fd265702d2e55c78c7fc835242726c66aa6035ab292b16697acf6b5879f62081b8dc447186bd72b315ef683682abada8e5709ae1baa7e93 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 1e7872814a4e32425a235cefcfdbe3ad |
| SHA1 | 26eaecbbe75040cf9eaa53d2242279ed3b3619bc |
| SHA256 | e3f15c121d098353b166cda8409ab8bd35348656b17fe77c64e7b6a8aeda8f66 |
| SHA512 | ee6c8e5a96318aaf68229ab11fb5c9d2105b083dc46c4aee57143b8ee0d3f0d786bad855fa28c1e31dfb5185fbd54ae275e727a74b2942194a66f17719f656c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d667547268cc587fc005bd6a7434fd8f |
| SHA1 | 3e240c2a503e869e0900d5f97cfb7e0c16e10e2a |
| SHA256 | 0dfe492e1f3c69f6d5c88a8203eb1987f274669594851c98930f001b17ab33f5 |
| SHA512 | d9ed999ea4cef6b219d2e1da4c0b2cfef20afd29542b326566223eda96050b0a81e6aa3ee0d56c17a7d0d47f34f44343645bb5348b767f2bb5c77087c1ab1003 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | b000cdfb4d12e4b7ada39f8f78118a73 |
| SHA1 | 2aec39363fc9080ab22bc895bdb828264ab6c21e |
| SHA256 | 4766974012159d4f3f0ed8a6b2f383baff9a864560c9827c91df213f7e33ac1d |
| SHA512 | a905b6063af97b45301ece03e0be7128c8464e28019002dff41544f5ebec5293eb02ccc9d9f5212f0982f06b96e4ff0e9c169fc3d511e8045f664374777742bd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
| MD5 | f50f89a0a91564d0b8a211f8921aa7de |
| SHA1 | 112403a17dd69d5b9018b8cede023cb3b54eab7d |
| SHA256 | b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec |
| SHA512 | bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
| MD5 | 838a7b32aefb618130392bc7d006aa2e |
| SHA1 | 5159e0f18c9e68f0e75e2239875aa994847b8290 |
| SHA256 | ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa |
| SHA512 | 9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
| MD5 | 5a24b106054cb2a3430cea0821a3d6ee |
| SHA1 | ea0947ec533efc4966157002f2623e17ecf9579c |
| SHA256 | cda4d5a9238164eb681060d73631a04f4bc2e6e194808140d0e2abdab15a258a |
| SHA512 | 3510402c46a9f4e231f146fbf41624a7cb64ffc26300ab8dbe213f5eedc13ca5d61fc28231e720be7c7c274e5e93b682da2fb397b91533a0c3b64a3b1162016b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
| MD5 | 63d4d6caf3d6da6f3bbd26234785997f |
| SHA1 | b4f91c09f8566f008edacb0bfadc8646182bb27a |
| SHA256 | cee6c5db768523076719dcc8145495ad8c918872e85cac6ad09ddd1a565fa5ba |
| SHA512 | b507c763e0bbcb953f5124b59077aa3424999feb8146fe8809e7f3c4b0c5d52af36faac7137a48e2475ba1933132a3b4dc71db1a10f76caa93fc4fcc979bf44e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
| MD5 | 4b04ee510adc7a0e13b98d7dd097ddbd |
| SHA1 | a56999a5777239c90bdf4e95701609cc1e2b33aa |
| SHA256 | 1a4f5206329bfcb7b5ea681827dd0fbba2587c0315fb82e25ec88da84f149f35 |
| SHA512 | 6fb92565c75b5eae1128de97e7d5670d4cbbb03305ce7374c60f5cc7cc234fe77d325f249d415ab63e6fc9c6ab6dbee99cafb5f282f4cddfca1c4b3cd13e58c5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13375747315063986
| MD5 | 9c6c1bff318c09b0102487747ba5d6b5 |
| SHA1 | 1eb8e4f3f4c6ed8eb4d273d7751afe3e15c7276d |
| SHA256 | d3692cae05722a42fb7c3f7811f85b461f35df49032360ed66bd5abd689aefab |
| SHA512 | 26a112217206b95dc6d148e5ea3b598b5153174a04ce119e7cd6160353d6e8dceca1081c0c5c28ea2fe218db0e98135085ce90c7ad4e6b43079832724a3e6a45 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
| MD5 | aad869228523ed1f10662141ffe6db89 |
| SHA1 | f1f8553d4576d33d4127eb3ddba0ee16a37c78c9 |
| SHA256 | b96016b6726fd04325f0186a6234e8c168f44ab5b306a02533858f4cc6a27799 |
| SHA512 | 246b258812825a7d8e2173b88124446093084b27924016dc2e4029499a10a361b78739bb78d9dc32b9835cbc5df65a1d6e53839149c6b62cf50a7cc39190a642 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
| MD5 | a9851aa4c3c8af2d1bd8834201b2ba51 |
| SHA1 | fa95986f7ebfac4aab3b261d3ed0a21b142e91fc |
| SHA256 | e708be5e34097c8b4b6ecb50ead7705843d0dc4b0779b95ef57073d80f36c191 |
| SHA512 | 41a1b4d650ff55b164f3db02c8440f044c4ec31d8ddbbbf56195d4e27473c6b1379dfad3581e16429650e2364791f5c19aae723efc11986bb986ef262538b818 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
| MD5 | abf8b69f2fa3b95a14d09425a734c3e1 |
| SHA1 | 3cd3e4569b7ca050563d044dd5b53c82abce8411 |
| SHA256 | d5dcd746dea884e984844f662dc4c8302d619e6c02f57a47e8114c2af6c9d8b6 |
| SHA512 | 6bbafad83d7ea4dc6a7e0ede1d9e386981b641c515e917bdef75a367ef8779e0db0a8a21dd9c83c47ba88803e95c266d8b8edb564e55d23b6f38db0de728a0ba |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | f7efc6992499d246d2a5aeec7fd72d0d |
| SHA1 | 7f5cfb0fdf9a6842002fd99c180fd89037f6909c |
| SHA256 | 49878b6da135f7e56923f9df275b0caa9b90dc8af6118137db403f416103bcca |
| SHA512 | aeb70df17783d3a5bdbae1cc479f36b9059534cf5ede571fea614bcea832a984b417af065e60e3d886dcf16a2c593acc148d259a08dd5750df2a8046b6d1c2ce |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
| MD5 | f0cfe05a9c686922a437824091a00345 |
| SHA1 | 84c20c358918fe84b27cfed40a19ae4e5799b9c0 |
| SHA256 | eeefd34125224e5b9c574edbb036773ef559b62f4ecafb3031bc0385ea318c20 |
| SHA512 | a013b5442689c7d147e3aa59a4a140b20dd47d10803c3203b016f2d9ceeac95255ebd17b59e364ab42006250e4f93110bb5a5970765322e31b3076faa9426190 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
| MD5 | 6450eec35c0cb934fc740b5a15e170d6 |
| SHA1 | 0d60bfe754da345fe1dae3ebd652447f93ce36d2 |
| SHA256 | ac9daf4c057d1bc63d8a6cd1571d353dbb19b1bfb77d5066dccb64c2ee89cef3 |
| SHA512 | 23fc0c75841330fbe5f1bfa938d5a4051a9ddda9ea3d4e8c8c3468eb3be789c1386c52546b00598808d9eb01e9ab64c70db1616d093c80b5b4725337debf5faf |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
| MD5 | c13d129c573ab1967b904b09e12ed58b |
| SHA1 | a1446c22adbadab49f44ab4194ff3dd5b728a51e |
| SHA256 | 2cd31fd9a1c6833c3595bec70e0596d792deda86d0397723c6d8e198b71eef19 |
| SHA512 | 9d856f32da267b9a40b98c04be160ea6bca73a8c68bbecdb30ff5a8f21131e449a793986feb0ed6545ebbb9e084c810f76910337095479c62b984afffdba0cf8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
| MD5 | 8c6407186ce35fcf229fd88545ace798 |
| SHA1 | 0ca03ddc4a6dbc5c97534bea0e1951b807e1ba7f |
| SHA256 | 46729f3a89730a019a2232801491ec7dd5cf4fddcfd68415dae8491d1d606d1f |
| SHA512 | 2233daa2b179beae157d798ab9354a21fad5d6265456724f8d64f9248cb2dca08e046cad05e9f77e23581727837fe0c33038eb4be3498770299d59e7c4272ca8 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
| MD5 | f24f842b6457a8a38317b896329a7c42 |
| SHA1 | 242287d5134610c607cd4f24d9852acdd305d8ab |
| SHA256 | 61daf950e038f4d15be9cef8ff61c2557e2b6e0baf8844ef834860732e9e1826 |
| SHA512 | e575ca9692833ba9a7add44e031065980b1a309a266eadc2255bb347df2980040679741c2cd08e6ad0e2ae603f2f0f9da010783c5fd9a47f23a76b1b96afc9c9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
| MD5 | dc7002c5f44315b4c21e99f61a5706b9 |
| SHA1 | aad85a217ad637fdb0d02cf203d992df72802bc3 |
| SHA256 | 2c62e8ed03fb2c530ae95fb6f54aa977653ebc025929c7a400b36a572d4cdf9b |
| SHA512 | dce8aa4370de6c20a2756033f1fa37f16d9e0f02735d95b453dbe791c5604f1d72815e2183f9377fcf427cc177fd0e5a04e4b718fc63a716631ddd4540d46e3d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
| MD5 | 94e555d191e00eb0b53eada8b5181689 |
| SHA1 | a72d0cd6a8a2346a07cc036e7fa873246f71f0ba |
| SHA256 | b6e64ed87aab24e0c0297c97df236b00e2dc137a15907a6db356a38a88122a05 |
| SHA512 | 114efcb91a7278bba10c731e6ea9bfe8577bd2840330efd34312fe56d4c0c9f4236682a090c7b76b629bd4141d5d5656c3e84b7c1efae5df55ba8b9ed44abb5e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
| MD5 | c528a081318207cb69789b529bed853b |
| SHA1 | e5ef2fbe78dc05718c6539c4ed2374ff35fec2aa |
| SHA256 | f78fe16e4655c4e0791485673052b333b1faf2919a0b0773dec9b8ff4f37205d |
| SHA512 | ca54d0be92515a1408162172516006f6d7ac496787c2b4c1aedf2f362de06edce212b9274770a47cf8b9908d34daefe82363d43fd6cd5a101e14dcd72b425c26 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9823aa5a6ec2d598ea085302d391423 |
| SHA1 | 534bc389bb95b94db343ee05d04aedc8bd71ca8c |
| SHA256 | 1cb4cfc50a793bc40339e3a8fbbe35b11f49b1bdee1465ea22956176c8dde565 |
| SHA512 | 4de6d9c50b9a8b4820c18953fb135016b0f9a8ff602c6703844023fc3fe1b4b643e1b1bc814f3e3fa60ee2eee36d0932915ffa1fd893ddb06bda10c52c0761a4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3
| MD5 | bdbe9e376e983f66a494804c6809e4ec |
| SHA1 | d45d0d7a9e1e0c3929e7c9d47cf7cba965a88654 |
| SHA256 | 46e64c8824dcd34859dedf4dd4eb1bd54596a10a782c4b1ac52ac5c02db251dc |
| SHA512 | 5ff4f973e1b0e06856e47434a25991be0ebb3b424c0959943d29e54ba31c503d8b28100639d3a1c5b0d2e67d1cfb3dbd2a9699e05887e9e713bf95736a6d0f52 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 639afffe77850d090959e0ddacbcae67 |
| SHA1 | 7f5c0cd0a339ac4be57f6c867552692fe40bde28 |
| SHA256 | c19d79ab23c8a5d8f4c722ffa503e0ecc64563c5b9c034212ea443a556020f10 |
| SHA512 | 6a82558ecef63d00180687990b7591de8ec3668bc92e9f920b2999d5354174639e3661fb4ebcb8495ffeb3f3e34a1184cc2cf69ec34c6c37dcb86d911489705b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0
| MD5 | b8e80a98412d45a1a5cacc66c8461228 |
| SHA1 | 6f7fd5f26268f991cd745acca57811533c6bb769 |
| SHA256 | 661d0bff90c04cd3475b128585194c03ceb67af579f314f4671bf78dd125ee88 |
| SHA512 | b2a28f6391817256a2d58bc58a46870ca0f729cbf3db6cc13875874dee68a9d064388baad89b11e6943186d994811cc2cc6e02f9f1ea58d4f53ffb5f7f66a7d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG
| MD5 | a4b56b59060a86acc553a4bd84ad7e3b |
| SHA1 | 063ce072eb68b065f768732655ef84af3feb9dea |
| SHA256 | 1d08639bed5e45aca6147c02806791a4e80ffd266b8ce17761c927f67fba52ac |
| SHA512 | 7a497bb5f194f5f45ab7e8a411a8fb1cd7f6a900647e648211daf0bd61e999bda088fd7282258256f764fa6f031e914327f58d21ebdfb75beb4c6d2f6dca923b |
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres
| MD5 | 446695216dc8938598442a2820303919 |
| SHA1 | 44d9356dbae0e6b491ff3fa2c3d423a1267dbee0 |
| SHA256 | b44d5ad2715ba9080bb35afbe7103dc70e298e198f2ae8a3b77a385022a2788d |
| SHA512 | 7da7508f0f906e78ede9a2e2a120b4ea2954917f746da63930294120a25bea7bb42b4b5aeead6f7f6053943a3852873598cb63fc2b230a576505cb7274933056 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
| MD5 | 155c584840c9fb5dfc5c057afb6b2eea |
| SHA1 | b3bf1f1e1876d4b3c13f7890acd95bba6b7d7072 |
| SHA256 | 761642f088db076495b94a86b921658682c18889d3f3ccb1b0b6bbd3570609bb |
| SHA512 | 7b82aea2e5d5ea2fd526d8f263290cab3560a4e4b1e101fcb51a76769757bf4936f2e99b284196fd94dba06d7db37cf0e0369219ecd3aa838b6d39ba834b5751 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
| MD5 | 55c1dd8240457c56907255cd086a7bf3 |
| SHA1 | 4cec7f24361ac554e8a521bb3b067973c68986f0 |
| SHA256 | f290f03028d8897ed18c6bcf59699a8d682706ffdcb617c10697872e7282c617 |
| SHA512 | 9c2470a458b8ddd2e04a0ff0626e47dcd1baf3212538f5dcc4d7640d04707fc29f5e9ac91db5bb6622a5c50138930e3a80cfcb3cbd82a703232b603de61eedd1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
| MD5 | 5a89bdbefbf39caaf58abf9c835e546d |
| SHA1 | 05fe80e8da9dade8828413d10ea6f5d56a20be7d |
| SHA256 | ecb55fc6744a0ce4f0d94d6286655f9706d2364cc6fd2eef1aeff8ed79825ca6 |
| SHA512 | d795dd0a8991e902fadb573274f57669286548c80d04c60243e2afdb94c18afceff3c2ab70b831c918c19e6116c0e5229b13dec8d7313ce3c3258d9a93e99033 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
| MD5 | df9693d8e9a9b2f91a9be5749c409660 |
| SHA1 | be254e8b3c910359335e557c161b470002a90026 |
| SHA256 | f79d57c29ffbefbe3539e6535563e9e2f0596575627f1e3bc7c5c62607d31393 |
| SHA512 | ac5d2c38ab0b3672a31d1797a8cca2ef1a91faf5d09a42b2615b8293c33f7f9d146370cbd2d54deaeab8e7f2302f8e9822edb38f371bd17b06bb0a7d82fbb0fb |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
| MD5 | 2ae6b1b518915013bd61b6b2b3746e9a |
| SHA1 | 820b4f625dd13adf9fd4f09f26cb381eb9362130 |
| SHA256 | 91369f08e64465c349525cfdef8db5a2e7306260856e3ecd74b4143c0f2903d3 |
| SHA512 | a1de35a689d5a79ca5ff406e2529920250692c220347904cc428f57ede4b66c3e4eb5a3dd454e566e1350d8df15050b37075165ca0c06f67b2711feb97297b6c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
| MD5 | 85f4a86eebd0f0a8b2b57d8e681749cc |
| SHA1 | d48149557315a3d92a12f01a3199b26aa1502b1b |
| SHA256 | 6973ba75c0a3f7ee4d1a0f1a290ee77cb1e56e2f82d9914cad9162b28f45ae93 |
| SHA512 | f7998a73fdb5ac759e588d8b690e83508a943a44422acad7ceea684ec0195d10cba7385ad805dedf10a88d632013a54735c34b46db090ec08d4f96b6b131c574 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal
| MD5 | 2e05ee68fffda9f8df8db56570e65048 |
| SHA1 | b9d5b5ca3ade1c888fff96e420db609d0bb2141d |
| SHA256 | f1d9843ab88bf21d2eab8530949d488c033427cd6c149b58f33a47e8140c5d40 |
| SHA512 | 24d7c4ddcdc2df215edc05c83dc2892ed79eef415e650c99519a86e6a2aa0c85899ad94a928fd972452d8a79a08ed673a4de74af744b4e9383f81f8c05574b2b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\5a3ee6758c6e4d1c_0
| MD5 | d48a7449289cf77a827cbefd915eb474 |
| SHA1 | fbf0640bd82e06f6713b6e9dd7af4e45062ef7b0 |
| SHA256 | 3cd5b66767ed96ee83ee89781bbc355b370e205a83c751cd6d0093311e1e25e4 |
| SHA512 | 3c83e1b5baffd53ee9d2e3a93eb7e06d47696f5d5dc87a2e1bb58bb855ea00ea31ca80926635b5e40b29bcfe56abbbb71a50377119e498a42d1523ead571e483 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Reporting and NEL
| MD5 | 124d3fdc675fef197771d159fb445cdc |
| SHA1 | 5fa6a655588b779bb491e8fb853e1f7b6d211dbc |
| SHA256 | 2f5f4468f9cd09f393272eb8b05b69d1fbeefecaa34940d4c4441bab7cbb7ed1 |
| SHA512 | db482dee661159dacb3c6b66ed028661f4711c17e6fcd73bbbbd008b42c544de5aaa12057650dffe5f7b0f6c4670e15639ea82a0c6f4aed846da8231db0a6bae |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\47939f49e4ecfd5c_0
| MD5 | 06371ea217199a668e9930b03b05c0a8 |
| SHA1 | 93bc2be85c21938d48cad253d706f4338e397182 |
| SHA256 | 9e63fba74d9701be782e2166844eba69ec9461be4bece9e73da9272207938598 |
| SHA512 | d9ef5fed89a1068ea1dd9e0611aafe6f6fcdc338e4a0bca39c4f57dc202c22abadf8e6612e786d1423d638042a9ede41572a501ed6c5a883947827054c29e022 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\4b4bfcdbca80cfd9_0
| MD5 | e066b9823616052b9b86a24791c59837 |
| SHA1 | c0cab462078755afd177a7b629c451be4a20b4db |
| SHA256 | 55a2b5c43125de541d6a5f7b793c0a50b102b8d16929fb6e0041a55078b23a8d |
| SHA512 | dd3bf53597d0dcc3644573d5de977958fbbe1f16de2b550f4d2095c701229a33e48b6c16af51004dd3e831f4779be2ddd8e12742e357422e63f8235b5cd5e485 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002
| MD5 | 503766d5e5838b4fcadf8c3f72e43605 |
| SHA1 | 6c8b2fa17150d77929b7dc183d8363f12ff81f59 |
| SHA256 | c53b8a39416067f4d70c21be02ca9c84724b1c525d34e7910482b64d8e301cf9 |
| SHA512 | 5ead599ae1410a5c0e09ee73d0fdf8e8a75864ab6ce12f0777b2938fd54df62993767249f5121af97aa629d8f7c5eae182214b6f67117476e1e2b9a72f34e0b4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\29ae35ae15b4ded6_0
| MD5 | 1b9695d487debf7e771115be1e30472f |
| SHA1 | 91bc9c1a94fa3451847321708c858ea47095405e |
| SHA256 | a9393909d5a84f738adbd146d4368d2e148c30d34af5a7be10d04ca35c11219c |
| SHA512 | a8663eb7be4304ed4efc0c46ccc5c001627faa2861fb5564007bcfe6735c7ee8e0af59a33f994812f9f9f040b94b125a7abfce5e7aa2169d9e7444b6007a667e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons-journal
| MD5 | 0d973c57a4035d9c37dffc41e2a1526c |
| SHA1 | 6efeaa9be8284502ac42408992e511913cdacca4 |
| SHA256 | b285c5af3a58d2ab9822d3370053aad37bf428b18f73f82823aa5d7bbcedd30a |
| SHA512 | 8d768add7db3f06d9cd6295310b19f05a6661cac06f0f085c5bd13008fb609f1eccc79e60053a2a6bfe311ae33ae026a14c5c04bcb458b690ac1d5f35d50c8b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | aefd77f47fb84fae5ea194496b44c67a |
| SHA1 | dcfbb6a5b8d05662c4858664f81693bb7f803b82 |
| SHA256 | 4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611 |
| SHA512 | b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 57974d6c97f89bfb625e27a6971f01a8 |
| SHA1 | 03ece331c406d4084f9a8ad3a42cac1ca8e4d9dc |
| SHA256 | ef8053f15354ceb0c6b498d15391dc2dfe6b647936af29ebfd87be2aef1150d0 |
| SHA512 | 74e22222b1c00e4afc83c2609a2751624f25f7956a3f5cf01a609b0a11f3fcb0411cd9bd0bd8224f2fca7a9270c867694a3981b04a981dbf18e670359e0e80b3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | acb7f365304d64c4ab4e8ec48a4ca7e5 |
| SHA1 | 93af99ce4b79aed59b07448be8926ac4e770964c |
| SHA256 | 06e7b37f61d0397ec3b4f6f3e4132af0eb4bf2a5494c55cabee5852303ca3ade |
| SHA512 | 6d45f2bc3dd517ab388e316dc0356aa10bc029fabbfbebb0d61aea21ccc36c3bc3efd8b70fdf405ce4407bdc21d4443bf212f77b3f5829eaae535f59569b9084 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b270cb8a13057c00cdc3c92d19dce08f |
| SHA1 | 1e2d620f3376ae132d45354bdc6c602e3f781fd2 |
| SHA256 | 39a2e605abb79c556d5538b3fc5331912739fe976cd1b7ea3df328177a5a0e5b |
| SHA512 | 611933297deda73c68fcd78e2a6c7e3069452f8d262b336e46c0d7ecae67b99f38e8e73f2415851d57e9bedcb036e864c3768e29e07f93ebec3ee6d42067dcbe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 49bd7a8dec4cbd59027618f9e8f0679a |
| SHA1 | b8089ebc352c480368bdf11d1b0e5939ccc4a4a3 |
| SHA256 | 7bb67061777dfb68ab31449620506a11c8e05d1916c778b191b775a785c5188e |
| SHA512 | f93d05721c80047452d8e407e76f729d173b5b330f20ed4d5faeacddc0947758bbce85edacaa2225d4f52d1da13e8fabe492ae5b23d1b13b2ce0bf0f6e158350 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\07a42ab3-27e1-4b52-936f-fcd06ea958e5.tmp
| MD5 | 5058f1af8388633f609cadb75a75dc9d |
| SHA1 | 3a52ce780950d4d969792a2559cd519d7ee8c727 |
| SHA256 | cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8 |
| SHA512 | 0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 0bdd16dc65203c1a3ba78272624f5ec9 |
| SHA1 | ab97922b9b11bb6c135220cc6f25268ad4df5e98 |
| SHA256 | bf3ce938badde45eef6bfa33dd35e767dc53748f47e53679ab3c0872928bd6bd |
| SHA512 | d639e62a5a8465f75bea180eb28643372bf4e1dcda4a23a52ae9babc008c4a44f5a7338716535471bd0485a19b49a63a385d07ed0d067c750c73b93e1c76034d |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 9a6c071bc05a2098b1ba14ded40f191d |
| SHA1 | 03fc0285947fbf4e788643945814c6df6ea76676 |
| SHA256 | 48395be0da321defe3a99ef96eb4efa5902d48a39a8f29b37a0e313f937076fa |
| SHA512 | 3aab43c123089512ce4b0eeaf5d1af6ee4a0cfd7860cda70822bcddbb571849e77b402e6cd4d70b512628137ba06911c8a6b1faa0af07fd56d075e24e2b053fe |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 589c49f8a8e18ec6998a7a30b4958ebc |
| SHA1 | cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e |
| SHA256 | 26d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8 |
| SHA512 | e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 4d55ca0473246094c005f78dac587adf |
| SHA1 | 2e652513819f80d816723fe3af8792a675cc2d41 |
| SHA256 | c9e338eaced43963427bb55e1a2a5fa81af4c42ad8f25ed03b469b6d7d06f6e2 |
| SHA512 | e121270d58f986f9e379fd20a14b1519e712fa6a5dff9ecc9c397c7bececb62cfca4d8bbc57cd8b7e81f99acd0ece7695e89be52cb54667b878fee68e073ec4b |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | bd5d1e8ce08802f91cea0ef4c5f306f9 |
| SHA1 | c82ab1ad43247cfed8f239b5358ada37f5e940b5 |
| SHA256 | 75af1ef07393dd2a945d5591b48b8232f75b4a66e4d23a52d2252f250df16901 |
| SHA512 | 53247c5128d1ce764a16f78bdccf74af90b0cfc4764dfcb557712bdbd0c3086c7a6db2ef7f192872f0f5dff16c398079400fece488df7aad9ac71f39902abdd5 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 2391834fcb3ae0b262d6f8d71b1c4fa5 |
| SHA1 | 3489cf74601d0beddf645597334def69235b9be1 |
| SHA256 | 3daa2cdd195de1b60b62784f1594b24022c1835529f1f48b25c27243d939e857 |
| SHA512 | f3ed04d8b3d26e6c26683d7ad855be3a272a2faba149aacd2435cba1a44cbbbbce4d2410998eb0d55aa88add48289e2f3d059a9e8a9ba3663052400227d16053 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 1337f64171284be5c3745351e85083eb |
| SHA1 | 4457eb86baa61cd8d1aace140377ac514853bb0e |
| SHA256 | 3be4854a77bbfc3e7ac3bac646ae2ee94f2513463dc09bbae3405b69eb805966 |
| SHA512 | 0550a2a2a6d5b02700dce3873ea3ce0f358c39b3e524cce819f64ef2a367ad70baa688bcb07cec9ffcd2ebd36df63c46d82deb2c3e8fba1f6c36dfa275db9260 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1
| MD5 | 9441685a8711303e478939320357f20f |
| SHA1 | 85d36dc420b4950dde0869998955aa11958d1e95 |
| SHA256 | b94c505f875b895acb5d1f05b12b776079e10a38d32c27d09bb40a07eb213c38 |
| SHA512 | 6735578e68f8f4902deb85edba8aba7dfb07cd53884bc545cb96ceac27b3ea5d0faafcfdd03068c582b739f450fd400bbfbb5837840e25e06d6744bb9b72f49e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | c01c08bc7678c5bbf194e33d70fe72fa |
| SHA1 | 23b5641400fdf43536c6840812e6ded70622b27e |
| SHA256 | b21363a6c12ee2d31f64691d0f50fa6d1e1a98fddc3605fd3c73e8316eeac4fc |
| SHA512 | c5b1e5e0462272d53d7ccfb60b7c61628f85add4e6b9df681ebf50f8e8ad377bc7093361cd8213664249419a8c56a7ae6cffc7b3d434231756209e33fe9d8b36 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | b9eff21228adf28bd15c90199220f056 |
| SHA1 | 26da63f19a58aa87fa209b17d3223c036a30d326 |
| SHA256 | 879e8a4f990a48af444f5863e168a18266d19904f7ee13ccefc89831762f07b0 |
| SHA512 | 8fd117a46a72b6d93e79501543713ea030d7d6677895e6c78ab2e20f32412e0dd4f8b230204c94bf3ef53fdb2f12d1c3b417b2c3b988045d3dfbd874d403e80f |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 60e3f691077715586b918375dd23c6b0 |
| SHA1 | 476d3eab15649c40c6aebfb6ac2366db50283d1b |
| SHA256 | e91d13722e31f9b06c5df3582cad1ea5b73547ce3dc08b12ed461f095aad48ee |
| SHA512 | d1c146d27bbf19362d6571e2865bb472ce4fe43dc535305615d92d6a2366f98533747a8a70a578d1f00199f716a61ce39fac5cab9dd67e9c044bc49e7343130e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | abad955dcfd160449e3e1b325f788d80 |
| SHA1 | 51e034e447f30aaf58789b3e84234570149d808e |
| SHA256 | 6c8f9e3389c65e1dbdda792ee3bc0dd52ece28551721480b95cf87470da51267 |
| SHA512 | 13dc9187168b6a28843f1257ddfdbcabb3eba1352904a12a9b30fa1266bad64bf240bee6c18e8ac53fdc84617f0bd6508c94816d2fe03a09883590989e29ac58 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | fcb7d7f3c6b4f0f1e4120333b801f9d0 |
| SHA1 | e7aad8a38206cb86273ed15cd5be3b07068f97dc |
| SHA256 | 9512a0ff6d3c41570e535e0490bda9ed435dbaa160c93fc046a7537a3961eda8 |
| SHA512 | 234754ef399b25023a4daa0c353ee75f82666f270b74c92113bc6f658e45c2b25c7f0cc4186c034d6f765d1172ee07533ad3980d746c800e18f9a4258acc6c64 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 6c490f9d1b63719a994de82ee0a0e6c1 |
| SHA1 | 7fe472e33d37050d05a0f546d3022f47ca677811 |
| SHA256 | f8415a86b04cd7eab8e48d53a5908506ab98754e916c38e8c1ea984ac79eb85c |
| SHA512 | 4001df77b1f3f60794f25c73fd3d8b23d1bcced19811136dbafb15396747de3f113c7e241a0acf03fde5de870b62c41b1bfa02869bea68d70d56961f02b0b448 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 8b1f44eb5f19ab5b948b5064ef724df5 |
| SHA1 | 9fd3b380da21612cef1232c794c60f282c4df985 |
| SHA256 | 4c9fee3099f9978b9369aab01aeac140fcad496190a67ba15114e728898fc4c2 |
| SHA512 | 61025f5fe1f8b404c399db390dae94bc7ae7c7c028eadd06c9f1f76a7d9c8d5ce5b7a39ba48bce52ed3658b27e2895d00c7abb76e3343bb3badc0fd833273b63 |