2ca4803498d7d375a61bfab2a3a4cf7e0eec41d116e50a838791a55b164e0f8c

max time kernel
145s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
17-01-2025 14:12

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Malware-1-master/MEMZ-Clean.exe
Size

12KB
MD5

9c642c5b111ee85a6bccffc7af896a51
SHA1

eca8571b994fd40e2018f48c214fab6472a98bab
SHA256

4bbf7589615ebdb6c769d6d2e7bdcb26072bac0cda6e225a4133ba8819e688d5
SHA512

23cc74b5a7bdf70ba789d1730a0009414cfb9c780544e3d8d841be58782b9a9a089969c4295a0da25d07285505992386486d6ff0524e75605b96bb99cd3aaa1c
SSDEEP

192:BCMfc/GinpRBueYDw4+kEeN4FRrfMFFp3+f2dvGhT59uay:AMfceinpOeRENYhfOj+eGdKa

Score

7^/10

discovery

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-493223053-2004649691-1575712786-1000\Control Panel\International\Geo\Nation	MEMZ-Clean.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	MEMZ-Clean.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regedit.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Runs regedit.exe 1 IoCs

pid	Process
5084	regedit.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4296	msedge.exe
4296	msedge.exe
376	msedge.exe
376	msedge.exe
2896	identity_helper.exe
2896	identity_helper.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe
1976	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 32 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of FindShellTrayWindow 25 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe
376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 5080 wrote to memory of 376	5080	MEMZ-Clean.exe	90
PID 5080 wrote to memory of 376	5080	MEMZ-Clean.exe	90
PID 376 wrote to memory of 4780	376	msedge.exe	91
PID 376 wrote to memory of 4780	376	msedge.exe	91
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 3104	376	msedge.exe	92
PID 376 wrote to memory of 4296	376	msedge.exe	93
PID 376 wrote to memory of 4296	376	msedge.exe	93
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94
PID 376 wrote to memory of 1964	376	msedge.exe	94

C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe
"C:\Users\Admin\AppData\Local\Temp\Malware-1-master\MEMZ-Clean.exe"
1⤵
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:5080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x104,0x108,0x10c,0x100,0x110,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:4780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:3104
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2792 /prefetch:8
    3⤵
    PID:1964
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
    3⤵
    PID:4276
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4712 /prefetch:1
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3940 /prefetch:1
    3⤵
    PID:3244
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
    3⤵
    PID:4756
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5384 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2896
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5388 /prefetch:1
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5544 /prefetch:1
    3⤵
    PID:5052
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3952 /prefetch:1
    3⤵
    PID:1268
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3676 /prefetch:1
    3⤵
    PID:4588
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:1
    3⤵
    PID:3016
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5884 /prefetch:1
    3⤵
    PID:2192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
    3⤵
    PID:1452
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:1
    3⤵
    PID:1392
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
    3⤵
    PID:5432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6164 /prefetch:1
    3⤵
    PID:5512
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1296 /prefetch:1
    3⤵
    PID:5844
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
    3⤵
    PID:5936
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6348 /prefetch:1
    3⤵
    PID:1776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6720 /prefetch:1
    3⤵
    PID:4024
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6556 /prefetch:1
    3⤵
    PID:5688
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6412 /prefetch:1
    3⤵
    PID:3388
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6788 /prefetch:1
    3⤵
    PID:5516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6968 /prefetch:1
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
    3⤵
    PID:5172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:1
    3⤵
    PID:5976
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6852 /prefetch:1
    3⤵
    PID:2836
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6980 /prefetch:1
    3⤵
    PID:5524
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7044 /prefetch:1
    3⤵
    PID:5784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6732 /prefetch:1
    3⤵
    PID:5736
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6984 /prefetch:1
    3⤵
    PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7224 /prefetch:1
    3⤵
    PID:1380
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6444 /prefetch:1
    3⤵
    PID:4004
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6224 /prefetch:1
    3⤵
    PID:5752
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2132,5498707441149863696,8961060867845546843,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=7468 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1976
- C:\Windows\SysWOW64\regedit.exe
  "C:\Windows\System32\regedit.exe"
  2⤵
  - System Location Discovery: System Language Discovery
  - Runs regedit.exe
  PID:5084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus.exe
  2⤵
  PID:2180
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:2748
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=half+life+3+release+date
  2⤵
  PID:2164
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:1860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=how+to+get+money
  2⤵
  PID:5352
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xe4,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:5368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
  2⤵
  PID:5780
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:5792
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=bonzi+buddy+download+free
  2⤵
  PID:3428
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:2352
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://answers.microsoft.com/en-us/protect/forum/protect_other-protect_scanning/memz-malwarevirus-trojan-completely-destroying/268bc1c2-39f4-42f8-90c2-597a673b6b45
  2⤵
  PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:1212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=skrillex+scay+onster+an+nice+sprites+midi
  2⤵
  PID:5304
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=virus+builder+legit+free+download
  2⤵
  PID:3396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:3600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://google.co.ck/search?q=stanky+danky+maymays
  2⤵
  PID:2136
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffc30df46f8,0x7ffc30df4708,0x7ffc30df4718
    3⤵
    PID:5640

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3472

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2564

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
d7cb450b1315c63b1d5d89d98ba22da5

SHA1
694005cd9e1a4c54e0b83d0598a8a0c089df1556

SHA256
38355fd694faf1223518e40bac1996bdceaf44191214b0a23c4334d5fb07d031

SHA512
df04d4f4b77bae447a940b28aeac345b21b299d8d26e28ecbb3c1c9e9a0e07c551e412d545c7dbb147a92c12bad7ae49ac35af021c34b88e2c6c5f7a0b65f6a8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
37f660dd4b6ddf23bc37f5c823d1c33a

SHA1
1c35538aa307a3e09d15519df6ace99674ae428b

SHA256
4e2510a1d5a50a94fe4ce0f74932ab780758a8cbdc6d176a9ce8ab92309f26f8

SHA512
807b8b8dc9109b6f78fc63655450bf12b9a006ff63e8f29ade8899d45fdf4a6c068c5c46a3efbc4232b9e1e35d6494f00ded5cdb3e235c8a25023bfbd823992d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
215KB

MD5
d474ec7f8d58a66420b6daa0893a4874

SHA1
4314642571493ba983748556d0e76ec6704da211

SHA256
553a19b6f44f125d9594c02231e4217e9d74d92b7065dc996d92f1e53f6bcb69

SHA512
344062d1be40db095abb7392b047b16f33ea3043158690cf66a2fa554aa2db79c4aa68de1308f1eddf6b9140b9ac5de70aad960b4e8e8b91f105213c4aace348

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0a34c4d9e151a88a_0

Filesize
415KB

MD5
97e707807d76ccdb80151599313ac12f

SHA1
90b0de2f0f70ed21b7f08c9249f33108e6716cdf

SHA256
d2716a1d879741df79e7bf7af00d276db1d630d906c35288a4ac3c1c54d9fbe5

SHA512
358cffdf311bc00e2de82a557966559e762403538febb8603728ae07d32ae5caa7ad4cd206dfc8cd2eecaade447fceb1437708ad3c785d7f77464f96ce09e216

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0e3ad5a80ba7db88_0

Filesize
19KB

MD5
7eb1af07c35b2a3ba14e833092b85895

SHA1
0e2812a382b0caf232a7613b05700c408d4fd1b2

SHA256
2991f98ffcfee63751bb4eb786f24623f65f5de067b868cc988cf6c00f76c427

SHA512
2675bad7746d413ed1948de16f685797c6ed4ee3486b497d6417955b60b605356852c29e51517b91a1da0a82bbff38bea5c4dc317a909161d4ce35856712e556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f96c4e370537b4dd_0

Filesize
288B

MD5
cc6396da7e413d7933e2cfdc5ef2cfb1

SHA1
e8d0690d196be3574e0eccd8f1c64c11df5b7036

SHA256
1b43ea7ddb0a1465b553c81676409ede660a53c99eb6d17af4cd3ecf4730685c

SHA512
1fe8f967a3903d4b63d1250f0b0777ff601172f5c3bbfd5440bbd19a48624566db5cc6cd31675302d4ca41bdceca702be57c95646278d55685ca3ce5186c923f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
784B

MD5
23bc18827220677f9d3470aeea8461f7

SHA1
06a1a1ddd4aba57e204ed2bf5cdad107a0411dc6

SHA256
dbc165d396f3ab0330519759b4aa2b8430394d69fdca5ba860f752243e73cc12

SHA512
a085342eed6df47e9df1eeda5bb4f481c013352f2c5156ac4297c626f13b32a9d5c4c45e43793b1f19ac991fec91f0292c0df49df6d4e4eec25b833fb571b693

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
6de65387705518008562fc5315210fda

SHA1
767749bd62749ab0304811e561a2a08ff0e779fc

SHA256
fb0ca4ae0646befe8c5af927bc91b513c6d2d272fc55b40ccbda6977c85ec328

SHA512
89578502e831ce01f862631a7b072b962ea58486a8be56c26d96ff5b7c69be05b5d524ac80f72413c29e17c45b11c4b6e251c2e6461460698e25d7565756d6cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
7c5134edaae1845b8b99ee99bccb84df

SHA1
01c847c3ed48a151147a87a8c0e0f6917c56071e

SHA256
d6cf56b0e2292b77d12192bf175f061fe77f07966e440f40bddfcfc21c1a1a7a

SHA512
796057d988560e4eea5ba0a5c32c51fcf5b84f788560c9b7ee9ccebca37e2580f0c22f1371d88fbd91617065ae7498cf266d37ed4197b9d64672c4f339f645b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a7cdd181de09c974ae22cf20a08278e2

SHA1
fb991b2611a784e670713242a16a5e47b3624c99

SHA256
27dc0424de41ada5cf19e1d39c56a374cbfe1f8eabc7430c575b7407c3f4d99a

SHA512
c97b9d06a80e1740beb403dfbcb544122da635b39a54a57e5f12398674b86a4979e6137d04267fd4c8ec3d4fb8c2f0bd11dc52aa5fb5a69a13b57e744e124a9a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4eac5774b79575897c8e212fc5a96c68

SHA1
2d5c7adee9b5512f4cee785862b5b8280a0f0c2a

SHA256
f50141e0b63302c738c1b376200f6b839a518a8660d848c44727006e7f4ce552

SHA512
9aa8456ffc53cf13a32413d99172fb0a8ca2ae9a82ddfd9b1aa95bf2ab2bd9398145ef29e5064030086d6c0e90492544723e66f44f6b37614f9055a779268f49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b506fe85466c2a6ef0161dbf1a56d227

SHA1
e2dda6dbd0618a92e958fd666b2f34a971275a6f

SHA256
b2f4008003cf357db1df883e9b56d323d55a050147902933fdcff757af068708

SHA512
147e12b0b45ba91f42c8de31d8c8c725b48db1c2fc20bce53777dd6a9099864747d20382abc979541003219b4034cda1292f7bb5178e42192e4c713f20c43da5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3d28d17f3925bca76e131adef10dad16

SHA1
7e0d7aad575af182832db826c8dab45012db985c

SHA256
fa5305c675b55dfd62a320bc6ddc1f2cb87aeca9c7d222b3f1523b620c6f6620

SHA512
71ac74c6a1db4ada11a859bf4d44ae50ed0474ce97bf4b4c66974082d9442e960bd4afaaa905854271377ce35bd2d61e3ab976546122c8b695e706fe98539755

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
97bf74b64b6d435f00992785efc636e0

SHA1
e09ccbdafc2436c2b677dde14cb69eea90a115fa

SHA256
20fa16f527293c2ce1788faaf63a43c990f84a377bce1c4bde6ee6e5b36b87a0

SHA512
32726e1951bcc03f19fc19d331f91728901e789904903587df59d7369d1d01bd8637901954e5847c2634b20b7262bd7b8c2fc31bb0fec664c50c38c0573dbc68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
270180a80922b7b4288a92facec9da00

SHA1
b62945d6626daa34557d5214272ae381ebcb7a77

SHA256
20b0b75c4c5c5cc842ba4b36a499cb6df97d107b835addb1559ed1d74d10f40c

SHA512
1745275c2dd7a7c05d618ab84bc98328945a8aaf2aa2d22cc1e87812b5be656a41daa4309a1d777931a3d8dfd580cfb4d1268980ea4480e0f8941e124595c85e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8630f7ebd2dc7474c5852318f51ea1c3

SHA1
30d3d765ecf3a4a51ddc5e9dc209ef6843359b3f

SHA256
cb71b0149466a517341578f7c0dc5253572394071c7bea3da9fcacdc645f407e

SHA512
7f34e644ef948643aca6e078efe03072980383cd98f87cec93e4f7ae2e84a3d64bd83dd79a8004371fb0f78cbde640c20ec935431fe2a9691df9ad6e8172435d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b54a37eb721feed887d95cd6f20a969

SHA1
4f6f501d7906c513b4553e526396b7d91db0e214

SHA256
9e88bd6bf1a61baecacc997a55d031bf686e4e68ccf28a1c329f11931d7ec81a

SHA512
e9c1e04c7ff23d8746000901fe92bed510111540e0b650036e6d304d2e344d5b5645cc5c644cc7a60f09f881b995990fae9e4114d726c850e0066b52388dd165

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
da9c2da03794ae0671a4fa75db874655

SHA1
03b40202344ef7d06bc847a2b6e6111bbf469a04

SHA256
16f1bcb87503a0312929c1347f5c00dbdbcb45c89fa5e4397816450cbd6ce7c4

SHA512
9f32c0b35442693d74e58ae50804a203d39c079dc258ef9de0034dd6600d7171fbdaf181069a6cd92259ba2b6662d47a3c30d5cce843b3af4d75722c1163ea19

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ed712ab670e1e6e3842cf043cf3626eb

SHA1
84c4564ea21439852f4233cbec5cf102c40e7184

SHA256
601ac16e19866cffd2294ccac96479026937167b5ddec531c837c0e318b1cdce

SHA512
8a62e5fea432ddcd3f48e7f8a7d1ab6ce54dc398c7c052ff8f4aa933cb832b8dff434be004f5a7ec8f216f4629040173402da3ed5ed9de1a5f705068d7745294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe597ebb.TMP

Filesize
1KB

MD5
15d27700a4aec521848e87d0b16ff072

SHA1
ab6be48ab0b8838b9de5f50cceaec5ad658802c9

SHA256
41fdade5323af182fcc969872715026911e9e39688c133c9b8dac3dd2c554fe3

SHA512
326ed066254255c3ef4d15d82c35747a5337f4c67e95dc49a40646c577a4559873457029422ef90e4c792a294ef45a296a1ff432b41d857a5bc997219d4d13c6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\ba2aca57-df78-46c4-a424-3709ba331f03.tmp

Filesize
7KB

MD5
9f6b5d9b4b7ff98484d482e7d4b7bbc0

SHA1
7a634240a1a5c1a36ade8332ba63916ccfd9ad30

SHA256
60179ce9032c5468ee25de4cc8ee322f3403b08fbfa26ad5ac5c0ef191e2cf24

SHA512
4bf98e1abc1c216158f8bf8fc382fb99d26a87479d936db74cb29470aeaa8de6a339ed465221cfdd27f2813d7bcd6546b1eaa24a4acddd69717cce8255f1e70a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c754dbb15f57b521fbafc593613ca510

SHA1
df87275563e5b0a527a7dc4b0108daecd4443947

SHA256
126229393b266065c98f445622fe96d27cb700783506d8ce19e0c5b88ebbaf45

SHA512
f3b4819c2b9ac981b41dd9fabdb2f0224a1ac820b5c32f166e24510b5657a9ae5218b094aad0e4d2eb6cf3f801992335a1dcd6b5349987650dc766a1e4d9c9b1

Download Submit