782e849a5a94ae4c8c93d6447dfaa0d36d596bc2727015a6f44044033581f385

Analysis

max time kernel
735s
max time network
743s
platform
windows10-2004_x64
resource
win10v2004-20231025-en
resource tags

arch:x64arch:x86image:win10v2004-20231025-enlocale:en-usos:windows10-2004-x64system
submitted
29/10/2023, 06:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

curl-8.4.0_6-win64-mingw/dep/cacert/LICENSE.url
Size

73B
MD5

d4eeff46fd41c739e4653431fe2511c1
SHA1

f0e013b1593394cf7bb0bc770a7cfc9b2ff95aba
SHA256

b9954f88a27e8457cefcebd076fa533d037711383f6b28ae489d063ef8c61f79
SHA512

c0d809e8e561f19a9629931cda0bd8be8c8b919d6926fd63b50512919637a9ee676369d546744f5d1d7aade58dac8f55d23e2421dd24f255ec033ca3f5b001a6

Score

8^/10

ransomware spyware stealer

Malware Config

Signatures

Blocklisted process makes network request 1 IoCs

flow	pid	Process
100	3324	powershell.exe

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
216	ukraine.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Enumerates connected drives 3 TTPs 3 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\E:	format.com
File opened (read-only)	\??\A:	format.com
File opened (read-only)	\??\B:	format.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\ukraine_flag.jpg"	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 8 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\DisplayName = "Chrome Sandbox"	msedge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Moniker = "cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe"	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Mappings\S-1-15-2-993994543-2095643028-780254397-2751782349-1045596949-3142982554-3368930949\Children	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-177160434-2093019976-369403398-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\cr.sb.cdmf5200eafd3ad904629cbb0f87a78a3c7211081fe\Children	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-177160434-2093019976-369403398-1000\{048D3256-AD4D-4665-ABDF-9DDBB89C0892}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 195155.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 19 IoCs

pid	Process
2756	msedge.exe
2756	msedge.exe
3376	msedge.exe
3376	msedge.exe
4808	identity_helper.exe
4808	identity_helper.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
3280	msedge.exe
4940	msedge.exe
4940	msedge.exe
3324	powershell.exe
3324	powershell.exe
3044	powershell.exe
3044	powershell.exe
2464	msedge.exe
2464	msedge.exe
3852	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	3324	powershell.exe
Token: SeDebugPrivilege	3044	powershell.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe
3376	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2424 wrote to memory of 3376	2424	rundll32.exe	86
PID 2424 wrote to memory of 3376	2424	rundll32.exe	86
PID 3376 wrote to memory of 3480	3376	msedge.exe	88
PID 3376 wrote to memory of 3480	3376	msedge.exe	88
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2208	3376	msedge.exe	91
PID 3376 wrote to memory of 2756	3376	msedge.exe	89
PID 3376 wrote to memory of 2756	3376	msedge.exe	89
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90
PID 3376 wrote to memory of 2096	3376	msedge.exe	90

C:\Windows\System32\rundll32.exe
"C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL C:\Users\Admin\AppData\Local\Temp\curl-8.4.0_6-win64-mingw\dep\cacert\LICENSE.url
1⤵
- Suspicious use of WriteProcessMemory
PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mozilla.org/media/MPL/2.0/index.txt
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2cd946f8,0x7ffa2cd94708,0x7ffa2cd94718
    3⤵
    PID:3480
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2756
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2884 /prefetch:8
    3⤵
    PID:2096
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2128 /prefetch:2
    3⤵
    PID:2208
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
    3⤵
    PID:632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3332 /prefetch:1
    3⤵
    PID:2312
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
    3⤵
    PID:2640
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5144 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4808
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
    3⤵
    PID:1376
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
    3⤵
    PID:4584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
    3⤵
    PID:3516
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3520 /prefetch:1
    3⤵
    PID:404
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1348 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3280
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
    3⤵
    PID:4876
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
    3⤵
    PID:2416
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
    3⤵
    PID:4864
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5904 /prefetch:8
    3⤵
    PID:1240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6196 /prefetch:8
    3⤵
    PID:4368
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4468 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4940
- - C:\Users\Admin\Downloads\ukraine.exe
    "C:\Users\Admin\Downloads\ukraine.exe"
    3⤵
    - Executes dropped EXE
    PID:216
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "Invoke-WebRequest -Uri 'https://upload.wikimedia.org/wikipedia/commons/thumb/5/58/Flag_of_Ukraine_2.svg/1280px-Flag_of_Ukraine_2.svg.png' -OutFile '%TEMP%\ukraine_flag.jpg'"
      4⤵
      PID:3320
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Invoke-WebRequest -Uri 'https://upload.wikimedia.org/wikipedia/commons/thumb/5/58/Flag_of_Ukraine_2.svg/1280px-Flag_of_Ukraine_2.svg.png' -OutFile 'C:\Users\Admin\AppData\Local\Temp\ukraine_flag.jpg'"
        5⤵
        Blocklisted process makes network request
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3324
  - - C:\Windows\SysWOW64\cmd.exe
      C:\Windows\system32\cmd.exe /c powershell -Command "Add-Type -TypeDefinition 'using System; using System.Runtime.InteropServices; public class Wallpaper { [DllImport(\"user32.dll\", CharSet = CharSet.Auto)] public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); }'; [Wallpaper]::SystemParametersInfo(20, 0, '%TEMP%\ukraine_flag.jpg', 3)"
      4⤵
      PID:3428
    - - C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
        
        powershell -Command "Add-Type -TypeDefinition 'using System; using System.Runtime.InteropServices; public class Wallpaper { [DllImport(\"user32.dll\", CharSet = CharSet.Auto)] public static extern int SystemParametersInfo(int uAction, int uParam, string lpvParam, int fuWinIni); }'; [Wallpaper]::SystemParametersInfo(20, 0, 'C:\Users\Admin\AppData\Local\Temp\ukraine_flag.jpg', 3)"
        5⤵
        Sets desktop wallpaper using registry
        Suspicious behavior: EnumeratesProcesses
        Suspicious use of AdjustPrivilegeToken
        
        PID:3044
      - C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe
        
        "C:\Windows\Microsoft.NET\Framework\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Admin\AppData\Local\Temp\tk3hpzxw\tk3hpzxw.cmdline"
        6⤵
        
        PID:2808
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe
        
        C:\Windows\Microsoft.NET\Framework\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\Admin\AppData\Local\Temp\RESB237.tmp" "c:\Users\Admin\AppData\Local\Temp\tk3hpzxw\CSC87D48F77278945029650DB3FF1669E69.TMP"
        7⤵
        
        PID:2636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6520 /prefetch:1
    3⤵
    PID:1928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6600 /prefetch:1
    3⤵
    PID:4920
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5528 /prefetch:8
    3⤵
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    PID:2464
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5276 /prefetch:8
    3⤵
    PID:4868
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5552 /prefetch:1
    3⤵
    PID:2772
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4724 /prefetch:1
    3⤵
    PID:3028
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
    3⤵
    PID:1332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4704 /prefetch:1
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6076 /prefetch:1
    3⤵
    PID:4424
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6020 /prefetch:1
    3⤵
    PID:4336
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6932 /prefetch:1
    3⤵
    PID:1924
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7160 /prefetch:1
    3⤵
    PID:2432
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7288 /prefetch:1
    3⤵
    PID:712
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7800 /prefetch:1
    3⤵
    PID:2664
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=media.mojom.MediaFoundationService --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --service-sandbox-type=mf_cdm --mojo-platform-channel-handle=7400 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3852
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,932277768072852535,1868615613662141657,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7284 /prefetch:1
    3⤵
    PID:4220

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4932

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x470 0x2fc
1⤵
PID:1684

C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe"
1⤵
PID:432
- C:\Windows\system32\format.com
  format e: /q /fs:exFAT
  2⤵
  - Enumerates connected drives
  PID:4928
- C:\Windows\system32\format.com
  format C: /q /fs:exFAT
  2⤵
  PID:532
- C:\Windows\system32\format.com
  format C
  2⤵
  - Enumerates connected drives
  PID:4852
- C:\Windows\system32\format.com
  format C:
  2⤵
  PID:4504
- C:\Windows\system32\format.com
  format C:
  2⤵
  PID:3216
- C:\Windows\system32\format.com
  format C:
  2⤵
  PID:4784
- C:\Windows\system32\format.com
  format C:
  2⤵
  PID:2456
- C:\Windows\system32\format.com
  format C:
  2⤵
  PID:1344
- C:\Windows\system32\format.com
  format C:
  2⤵
  PID:2656

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\powershell.exe.log

Filesize
2KB

MD5
95201d9e44c732d9b261b4b334505d6b

SHA1
d5f3f499ef27920d8a614152191a7e0c2f9c0264

SHA256
baa9a89717f4013b2799bd06490c738246759ecdf7a3200406fad5a443e83669

SHA512
15ddf637b642144dca99e2794cb4ca4d1dfa9d682e7eb42075d9b269dd5a479b5ea86017db142b599a3f022ebb695baf3691305ab17009060b4f64ddd7254282

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aed593b08b94f34dd8f68fd369652ac2

SHA1
3ce2a17e426e09c2fd9a8d2ab191fe29248f2d95

SHA256
5c0cdd5dc1bccf7e3ffa8568fdd2fe35f3edc85832f3d11331aced965aaeeba7

SHA512
16b34c29d8ea3793f7d4491847d2fecae2c6c9d7b7b1ec16d1367828d0a4da4cdbf912c2040bc0ca98ac32cd701355ddd16b4865629d51bae2527e1a05411137

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
69KB

MD5
7f64f527eb916de76d5559f2af78c4c5

SHA1
a08d47d130d2025d8c678609fa857e4da5d34105

SHA256
76c12bca3ea33b6d5d0c248b8a7935e467a3cd35257cae3829d16a3dc5abf891

SHA512
6c706f7a5465a6bd002c004726e35719a1df7a8ce84d3ca620db22ae9016c4285cc344e8d080898fca2212b9c2e801e43951a55b46244e080086bf1dcedee56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
21KB

MD5
e1188c831c3869ead83ffe1eee6bfbb5

SHA1
32c01d767037f4b30409d90472942f9fa9110b5e

SHA256
adac7f455522707e5a174b59ba09ad0991bb202405ac417f6c4db41012e8e8cc

SHA512
3ca2adbf1a738155629740624ebe30ba60cf38cc1e3d682481b868428d7e986227d5608f7a8e1f135aeda0ca3b81742ffa7d62849c7351e2153c3cd5ead75e12

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
89KB

MD5
20b4214373f69aa87de9275e453f6b2d

SHA1
05d5a9980b96319015843eee1bd58c5e6673e0c2

SHA256
aa3989bee002801f726b171dcc39c806371112d0cfd4b4d1d4ae91495a419820

SHA512
c1e86e909473386b890d25d934de803f313a8d8572eb54984b97f3f9b2b88cbe2fb43a20f9c3361b53b040b3b61afb154b3ec99a60e35df8cf3563dabf335f54

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000b

Filesize
992KB

MD5
ed2efd2cdebb8e10d6aa58f4a40e7efd

SHA1
1c46b417486f04cc237b912d8eb96f2a3a442ad0

SHA256
8f216d9edb857a1dda1c0d733ae415200fe6ee426a1e5ca731a2712ca7b52191

SHA512
c08fbfefe8ae5f1888b750a3fb36da5c08feed631134334268aa8a4463d8cdfd881cf2bbe8b54c9c0a1d36add0d0e296dbe2ebd47d221169aa6cd8b347904f68

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000030

Filesize
58KB

MD5
20e29a0c1d34ea8f344bc6fbe79879f2

SHA1
393da7126113c972bc677d6ee54fe20b88167ab2

SHA256
615c0743fb37e27da2b564015aabce06b4797bb8bdd2a92964aab4188173b4c4

SHA512
c2e96cee1e7ef001eaf729816da20dbf62fb326d68e1dfb5cbe8273d2d2fc06fc9dcf30e97f764464b578db01a58764df9072649f65613047365b26113c5b347

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00003c

Filesize
98KB

MD5
233a16603434d8cdae6b53f35fd681b0

SHA1
707771c1f62446a4ffb2a846b7f4ed6b32350a0f

SHA256
895322f7bfc071d7a8e40987bd79ff3186e4237e56e7f8b37adbcffa00e13291

SHA512
c4f140ebff2381dbac56c809c2e7d79da1542844e4b80f3f462616688f8a52a5557a8596a13b7d5fc5e5e5b0072254fdf34891937f6508be9511bf821c27a132

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000047

Filesize
22KB

MD5
82bbe388f4303e804b062e83f015f593

SHA1
8c59f3aa5ce8987932b637229063073f59c1c2a5

SHA256
dfddd8ee526fd212a15a7418a248e901d560500253cdfc87b65a2506691b490f

SHA512
41cdceaeaa52b106e50b8b3b558e307eb38bf761fe0945cf48f5265ad18ed0738163613a0c9f7f3e95c2752873cafb54a135c0d200261fca2537ee3f6ee44f03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004d

Filesize
100KB

MD5
8b878379c199af14fa55760c20da4d09

SHA1
67972606245c4aa9cf514ac2644f77e857cebecc

SHA256
94191e2e85d1ffb369aebd3c1cda29545eba73bc6a11d225aaf610af796c5fe9

SHA512
1b3a7a8f36e3d065d820105e586f6d62f6ab7ce1ecf9d6eb7ee94e10dd0da1f716b9c1d3f793af3744cd6695b45f7b821e4e12ee0157a9b3882a3aa07165618c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00004e

Filesize
42KB

MD5
41b2186c66f55a7b3d8f6160295bc976

SHA1
d07f8caaa1096b14e0588c497e3122cc99dc25b6

SHA256
1807b3d701cdcdeb65fee07fdaac1465f8691e8be46870bea37740595614347e

SHA512
cad4ed5d2cc5a80be565a5fb9bdfdc27738e88ca3fee4a93cf9b187d178b0424e0d4bfdf7ab9226f0abe425aa6a96cca7ae5f5cca30695bbe719a4f412aff93c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000066

Filesize
64KB

MD5
ac4c7f6aceaa751c23f2ded47b548e28

SHA1
dc82270f6be6357fc9d381f18ab1b312f2183cb5

SHA256
b7022de37cdb2a9d2fd1d73d3a0028eb157a8eb548bd2ac2316599434529d47a

SHA512
3a1394008e0081661018acc2a09e8263cf3a1e899c0b27eeaf1cc6854017a53ad5274aa2700e93b3aa6d4da34b34e634fd5e3c422c4d64f9968e568ba796beec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000076

Filesize
1024KB

MD5
160498db84f500e17afc9d4f72af0278

SHA1
6ce2b3f805508185a48d34eb23380b1d190d72d8

SHA256
cecf79732456862f5f590c8d173f46bb9b9f32c2bdcf6205d0bd673691db861b

SHA512
e37b2b4242645699223634d7358f4f314b567fba7bea00f14999eeaf59c661f85185be60979d21c84958b33a62668ec00159a7f2c524f38e15ffdd6046cf97e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

Filesize
147KB

MD5
1ed25b805aa59311aa01d03afc72c6ea

SHA1
f9e293e75411d4dceef4a176e71bfb2d2aff908d

SHA256
2cbb328dde90b51d095a20fc7309cf6661e91c0fcf4923a31115cd04d9e745c5

SHA512
e1eecf44bf59ffe2b9b97f388dec0e24edb971c6f915818040ac17e8ea8c0ef880d74bcc25ae52cfdc7095dc49eff678db41a79a239f43148417cb1f0d0def53

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00008e

Filesize
147KB

MD5
8735411e294b6bc93fa53ed459487df3

SHA1
05e2be857c345e65a7c6c4e5133ef1929d4478d3

SHA256
8d5a2ba00f8db15e9f51bc99ed7eadd884aee3ad3f0b31eb18424012eafa37f0

SHA512
9c0a601e61b96fc842be56580cf2dba1726b45f2ce25a80270e44ab3e5620bc4a97b5bade77a9ffa5418b875dc08fa935b9282b7531916975a9c522a885eb043

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1c532325b8304537_0

Filesize
279B

MD5
dcd01671b0e850d28eda4ee767ce2b5d

SHA1
738ac22ee7e02f4ee84649d08815f2e434c6b181

SHA256
9a555f0cc6de666de30ee898d0eefb6c58aadb59303effbcda1a454b60384055

SHA512
182671870eb1ae1e8f21bf9a654d2d934e58fa12fc216f60054a9dfa8ba042574626f23f6668e0da3d18b1b2f80a2beceff9404f664148781dc59eac164b19d2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3aaf42d8be1c2e52_0

Filesize
125KB

MD5
06056e2a2d0a091054f57b989677cfd9

SHA1
868403dec516196cb9c52e6034104b48dfb0833c

SHA256
99209e405da3e7585fe8f7bcbc992a318d1ef88354cbb55c6633f729961fcfc8

SHA512
1abe98c8166a63fe9e42ae83f07ed4582719460d83a8251c73301ede04d98b98a55e37b3a31fff43dbafc5509b73736da4386b19b412cc6445e2e5ffe80d241c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\68e5c228e7f0263d_0

Filesize
40KB

MD5
bde315232e4b23a418a92702cb6908cf

SHA1
8ce505e8cb4f15399f8dddfc754529491a7cdd3b

SHA256
06c24db0070341ab5cad878058d4c4ed190e10526eb29706cc35f50b5a150571

SHA512
3866b12132488064e8044039afd7b08d18338cad4abb62aade045719acd6b031e54dcf3fb07dcd19d2364ec5af089751fee37b801023b17589cde856cf88040b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
9fb78eac7c7d78b782494f68eedf2191

SHA1
06df75721e7027437e4c591fe374998c6c3e3c47

SHA256
f761a7b6717bc26005b6b14344ad086a489cd546aff23dccbd40d91d3bbace3c

SHA512
769bd085d68b247af3757bbc05f1a835b669701d112b846b23467fb88d1db19d70ad908f1174a5e5c88ff4afd86d71a665bfd8f830ef3493c5fcb3b645caa007

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
8d5070de1d229bb23b5f506c5714a69f

SHA1
1ee42dfc02897dd85c8e441f4138563be9b42c7d

SHA256
2faa79022d309cb67d1a071d37a7da8fa09632da56f8defaf844b74a2975b40b

SHA512
1b624803dd83c8503730e562db42f900d84ef44bf0fed790ea62a185acb1b5a637a395d1338143c34e847d1ec37ee6446b5bdbc6083818508afc631dc755d59a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
f599db254de31d2fd7a62fe336b933b7

SHA1
63c37b33d9c6d22bf4addf49a1b54c5d18122b78

SHA256
87f8f8aa7d9c1280392c3abf77949df5243ff77b4269ebf1642f4bf7354280ad

SHA512
86886b395ffb775903a57e5576d8e68b4d8daea658b6759379966ff4d0077d58850cc17d23281e2a011b7694275b2256bb5cf7f3d49595e39ba48e086d9645f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
2af4b74b4911def12fa4356d354e5fde

SHA1
5d73a828a88afcfed2da8a811111811151e87fbb

SHA256
eb6b5ed89b5cba02b8d54eafb8a412011fe40d38e59a4d9d5eb56a53a70bad96

SHA512
c02033a322fbc0796655330ad06cda7a190604007bf9c1db91d01d0d0b0df607793433a5379764c63d707ec6df45b85ad36b5744fb03ee5a6ba03310ded2fc0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
4b432d415e061b60a3a149f6756292d2

SHA1
c325a4aab43a827e918318051f4c816b6bd51d3b

SHA256
a5f6992941e3c317973cd63d59417f05f8e0ad7afc1728ba0002deb5983e6430

SHA512
c333b442278715e564827c8bca1d12f8f9e6917fdad8ef94f7642e046ccb31f7cb8543424db9b1d7e29c04fe66fde869663ad976a72ffa6694823a3a6c4266a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
778b6f277e5870c94a5de6e59a6385f2

SHA1
908d0798830f40e051e4f0e27cd7cf1c62225d31

SHA256
9b92021423e9e984441feaaa60acd0cdc3459392d42cdc2b147979750b5b8505

SHA512
e8198a75b4a0b5f1a1710a91bb7f0d2d66a18403bb60f04c05ccacb1f3d8caaa9d5889b4f3ac6070adec234c68db8b468155ddb32934699048913737a3ca50a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
183B

MD5
39273cccc0117e7c708884035e83f3c4

SHA1
d5ce9c4ac1cfb63d322ec7c2ac187968d52869a1

SHA256
4b864c6f28e556a4417cb86395433e9248f59f608e8f6742e57340471d58075e

SHA512
35ad9ea2f83e8d3d12aa2d19cbcec58f0497026378d22000b850133f47061ee3ed3748cef472fb08a4ae956143fbf605562ef43a22618b7dc2db6b38e62d7b1c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
7KB

MD5
7a4252fa8f225cf4c45797086b5120e2

SHA1
e527ef69559417677762f60c176a09a5cad506dc

SHA256
dfa457dfe800c27689275952ca2172ca7a0070230c4f72f997ce076951a5dd41

SHA512
5427bbdb14438e8ccb9c949dd4d7f8f1a43482078f89a72f318932ecb3fba121284438965e70eb3d39093e5cf7396721c491edddacc5a5e2c67c353d1c8cde5c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
042e738b8af72c13637fe67f6651b026

SHA1
6105218f82f005a645ca71dc1f420c78008072c0

SHA256
3f79e2af79db846ecf5426259182310badbfcf94b9a15a91f422900329f6d96a

SHA512
9391a2539366d99c3e6f21b9230c8f4622305fb2b76d745a132468743bc2e5f99b13f6f1ccd9d8deed1dc03d7e71d74964fb1a0c75824767f406267a86cca1a0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
efa21cfe175581e44bbaefbaeae5e4de

SHA1
b818b2573542103a6505637bafaf519d5c563979

SHA256
48738c12c5617e53ba9d5abc7cb72afe2c6c98988bdcb69634a04974cd55cd82

SHA512
6e48b31621df9058ebf06c2d8984b0ddd6eef554d8207019661e0903e59ae27168c216c0455e10108546b4743839848043f4c0e1ebde12fbe50c54de88708d31

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f01563930a758d3febd6e5e825bc6533

SHA1
61752e64ec5dfac339ec3b14c1f2f02c8ae85ebb

SHA256
17f12c09fa8c66448789d3abd366aedfbf3a8d478a4c5da118898ad8e77302e7

SHA512
92a03e6829aaa246e0690b6740b1afeaa7e0599f9731f1c2ca9711ac9e2ba0b7f8e8ee0b312ed73e3e43fc0868753528806fbac4b3af9a1751b531bcd89c04cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
13KB

MD5
d4c375eacbc2bc9044a189de6d0130b0

SHA1
454ede379b18617c7002587bac339e7ff3aadf84

SHA256
50527c43504d1b7b58cecdd32ee34ec7c7cdb8fd9d19a496aa9bc9ab95cefa28

SHA512
40c30e4bcbedf91809a39dde44ba358fed5b9e5a59a0ec008f60cc70c804106783c20795c2ddc9c6a160151ac9a1f3d145ffdffebd65836e08eae8d079d9dbd3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
409e0c5fd4923ca0870d842a824daa95

SHA1
5438d02a4e65dc3b55b6f4b83187ea6fe98831e0

SHA256
0bf1bc0210a399bf26a09b83a886fbc6404ad52af6f50ae388c7ac3729b066d8

SHA512
1785b1aedbb55dad429b0a5388bd4edd80b5665570037caa735e587503eb4c8f4d4b24d0df58b2ffc242c6a2ac4689b0a98984c33154c6a5474dd5dad8cdab87

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e1a86079057b76f06da8f7ea2148514c

SHA1
7c2a59ebbbc69609ba782267641559d72cb1b2b3

SHA256
58198ae762dfffd0196408268a273c48df36530ea161429b492129e0dda95a18

SHA512
a07f6522414b4d3d258342ec3868ec58417d34cebcfe8884b83e4eaae8895e02f29abf59b2f594715aef1579d853203d4bbf6e09be7db11b76342d67b80ad5b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
898b6ff8663f158fb8961ec1c5e7bb0c

SHA1
6f88bbdb0c932f84505dff17a983285f842e6b5b

SHA256
2411d1333a585ecb91bbbd4664ddae436b6451cdac67f56f567be7f16abf7788

SHA512
b0dddbfabb5bd52a8fb4de5426987c28561659474fcd4d294936aec22dd8387789760c807a12716bee4c7a8237164695c788d7bcb3a74b281921de3307b4d872

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d03f965200d5008201119eebe7f963d5

SHA1
da27708e1f76572e77795aaac55b0516007351a8

SHA256
ba22c650417c8957ffa91d6bbb719e6c9dafbb8ad64f78fc20f5b297c2995cf8

SHA512
d75579be41ebe4c8d8621b62551202471daaad62c38eaf467e18df7a07e1f4c1dce863c07328bec9e7c3a78089cb650da7651494bac40de469bbffc43733c27b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
826649f1c47b16509b868471a3b92b4c

SHA1
637a17811c9dc8b3c747d8925429d0db9a175c4a

SHA256
84afa27f7f987bcb29aff1b9273c961b63682397153ce9442a8ee5ea45d867a1

SHA512
8befacb46ee51d82f3683e5dc3771478b4cf15fc65ca2a9552d0aa8c5d2ccdf11f39dc1e7a1036d50ef90d1fed605aadb490060536e33e41a9d263f7aed1bd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
15KB

MD5
a7873969c8972872f797e192d144595f

SHA1
c248fc31d18bdd84225342ac111412bb1ad3080a

SHA256
7f3d00801a53e5df6341fadeefb9d002ac00f862875ba47dfa3d961bfc256975

SHA512
524daccf94e9651fc3e72a65c81d0fbd8a4b11edee80a45523291b8b66533ae243dd74a6765a66d8b7bc04306867ed2d6350a59efa74180f9a9db380c172f28f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
e2565e589c9c038c551766400aefc665

SHA1
77893bb0d295c2737e31a3f539572367c946ab27

SHA256
172017da29bce2bfe0c8b4577a9b8e7a97a0585fd85697f51261f39b28877e80

SHA512
5a33ce3d048f2443c5d1aee3922693decc19c4d172aff0b059b31af3b56aa5e413902f9a9634e5ee874b046ae63a0531985b0361467b62e977dcff7fc9913c4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
b99bda7af06af834341adf0ba6248899

SHA1
959ea482dbf81339b14e6d698cb1b92b638c9194

SHA256
cd8637d4f6cc76105047ff9e928d3da1dffd791ccaa6e2201e7005dfc4444c47

SHA512
2d0f005e439fd0c82dd9c2ba335e991be8bb8e7f096a6196e9ecc6e7c71658ae2e7cbc0c5721b8fd817404736b95c6dcba98dbabe6d066e90087208dddc60e29

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
63251f9ff4e5454a9d0bf2fe69d0d06b

SHA1
78d628f8dada538f6add56d328d32c16b648357e

SHA256
2fadd47047706c1a22533a6169a2ad5a3002a44a1a2f7f6159ec9381855d3af0

SHA512
0a15adca1272af67e5847fc9d567ad4a931b2ad0b0b3ac65c4c285ae83ac845b7ffa0ba20f017a98e766e347321c41e97cb39b85569dfbf81a4c1249bb4a253a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a208fe47a642b0ff29ad7a66336ce7ed

SHA1
fe6cb00583395bf12e4ad65323e4ea60002d2827

SHA256
e12b18d29d9809803c6f6782676b8f118e5bb9a50a0f80b3185e2d4d768f5a08

SHA512
ba7b168853a406da4fc8a51dff0adaf3d409314dab81d19322bcff66fe665922325fe6811a41ee8f8125e4c327e168190f3b2aba6608b88586c94d1e7ba8a4d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
fa398f2439f3415332d2053731870e00

SHA1
5899c788d5c8cfd56aa55a2d1b6bef22e0a2f6ff

SHA256
a9f0434c3e8fac36d7a52edfdc99dde862931431d8425246271e3b4e078cc4d2

SHA512
8bf0f7663eb0ebae0ed1c1bf057022f2b1e69205273e3c7ccf62578bc73c951f5f6720c545a975baaa87d1739086056e831fd4cf9f1c88449cfd31b59b082d75

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
ae457ae025323247762d99572558da6d

SHA1
4e982637b4d4937b63888a4828563c0ae6082a66

SHA256
34b2a8252d558884fbdb1105293daa587089dbc571735080ac1a8ee4e4b20e26

SHA512
7deec1eab04b0940d9b3348a6afd2dfcb3c380fd125bf7270c8764c16b1c3b7f48152432d6de3d5fe04a3084debeb16b6287f4c9998dfa08652d2a1a5e5d3a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
3fefc613b8a60590ac4d7b66490e5769

SHA1
a14517dd91104ff494871b4593a095280aa1085e

SHA256
490388710bbca1d481df603502373771a214c9ca363400c2e44a22c7bfac5c7a

SHA512
b42ea3041b2e76ca9fcf9fc37ccc0b9609466934f3b501455821c31d91117802af0da6a39b05822d86d7ff64223592770b8793c9d581d51fdb11ec1f94dacdba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9db9768883e01513aff93f68a5ca122a

SHA1
f2b31bf9b43521a51f5039b0456b9a6958da7cfb

SHA256
5f3ed896823c532a706c1057d6c3ef9ad1eb8d512cdd4397c049fec35bf462c7

SHA512
f4fc579089576aaa150de4dcb0798fc885d40b1d2e877374841c761a8d0d832b66bece03764cbd0a654330d1b76ae1acfa8c90ab902be0e0d86e67e5845adb22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
837c93907afa80c694200b4f33bcbaf2

SHA1
0e418b218a2849f48d2874272bf83d0b5b18d3dd

SHA256
cb3c8a0f93ca2c7615f3ad1536c5a20600d185f8c69e0eecafb3bc49d2f41d64

SHA512
424091a17b1f48564c3e103554353fadefb5a0e0e78f49857ee90ffee2f9b4cafd9b32de35254e4d4faaad6e290387307e9316e695c6c17f477462364fa94bf0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
706B

MD5
aa5348da4a2e75ea31244b31a99aff44

SHA1
516366334bc9a68eae524303bed603ccf884a071

SHA256
4e731f53d999d825f7571f2bd9e25c7da22db3b368446efad69a61ba91939072

SHA512
5c8317582811c8eed51975364acf02935ad4b9aadde984cdc9d6bafec85bdc65b82ad4d394fb81c2e4f000aebb05dd1ae5682943841ddd6c1b3c46104ecc9d80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
a2cec4d8b0738ce53b0081bfaa0f219e

SHA1
6d51f9fff7034ceb61905900d3177dc59e8400e3

SHA256
2691cca9ea4678f265489825ea8df1383d780673488b926e0cc207ece8ab0354

SHA512
b2279dc20248755c84e4ce45f81319a5878ce8cb43c6a2a28504977a474423f9edd4abdab711e7074106988d726745ecdf4f71c7a81f2f18986c5380f0bb2232

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
9b4cc7a8df36123f3545330c0399b045

SHA1
55432aaca8718032c87f21ccdc33a45231c514a0

SHA256
8b11b69640912388a18afbafa9c841581034632cbc38807c66b90ab78714d595

SHA512
6030c8c2f2d202dbf0b712dd6a264d298f9b7069ec6cc25550821a7728e1f3544af8d017aa1ebe1fc9471c428aed4786a36c70570e031629fd97d1e6ef6b77ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5ec4a6.TMP

Filesize
204B

MD5
e8aed6673ee9799d5a60f864c1a424f4

SHA1
9de0b6928c06e5b94025f95542f04083435572af

SHA256
2b2cb4718648d758067c32509df807ae44b429ef9595612a8fdb8b851956c07c

SHA512
3509de86ad1a8741a722bdb4a13146647f8cbb7dc5ad27f93ad82802829d8de228699e77ee40f1aa612341b3d4debfc41cffa9e8a253074893b8efd65c9dbc59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
4906ab46d40f96ec4c57b8bb9f5aa4f4

SHA1
293dff7c6eacb0d16591fe85d0bf63996dfc0c7a

SHA256
4dbb1c960365088f4edea7fc284bd247e2bfe9ac5778005f67e5de3def4ba610

SHA512
2bde0fefb2f14c1dc97b2d66748c7308ee20ac60c7a33f79c599ecf17e420ac6db25c83a434d35bdf4ac57764f26a01835d49e8193f2f91a222095c377979c81

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
caeeb2bc73f43264eb3701c64751e7e5

SHA1
dd8f26839452a8aa34d89a5ece6bdb49d1345ab6

SHA256
19a0b878bafd4073e22b8eff3285a07bdc28ad2d3db4c71a04305f8d8f4215bb

SHA512
dfbe08125df845e3785044d5a912a074f96dbb26929ba11e85e79eaa7d5e37ea7537326dc93963a97025f2ccb54b1eb43cb4c65eb66f2e1c3b3c96e54d906d77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
570316f4a0c374b3a6a3f09ab6553da7

SHA1
7b3eacec4ffad612bd8493be1e0e4bb9dda6f5e9

SHA256
83d2192d57095521f667dfc7e4641be95c9c2c42777159e4f993ca55ed0b28c1

SHA512
6fcfebf061188efb2774a3caed93ab73bd365a88f9ba1b39e2dd5721f2d5236b6c852677d20b665804868f6bedb26ecfca1d4839194c346c80c58967d012dc7b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
521ea5c649d7b9013654cf0c0c829058

SHA1
e274b811c4f75a1751d0891e40bb35700c9a8126

SHA256
7f96ca5d91dfaca8e4475927c89667b39662ece2e1a01b595f8537f104efe78d

SHA512
ba35b7991ad3efe86f241c36dcd322d1bcbaeacea56b49906f41b40f3804f419284184bb9e47b7c03e5befe2c0a7e90ace218147cf7481410a4a4c54c3b7ecdf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cb7610afec224dc8e8c8a6fb0a09d9f6

SHA1
096dafd611e4be74f87aae88142473f0455cb9b6

SHA256
288120978926f756c1a47d6e0ce045e7dcc482665382ce6a6e5db84c0eb63ad9

SHA512
a4b80cf42f69b2345fcdd32aba9cd507ad87603a87b35b58846292d6760237319a7b7a50d1be77eba528829d9fb2beb64febf588606e302f7f40e3cebc46db5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

Filesize
16KB

MD5
da2be2d9784a9505cf86d3be295687c9

SHA1
f6564ee1e824c1ace98fffe8f7806c3963bdf5f5

SHA256
9975b7c00ae035d2989898942e95e52e496ad03cb33ddab12be1ba70a3951395

SHA512
3990e66a7fe221972335f873a6bed1ecd3eb84e8482bf0c77528c2a110c0d628d3ba6fc7817a2273be90c89371dd4a6f7c5c98da36677ce57304be3d699000ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\RESB237.tmp

Filesize
1KB

MD5
e1e7d5845d8cb6db13bdc2621d816784

SHA1
40090f1fbb81ead7352b0ad645fd8e38268c56c0

SHA256
ced48572aa1b1bb247bd5997fd3fc3ab97c2f663a5a5102b8f98fb1272420997

SHA512
e1cb70976b81108dc1890e074e3b77274180e1dc395e6fe9d3f1cf16d041f46c062fff9157398c9ce25aefb94216ace4738d3ea90ae451bbcc1d5b395ac3fc69

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_m5aexkeh.i5s.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tk3hpzxw\tk3hpzxw.dll

Filesize
3KB

MD5
dd4ba1a66d0206ac49b67966943c74d5

SHA1
bab1c4da4acac4a02c4b89c4caed3a7a42efa2ff

SHA256
a3d2da4a8056eec47fe0b0721e104c63da761a931e6fe147ca2d33ba8c5818c8

SHA512
1d8e737b8b6f716a046ecea30338ad77586606a721b207c104a68c5f10ba7105b05dd2325c1e73260ac9a3e09848578eedf844ea8b413b28d8c8dd3bfebc1056

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 195155.crdownload

Filesize
91KB

MD5
7834280ba27c5b1ddc9659ad7089816a

SHA1
f7bed8501aa73d6d46dad54dd70590d00b75ab62

SHA256
8b17f33b1a75951807db7e3671a49ce5ec7373a9187346374951b04c1cdc946e

SHA512
e0bc1702650bc3e2b24ccc29eefb38bda26c5f230b65ee8e8fc22dea95ed55a23366785d7e98e19eace39c5f529a64c9e41cc0e6854438993051c92c0fb49e74

Download Submit
C:\Users\Admin\Downloads\ukraine.exe

Filesize
91KB

MD5
7834280ba27c5b1ddc9659ad7089816a

SHA1
f7bed8501aa73d6d46dad54dd70590d00b75ab62

SHA256
8b17f33b1a75951807db7e3671a49ce5ec7373a9187346374951b04c1cdc946e

SHA512
e0bc1702650bc3e2b24ccc29eefb38bda26c5f230b65ee8e8fc22dea95ed55a23366785d7e98e19eace39c5f529a64c9e41cc0e6854438993051c92c0fb49e74

Download Submit
C:\Users\Admin\Downloads\ukraine.exe

Filesize
91KB

MD5
7834280ba27c5b1ddc9659ad7089816a

SHA1
f7bed8501aa73d6d46dad54dd70590d00b75ab62

SHA256
8b17f33b1a75951807db7e3671a49ce5ec7373a9187346374951b04c1cdc946e

SHA512
e0bc1702650bc3e2b24ccc29eefb38bda26c5f230b65ee8e8fc22dea95ed55a23366785d7e98e19eace39c5f529a64c9e41cc0e6854438993051c92c0fb49e74

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tk3hpzxw\CSC87D48F77278945029650DB3FF1669E69.TMP

Filesize
652B

MD5
dfec9e497af1e9b774c048e5d9048f61

SHA1
77515ddde80a83fbc1eb2320f4f3e1337cf8952f

SHA256
8f2881a74fdcb4dc2c3501c2026845d66dbc32287a5c4db68e19022551d9ddbb

SHA512
ce3ea0e5a9b77bb906d8fe4c4ef383a7cb2e858d69a2988448a45769d86864d285b0db4836fc6fd1f603150d44d00ab27a7673a8743bfd0d2a5f8ae55cbbdc24

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tk3hpzxw\tk3hpzxw.0.cs

Filesize
234B

MD5
b5bc6f9136dce704041d49aebb0b4fa1

SHA1
9b2966bebcbd68d70a40f85682f148d5c6bbb8bb

SHA256
d17a04b258a3f4d6c07a25e77ca59c310f7030062eceec328eea1f0d2047f024

SHA512
e828bc3fae857240e623fd28c2524b56c8d294ac2bf45a24869dc6786a7cd2d5bd2299546a2a9b4b286f96b91e48c2d8f185a3d508808edf06a4da0e54b02c6a

Download Submit
\??\c:\Users\Admin\AppData\Local\Temp\tk3hpzxw\tk3hpzxw.cmdline

Filesize
369B

MD5
5c4c232385b65e80a9374ef151d64b20

SHA1
1f6b60b4282df270f8fcc40faa6ff2c3bd2b1abf

SHA256
08fa3d07916d1fbbd5ca029a889925ce848544be6de2dc35efe9f7d845b5f102

SHA512
d7840f64673c585206ffbcd7ab722e90736aadeea5f244bb3526de8ab498f22ec4b2bc5f9037f6b543951ee63d7e0c83c0b6467648693aab0e007e88e95316f6

Download Submit
memory/216-643-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/216-303-0x0000000000400000-0x000000000041D000-memory.dmp

Filesize
116KB

Download
memory/3044-316-0x0000000005280000-0x0000000005290000-memory.dmp

Filesize
64KB

Download
memory/3044-418-0x00000000066B0000-0x00000000066B8000-memory.dmp

Filesize
32KB

Download
memory/3044-425-0x0000000074B50000-0x0000000075300000-memory.dmp

Filesize
7.7MB

Download
memory/3044-317-0x0000000005280000-0x0000000005290000-memory.dmp

Filesize
64KB

Download
memory/3044-365-0x0000000005280000-0x0000000005290000-memory.dmp

Filesize
64KB

Download
memory/3044-315-0x0000000074B50000-0x0000000075300000-memory.dmp

Filesize
7.7MB

Download
memory/3324-234-0x0000000005A90000-0x0000000005AAE000-memory.dmp

Filesize
120KB

Download
memory/3324-223-0x0000000005490000-0x00000000054F6000-memory.dmp

Filesize
408KB

Download
memory/3324-222-0x00000000053B0000-0x0000000005416000-memory.dmp

Filesize
408KB

Download
memory/3324-221-0x0000000004BD0000-0x0000000004BF2000-memory.dmp

Filesize
136KB

Download
memory/3324-220-0x0000000004CD0000-0x00000000052F8000-memory.dmp

Filesize
6.2MB

Download
memory/3324-219-0x00000000025C0000-0x00000000025D0000-memory.dmp

Filesize
64KB

Download
memory/3324-218-0x00000000024A0000-0x00000000024D6000-memory.dmp

Filesize
216KB

Download
memory/3324-217-0x00000000025C0000-0x00000000025D0000-memory.dmp

Filesize
64KB

Download
memory/3324-216-0x0000000074B50000-0x0000000075300000-memory.dmp

Filesize
7.7MB

Download
memory/3324-235-0x0000000005AD0000-0x0000000005B1C000-memory.dmp

Filesize
304KB

Download
memory/3324-236-0x00000000025C0000-0x00000000025D0000-memory.dmp

Filesize
64KB

Download
memory/3324-242-0x00000000070D0000-0x000000000774A000-memory.dmp

Filesize
6.5MB

Download
memory/3324-243-0x0000000005F80000-0x0000000005F9A000-memory.dmp

Filesize
104KB

Download
memory/3324-301-0x0000000074B50000-0x0000000075300000-memory.dmp

Filesize
7.7MB

Download
memory/3324-233-0x0000000005500000-0x0000000005854000-memory.dmp

Filesize
3.3MB

Download