cryptolocker | hxxps://goo[.]su/m0jG1oI

Analysis

max time kernel
224s
max time network
225s
platform
windows11-21h2_x64
resource
win11-20231215-en
resource tags

arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system
submitted
08-02-2024 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://goo.su/m0jG1oI

Score

10^/10

cryptolocker persistence ransomware

Malware Config

Signatures

CryptoLocker
Ransomware family with multiple variants.
ransomware cryptolocker
Downloads MZ/PE file

Executes dropped EXE 6 IoCs

Processes:

CryptoLocker.exe{34184A33-0407-212E-3320-09040709E2C2}.exe{34184A33-0407-212E-3320-09040709E2C2}.exeCryptoLocker.exeCryptoLocker.exeCryptoLocker.exe

pid	process
1012	CryptoLocker.exe
1624	{34184A33-0407-212E-3320-09040709E2C2}.exe
2988	{34184A33-0407-212E-3320-09040709E2C2}.exe
832	CryptoLocker.exe
1440	CryptoLocker.exe
992	CryptoLocker.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

Processes:

{34184A33-0407-212E-3320-09040709E2C2}.exe

description	ioc	process
Set value (str)	\REGISTRY\USER\S-1-5-21-1725696949-2443092314-1471438111-1000\Software\Microsoft\Windows\CurrentVersion\Run\CryptoLocker = "C:\\Users\\Admin\\AppData\\Roaming\\{34184A33-0407-212E-3320-09040709E2C2}.exe"	{34184A33-0407-212E-3320-09040709E2C2}.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service
T1102

Processes:

flow ioc

58 raw.githubusercontent.com
73 raw.githubusercontent.com
2 raw.githubusercontent.com
13 raw.githubusercontent.com

flow	ioc
58	raw.githubusercontent.com
73	raw.githubusercontent.com
2	raw.githubusercontent.com
13	raw.githubusercontent.com

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1725696949-2443092314-1471438111-1000\{63754572-43EF-4ED3-8609-F06AA9622CD1}	msedge.exe

NTFS ADS 3 IoCs

Processes:

msedge.exeCryptoLocker.exemsedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 972392.crdownload:SmartScreen	msedge.exe
File created	C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe\:SmartScreen:$DATA	CryptoLocker.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 576783.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 28 IoCs

Processes:

msedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3608	msedge.exe
3608	msedge.exe
3180	msedge.exe
3180	msedge.exe
3896	msedge.exe
3896	msedge.exe
2044	identity_helper.exe
2044	identity_helper.exe
1544	msedge.exe
1544	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
2812	msedge.exe
244	msedge.exe
244	msedge.exe
4980	msedge.exe
4980	msedge.exe
3224	msedge.exe
3224	msedge.exe
2372	msedge.exe
2372	msedge.exe
3724	msedge.exe
3724	msedge.exe
3852	identity_helper.exe
3852	identity_helper.exe
2300	msedge.exe
2300	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 21 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exe

pid	process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe

Suspicious use of SendNotifyMessage 26 IoCs

Processes:

msedge.exemsedge.exe

pid	process
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
3180	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe
2372	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3180 wrote to memory of 4136	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4136	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 4000	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3608	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3608	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe
PID 3180 wrote to memory of 3596	3180	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://goo.su/m0jG1oI
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3180

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa418b3cb8,0x7ffa418b3cc8,0x7ffa418b3cd8
2⤵
PID:4136

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1908 /prefetch:2
2⤵
PID:4000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2380 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3608

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2588 /prefetch:8
2⤵
PID:3596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
2⤵
PID:460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:3892

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
2⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5732 /prefetch:1
2⤵
PID:1000

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5536 /prefetch:1
2⤵
PID:3184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4756 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5520 /prefetch:1
2⤵
PID:4068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
2⤵
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5876 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5444 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=2348 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
2⤵
PID:3476

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6384 /prefetch:1
2⤵
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5296 /prefetch:8
2⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:244

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3452 /prefetch:8
2⤵
PID:4700

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3380 /prefetch:1
2⤵
PID:4588

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6504 /prefetch:1
2⤵
PID:1544

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6772 /prefetch:1
2⤵
PID:636

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4048 /prefetch:1
2⤵
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7140 /prefetch:8
2⤵
PID:1424

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1896,269401209330889899,8675215827909317762,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7132 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4980

C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
2⤵
- Executes dropped EXE
- NTFS ADS
PID:1012

C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" "/rC:\Users\Admin\Downloads\CryptoLocker.exe"
3⤵
- Executes dropped EXE
- Adds Run key to start application
PID:1624

C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe
"C:\Users\Admin\AppData\Roaming\{34184A33-0407-212E-3320-09040709E2C2}.exe" /w00000234
4⤵
- Executes dropped EXE
PID:2988

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2744

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2012

C:\Users\Admin\Downloads\GitHub Downloader\Client Install Setup.exe
"C:\Users\Admin\Downloads\GitHub Downloader\Client Install Setup.exe"
1⤵
PID:4040

C:\Users\Admin\Downloads\GitHub Downloader\jre\bin\javaw.exe
"C:\Users\Admin\Downloads\GitHub Downloader\jre\bin\javaw.exe" -Dfile.encoding=UTF-8 -classpath "lib\.;lib\..;lib\activation.jar;lib\antlr4-runtime.jar;lib\asm-all.jar;lib\commons-email.jar;lib\connector-api.jar;lib\dn-compiled-module.jar;lib\dn-php-sdk.jar;lib\dyn4j.jar;lib\gson.jar;lib\HikariCP-java6.jar;lib\javassist-GA.jar;lib\jaybird-jdk18.jar;lib\jfoenix.jar;lib\jkeymaster.jar;lib\jna.jar;lib\jphp-app-framework.jar;lib\jphp-core.jar;lib\jphp-desktop-ext.jar;lib\jphp-desktop-hotkey-ext.jar;lib\jphp-game-ext.jar;lib\jphp-gui-ext.jar;lib\jphp-gui-jfoenix-ext.jar;lib\jphp-json-ext.jar;lib\jphp-jsoup-ext.jar;lib\jphp-mail-ext.jar;lib\jphp-runtime.jar;lib\jphp-sql-ext.jar;lib\jphp-systemtray-ext.jar;lib\jphp-xml-ext.jar;lib\jphp-zend-ext.jar;lib\jphp-zip-ext.jar;lib\jsoup.jar;lib\mail.jar;lib\mysql-connector-java.jar;lib\postgresql.jre7.jar;lib\slf4j-api.jar;lib\slf4j-simple.jar;lib\sqlite-jdbc.jar;lib\zt-zip.jar" org.develnext.jphp.ext.javafx.FXLauncher
2⤵
PID:4488

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of SendNotifyMessage
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffa418b3cb8,0x7ffa418b3cc8,0x7ffa418b3cd8
2⤵
PID:4460

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1916 /prefetch:2
2⤵
PID:2440

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2672 /prefetch:8
2⤵
PID:4960

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:1
2⤵
PID:4984

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3272 /prefetch:1
2⤵
PID:540

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2296 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3224

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4896 /prefetch:1
2⤵
PID:772

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
2⤵
PID:2112

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4536 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5132 /prefetch:1
2⤵
PID:2096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=3420 /prefetch:8
2⤵
PID:4120

C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5400 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:3852

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3756 /prefetch:1
2⤵
PID:3008

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4972 /prefetch:1
2⤵
PID:3208

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
2⤵
PID:736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1904,17961698227796083173,15752665077547819440,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5060 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:2300

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4048

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4888

C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
1⤵
- Executes dropped EXE
PID:832

C:\Users\Admin\Downloads\CryptoLocker.exe
"C:\Users\Admin\Downloads\CryptoLocker.exe"
1⤵
- Executes dropped EXE
PID:1440

C:\Users\Admin\Desktop\CryptoLocker.exe
"C:\Users\Admin\Desktop\CryptoLocker.exe"
1⤵
- Executes dropped EXE
PID:992

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
d943a8cf4efd126466512b0952309e2a

SHA1
6a2398d0f51bd03726846cf3e63cf057c9089fb4

SHA256
193acec13684c624ad94981200e722c9acaeb9e7b9df41fcd20de8a3169c2302

SHA512
604e55c870302f893ba79432a41da9ba923001ecc7ce764d8372207cc6bcc7a5f7f44f61c14e21415f292d6746a1abe678df3f496b7231b52e571221b8fd1322

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
b4fdf856ad645051b03c47e65b703dda

SHA1
963ee4416ce89419111ce530378ce3c335fd5479

SHA256
ad9a1311e0f0064fc21ed97a6b300dd24763bdfc962ed9a195aabbb744aae553

SHA512
78de04b25f1cbfb81889b390620233ecaee61358d666f43e0642fe613c3eb3b99d583f5488ce41c0f33b441604f31f3a4a4e7dc3fa10d0709fc1035548453f82

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
f20b83dbc8d72223c66854c40464d1a1

SHA1
b047f0e675b1523e9e7b51cee5beab514d32e0a5

SHA256
2db48b0b179241a867824c8148d8a721c0f54e82f74f5a81c49a97cf32e87744

SHA512
14b9675eed52f42d0425c88ff038d89727e1b4e680a6ebdab186d12f1ecb08042767f43dab01253a8aeb95bd4283fba072f9a51ee410febec3016f98c3db84de

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\73fb9062-2790-4472-adf3-a1b3f30d5274.tmp
Filesize
5KB

MD5
6b25981eb9aa4c3090f84ea74e2c14e0

SHA1
e0cd3691226a649555cb2f2f9438f5c84d141631

SHA256
cb55c04152f19bbe4bc9ebf2cdfcf6cb75dbc483861defef8f43f2ccca4ce2d1

SHA512
43fc00490ee75caacb80700138960df9dc7af8ad15bb1cf4358f60c61fdb634b9b5401e338bfcf25d3b0ffc6ed63e8f0d2bc96201e5b033eb8919832c1eabf50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0
Filesize
44KB

MD5
343d49808943303a00b31b1355f6624c

SHA1
8fbc5f83fe286cc4b083d74ec69c366df616e2a2

SHA256
9b7d3e8c8ebb9d92ec1707e9f85d7549556cfe6d65d557ec08fce0ffad5acdc5

SHA512
c8c850164e0ed5b4b50aa91f4d0d9dabf7649c9e7fbce3439db234f1029338d8e02167f26126dc884360439b69a2d0e2683767fb00711a53dcf5ec1c3bf51916

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1
Filesize
264KB

MD5
b99d4f437956641856339ce408942662

SHA1
d7ef7521ddec9d4745ea0b88c25222a303f90907

SHA256
2f13e77095b4adc372102618ebae2fa2b251cc4570e6beb18cddcba4977efbbd

SHA512
65b9af6a155d4006b39039e4066cb295787e70b2150e52850c8323b23ce3286a1f403f9faca9363464a2c09283d2e6dedcec7ec4da40a810e249cd9590f103a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2
Filesize
1.0MB

MD5
d7003c73666de21937f4a15fb5f1b7fe

SHA1
79916dae52d10df999f06e2e53806cb6f0ae3fa3

SHA256
23cbfe52ecdb71a245f932849de8435c47b9fc8645a72b38f85cd147f5c28ee8

SHA512
528614b905a52678e52f04e239c45ef6d54b6f1b8b3c728047462abcb56cdf29b4368df97b58aec313b10253f279f4df6ab1858cca1d6f8f24a40c51d2ec80e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3
Filesize
4.0MB

MD5
e72ac0a2b765069a81ba15f228afb896

SHA1
3f7da3537be0512a66fc96363a2865da93634a34

SHA256
177ae085700cc96cc00410bd28efeb851402a44336f55a9520f7fc23ff788640

SHA512
0d3a760ee0d62fcab6abeb8344748a526669483142f034dfb45ffc4e30b0f1b35190a0c39c5f76136cd1ba344d0278789e5d306fa469c0266f72d8672a3d4fd8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
8f5e89f3242909c8a52983110507c997

SHA1
758fcbdf7927467367a18e57a958162542b04584

SHA256
551e5b121217ecafe71da1c95d84e51fb9d05f94ca86140c80bc73fd232a1ba1

SHA512
63a17c9390b2cdcd4d3bfc1b0adc4080b3c21225d5299a43e68ebdec55e06848a5fa7631daf7bfa0789341259991b9dc7810143d0b2556c13789f0f9641a2c62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
3KB

MD5
5819dc81b60c35c9320153884cded7be

SHA1
722973d6870cfbb98a9c73465bbf298a0de89ff6

SHA256
e7f93956c1d58d939083d920845af5cd7dfec3da39fe0a4f1e0dd1920d618eb9

SHA512
fd88307fcde2d0d81bd9a8d642836b3aa4a966227ac96b1fe061ebe23365bdde8844a2677f734412ecc5de558b4f9b31b5c0be53cfd3baeb7315ce41d5a9b85f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies
Filesize
28KB

MD5
a415c46a1db745a0f9f1720e243f3e6f

SHA1
c26487490ef7786ab0f62d18253f06ade4068782

SHA256
075e891464475b46fa51fd8f6e7c1feb6235da4cf807b715e1ef117da3a573af

SHA512
6d73a89383016d0be6184754f0ea06d5e0209ffff7ebf4eaf53694f8a904d714112088858fca375c2792d56ad822c10b1f696f5f24468e9c9cd9052c1e32a3ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons
Filesize
28KB

MD5
26ee27150d2a7faaf6ac75a01fc09ef8

SHA1
2b8be0fced8d858bf0ee31c58e4d0032a7e956ab

SHA256
c1a2b101755acdf47b7eb7bcd6293d31816978af74a0e0fa83dd8ef44d7176f4

SHA512
8c1491cbb4d3f5f01f7b4d220d5612bd4cb2bbe5f8b42cd29b44d101747dfb716eb557971f0474a23ec627aff6c558ea6cf613b8a0a9e4c895afe4c0956e3c21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
d2d7aecb2a03d3dfb8f6372bc0230acd

SHA1
1211ae30555bfec3e0e4b1ed5d1cd2f5ec6b0787

SHA256
aa3b3130611f46e8be70a41a9fb2b20d1d22985e7c2ac781fd35918e95bd6172

SHA512
12d1eae078c416d9548d4500c0c64895f1501244b95168dc3def6a004b8b7eaf0ef7b34b1b36da5f862b34bdae4f0415d572a3e89da91a77990c6c02b2cdfadf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1
Filesize
264KB

MD5
eba4762ebbe28fcca397259565a8163f

SHA1
6c8b1ec4a8f2c1eaa3b0d4440187be813f3b63e5

SHA256
9396beda8eb055fa2f02a37ca6f555462025e1bfba65e8ead56cf8d4f9829e72

SHA512
5fc60297b04f906c620723319e658ac612ad3f9c93fbab6df8b28303743bb5eb8812c21a25e44c2729acd836d79d3a057272201563bde3333c6780a07d0c72f3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History
Filesize
116KB

MD5
b87f5f69c8d24d1c09549a637bac90a6

SHA1
a48f5b0b1c565f7351457c56a1682ba3a5c3392a

SHA256
3cfe6d0646522e0caebc2cce05ad89a5a5d2268095ae039be16b1a9e7090fb4b

SHA512
72ca2bb6637f01cfa2fcc35b6e269b3e13d79db436aedf1332c658cd976176eeeb356fa598636ae5c2420c31e7a41b0b22f5666c44e4aeee6dba81dd8cfb9101

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache
Filesize
4KB

MD5
d6d89c1571b10184b887447175258dc0

SHA1
d3c689d1837653649a82184d40fe587f1f40ec8f

SHA256
4f67695efb64c03c5faad241508e7ab4380fc5404771ee2c3e3fedcc02467227

SHA512
1e36e4ffe50c21a09a1fb219b1d5844dee18b6583e95f79d8f7a3af88c05dd82bc87b5ac4fb703479f33b0b7eb59477a2319aa88db945686e812d0eee1282a6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log
Filesize
14KB

MD5
d14b06fe3e87913a585caf4221145b4a

SHA1
44b3d6797bf4b9ba1d19a468dbbac709742d1af9

SHA256
d3f0a02efaefa9fdcf338357e9d71a43ab7ec2f384c9963e5463a81ca3b34aa1

SHA512
bc966d09ff2042c214c9517202a33a2c1182faced01f1ec8dee186413e22c6f287bd7cccdf701ba373612ec65380c0584393f7fc4d08a7f330edf4f03dd547ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG
Filesize
331B

MD5
729b33b2356124312ea4d4b3a5d7830a

SHA1
2a92f008ad7ad3be997ccc20f08b454a9cff5c76

SHA256
fbe894273837c12c165e53938b0a6c68a00bd4df20f4c6fc537c3c47d2d2dec9

SHA512
95ba957c6fd8c0b6f88397b7c6540425d874594fbc7548e1737b973d44e677c558a7c2c3881e0ad0ecb096177dbda4d0ea0c5d95c2e855ac5123ef0c094473bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
65f18625533f39387a0f9f998d4913f1

SHA1
0f5c9613816307b40e6d0a166469bd678df2fed8

SHA256
d62a74589e8ab0d8a445dc0d5e539be48743df0853dbdd2edff60fb3f8e46adb

SHA512
6ab9ad33f4d56d22e163c01f6fea9848894e1a66687fa6f59a57aff3422ea0895c7e19a6b0283cc19e3058a1e53615e4ec5baefe58f5642f140c1cf4a083afe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
1KB

MD5
840906586befacf5876efd9f51cd264f

SHA1
cbe02619d7ec499ac1cb6aaf23c9c991bc6a02b4

SHA256
7c93144dc1a78edb2109e6414c9e3e2ea6c81e833e812929578f183acc5acd2f

SHA512
4bfa7a407ea1e40628d25efb50db23c205c6c47d4d2691df4a9373934b47f224cb5e69e8f9f7a404b8019e6cbcf88878a2b7c07481524d28148b76f6fa5e5a93

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
249B

MD5
d5d5de29443bc59f1c76b63739b6b626

SHA1
e0bcc68b91f3ce64ea0142e4547272a8a04dde64

SHA256
ea8b0350a0ec5dddfbbd54b0cbb9e9210b7992017a31544f4aa291bcbe16b4fd

SHA512
7d29fade29b68edad93e9ea6d56dbbcfe6fdafaac0e823a9cd864d705556f1573c05e5dd6b4c055610b2193929514ec5dde84e42433e7f529cfe9276d28a9983

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
b2d0ad72ebc4bf2e79fbc19350909822

SHA1
7ef6aabdaa2fd637cf66e2173b19889fa1fdc6f1

SHA256
ea3d4dcba59a89c883f33d46bbed5860a8ffae436773ad04213ca8e8caab202c

SHA512
0edbab18e858e1f631d8fcd54def7fa951e6d87561930e46f32291b9679d1038f795448e1a233296775872a8076c8f0caef1c124c8e29b7c0dd8a1ebfcf91b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
983917517eb5b96c4573a982f5482d0e

SHA1
2ab9d705548cec1b4d340ad0847f6f76a92dd0a0

SHA256
b767bebe67f63e14e3432d2adc129acb77971a4271af820ae520ec0de1eaa641

SHA512
1f65efa80a84f61bf32e77aba311db1cc565ce4835eb6c2c27511a9c95edc94a3fc98cb2fc1bcb47ebfae8a0d541434096c428a9c5b1b844c282f14e17773abd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
ced28ca6ad41ced46197c42ad25f7db6

SHA1
9e025d895b825db69ed3a690300f30ed92cc5348

SHA256
24bb3ca3447a1cbe8b8ad3c31cd1e7df436b6fbeaf9077ece4300cff98475c47

SHA512
e0ac220305610e524101c1f3b64fcba42160d94b2585b8e562361d1e92444c413bb6117153e9a40c04d9b43ee2012572b9c3f3a34c894df7a4fd2b79f78ab717

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
e08ae7e8f3d604c7983e79b739167d18

SHA1
aefe2b54b7e9969ea60cedeb89a1941d282857e0

SHA256
05653c52594e946bfc13ea52b2612852d386798cfcc9821d2e8f8dec55bfe0c5

SHA512
4606a89419bf702c98bc356786e66b25b02e7523d8f2e5f469e4c50192df84c506e9fe5ce67583b6558a8c946438411f45ac53c74b8261c98ed5346599264aa7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
1d313e5c53b8bce3d936540c3f01268d

SHA1
7abed66f68d373417cc93a20a0fdf7d74ce29f0b

SHA256
4fd0e383edb3e7503ddfbbdf5c9f567d07b867601330700ab4377ea614a62ebd

SHA512
96e65cc0f8c5f25a99b08ec3784d1a39256475835aefd9191ffe5def2cc676c94cf3f9251a425962312fbb316bced938b772969d95b4729bb9a2e2a29a3286f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
e3e4d9fa75b208e83003b1cfe858d34b

SHA1
e81ccb0c258b94927ff1a891fd2c9b748009ca1f

SHA256
568b6605eb2f1646957d5ee5852b175b81880158c279512e2bb22cd636005ccb

SHA512
56939c7a47bb2ebd72907872e2812c1696b62c99aaddf84b52f7284b35144babc7feaa0e2f6bc37282b87b103888ee048b4d018948062e45e66d0c00e5c459ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
7KB

MD5
246e1d65b71183879d2fa1883ae7b57c

SHA1
de8bbfc10500e11a7f9fc096a0b9f18492cdad9e

SHA256
2220a23335f3f811214bb5a0f71e42b088376fb4d6bcb21e642a14ab92025b29

SHA512
6abb1f6d06f3e38c3af17ae19c476eb61d770fd691c75527db2222f8ddccd816719cdb6b84c6ba0b90ff5e70db515ec35e74bab7a952a3c62b0b928b11426540

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
a0d78a4ba037aeab8760ea0c9efc3f3c

SHA1
1ff554d6523be97cd664355916c52c29934c3479

SHA256
f01d794cf23c1d0f4ad148acd02c7f917d8416e87968bb135c00a7524e37b777

SHA512
3590c298ace48b10663edc42b82bf972b3e6131aed6626ac03ef69406bf3db9729024b1904a14b4ed6e6a1366f82d49b46eeaf32d1a0755300d962b204b09c91

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
6KB

MD5
38c93553e8cc2b51a7452a6455bd35f2

SHA1
d1caa39c96b2b4f9e02d03686307e9912b4732f6

SHA256
16538254b5fb5bf7455d53d111d8958259eb09d84e63163374b439b48ce83455

SHA512
a69afca8fbea4a4876ce0eb779a61413f57913e865a09efc5a3202e5608f2d9afb47a2026059f7ee6392c0752d735485186a9d082497f2c2b99778a05884f0a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
eb64711e18dedf22d185bc545ebf125b

SHA1
afc2457af531d181256676858cb0e57a3fb74390

SHA256
5c24e3702ed918a0fdc68f151671abe33cd53695c972b9e3bf9d6bf8e0f8a5f0

SHA512
7e88d8d3900f3e3715159d019d6f4ae7750cde16a0f584cef7a90630d19361e8fd020453fbf10ca7d6a55f7b86bb4ed1c1227d8998fc3f427513296cdc687590

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
96ef0380c97220c7a8bd1e84aa6a93a5

SHA1
4c568f3cecb9e5eb89538dd1fe6a5be7a6e4c97c

SHA256
653afbc13bfdf41960d635f702c4006da53e2379b3b05e5897543e2706400827

SHA512
8177f441bb32d965773f0448bf8b463783c66e18b6482187d656f959ff83f53cda4deaca768f0900221654f4211f6f26be7f652567b0b7b3b720dcd365bbac21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
25KB

MD5
bcde45463be8505c52806b0c6a664952

SHA1
ddd91d7a9db3de427bd9ee0ab66e560bc38cf345

SHA256
f183306ffe7f70438773eb611e26c5ba72f09f3db3ee562eb0f92aacc89147ce

SHA512
b28db2239b040de1ed66fe50b402cc06fbe8844358be71c0a348f63d1a2291da4c402baa3411f7433a2b151fcb11a92bcfb978c75bd9c5c62376a5b3c8275d25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log
Filesize
1KB

MD5
660fa341077728c7ad65357fb6d25b44

SHA1
1c7edb754341140d3f8ff292799b4bb947decd89

SHA256
a4b27e51b16e3754490e1a0c1a46b73dd361d24b1d760a2b317ae3b699ef2ec8

SHA512
28bfb2f9bb2b56d25d681e691004aa8faac2d956bdb1b6786b3eac0d845d36a63207fbee7b709776730dd037821dfa555be5e297175f8b1cb30a797c0ee3e843

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG
Filesize
319B

MD5
4d12e008e4b2561619f4d7c0db90123b

SHA1
30f87b1ef0969070cad24a706890e44e40c115a8

SHA256
d71895e86884e27afd16900918c301b70ed3beb879708b67836c171ecb1bf7c2

SHA512
bfb881c25e3d50f2860ca2661762fde7281c56bb78d36573a6f3c55ea9cf2e3d6a4938419a2206cab56d98351f75eed8b6905886d69b7a47b35a8648ffbfa76d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13351869579325782
Filesize
19KB

MD5
a79a8ab4482ba6d5d98dabffbdc653af

SHA1
2ca7ace2ad16c883dfd0bde46f85e3ab8c948d39

SHA256
a55baf1cabea5b09fd7e88f987d82669195c8a882a3569b4c2c0d6b055e70c5c

SHA512
c658be5ef82c231f4e428e116ba197d0cf7f50457c3149dbb5535d9a0dff21f638b4160366354f6634a82e9a602d1794328946d90148d823389543aa9717d489

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log
Filesize
184B

MD5
cfed3e5f5cfb9f6fe4f6f5d9aa15651f

SHA1
757b122773af76f39532f5aa434c69115023e670

SHA256
ea0addc5afc5d3df0e7f655078d5dddcd2372c4141bcd6c0ca5f337a1cbb3e54

SHA512
a5d47cf5fa47ba53d5e02d790f11db3bd498a6e3b73ace5649a45af90aa027babb6ed70f0f3dfbdbae786d052156a0c094e5ba00b0271d2f3a4e2534b5b16fda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG
Filesize
347B

MD5
49efe1c2b266eca0ea339ef47ab32fd4

SHA1
aa4dd245fb4ab94d2fca78dc1e4e2bf6b8a6db47

SHA256
f4b73e9649e36b7a416d570b5914bffc4b6e82e5fe58ba1ccd66d88018808572

SHA512
f5703fa9960ad853e240191b29ed9366996c5068df2f23aa4973500f870424d9a29c8ff53bb78844cf47af6940bada0ed4e78c8e8748b68595714d371d0c90cf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG
Filesize
323B

MD5
5625c6739de513ee9617ff767e2a8c04

SHA1
63db99e61ccd62b9a6f1c56d168d488b6046c543

SHA256
56cf22cae0575f21d5fc4f70f837d5f057c1938f94a892a4787fdbc7b1f02678

SHA512
c8cc23c371bb576e040937b8ddb5f77e5a71b262518004c461076f7e7f6bbd2c3c92c29d2c54a0fe5cf31d22cf248607b0206c9fd6b9b75ebae4288a07b90df9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6298b5c6ccb52d9f46009085ed93b823

SHA1
57b9495bf65dea400fa4d057bbc6f586c939b2ca

SHA256
ee8d1d417660fb491a3d8c639926bd187d86ca3731537eaaf8a6337726e02458

SHA512
19886e0e789f30b65c67a2e9ccfcee37af7ba4b3c03b96d576101060fea9fbba8bd920b38515677babfc5288670d7b659dc6c99dd662c652abe31d830a747b1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6f27bfb0284599373f525cddbcdf9c1d

SHA1
7d610daa3b5639bbc97846b1af7bd75f7cb7d935

SHA256
5e0e75f86316ab65d70d73389903a55d4559bfa02998e167788e196aa960fc3a

SHA512
1aed1a11937edbd44ee9a8b804536ddba34edc5df3b7f60725650cca09da24f98cb387f077d733eab265a8fc71d7daa245c73e1af5c88f42469c14c45eda521e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
9d488e61fd1dd2fa8964c6328fffd80b

SHA1
408a4762eb8ed8c46427b10ff2db1fdaa343c91f

SHA256
27eb2445efc3300ac398b64eff2dd94279d431dfbe5a4ec2c9d887d51816947f

SHA512
4d5e0e78cf3f7271609eee7b0a9426cb72de1c09e8998a8ff7b1e39035759833c0e48d4cc59e488b0a49eebdd82578d7a26b2eefa1be20ea73d5fb8652aecce7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity
Filesize
1KB

MD5
6708ab263c9649ae43bc8eb0f69ae67f

SHA1
1e8a9007bac27b21ede89cb85e9806d08ad84068

SHA256
46bdc1463d4160bf58eb270f67335dfff21d74d4239cff8e50e15f5e44f635e3

SHA512
0755cc4aeea1fcbdd7a1d3dc84f4c99fca2b4b9d9653a25a6393d180957337d4a6c714f51932b8423efa49ea8d8c7d57798302dd994db86e70d6987283c54817

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe595d59.TMP
Filesize
37B

MD5
661760f65468e15dd28c1fd21fb55e6d

SHA1
207638003735c9b113b1f47bb043cdcdbf4b0b5f

SHA256
0a5f22651f8fe6179e924a10a444b7c394c56e1ed6015d3fc336198252984c0e

SHA512
6454c5f69a2d7d7f0df4f066f539561c365bb6b14c466f282a99bf1116b72d757bef0bf03a0e0c68a7538a02a993fc070c52133ca2162c8496017053194f441c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links
Filesize
128KB

MD5
e8353ce8da5eb541e30720e726c69503

SHA1
99010e5342c71a5ecd990c385a3c85b27dfd55a4

SHA256
3e649a7b012e5effeabde0e792af572b86cc0cae152634e451dc60b4a6be1e44

SHA512
9956dda5bf052e23a5daff303c3e64d9b7f583eeb718d5c3cbd712d3b1e3ce6ccac734ebb5c7941007bb806765d79ea58f95092f63dd8b4374b98bfd8932e52f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data
Filesize
112KB

MD5
76d8bff9acfe7565c7352735ab3680f9

SHA1
e8779291754264256449d3d1fb780cd4bcfcc772

SHA256
61deb7dfefc7b9eb988b98c857d91ee9e0a82ea387557c600f5e612a681463b1

SHA512
14b60e6c22d2d1d657aa729c9bdb430cd5a226df3058b7246a4dacb5aeec40359b2fc041db87a32744c95a7634307763f59e874b24a7123e995e85d1f6d82900

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db
Filesize
72KB

MD5
28d25818707a421fdf905317a6302b27

SHA1
55bf60d91f93ad39ef4393e661d823acfba8cda8

SHA256
499269119b7e63419cafa5ecbd455e61d70a1c1d844bce4e94055f8a515084e1

SHA512
749be299f9206ca498ec65e66ca01af307f5d0a6beb5279ab213bd821640ed51bf6a9e8c57cac8d2e71d19abc2ec18c1e15b3e890d1655c3e51377e4a61b8de5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log
Filesize
90KB

MD5
6c31af6904c957683e78be875af147b6

SHA1
ece77da4d81eb645f43cfb449beed7b8872a095f

SHA256
88b9a62190cb976e0100193ebb92880a6875a8099cf7a0e6042c63b2eff27ea2

SHA512
2832afeb65e24a6fb2161b0229dc1929890c65ec51687167c4eb8b34964cba05897b0dc585937f298ecbee53a562c8e216f2caa14542591317c6c1abcb273a39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG
Filesize
319B

MD5
37d981c45fb272f01694230208d38b95

SHA1
a13ebc19a6a2782c668c01cb2cfe8d6236db8af4

SHA256
830503f2099156df5daeab6d083aa0900c0cbf543010d2ca0b79ee437c449b01

SHA512
a158ea5b411d335f85d86593fa24ab6ba0370b17d2cab3af8613e8cabce1d83c62de560f0e87cae6a16ceaf84c8e80584fceadb4a1d00d199432d97335e48ad1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log
Filesize
318B

MD5
53809c5b10bc3702ddfcdb479402c551

SHA1
0a8435aa6b64218b3e57feb7a70ae2cd523af8fd

SHA256
95b37fc311a59780baf9846248e8ca70cc706fbc2c794be945f3895f1aabf2b8

SHA512
302a1fdff3371a2e2d77a0e9b524f2fd42356e83d6559c63ae40e9510eb693a6ac345639876e372943af28f04f2d644f84c64145611df360cfec6588f5d7942f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG
Filesize
337B

MD5
72ca920e2e2109305dbb4e7b243f8314

SHA1
191f5e6bc089018a484c32ae123eca1c401f87c6

SHA256
1d1b4bda1839c75e741a19174f36a5074ede36982a974f5a89b5f18f0aed7452

SHA512
c9fbf9d5628960c73ea9bf810456b53475c45b7d58a5c3bc5d01e4c58f43499b01a9929483643accdceafa15870abda92d06ca688f57981d3eafca56588a4042

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version
Filesize
11B

MD5
b29bcf9cd0e55f93000b4bb265a9810b

SHA1
e662b8c98bd5eced29495dbe2a8f1930e3f714b8

SHA256
f53ab2877a33ef4dbde62f23f0cbfb572924a80a3921f47fc080d680107064b4

SHA512
e15f515e4177d38d6bb83a939a0a8f901ce64dffe45e635063161497d527fbddaf2b1261195fde90b72b4c3e64ac0a0500003faceffcc749471733c9e83eb011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
55040cc021cf8e664405c9e6a9d254f3

SHA1
5e9c47aac3bb0621e6afbaa8de83b4949545f9a0

SHA256
e8132e517967c0aa2dc586edc36e6a3385c7e681a4b0540d82ea39143378809a

SHA512
abdae3a12fb32172c8d548a64ed5d6adfa7f3ffead0454f74ecb28260e1d74614a79512b9aa4fa8b8c7145e09aab3af0a10dac88d8d021ed539901fcc03fbcf8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
3af873ef75451ca1c9d3f31956a65e03

SHA1
b88572ff6e256b4495cf944ad84c652cdb20ea99

SHA256
99d3269b11a70415faa378f2d8cb36f691012db2a423ecf7055f54b32e1d88d5

SHA512
b4a4ab3bd7533f835fb8ff0e1dd6dc976bf45133260b9070b2024720c053c389af2b8873a8c3b6fea89e6db707c1e7230be798c487bf8c8f1d1fe9cbc2c11f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
4dbece8d8285614bf7b9ad8a9826010b

SHA1
4c44b4a5885210c65fd7534fdbde6b10d0e35609

SHA256
4a6b9bdee5fd2af53554435e107332f36cba94e29986833fb6ed8c0376c7aa2d

SHA512
ea6aba81b762aa9158be7b45745ea252b5dea7889118e56b32f134495d37fe6ed8251eff07db182d8a1492337e5dd958a327979c1a95f156bd2f49e83608d56f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fc81e4fbcca25031daf74dcf73e489de

SHA1
1af0322c1d769f96673bd2d7f94fd57500322cd1

SHA256
a7f17eea846f96a0c17bb2f0bc16a331905c2aa015531bf42e8527429619af22

SHA512
fb1863123dd532d0145d1d1f67c5b36ce9a1f4a8aac381896330e69bce13d3343d11ba39eb6270f72b298eb8f94ab662ceb1e276f5c4ab57b133ef6e086bbfaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
10KB

MD5
7492c8dfe61291638861b92b6a47bd17

SHA1
1a10bcede9b0f4830a6f89fa7f25e63f2247e344

SHA256
2bc42593335dd68e82a047b08eeb0e60ab2838292a1915edf49d311edb2c4995

SHA512
171f38e06175aaba64a7ef3e3cab5ecf0081e1aede84030386aa5564f7e41b8ed946005cf66ca102bda53353cf6ff9d91ef106c782375fd33d865ad3145b2802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
11KB

MD5
fd1ced3900b0fa62806a9a7096ac1e89

SHA1
d60ad7a9a6f06be01177003670b42c215cf5b9f8

SHA256
8a632daafe58798c37b114ff1c85c228edb66d357c52eb8a55d998bd469fe1d4

SHA512
e6a0dbe5d22b2e5e6c89bbaf29afce41188afc3a59e3d0b3d9d8076fd7d84d7e752d30a7364a9f80b9c5720db83af1d4854090c96e6feaced8602ed09c1c79f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1
Filesize
264KB

MD5
4cd7233eb1c89f17e5510fd399d6094d

SHA1
85615d94c4c03d5745f91ca62bd7a537929e4350

SHA256
59045f75a9b2cacdb6eba17d764507a475d61c4f64fcd9d84ed9fce0c6f94fbb

SHA512
321ca3cf3a154282503dee3662f9c55061238f6a4e0289aa524a64595698d358ffdb83c84cb88066175f6f81150315014fc1c350662e6b8876a8965e0e011318

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 972392.crdownload
Filesize
338KB

MD5
04fb36199787f2e3e2135611a38321eb

SHA1
65559245709fe98052eb284577f1fd61c01ad20d

SHA256
d765e722e295969c0a5c2d90f549db8b89ab617900bf4698db41c7cdad993bb9

SHA512
533d6603f6e2a77bd1b2c6591a135c4717753d53317c1be06e43774e896d9543bcd0ea6904a0688aa84b2d8424641d68994b1e7dc4aa46d66c36feecb6145444

Download Submit
\??\pipe\LOCAL\crashpad_3180_MUQDGDCVWPMCIIXU
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/4040-171-0x0000000000400000-0x0000000000428000-memory.dmp

Filesize
160KB

Download
memory/4488-187-0x0000000002F30000-0x0000000004F30000-memory.dmp

Filesize
32.0MB

Download
memory/4488-210-0x0000000002F30000-0x0000000004F30000-memory.dmp

Filesize
32.0MB

Download
memory/4488-209-0x0000000002F68000-0x0000000002F70000-memory.dmp

Filesize
32KB

Download
memory/4488-212-0x0000000002FE8000-0x0000000002FF0000-memory.dmp

Filesize
32KB

Download
memory/4488-211-0x0000000002FD8000-0x0000000002FE0000-memory.dmp

Filesize
32KB

Download
memory/4488-213-0x0000000002FF0000-0x0000000002FF8000-memory.dmp

Filesize
32KB

Download
memory/4488-208-0x0000000002FD0000-0x0000000002FD8000-memory.dmp

Filesize
32KB

Download
memory/4488-214-0x0000000002F30000-0x0000000004F30000-memory.dmp

Filesize
32.0MB

Download
memory/4488-178-0x0000000002F30000-0x0000000004F30000-memory.dmp

Filesize
32.0MB

Download
memory/4488-205-0x0000000002D50000-0x0000000002D51000-memory.dmp

Filesize
4KB

Download
memory/4488-194-0x0000000002F30000-0x0000000004F30000-memory.dmp

Filesize
32.0MB

Download
memory/4488-203-0x0000000002F30000-0x0000000004F30000-memory.dmp

Filesize
32.0MB

Download
memory/4488-545-0x0000000002F30000-0x0000000004F30000-memory.dmp

Filesize
32.0MB

Download