Resubmissions
26-02-2024 16:09
240226-tmaalaaf7v 126-02-2024 16:09
240226-tl1fdsaf6x 126-02-2024 16:05
240226-tjq4yaae9t 126-02-2024 16:03
240226-thjcpsae6v 426-02-2024 16:02
240226-tg87qsab27 126-02-2024 16:02
240226-tg31qaae5w 126-02-2024 15:54
240226-tcnegaad4t 626-02-2024 15:51
240226-tay37ahh68 126-02-2024 15:51
240226-tal4maac7z 126-02-2024 15:50
240226-taaqlahh56 1Analysis
-
max time kernel
381s -
max time network
367s -
platform
windows10-2004_x64 -
resource
win10v2004-20240221-en -
resource tags
-
submitted
26-02-2024 15:37
General
-
Target
New Compressed (zipped) Folder.zip
-
Size
22B
-
MD5
76cdb2bad9582d23c1f6f4d868218d6c
-
SHA1
b04f3ee8f5e43fa3b162981b50bb72fe1acabb33
-
SHA256
8739c76e681f900923b900c9df0ef75cf421d39cabb54650c4b9ad19b6a76d85
-
SHA512
5e2f959f36b66df0580a94f384c5fc1ceeec4b2a3925f062d7b68f21758b86581ac2adcfdde73a171a28496e758ef1b23ca4951c05455cdae9357cc3b5a5825f
Malware Config
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___KVXYQG_.hta
cerber
Extracted
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___85G6_.txt
cerber
http://p27dokhpz2n7nvgr.onion/97D7-2F04-7044-0446-920E
http://p27dokhpz2n7nvgr.12hygy.top/97D7-2F04-7044-0446-920E
http://p27dokhpz2n7nvgr.14ewqv.top/97D7-2F04-7044-0446-920E
http://p27dokhpz2n7nvgr.14vvrc.top/97D7-2F04-7044-0446-920E
http://p27dokhpz2n7nvgr.129p1t.top/97D7-2F04-7044-0446-920E
http://p27dokhpz2n7nvgr.1apgrn.top/97D7-2F04-7044-0446-920E
Signatures
-
Cerber
Cerber is a widely used ransomware-as-a-service (RaaS), first seen in 2017.
-
Contacts a large (1118) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
-
Modifies Windows Firewall 2 TTPs 2 IoCs
-
Drops startup file 1 IoCs
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
-
Drops file in System32 directory 38 IoCs
-
Sets desktop wallpaper using registry 2 TTPs 1 IoCs
-
Drops file in Program Files directory 20 IoCs
-
Drops file in Windows directory 64 IoCs
-
Enumerates system info in registry 2 TTPs 9 IoCs
-
Kills process with taskkill 1 IoCs
-
Modifies registry class 4 IoCs
-
Opens file in notepad (likely ransom note) 1 IoCs
-
Runs ping.exe 1 TTPs 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 22 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 31 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 26 IoCs
-
Suspicious use of SetWindowsHookEx 9 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\Explorer.exeC:\Windows\Explorer.exe /idlist,,"C:\Users\Admin\AppData\Local\Temp\New Compressed (zipped) Folder.zip"1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffa494d46f8,0x7ffa494d4708,0x7ffa494d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2092 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2232 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2736 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3716 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3764 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3300 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5016 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4400 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5276 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3080 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3156 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5380 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5784 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5860 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5432 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5448 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5776 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2072,327496733996884174,7155485884212633175,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6400 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa494d46f8,0x7ffa494d4708,0x7ffa494d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2132 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3556 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3536 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2096,4674174362114562799,98033278628664484,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa494d46f8,0x7ffa494d4708,0x7ffa494d47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2268 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2944 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3344 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5048 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5020 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3524 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5708 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3220 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5620 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2164,2951956286445198608,5727055949320130726,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5808 /prefetch:12⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Windows\system32\OpenWith.exeC:\Windows\system32\OpenWith.exe -Embedding1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\cerber.exe"C:\Users\Admin\Desktop\cerber.exe"1⤵
- Drops startup file
- Drops file in System32 directory
- Sets desktop wallpaper using registry
- Drops file in Program Files directory
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\system32\netsh.exe advfirewall set allprofiles state on2⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\netsh.exeC:\Windows\system32\netsh.exe advfirewall reset2⤵
- Modifies Windows Firewall
-
C:\Windows\SysWOW64\mshta.exe"C:\Windows\SysWOW64\mshta.exe" "C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___SL4UFYK_.hta" {1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}{1E460BD7-F1C3-4B2E-88BF-4E770A288AF5}2⤵
-
C:\Windows\SysWOW64\NOTEPAD.EXE"C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\Desktop\_R_E_A_D___T_H_I_S___NHOJMHNF_.txt2⤵
- Opens file in notepad (likely ransom note)
-
C:\Windows\SysWOW64\cmd.exe"C:\Windows\system32\cmd.exe"2⤵
-
C:\Windows\SysWOW64\taskkill.exetaskkill /f /im "cerber.exe"3⤵
- Kills process with taskkill
- Suspicious use of AdjustPrivilegeToken
-
C:\Windows\SysWOW64\PING.EXEping -n 1 127.0.0.13⤵
- Runs ping.exe
-
C:\Windows\SysWOW64\werfault.exewerfault.exe /h /shared Global\4d19adf71a634f72a1293daccdbb5a58 /t 4544 /p 31761⤵
Network
MITRE ATT&CK Matrix ATT&CK v13
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53bde7b7b0c0c9c66bdd8e3f712bd71eb
SHA1266bd462e249f029df05311255a15c8f42719acc
SHA2562ccd4a1b56206faa8f6482ce7841636e7bb2192f4cf5258d47e209953a77a01a
SHA5125fab7a83d86d65e7c369848c5a7d375d9ad132246b57653242c7c7d960123a50257c9e8c4c9a8f22ee861fce357b018236ac877b96c03990a88de4ddb9822818
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD59cafa4c8eee7ab605ab279aafd19cc14
SHA1e362e5d37d1a79e7b4a8642b068934e4571a55f1
SHA256d0817f51aa2fb8c3cae18605dbfd6ec21a6ff3f953171e7ac064648ffdee1166
SHA512eefd65ffcfb98ac8c3738eb2b3f4933d5bc5b992a1d465b8424903c8f74382ec2c95074290ddbb1001204843bfef59a32b868808a6bee4bc41ee9571515bbac6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d829a75e48d99afb0040a2391dfbf7eb
SHA16739a4bb4932b0c8f5302e9c9c6512e0d65f13bf
SHA2560d03e8287092be3377d4135da02f84ab5016e7a4cbddc670f8e6ebc008b93712
SHA5123bd66452adebea5c5c3441418ec0c9acbd58e9a13b2777c051f8c576df6adc7224ef85aaac93cccc86b473b9fa78e2010da88cdafa2c7e919a7ffbcf954ba021
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD53624cfcb355c6c7888cfb022b59a03b3
SHA18269bb7265487ced0f15c3705188714640d1df3f
SHA25628abe3d6f18ebac6166dc8dc601f6672a609bbf3d857d4fb1d9e8f6564ae172d
SHA51270b3510103bbd50779bb464806d7e15e5d3044269edaa863313fa5ea5cc9dd5fcc3d3e000a4b5f2c4b3fde604c84a89b85a1a12ae17797ce3ab80a23f61fe802
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD51004b2ebce52fb0cbb07fbe5676d80fa
SHA13630670cd9a134b58a6e4cc920c0d7a5021ad1f8
SHA256283be1599176aa0682f928e9528d4c47578bb8f2d9d572501985bb1e114076fa
SHA512c85db792ecbe31f2318310e3f964c9c56e48758c6da8bccfe7f513c64d87070f4f4c886a0d45271acd1ce48d7780c62ef4d489c9210ddd08b061e3e0ef1c4e64
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\4aceca0a-89a8-4b08-9310-5d1ab5eeaf00.tmpFilesize
1B
MD55058f1af8388633f609cadb75a75dc9d
SHA13a52ce780950d4d969792a2559cd519d7ee8c727
SHA256cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8
SHA5120b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD54528534dfd4b5a838ec5d767e56a5e13
SHA121697319c5df79abae133e8fb063c8052e57a5e1
SHA25650156c1c429bc68d717b7bcd28746457559888e9c77bae5e323949c3c0e2c6bb
SHA512861b7e86c54b154dba169bd189795908dbc93f5b5ec2a092b0dfec86c079d125c05d24676bc855b9c813759a93eed2e75e506ca26e12d042d67ad66e824dc166
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0Filesize
44KB
MD5740042ca496b1ac22dcbcadf4b06dd7e
SHA13cddac932aea46a497e030aaa594d68cddc6cb38
SHA256403b3fb35f7b4878851e28ac013e844417ed138aa7e98db09b150dca43a5b401
SHA51299a968ec9afbb4813347d50d2d1ce8df1dcee283281cb8bc8ab9587f2b7b5305c2e87f22f455561fb4933b6f1f31c9d69e652d1e3b489e2af12f1780b2939555
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1Filesize
264KB
MD5b4873393d51355914b75b699a42b2e38
SHA1a3737fb87b8d2913f4a0a4ff1b15962ce69a9e08
SHA256e144a1e0557966d4f2efe943ff59ebc3e1a0d8efce59f980468f9a974f625f14
SHA512556cad3180ec212c0d7f7d092a84acc7751f464354e2000391b4b65369d43905490ed952af900f9bfae1ab52f137331d5aef1ce4196ea294a1d5ee4c524cea91
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2Filesize
1.0MB
MD523fb9f5e25311590358ec933599f0d0b
SHA1ae73c5ce61e9e4842f95f9e0e297683bc45c8a9f
SHA256328919b286f2488efc3499c5e8e2fb94a6dd66b5b62e46c914f8be53fef53e6c
SHA512113d8ddcbb1d894989904c4e069b430a595292d50c23d16ce049f4f14ea7fb964e81c64399d3c70829c2c1a1483640142d26b113b751e9722d2bfe65492d34fd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3Filesize
4.0MB
MD5bc7d8934ecb9f9fcaecc54013fe29150
SHA18b3b889f8f837fe50d1fa285d76cf9a979c10838
SHA25616b633c9836e2d38bbf670eb2f4998919e89224c7e637d4b151d8702fe60f781
SHA512bb2d716e586e20dd09809f3a8c0e544c62fee9365ced4f3edc10672a240c60e2abbe88dd389ae348551d7c0b3b23628e93ca508a38f8c666329ef0512407a127
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD57511c9120e86b0008eb12ec0f495563c
SHA1e70e927855cc56899040eb5ff8425e08489e5f17
SHA256ee65860ff447e0fa79b587f23e82342e14d7eca2eb4ad188ad207b709f407d17
SHA512694a3147b34686ec374c69a30da26067b6366e835307f4198e3ab870f782a76d59819884782fbae3ebd964f8abdc54fe1ba7b18de6ea43c1bd17c99a006cc2db
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-indexFilesize
3KB
MD5da8cca3b5569ef3c647cd750aa5b7759
SHA15c526ebd58fe948296168b1eb9bb85c1cc6e7b62
SHA256d8a7d81546ae38e026a3c0d455c194af31abd27b5da0a756ca48bf08604b3a2e
SHA512a2430c65c752044cd83ff546d19264f37f7bf37d79c49b71bd99ed7b2aecf3546d4b44eca3c233a2b25a4c66d1ce1a171601c788b45ddca1e84af4fe92613717
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\CookiesFilesize
28KB
MD50f1b6219d69f4c74105e596bdd505134
SHA116663ad85d19f6c1758e3b4b8088f84441d8b78e
SHA2568ccf8673ce03aa09766313d777073a12971935fe4e751b04fba66ba8bec1deed
SHA512d831ffc7458a71ba8cae845734a2c332c7160a14d0d80a3d1f591c029015ee7b8d3e2c3fd8d8a8f42e3f1664ea977adff22c60f1d16e4a029928135744bc25bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOGFilesize
319B
MD5fd7bdd9fa4a5da55dbfe1517e5818ac2
SHA12aa906a0f7eb5e018e15333bdea1cabae7957bbb
SHA2562898f9b1b87d92b8693cff259b22efeb8a7a819374a90913b4045e551aebe054
SHA5128b201895cd584b2a72e31786972b9501aec768da9b9ce7a4fcde017fd7f6ef560e7210a8b5607a2bfbffdd08a3b6de980cacdefe142231c88c25b8e166397b34
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\FaviconsFilesize
28KB
MD5ecf1822f914795ad1f309e250cf4af56
SHA1b9bea4fb904501bd441de8f3706521fb08e971c9
SHA2563f7fb343bbb14e6440af71c920f2741a375614c6d67fbdaa18ca64ec9a36fbd8
SHA512f5e74fb462eac9209ca6c41ec937e18f2bb69272289044b36b06a090b8eb5c039aa21838cd0eb3f93033deaa3c86625752d6b52928a27b4a4b27b87e7840d097
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD5b17c949b69eef4b7cfde18c85382f985
SHA18df7e9ce9d1094a6a4d35b7e4ce6317d52f006a2
SHA2560d3b2cb2dca568e5bef1475776f93485a2dd309bd9ce26e9c51f4284c060bc18
SHA5122d10e73164a0c7ad50c4cf389f7cfab797f6f2f2ccbb2428979d88d41f0cba1055002d0a5dfbaa8c4c77e916ffe6e35f521dbb31f2b2e2ed5fafec3c8580ff67
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1Filesize
264KB
MD582d599c0fa3992662417d0254fc264b7
SHA1f036c597fdec125dcb044def4f50e6226e5622f5
SHA256427a6417fe7997e3b844387296a6a098acd76199cf7c7d4933b00ba9151455f6
SHA5123cabd4ea0b68663177c098a1e5e3a329ac6e411fbfb78df106b50a3df2d3d5a8251aebd4872cfa1f39b37ac8db4ed7487e2ce8ed86ba760130630cce85976a75
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\HistoryFilesize
124KB
MD57eb70e01f6e738fb76f5bece4d864214
SHA16fa75e2dd71d93295910dcf85b89e955de0c8f83
SHA25699408afea75f51a5fa93633d235fc673e6eb9327c294ad98b84001e065473452
SHA512e6f066a2d00747d067337f21adb1596f7b4334dddf2bb7b1e2d10a2499cbaee6d6ef5ad18c4e65a0f4cfaa7a1458d013e1dff24eeff4a417ddce2b183c2937c9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider CacheFilesize
3KB
MD5aa8288579fc6df39a3bae9ec4796701e
SHA1c54352498c9878b0b92ed175f85acdff1e8d6512
SHA2569733ef11eb78cec9840cad20161ee6a1977e2e6ea7da96cf42999d207d153c8c
SHA5127826f4cd6aa4bd83ad48c7b7043c011fa6e1af7cb1c0c3756974a227e97801e6df0bf811cacc6ae0dff599a49fc4c4048658b9f307c13cf01a2fa9ce5a0a58ce
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.logFilesize
12KB
MD5786d2f7456717920f266fbbb08f4ee61
SHA1ac4c0c93def7891481223973f460f299f3bcfd76
SHA2561d09b4ff4a2a2f1f2f9a20f1a6cd5ebe62452fb263acfd3c109d0e740aafda6c
SHA5120cdc89300f1efca6e70bec5f61aa463ffb3d02d6c118504984cb6047905da979f23f3acc736905225c34ae1dad8da92a8547e96215865cd93f32ced2966bd028
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOGFilesize
331B
MD5a111b373bd620a516688b6c3af2d20dd
SHA1ce76ee83038dac63e03d6d1808bf55585154f62d
SHA256c9c9eeb4c75d4edff3d9424659dcdc73e83797ad6e8caf118f849b256baae0e7
SHA5120085af0e66948fd70ee7a29b2dad43d86b9d39b44462a7fb70fea31566b1ad63b4bb13e5617ab0a86b8d29bf9c3928e127f58028946237947491e1963c747dbe
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
111B
MD5285252a2f6327d41eab203dc2f402c67
SHA1acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6
SHA2565dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026
SHA51211ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD56b13ca3d3fe306f7b1023ae0442548cd
SHA122f0739e7255fb15ae1fc171e5a05e007b7b2e56
SHA256af589240f33205a9724891623b8bf783fab525e3239578e79323d1b4f14c74f0
SHA512cd342a8f4104a22fde30baa33923d455f7d5c388849062467d0758610668be096e8ba9d46c829ed7d57edc1f04d71a5d7b7eeb685dc171cea99e1d0c0abdd622
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5255407d14e28c023506fda2dbbe71353
SHA12ca721cf940d912c7f501a794542473771858864
SHA2560689b7e4352c47302ea045522e3e7f476fa05974f739d4465b13a468d3d66e47
SHA512dd960cc4106d12e758ffe36ebecbdd748a252715cd333290229d8f86c9ac55e0c931108215b06c34ea95d446703d7b80922c0fa0e7f149bf63eede7e398e47da
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent StateFilesize
1KB
MD5b6560e3a15b469a17672b4a46ddfe83f
SHA1a9c1b4986ef38b75d4ae069a2bea600c2fe20206
SHA2561fc779962d6b9436f01ee954e66e23552bbd6a99fddc8d97f9824e7ea52112db
SHA5122ef3763e2068a5956ba2ddea95a8beaeb4e9918b4b5d189b96ac054a112cf3dd436d3c98b77449d588ff2da3b56edad6649716d40edb3f0a3333e13a37aa248d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD50f8f9710491e7c7d65712ed2655e5da4
SHA1a7d4e0174c4b581c65f066b8841e5c3861caab4c
SHA256bf364d6bca7259087be2818ca2b4135e9d2cafccf3104857060103425b0723b6
SHA5129c7e80a103b0d01077fa0b21cfc839d2d8160136fa17613caf0e92e690b3e11f7b0f6abfcad1438cfaca540cca5a73011a2c52d9ced1f47bc2263c50c422fc24
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD593805bf635cf977327aeebbd8be310f3
SHA119abaadbbe2bc8fe82812a24a34cfc69b2142eb4
SHA2563ccb18fd595347af12b9764288e466701bee784921b7c5d29a6d4266ca73d197
SHA512126711298b39403584086f9ac1566dd6a9154852554151ce80f7ca0b88614cad748fe406ef18805c178ce1468e1b534fbe6383b007a5648f4fb2421fe26cfcd4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5ad373fe0cd1d209e6cec157680e8917f
SHA189ba3e2d79df5bc749bd06075ce31ceba37bb364
SHA25652236265cc56704ae9f8f97d3b5c8f082c40cf3dd54a387ca4e13db4653db076
SHA5126897301583ddf5860f51b97f09e2570a04842c20262ff743f8fa4bb82270082b9aa8ad501ba0105c28751cafafde38ff74739d7c381af9221855bef30dac3334
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5f1cd4dc81ef3e94addbd7854a4c4ed9e
SHA10223fb1f19d749900e96dfbe3bdfac187b25aead
SHA256e35a7504a9531e781efd73cd62aae439078dae238edfbb3fcebf6551246d69dc
SHA5126f064e50a6873630a44e8fb3f1ab8a311acb6c1e2bab01da424db52812380bb1b83becdc65ea0a5a8f2c4bbd74e0c29a88e6bf7d458b83b3b69eba24a7e48adb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD52277973d06cea8eb031b954cb8674208
SHA18079e088a2e68113072784eb4b6cb365348dc3f4
SHA256afefd8093cb23077f05539798c85dfc6a9240f2ada587c1e54c1fe6015266c4f
SHA512413e1d1e7c35340cbe5a33e77c969f0c2380998ae98f7185526e3001dc5131fe76d2d18c27cf92d65296a4159627b03edea29aa8a255f2c9b7548e3c43b9d8e3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD56a0630b9ca7895d2e47e413019553eaa
SHA10324ea26088756a425337e24340b453902818dd6
SHA2563bea8a89a8ffeda3687d04047917fc35963e0a694ce57f254c0797b1cb083892
SHA5125cd2b233851ecb33ac8d71c9a34237c3f7eda7f5ac1f2db1d244245dcb9206f4dfe7815a2064b767f8bc1219b4b29373565e1879af93f4a4d639ccf83e25794a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
6KB
MD55656c00143787d8542a1f066252fca4d
SHA1b560a9e699eac07e04848fa1e1a2c1844edd9984
SHA256185368b9400eb638a1b19e3df237e7b95d81785d198f80dd34c21bb380e5b988
SHA5122396a5beddce406518a8e918d472a5c4c7fab41cdd2a6ee3502e6bb12545158f35b6ecb3d72b6934c11450c525e2cb0c7e38afd9c09572f06d3f57c44b4428f2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD57f5c4f77046a1432971523a1e709ac68
SHA17a97cec4a52d3e3fd0392fd67e028a74f4a88a6a
SHA256f1fafaf37fabf5891d9d538771253ead83f2132090d2b6186568286beab11b0a
SHA5124efd441ee33c0706f68b7e3bdb7da2eeab2a735a76dc1acb4942729388540a0b9cf5cca0b41d0b45a461d80b155f1da8d0d0fd0cb4a143811ba3367176bc14b7
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5fbc5702ace968a093954aa29469e8503
SHA1c71997c591efba2c2c89c583bfae38e17a0cdf2b
SHA2568523cd0bc7e87263ea6abb80f00abf6402c088e8fe4569f88f9b19db3d94bfa0
SHA51247d916bb6d8fd4e2365f782cfaf6910011068e932ce40dc572bcd91c04f390c355e992127c77312add08550ee1ef50585932969a956c2b7e796a30d4a0fcffc9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD59ec08053bc120f0bce2849bd7dc65578
SHA194b12625faa5bdc6069cc9c31a27c2ee5dd9b1c6
SHA25634b044ded078c18a894eb3a0a2c40b0ff860571913bbcd23ff27874c5097c8f7
SHA5127adff4b0fdd1835ed393e72356df60d148fdd5aa9be2e9846d86dd20e59f20772cb127bfd35b9076b38068e5d6bb528c3e7b3114b8af1d60ccac8fca5e9b7739
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5fade5081c882f3656a2eaedb68003f97
SHA1c69c307c3e9d063c9652d51f7d9505a611272489
SHA25649ac14fd565138538546d6b1f286b38ccdeb84344d7e14e9940e4a9651e89ac9
SHA51258d4d080530e955ef80afac635f4db72cd76e07beb11e39d609c473ae5befedaac9e8310b8c8ca697e4a1c7cd541e77a80eb0e69f45a31b347d3288a51867ebf
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD58946fbe3b5ed8cd7a6815acae46cfcd0
SHA150a653b1867ed475053741c88c069fd414962cec
SHA256470d8bbda1de6cc7041a9b9c6ca7e047b899b0419f67c8047e97061181b3f764
SHA512fb1db531629152e5036075d4378475c91afdfd956eff5cecef17ff329795e15f0529e99631d0e6badcf4ad7dc1c5d18b53e98c508d0c6aeca6a27b93d0560467
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferencesFilesize
7KB
MD5cd278b7355c26f3d73a0404ba9779d18
SHA16f679c67917fa979f20a3bf86618b0f3b8266dfa
SHA256670a7db8a43a44a9e96a3bd101fbdb183d9f7973b142f23490d707508914b99c
SHA51220b92e01ad7fc68906c6216a92a4f371020bf0218cc7877a922fa8b38cf31421269b2f7734a9143b8d65fd63dfeecef38f4e9f0bc7e5162826c12d6ef77d4c59
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.logFilesize
1KB
MD5bc46000ab8781c027fdce41df983d128
SHA161f7d7d9ca26f1a08c4be56fa0b331b5c041905d
SHA256ce0745a9bfdfb22fb5ee20fefc8a64ec2df72053bc8a9758930144a7fad328b6
SHA512c54b7f9730eeb3ce8cee5453c12e3c6c2f67c53bb86acfea84282426d6e3705a9bd903b63006938bf90288baccf59865ca68196f89c54f7c37cfe24d9bc2579e
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOGFilesize
319B
MD58846083b5fdb7346bfc9c766fd0cfe7a
SHA1e3ed6e24a09dddd5cf3ac2fb4939aa83d8ce93d3
SHA256b5ab5662891578579346111a158b665eace4a1e1b8127009275d505b0b0c02fb
SHA512dc745afb05713bff84d87b91cc0f4e6d7762dcf9719db13f34b1bce8f31c1bad99806a843dfa49bad8fd1d34c3bb7b5f8807e2bd449b49ef2e6da6a87b17b373
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13353435530887206Filesize
12KB
MD50afdc6928eb55a032f95616d1c472fe4
SHA18450123635cea7a0ac26fcd20e02dabc5488bc64
SHA256a0d919922aff46d020b10f192d9f139f5217b8631710dd0f9c7804007d451d48
SHA5126932f2f83277133e9c8a1f5eb3b19f6efd92934d3d2c5d32cd8029bc24eec3d342f99beb014b96a67140ee4b785411a9a27aa13445d22f4c3f752a8332cc2264
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.logFilesize
184B
MD5894dbfa18bed8fe6c0316febc2edf5c3
SHA10e76c8b087500f34a3def7c5fe4c160fd163bf66
SHA25663554c812b9e4cbb23187f64cdd99b214a98925c1ac90ae2d6020b53fb6a6d37
SHA5124c165f206383cd7896e99176d38dbd0baa505481f4d400065eaed7ae86189f39cbad7af939a8f9a32cd96ea654088e0eaed003862f7732cf568fde8377676c9f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOGFilesize
347B
MD52d28c220a789680e1eac2fa59b5fcecb
SHA1fd63009fcc05571793da776776ad4041e3170182
SHA256ab0afbda5139695205c027036304717c9966ea499edd68aafa22f35da4813054
SHA512b60bbd3e0e597f8c7a3e798387d8a691d5be998b216583ad293a84190b0e057e15f73346879940a738581e7014c8e66762e042042e62bf1df3147f9b7b108125
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOGFilesize
323B
MD5c2af223ffaa08eedbf78a3a33bc74f9c
SHA1abba814f61f6670f7649e1710927ca376a36a70b
SHA2568f2dbfbd3b5fd9c405dbfb1041783d30d2d82620bb4ae8a9ded7a6f4fb0047d4
SHA51289aba47fa0137314742c0d65846085d234fea219f805dc232b841b6849a66b2e6efbcff2ca7a7fefc15422628ae7b88e3d87486b10577b296b553e01ba355358
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD594bc1123f523037505bea57317f1d835
SHA1ec8d5aa68b19fb9bb49c95ba1784a15ffffe13ff
SHA256abb420b6358b8556070a880ed4a401b51199a22f27dc83b9ef61ee99f4936af8
SHA512f13e6e02cd2356d5f8dfb2c3e031f626c2fe892eae3feaba76e4d5ac54851c20d6eb2d1b9ab82d90dcc8c2fd618f1a07704a7a15dd7d16469e3e8796fe0cb52a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5506213fda17719daeb652ac3c33ac7c7
SHA18828e371d760ac3695a929672c811e97eed49280
SHA2561dec110ffc42a073a4ae43aa6854f469f98e088ccef4823b2600f00651eedf4e
SHA512db7d55811f235e6d1ea187019c697035653e90e8bcb6ea64b5f1c0a81fba37b62dae274eab4473b4063600e719a9f9f07c6827b9092847c794a7f2538b449481
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD5fb663f678ab18ea7efaae40b7e5777c4
SHA114289678eb63508294ec6368ad149b8844292082
SHA256fccd2ceebfaaf4b90671fb387936135421d89d0b8adecaa4f966efc0698786ae
SHA512cb562ac6e8bf0772184f4246df69eeb87e582cc348c654da3552183cea3eb366a603f019cc7e7dd9a2bf59a3a9f326aea008177735daaae2044f4039c5c51398
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurityFilesize
1KB
MD57fbfde5fe5955ed3e60cfef707e52dd5
SHA1c279642ad70cdf1063fe25be9021086bed2b509a
SHA2569fb909bb4b9cacfb079102042d0df4540222eec47a68f23f0ab5757cc9c7b31c
SHA5121beeab172429d0682e32b9400b9cd3cae1e9db4b54121edeaa0d5e174bb98a522ac743763f4f4772db8253524be158fa4293c16065053ed13e228bebe98ca35a
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe589c1c.TMPFilesize
1KB
MD562a758db8ff6779129cb95db169f01f5
SHA1d9b62e7f348e0c659741333df8c512d1bbdf8863
SHA2561532889400ba33551fefd09df11a63c71129d04dd78cc702e15ea8c9c00ff2d9
SHA512d9f277f34605d7d684f3c1c4aa8b136efec21c3970aec03966928cb73993ee4e446243735113d2bab2346c860e175de6550c599ba8c00e2ada129dc5cf3908cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited LinksFilesize
128KB
MD50a9242c96dc9789b1ab6ab35aee73717
SHA15dbd5ab334e5b82ff87b54f7713a99360b8fab59
SHA256962503691c1cf0f6a67bd30e8da312a6aa8ecb17ca21b2c52268b1bd6ea5970b
SHA512f188e19e137fa51d829a90693823f924dc32ae8bad9fa73a0b78d4d0e22e69666f1a4ab0069e1badaae6e4854e4d9d7abd407816151dc17a8f6b85bb1720c6bb
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web DataFilesize
116KB
MD592108ea17b1eb651b88f68eb502573e9
SHA1a85dd222f041302f40e7cebea423b9f43fcb456d
SHA256c634dc05f4a572c5d61a186520b0cfb14d2503e19c2eb72e2830d30f21f55a14
SHA51265c27b3a3455771bab94ca881887ed1ddb58765d7d56d3c51279b467be614efa4c9ec5321a0b3767128b07d36c0ba740d70823b7a871d90dbaef546ab24681ef
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5589c49f8a8e18ec6998a7a30b4958ebc
SHA1cd4e0e2a5cb1fd5099ff88daf4f48bdba566332e
SHA25626d067dbb5e448b16f93a1bb22a2541beb7134b1b3e39903346d10b96022b6b8
SHA512e73566a037838d1f7db7e9b728eba07db08e079de471baca7c8f863c7af7beb36221e9ff77e0a898ce86d4ef4c36f83fb3af9c35e342061b7a5442ca3b9024d2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENTFilesize
16B
MD5aefd77f47fb84fae5ea194496b44c67a
SHA1dcfbb6a5b8d05662c4858664f81693bb7f803b82
SHA2564166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611
SHA512b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.dbFilesize
72KB
MD5146a9bdd845acb59e1dccfcd77dbb41f
SHA1c0ea95f6afd54c453961b056f32d9ea44e65c2b8
SHA256020c74d04e988ebf6f26f42ab35779a759888b0030b20c81338f64941b148cc9
SHA51268649dfbe8d0ca192c00581cd23fe475e0634edc3829f503a4335bd7596e0a6f52a9a62ea135e6b5b935f6b682e067679a6e73aa1f878996be93693ccd2f0ba2
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.logFilesize
27KB
MD574c5feed721c50457b219ca06223a631
SHA106d8f845e10a8e2afb912a100d8c17d946a9c961
SHA256218ae56c3f4c72efe060a08d15ef393a0b9784b052f198e7439752360a5b97e7
SHA5129ce4d5759f3dcbc30d549489d51eceb361608d1192ced99fa71727338662334b84b8be3fcb92f55b63d9aef29b1013b03b365e068622e151d12c093d1e3075b6
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOGFilesize
319B
MD56a9e39d33584605e1baf3990c79d04b3
SHA1a3a18c1cfc2594af3d75a22ede28c15a3080768f
SHA256392db4f40daeadbc0260dea84f32cf903c98d52a036c8517fa8f7845074483f3
SHA5126b8bed4f0abfe55d8eca2745178a66b93f6b7bfda70e981ad3faab958cc58a41a62789ff95239dc2132cdcf91824247ab81ab155014820f4ec471141c5434326
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.logFilesize
594B
MD5914eb282a6bf77a47171efb3671b6427
SHA1689bd20c6b20d5daeead66c8895d9baadfb194e2
SHA2560971352fedd95d03b783cb303a127c679cd38da1649938be8e76f38df24854cd
SHA512d3237778e5a590d10bdf9019a800bcfe3dfa438b4ff95b8a9fec8bad07aa6f913b49c1c4e16d493c91beddb3f4c876b28fb9e8c2b502f0c6cb088ebe6c0f0026
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOGFilesize
337B
MD5a5dd7d040a6de35186120883f8995ade
SHA1e89e3e31db4ecdce6498213ae6a930251e0ad639
SHA2568bf531e164bed9c7e9b18d7b42e56c24d58adfb77690753a4e28f24f460d86fd
SHA512fbf92506304ac0f2f30df59ed67a7442a825c6adf06192b25f6f06e58d88c762d04b026f8b15b721d05d2347f8807ad23bbc882141f9d70cb1eca5a117045c7d
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0Filesize
44KB
MD59a7e6840576be0c643aaa376004684d8
SHA1e5f6c1d7016d74e324c0f64c9401ec7d37c96029
SHA256452632f00dc6ae0690efb1eada88619bfc573ae8e4d5324b56914ae75398c6c7
SHA512291c6b68dbb3fa53af63a5a8be5f6f4dfb0b49c224faaed00f764dd07c48b22720bc9eddd52805e804359c7eebe047effc0d06031706c9773480a6e9b915b0d3
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1Filesize
264KB
MD57ef9f998462a6096144ddd0e6934ca0b
SHA19c4ff35d9ed425725173f2cee93f49e04e3f9b14
SHA256ae7d9894b05d01a0b0eb9c2486a9511f121e2729a7b8cf45838a96cbcdba7c59
SHA512da177f306530006f197d265465ec813c35564fbb0bfc14a6f8e07ae0b695a147959c335d5a52f575b920c53808b54ff9e72d7e6dbbef8646601b76c7089290cd
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3Filesize
4.0MB
MD5f5eae9d766e5e4c46b44a67b9fdcc08e
SHA141a54a5987f2f535bb3c7e7bc5baa80adee47806
SHA2564fd1251b9c151bbfffe5965d7304abd0070e90b08ad6ed09ea1e5b26a1b7f0d5
SHA5124355fd09e01c55f787549ed0abd2373544bf160f02b2aad37b74b1ca8f9770a6650c314543347f1dc7ed30c833e1b7ad3c12285fdb57d3f26a9035e4a4e4a7f5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000003Filesize
17KB
MD5f9537b61ccfbdfe7fa567209721dc9e8
SHA1a560d06b80bcb03b83c50ed7954ac55332170a14
SHA2561560c55bc4dbf4c83dd6cfe8fd68897315f58c5c5340f4c3db573a47aa05a8dd
SHA512c19d8f4096871fff58ee262b61e82b46002a97c45815bc9aa218f18f140a513a8cf48601c1c04c9a6000a0338698f03ac3732ad396ad42730bbaafa29ecb32d4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000004Filesize
17KB
MD56bc4851424575eaf03ebe2efee6073ab
SHA12d014fe2feb929d03a46322645a94556ca5c9e96
SHA256abaded8e235fdf329521806af30a1cc7701eaca3fe2efccb9da760ec6d8e5e4e
SHA512af3b7d93fa2243475d74d4bd7f918ce2706bf6eca28029b9e49869f5f793e483efaafdfab1fed6306d5fc77a5ed3b27097b27448cd04560bed4df6fa3268ccf9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000005Filesize
17KB
MD5fc97b88a7ce0b008366cd0260b0321dc
SHA14eae02aecb04fa15f0bb62036151fa016e64f7a9
SHA2566388415a307a208b0a43b817ccd9e5fcdda9b6939ecd20ef4c0eda1aa3a0e49e
SHA512889a0db0eb5ad4de4279b620783964bfda8edc6b137059d1ec1da9282716fe930f8c4ebfadea7cd5247a997f8d4d2990f7b972a17106de491365e3c2d2138175
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last VersionFilesize
11B
MD5838a7b32aefb618130392bc7d006aa2e
SHA15159e0f18c9e68f0e75e2239875aa994847b8290
SHA256ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa
SHA5129e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD56860056736cb087258f652a6ed32480f
SHA1461c2d5c0f8122a6caac05e968a962b1890ce1f9
SHA256bf622ca32d6ba986d69d2f5d296b0993326ca6a0997b9ecc4ff7b6e7e4d3f5d1
SHA512ed1a7adccea7b409550f51439dc238a7fb857efd1a21a6877e6721f5741b3303325b32da07f2bc955245fe2827cee4152853282da86df470cec686d04e7bb158
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD54604288393902fe33eb510d58a7ae6b5
SHA1fc536b658e277678479da99dd86b2afbe77bd96a
SHA256d81ff3b22525cfbdd1ffa7b3104fa7755873eb61929ca8075312b25e34d1d2ec
SHA512014823aa67dee131483f46831c3b6a500c5689c26783285c8e23b195877a657f56840df92e6858dd68b3d216ae47cd7c96b2b1dda4a840f914400ddaf64bf535
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD509c182f38dac270b7307498f1e1b197d
SHA13f21ed3eb4794b41f960b27cb2afa05aa178d2d9
SHA2563744c1e7ac9358e6b61d1176c56f49c4e83f65fab2edfa83663badbf391c5291
SHA51260e67171485c815350b3603e711b4fc8dbe6dd4a574116c22db4affa37abbeeeb95a52b787b3f2fbca0cbf7cdf681f7a7e67fcc403201554bed4db1f784c1302
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5f330c35eedc23791f7ab47e24db087b8
SHA10ef880bc39677fea05106b785ba23a1d8e231c86
SHA2568c9952970938c4d2e5bef8a8c7c0cd68c42c3860a0f7ba60d306b551cc9cf19c
SHA512c2f6a201862629255e6b58b8528de9f0677d18e5e6a7771f59122b8a93015d49311efda544a3a3fe7882300593047463e44339c98ad736e4f8fae0c9b07fa878
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD5cdf4541bbac2242c3885f94d917e10f9
SHA1ea73c98ae373485c123c179592d92c6936dac2db
SHA256bcbc7edddbc3025279622e19896e747d2b56900a27783a4c98c8ce348b1447bf
SHA512b6a3fd44b4684da8a5d309d9db0fd07d3b35be9c480b1953a9f90e28aac0a457ef83d486b6520efcd5b7a706f8d08c835284525e57b6e75cad87b7599412d6a8
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local StateFilesize
12KB
MD55af1b63274579a8bf2a89ef531e0be71
SHA114027b253008a7f4479167b18041d66e0d633c87
SHA25605f8a68b7e3f9f40514749c0d364274b0f613114b19e700b8c31c4da9a782b1e
SHA512453ac46dd01b929a9f15a5cdf4215735782b3096c57d2b51c128b94161afecadda074b8b96eda7f45a01df2fbd20c40c705526908ceba2f3b5c1fe12e1a3ce6f
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1Filesize
264KB
MD5e597e98c2121eaaeec3f767a84645047
SHA15d360305c5a6b12cc7cf4b113137569ef5cb7cca
SHA25601dff84fe2d3c427533c8270271df4f89d93b4fb2c292d4b8f2113d08829251e
SHA51202eef09615d87cf34f910ed5d16a70f834e523d22554b42d7e7d27854d18c433f3a7c28a0eb9aa9dce820aebdf5097cc8a54c24574e809c79115ee8b9603b7ba
-
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbresFilesize
4KB
MD5d57aecbee47cf45f72a1c4a53551ce05
SHA111e7c6d74c34dc09d029f4734d661d1b2023ef06
SHA2564e556ce6520fcc8475548c2bb95359063f08f86a3c9b42b000fedadff5894a0d
SHA512ca7cb9aa98306bda12082b6d02aa39746116a8c6688065a2e0a0029eac46653dc68d6e78c7bb5c087cc7067b2bd8fd0b0e333ddab58f58f5286ccc5d2b8c13f1
-
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___85G6_.txtFilesize
1KB
MD541981a1054cc07f43f2b252e61c1f8d5
SHA14cd50d8f520a051dcb7aca1aeaf973ab5b04dc77
SHA256c6f7272e7dc74d7f5115f6f9529332f81946fa3aca59db839721416b198f2c49
SHA5122364b8e1a39a7cc3b9c7d624c835687317e3f83036f1b955a7fa9e67cf0c217f655ca0a379ffe8523bf0bb8aff50f39a563cd22412c808e3f484fb727d3d5f72
-
C:\Users\Admin\AppData\Roaming\Microsoft\OneNote\16.0\_R_E_A_D___T_H_I_S___KVXYQG_.htaFilesize
75KB
MD5e3dd50e837528a82e91b70667d2ebab2
SHA1db390d1a725be86a8fc4c1c6e14623a6269b2301
SHA25695430e85a0ed00277dd3fe50ab3c2ec97deaa3b5f057b014c243113809ad1dcf
SHA512570e2a5edb530e33fb11daf5917be64578d8bdaa96acf572af695c986c0a1fff0ca3d06452f390712bc5c24ffa080a43b61cdf859ef9486104f35688a7c2e78c
-
C:\Users\Admin\Desktop\Ransomware-Samples-main.zipFilesize
15.1MB
MD5e88a0140466c45348c7b482bb3e103df
SHA1c59741da45f77ed2350c72055c7b3d96afd4bfc1
SHA256bab1853454ca6fdd3acd471254101db1b805b601e309a49ec7b4b1fbcfc47ad7
SHA5122dc9682f4fb6ea520acc505bdbe7671ab7251bf9abd25a5275f0c543a6157d7fa5325b9dce6245e035641ab831d646f0e14f6649f9464f5e97431ab1bf7da431
-
C:\Users\Admin\Downloads\Unconfirmed 482320.crdownloadFilesize
960KB
MD531afc8ca1b6333ea54e0d483a7a5bdd2
SHA1b2edb720c367ae33afa7f7f282b85fe52585df20
SHA2560aa1a07cb6479a5c4dc28984f7d97692ee0c3dceba83cd10ccbbdb5d9ee9ee1e
SHA512a2ed47f4e517bb985b020876f2d2cafeca2305748569744e42b72a7e95092708b4ae952af7276c9e2ac91d01cfd8d65b0b31d5df7c0234d0984e12eee6897f32
-
\??\pipe\LOCAL\crashpad_564_UOLDGJFATQANGERBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/3776-1023-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1027-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1034-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1037-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1042-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1053-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1022-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1021-0x0000000002220000-0x0000000002251000-memory.dmpFilesize
196KB
-
memory/3776-1408-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1427-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1429-0x0000000000400000-0x0000000000435000-memory.dmpFilesize
212KB
-
memory/3776-1434-0x0000000000440000-0x0000000000451000-memory.dmpFilesize
68KB