xenarmor | cc4387111fef858ae0c66c19bab6b13569789117c3b8a464797cc4a5db2198ef

Analysis

max time kernel
600s
max time network
592s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
20-04-2024 22:42

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

uzpn is coolio.exe
Size

76KB
MD5

3a95b8b68f29409589094c4497b9c050
SHA1

8be1240201d17f52605e3c873ea70e612a088484
SHA256

cc4387111fef858ae0c66c19bab6b13569789117c3b8a464797cc4a5db2198ef
SHA512

841ced2e66d73f6fec1187d657179fb7bfbd4b1daa20330007ea62c5c6e74c6580cbf8d4dd1f01b0227f524bf56650ec9337d822746de9e29f24854e1b26c849
SSDEEP

1536:pPQqwzNzpDFLYVUP8LjVtzBwUChnwl7K5bH9CPYFyxU/O+6NWppd:pyNFDiUUVXRF2bHIUyxU/O5NE/

Score

10^/10

xenarmor xworm collection password persistence ransomware rat recovery spyware stealer trojan upx

Malware Config

Extracted

Family

xworm

uk2.localto.net:34675

Attributes

Install_directory
%AppData%
install_file
Google.exe

Signatures

Detect Xworm Payload 1 IoCs

resource	yara_rule
behavioral2/memory/1176-0-0x0000000000BE0000-0x0000000000BFA000-memory.dmp	family_xworm

XenArmor Suite
XenArmor is as suite of password recovery tools for various application.
recovery password xenarmor
Xworm
Xworm is a remote access trojan written in C#.
trojan rat xworm

ACProtect 1.3x - 1.4x DLL software 5 IoCs

Detects file using ACProtect software.

resource	yara_rule
behavioral2/files/0x00080000000233f5-937.dat	acprotect
behavioral2/files/0x0008000000023718-944.dat	acprotect
behavioral2/files/0x000700000002371b-957.dat	acprotect
behavioral2/files/0x000800000002371a-952.dat	acprotect
behavioral2/files/0x00080000000233f6-942.dat	acprotect

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\International\Geo\Nation	uzpn is coolio.exe

Drops startup file 2 IoCs

description	ioc	Process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.lnk	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Google.lnk	uzpn is coolio.exe

Executes dropped EXE 1 IoCs

pid	Process
1572	All-In-One.exe

Loads dropped DLL 1 IoCs

pid	Process
1572	All-In-One.exe

Reads WinSCP keys stored on the system 2 TTPs
Tries to access WinSCP stored sessions.
spyware stealer

Data from Local System
T1005

Credentials in Registry
T1552.002
Reads data files stored by FTP clients 2 TTPs
Tries to access configuration files associated with programs like FileZilla.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of local email clients 2 TTPs
Email clients store some user data on disk where infostealers will often target it.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

UPX packed file 5 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral2/files/0x00080000000233f5-937.dat	upx
behavioral2/files/0x0008000000023718-944.dat	upx
behavioral2/files/0x000700000002371b-957.dat	upx
behavioral2/files/0x000800000002371a-952.dat	upx
behavioral2/files/0x00080000000233f6-942.dat	upx

Accesses Microsoft Outlook accounts 1 TTPs 1 IoCs

collection

Email Collection

T1114

description	ioc	Process
Key opened	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Software\Microsoft\Office\Outlook\OMI Account Manager\Accounts	All-In-One.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Google = "C:\\Users\\Admin\\AppData\\Roaming\\Google.exe"	uzpn is coolio.exe

Drops desktop.ini file(s) 17 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Pictures\Camera Roll\desktop.ini	uzpn is coolio.exe
File opened for modification	F:\$RECYCLE.BIN\S-1-5-21-1132431369-515282257-1998160155-1000\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\3D Objects\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Desktop\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Favorites\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Links\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Music\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\OneDrive\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Videos\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Searches\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Documents\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Contacts\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Pictures\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Pictures\Saved Pictures\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Downloads\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Favorites\Links\desktop.ini	uzpn is coolio.exe
File opened for modification	C:\Users\Admin\Saved Games\desktop.ini	uzpn is coolio.exe

Enumerates connected drives 3 TTPs 1 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	uzpn is coolio.exe

Looks up external IP address via web service 1 IoCs

Uses a legitimate IP lookup service to find the infected system's external IP.

flow	ioc
18	ip-api.com

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000\Control Panel\Desktop\Wallpaper = "C:\\Users\\Admin\\AppData\\Local\\Temp\\XBackground.bmp"	uzpn is coolio.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Enumerates system info in registry 2 TTPs 9 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1132431369-515282257-1998160155-1000_Classes\Local Settings	explorer.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
1176	uzpn is coolio.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
1176	uzpn is coolio.exe
2088	msedge.exe
2088	msedge.exe
2084	msedge.exe
2084	msedge.exe
4460	identity_helper.exe
4460	identity_helper.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
1176	uzpn is coolio.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	1176	uzpn is coolio.exe
Token: 33	5452	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5452	AUDIODG.EXE
Token: SeDebugPrivilege	1572	All-In-One.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe
Token: SeShutdownPrivilege	2996	chrome.exe
Token: SeCreatePagefilePrivilege	2996	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
2084	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
4632	msedge.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe
2996	chrome.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
1176	uzpn is coolio.exe
1176	uzpn is coolio.exe
1572	All-In-One.exe
1572	All-In-One.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1176 wrote to memory of 2084	1176	uzpn is coolio.exe	108
PID 1176 wrote to memory of 2084	1176	uzpn is coolio.exe	108
PID 2084 wrote to memory of 3660	2084	msedge.exe	109
PID 2084 wrote to memory of 3660	2084	msedge.exe	109
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 396	2084	msedge.exe	110
PID 2084 wrote to memory of 2088	2084	msedge.exe	111
PID 2084 wrote to memory of 2088	2084	msedge.exe	111
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112
PID 2084 wrote to memory of 1012	2084	msedge.exe	112

C:\Users\Admin\AppData\Local\Temp\uzpn is coolio.exe
"C:\Users\Admin\AppData\Local\Temp\uzpn is coolio.exe"
1⤵
- Checks computer location settings
- Drops startup file
- Adds Run key to start application
- Drops desktop.ini file(s)
- Enumerates connected drives
- Sets desktop wallpaper using registry
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\How To Decrypt My Files.html
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2084
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99bb646f8,0x7ff99bb64708,0x7ff99bb64718
    3⤵
    PID:3660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2084 /prefetch:2
    3⤵
    PID:396
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:2088
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2800 /prefetch:8
    3⤵
    PID:1012
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:3584
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:1
    3⤵
    PID:4272
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
    3⤵
    PID:2156
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4460
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3636 /prefetch:1
    3⤵
    PID:3880
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:2160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3936 /prefetch:1
    3⤵
    PID:792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2116,12952655150072600241,17036151348962960658,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3248 /prefetch:1
    3⤵
    PID:3584
- C:\Windows\explorer.exe
  "C:\Windows\explorer.exe"
  2⤵
  - Modifies registry class
  PID:5728
- C:\Windows\System32\cmd.exe
  "C:\Windows\System32\cmd.exe" /c Cd %temp% && All-In-One.exe OutPut.json
  2⤵
  PID:5980
- - C:\Users\Admin\AppData\Local\Temp\All-In-One.exe
    All-In-One.exe OutPut.json
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Accesses Microsoft Outlook accounts
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:1572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://exmple.com/
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  PID:4632
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ff99bb646f8,0x7ff99bb64708,0x7ff99bb64718
    3⤵
    PID:3956
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
    3⤵
    PID:5476
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
    3⤵
    PID:2680
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2764 /prefetch:8
    3⤵
    PID:792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3260 /prefetch:1
    3⤵
    PID:2744
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
    3⤵
    PID:1044
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
    3⤵
    PID:3500
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5088 /prefetch:8
    3⤵
    PID:2848
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
    3⤵
    PID:5504
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
    3⤵
    PID:3828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3372 /prefetch:1
    3⤵
    PID:5928
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,7447709050958468592,8972774602887809395,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5492 /prefetch:1
    3⤵
    PID:5136
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --new-window "data:text/html,<title>Welcome Chrome Browser</title>" --mute-audio --disable-audio
  2⤵
  - Enumerates system info in registry
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SendNotifyMessage
  PID:2996
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff99b47ab58,0x7ff99b47ab68,0x7ff99b47ab78
    3⤵
    PID:4748
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1800 --field-trial-handle=1928,i,5551340593477539761,13276218650081152943,131072 /prefetch:2
    3⤵
    PID:2588
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mute-audio --mojo-platform-channel-handle=2176 --field-trial-handle=1928,i,5551340593477539761,13276218650081152943,131072 /prefetch:8
    3⤵
    PID:2260
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mute-audio --mojo-platform-channel-handle=2264 --field-trial-handle=1928,i,5551340593477539761,13276218650081152943,131072 /prefetch:8
    3⤵
    PID:3828
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3104 --field-trial-handle=1928,i,5551340593477539761,13276218650081152943,131072 /prefetch:1
    3⤵
    PID:1520
- - C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3140 --field-trial-handle=1928,i,5551340593477539761,13276218650081152943,131072 /prefetch:1
    3⤵
    PID:4384

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3948

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1908

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x4b4 0x158
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5452

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3056

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5432

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:3688

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
- Checks SCSI registry key(s)
PID:4964

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Credentials in Registry

T1552.002

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Email Collection

T1114

Command and Control

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\21de9e0d-3945-458c-bb8b-beeb58e63d83.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3443a179ab91dee2349af126aee4bd7f

SHA1
97bcf9cec26662a2480d007bc81c9e7be4cc66de

SHA256
7768a1d5a8624c4f7f37a06dc6cb903791e170f9561595e64effe70413c5243a

SHA512
2efa63fe2fa48e346bd3b37e1d5b48377f353b0ab314118e178c429e559f7892c426764bb809ccddff8627f00c6d35b35575abf74490f60285759fe04d7259fd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
250KB

MD5
9150ecfbae67895af0ad61ea3c9bba5d

SHA1
84cc04d07cf182490e61fae2e8c8caf9220c711f

SHA256
4a8a5773f847f3ac8a518c683a10d324b3696b3eaae6d452b5e7af983af9b919

SHA512
9e2902868f1c567d38ad6420dcc0541f8d538d699d0873239fcb4137cc0853a79df648c351d086d857969a98e7dc28fa56d4a16e3d5a0dcb94f3a07f8ee2c813

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
286f685185463af5fb34120f28e027a6

SHA1
252a84902aeac74cf6252914272a91d8b9b8dd74

SHA256
7082da47a86d67d4e27bfc5c7fa6fc828915307982454e838a8caeeb348a5de6

SHA512
d9b2deea814ee4ebee802b4d8df6d74e07f1b0260136911ffe3209de4290de5e01b913c985f74c799f5b968ccc2a793bafebb7fbb1b3767e0dbab4773072665b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
bc2edd0741d97ae237e9f00bf3244144

SHA1
7c1e5d324f5c7137a3c4ec85146659f026c11782

SHA256
dbce3287c7ae69ccbd1d780c39f3ffa3c98bd4609a939fff8ee9c99f14265041

SHA512
00f505a0b4ea0df626175bf9d39a205f18f9754b62e4dba6fbb5b4a716b3539e7809723e1596bcfe1ba3041e22342e3a9cbaad88e84ce9c8c6531331bbc25093

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
120a75f233314ba1fe34e9d6c09f30b9

SHA1
a9f92f2d3f111eaadd9bcf8fceb3c9553753539c

SHA256
e04101215c3534dbc77c0b5df2e1d1ff74c277d2946f391f939c9a7948a22dd0

SHA512
3c4eb93e425b50e8bcc1712f4cc2be11888a0273c3a619fc6bf72ccab876a427158f661bfc80d0c1e47ef4116febf76a3aaa31a60ec662eae0e51c7f1d3d89b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\162e3ceb-5ae9-4234-a6eb-663b76677847.tmp

Filesize
6KB

MD5
6523557991ca0a0d1d871e00fb1d0b3b

SHA1
ca8b8dddfb8cafc78a17f6f0ddcfbb52f33ca873

SHA256
6e6d08a3992f3e1bfd37d45ba47a19a684839254998762f33c32eb85fd3fdfee

SHA512
bbc61c219d5e3007cf90959adcb775f6d395043929f8e9faf619ae20adc303c9b27276683814b69120e57c8421ddacfaf50a2ae8171cfc5fef43f8809bdaf570

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
9690e3184d98936222c517f36708daea

SHA1
cd6bfcec2c041fec15d3997ad7925f43faef2df4

SHA256
c0805a37b8b6b42d7872c41158c28859cca27111ba32793c6f8b6d61a97e9eaa

SHA512
ba6015c7053b1f7bdeaf47a941a6d6838ac7bb02fb867c2dde4b538222c3b3825c0da3a5f6db82256f0cf9c9ec74dc74e54330d34d564b49eaff5fa9c019ea23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
ba6f1937501862f1a865ffc00d47de0d

SHA1
8bd3c2e51bb098fefaefb5efa5869deae8e4fa92

SHA256
ab42986d43758030def56eedb77d7593c52fc40e1ac15faabd0aa2dc510ad87e

SHA512
a5f7c92a2f81a595a37b2b7fa6f2687d450ef66f87f07ca08f90bfc49e148aa3bd6c9c12d996b9376deef7dd1b792f6ec39881d57a0ffb63eb2414d3cfac9ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
72B

MD5
ca239221f64a53262fdc839d7029854e

SHA1
232b85ec8b73cb64aacc3490d3783bfe529ddad8

SHA256
e7ec8d9db81bf3b8a654635d3eb995febcb1d3f080569756b1a36594f07f837d

SHA512
d40a1fa081ff4abfa689bb1f7de218cfa7774a013cdf3cf2ac955c6480cc3c14200ed63455da6bf35c6170e2d42c7c63fdc1703040627f39adb3992e7c17c315

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
b18ec203c0ffdd94b86fbbeb722a40de

SHA1
86b13ec4a36260c0e5327414902949443b8a1a96

SHA256
c56ea38beff7301bf91d4aae594490878c9d5bdfb9fa6e0ff4380d7cbc9b6d2e

SHA512
1fc43276e597fcd585702bbdd1e68383897cc82dccb2beaace59588ca08d3940f53c02e9b2e511f56d9f86265c9d5438fb7273524218605dbe7b8c73f58c4996

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
3445c65cfbf9f608cbd72d0bdd867825

SHA1
3bd260acc1ebf11edec105a9f06e782943e7d5e1

SHA256
8b001e932c7e81fa2bcd3019f6b4b42155e17e7dd8785ad1628fe662812dc2a2

SHA512
4f76e134ff3a920079bb8b993acb658b5e5b6a0318394e8c10557207998a90c0d2d5b416ed7dce28e3a213494f4fd942b496c29a24994cb6e9922a1f703e8b7e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
e390ef0079aacff73811c528df71ceed

SHA1
f1c0ba3995f316d99c923fe4d3f667347f920db5

SHA256
4e59cc4acf795f3c470555ee42a064d05b3adff57811d52fcc226ec7c5a2eb58

SHA512
3491465adc30e7dba0ed367a08ec939c1c8ebc5f776fd015451cb1811a8194c339c9e5839dcd3044f15aa4381bd6ba9621ed47d319bcc55fee8a808bfb385ea3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
626B

MD5
865178dcea4697612eda169ce5e9b34a

SHA1
3606784d31197f58065ea58a4b53525ba36683eb

SHA256
c344ec39a7d3c73728229c0677d33389fe94a37e709bb8f5e2f0fe878c8c7bca

SHA512
56ba077ee85892a8ce27994aa607fa1d99021ccf3d76be697fe119c648a6157491237c5590c6f0f6139d7dbbcc5d03d986e4625b59bf6c22ed3418430fc6abc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History-journal

Filesize
28KB

MD5
b0f75c19c284914681995dab028d6db6

SHA1
18ed149e416ae193f16ac2a0068da1f6feda7f03

SHA256
e165ea9e0ae5f2646586cfbca5b2646005311273d5810d34994596769a466e8b

SHA512
d2499f8d9e293f38886a534992e695640e834e70b3e5eed644b3b21b2647a7c78f853fee07be0d67b6746499249897e339cdf0a7c569696fa384a4c2549568bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
331B

MD5
a42b2b295b71cda2833c8393428469ed

SHA1
36454adfa01ea83323fe9a1872b73c9d6cd54db2

SHA256
fb625df66d851014032ce85268788e86efce96e2b9d8c629db94634c3e41f5b8

SHA512
3e37231624d4d5cc3f9a17715bb2bbf2431e11536cbdd8ee67ed314b765dca1c56a915eab1678b1e0b9925dd894d7258fa98c7464c68d983d1abafdc2569ca6a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Action Predictor

Filesize
36KB

MD5
cf4b0a74bdc68a111bd7ccbd8569daa5

SHA1
e567e83b8db5476018dfed63802d0f60690c8139

SHA256
f79fc9fca22eace1d33311f380f135b75b30baa639f2d819fa437580ef268b6d

SHA512
4ffda967282821d319e22334cc4410eb8883b436654c2ffa65a7a75fdac296a349a672c734e8fed023b9b34d5f17d1af611f81d433108f898459b5ae412dac9f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
185B

MD5
efa3b79297b792ddfa72609e2389407a

SHA1
7c959b0d9c508607119d7c112fe81939169c8ccb

SHA256
04371cb7276a5868761433e311d805f97da580075fc9bf1a66f0a9d8ac9a4017

SHA512
1f08b7ea9823ae979382586db83b05c0d0dc5cb565b3946fb8134c0dfaaf61fdf80d6c666ceca6522964ac446d2a2e798e1f0eaff3dd2ab5cae88a793db20eaf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9f7386d834c4a5fe9e5d62a7035d5f6b

SHA1
b42b6bee8f3cdbd9f85a53c966eda37ddda34eac

SHA256
33365c8fa10b28eeaecbd91d3b33d89175d4f65db22b827004a6eac56efe992f

SHA512
49095eaf053d64ebe0d00fbb761ce139b69b1fd9b99cf7861a3bc734b6fefbb2f09176193c4e07534c6a70bf3efed7f0f4e976d38385c5ebfd7d14547b90214f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3bd9f4944dff1e3d7e9ef4a49732ddef

SHA1
9ceb7391194597ceca6336fd9193d010e467776a

SHA256
4f91f4d36018246cbef8c68f7d927a196384dbea0cf92cc8f6702ec4f1faa096

SHA512
c0145ac9ce7a2f688f560b3f1ec0424cb6da622384675a02c088464b109fa08c94525c0768fb6e86cfa7f862aa722ff6bb8c40ed566062e7d0ad9de8d9b2f45c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
df004adfbaaec55749ca591c8eb72385

SHA1
b3fa7c9b8c296653ec7e4c72cb33afc8dea68afc

SHA256
fd66f914439af21028a6127e7b405875e8130cc5521c84ca358d29b504d1d25b

SHA512
e97057c737e7e437cdd66c4cfeadb5643d45bda195fbcd988153e61958f3b5d227e649add4c679dc68934399a6e9feb973d5037e7fe1eef162dc46efd9f48efe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b9d338fb638613ba949de67e0b6fc56

SHA1
f674167e48e6a82829a3492b2dafd9ba015134bb

SHA256
0c8759cb05805fc35508ad587dc003a8536e2b990fb381e29cc27b4b413fa667

SHA512
2843f3c6ca8f2fc1def6e01c6c3804bb733c15e68d13c9ee98ef4dc204577d2681b2da91f4f9d039033b60ca0e6ded28e2bfc950892e0ed687075baf0daf3431

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1a16866b7178ce5e732d8f6f930516be

SHA1
f6757ac8a31aee1c23501a7064071b0250676ec1

SHA256
7462484015e0700a9d32a90fdddb8c1d95284c6351126f923e9679572f97cdbe

SHA512
b9e056c1ac6f80c08761cad9488f176865d7075648c1a2814ff37700b89dadfaac37c3c4328c13c641b05e0531841e25df9ae341f99460c5b19611ab830eaf08

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\PreferredApps

Filesize
33B

MD5
2b432fef211c69c745aca86de4f8e4ab

SHA1
4b92da8d4c0188cf2409500adcd2200444a82fcc

SHA256
42b55d126d1e640b1ed7a6bdcb9a46c81df461fa7e131f4f8c7108c2c61c14de

SHA512
948502de4dc89a7e9d2e1660451fcd0f44fd3816072924a44f145d821d0363233cc92a377dba3a0a9f849e3c17b1893070025c369c8120083a622d025fe1eacf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
156B

MD5
fa1af62bdaf3c63591454d2631d5dd6d

SHA1
14fc1fc51a9b7ccab8f04c45d84442ed02eb9466

SHA256
00dd3c8077c2cca17ea9b94804490326ae6f43e6070d06b1516dfd5c4736d94d

SHA512
2c3184f563b9a9bff088114f0547f204ee1e0b864115366c86506215f42d7dbf161bc2534ccaee783e62cc01105edffc5f5dabf229da5ebd839c96af1d45de77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
319B

MD5
a7d3b6ffe682b7a2e6f904b5b97e48fe

SHA1
3628801fc2dae9609e871d034d3e898c96b0b910

SHA256
16ea6b1bbdc7201ca16b6a92128279a049bc902b893862700aa8b19061d6345d

SHA512
aa7f0e20a8162a75e4e5caeb0122743ee322e1613bf3af304215bce297fab7c04d5ce2b03a6ebce5b0989102480c7f2bb6703f66ecd123558c1cd66df87a86b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Session_13358126688453478

Filesize
1KB

MD5
a05160a6c575c08814a7a2097b69a7c1

SHA1
c5882bdcee043402cdf6dbe5e9f75de6114d28bb

SHA256
881a2ec72e354752b2fd83657dd813f527c8630d73a8a323f422bba16e4ff8af

SHA512
2f316a3dd373996f5c8a301c9ed61c7d5cfa53490739046a92afbdddbbb915462c124e8638e9ed96cbcad2a2335de55d8afa78f9d4e36a88deba032cfe7831f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13358126688625478

Filesize
1KB

MD5
ca289d1c019210c120fc027c34ed86ac

SHA1
9f38fa123bae3f6e3eaee4b6a8f9dac347c1a9dc

SHA256
feb6296d9c0d8e9b8c47be5df873c1216912b957ef0d29098921bab1c7301dd0

SHA512
ccf95c56e1954e9e5518b9ae781ed3041bfdd8c7d10d3eeafa130ea1644479d7a1480f0be6db2740221eed0af8fe47bd26dbabce74c30b167b6c0e132615dc66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
03044f202581998f465f80f91a79a14f

SHA1
51582702d9547265112626ba910e2b9eb2d8d00c

SHA256
a82001004a70f35470f42d6d400a7b6af69a8a884f5bdc0a5f8adb3a0e04767a

SHA512
288cb9a1fa1a59ad9e751cb8732d17716ccf29357129f556ce4b4ab0bada9c4a65df40ab45a31fdb9bc11055ae998b7d1ff540472c224f3f68e44c4c9aed3bc4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
bc9eb6f96331ee1e695e5476a0398407

SHA1
828d8cd04bc09b70b1b67c197a7964063bb3da16

SHA256
5421daf70c16c50f53f76573ac45e9e23c1d9a6f174e43ab5b64b7f845acc016

SHA512
06e3af9644bcb5fee93d8547360c92bb74c17b49dee1785c3ec3d3ba3ef309dada13080802712744f92f5e15e09c0635371a146c86d67a61875fdda50d03ae39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
fd2df60a017b1fc6b8bc0b652e2c63bd

SHA1
6ef315c6f85d8f4858d420aaddf8b4f4f79d0d42

SHA256
c86283556d847b5f9bfc8f8e646aca2adffd25952f4ef7b37f55573aa4b62a17

SHA512
7eb1ef05936da16779e20720ee7134c66e00a56292e1be587ccf0c352285f3b44e6bcc044faeaa3af0abe6da841f0a248c024223f6b892f956e92cea2bc54119

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\LOG

Filesize
136B

MD5
74379cade7d2fd0b135bc480af4e1cb1

SHA1
ebe6216d09564a314ddac407e4b62e4090ce9807

SHA256
b37eaa96ed5a5ad27fb2fde0c6a21a10f5cd521ea7541f829aa08313e589050d

SHA512
781f377f70076b595fca5d6811f7388651674ca0a05bc7f46f4559f005c96b2387e75939361a57b6cf05bcd0fa78033b4afd789948387d40a7d7493f877d9ccd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\MANIFEST-000004

Filesize
50B

MD5
031d6d1e28fe41a9bdcbd8a21da92df1

SHA1
38cee81cb035a60a23d6e045e5d72116f2a58683

SHA256
b51bc53f3c43a5b800a723623c4e56a836367d6e2787c57d71184df5d24151da

SHA512
e994cd3a8ee3e3cf6304c33df5b7d6cc8207e0c08d568925afa9d46d42f6f1a5bdd7261f0fd1fcdf4df1a173ef4e159ee1de8125e54efee488a1220ce85af904

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
44KB

MD5
4c9f3fa717bb25f17f76561730978ff0

SHA1
e07018da29230a3a02a0b7391f5ba202d4e84a3c

SHA256
1fd60c901ad6146feb85d9fd7ce659d008a13ebb1cb405d725efc6a7b5071612

SHA512
a0d62c0c9a533d5ea7b43305cb37384d7bda20597a8e8f2fa5aaa30e2796c990aedf2487ce9fc62bf3d15c98796dea28b5c1d5c30010bfedb5341e5c31999e41

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
187B

MD5
5456c6bf6d901f9a648429e7f9164c9d

SHA1
bd257d4f86bade133de6fd8a6eef0db9036baccb

SHA256
c1d94b38d3db2ea3694487b15641c05f31a70c01de5ff8b9eebea292d56b63c2

SHA512
e0fdd88d97fe0aecc24dad40f3a224dba5b7d1f28a130a7d000839aeb226dd4ae42a02ba483ca9f0ffe761349a7736337bdab0cc8f9410137f13edddd3fde335

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
8a07e07c3b8796969afdee0e548e433a

SHA1
df71ca4dc548a9cbdd431a35929b59799194f312

SHA256
71fab1dd9cf4421abef7cbb67547acb7e641ed8bf1db1b012c272ce1c434edc3

SHA512
89864993247615d6dd0f7a77b9dd44a60d9fd86328bf3b93757cc23ed9b01c104bcab017feb2102b4d439dc79c187dd4c2d98e8e7e5af0daef03cc6f818fbc7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
565B

MD5
ab7f2f8f728ab1a519ff95e6af07c963

SHA1
e6ce97351653d327edb286b552c5faa7b4fb20c6

SHA256
76cabb1fcdece95812f950a8cba9ab09cc451bf29bbecbc6c5a343835f0a5b8d

SHA512
cd032fd11a60b888baad339e5a25acc5a010db76c3c87ea99102e1be37d2f621f1cd95a3efc05b1e60f5c7573115c08d63b00aa389f3cdde944c2f379188b61d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
b78f9e7a0c62e9d488b34af843f6c3e0

SHA1
f6056a3598b7f24c66fc4c9e27618401db7dd2ab

SHA256
e42d42fa54daa62eaf9b176ff06106b8d22f4bc9781975e1a66560a8da1ae16d

SHA512
76987d81f9c0b32260d1ff7206a014e2c1b74567550f75a37115beda67cc330d0875b16e0bd3a5095b6fd474ff3877abc3bcd898e78eca7a3faa87c6de386158

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
cbb46ac28533aae17f0a544e71b4109d

SHA1
645dad5e093357ef068499b6462ddc80b0187736

SHA256
d7616f0eebe3ad388c9fd77b160395e4ec4004f07a54f77d7c1d9379112af1b9

SHA512
976ac63b04a58d898d73495bd25e4bee4259167966a328432be816ffd168203dc617d41af124286770dc15d1c64d78469162fed0276eb2789958f572b65cabc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
a6bd7799856d4a196703eae1bf9990c2

SHA1
5addc738e5574b1c3735b57e2031530dc79e7dda

SHA256
3513d48f4732b5675a2ccd9ba0cd11629f2a945fbbf3aa0675788d89e389fdac

SHA512
5f9ffac87c38768de7f7122fc8916aeab735fe7797c3ab5021f85ae97d0046b20013b693fba83f4f289ebe882148a46006dd2d903c5fd66880a4aac4988ba400

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
0275d254bf6e0138ce78fd502ded01c7

SHA1
0d84c5cff892b9437dfb26150e2ab2c1a8db19fc

SHA256
db8af65952f7abe9feac1d893f5b0b3675c2d69899dd8900ce37d2c3d49ea976

SHA512
c3d0d16e601e63698b18ff4e69907ed1e623bcba8a94ebab9abefd7b9c6fb468b837ae6376f61a1423330933e27e84c37c5d171cac344ca2b69c0f1736613fd2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
f4ac260b0bcd660fb4d9dbf6b7d5a448

SHA1
3f4e6487b1a3a34108083df23b846f62b274cb2c

SHA256
d4adbb476f250b163195b51d28abe018cdd88796759fee538038c490648f0462

SHA512
468fa541fa9a881605406b96401fd17d53ad02c38c68d70393457b6f814af65d603911552b2d31ce902b94ce0e6ffd458df2cb72e11b0aaeae21be60df6372b4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
5af50afe1d7311d8155aae4c8de1ecd9

SHA1
bce044702857ee2100ded13e3f03f742cc01b083

SHA256
71e6f14abc1b9fd77fa5ef602dd871399448eb4f46048c431de266f46ccc5925

SHA512
6dc6ad9ee488e009bec66e32cd93be181e65be25ccf4f1237137d4cc20b9b67adddaa03424546f42df4f1771ebaac9252963ab4c532dd58274b4db8652a63d42

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
722efc85b62b6b70c89d1c464e4c6189

SHA1
c33a527829af7fbc5708e069dc87f9199aa40a9a

SHA256
165670fa19f889970c9d653273b6d97c9e127b689b35b4f762173e20bf859327

SHA512
4a0663f40586fd7172b72eefa9e9de3afd185ec9486c6c2f4620c14362ef09b75c8ed8d79e9f6b84d3ae435be4ca2524d301993f19394bd616cef9b6fd8f98e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
b0f7d832aedee459c6d7b5a9422dab45

SHA1
257209c7da76e54b0c52946b66396295547ff05a

SHA256
c92a8eb0172be321ed7f3fc6ac8247be990febbe5dea45d09c35d616839d18f4

SHA512
6ed13a159ffa5879c71bb5d5a526ee3f6de0fc2e8c24590c9072ae8b9f82581bdc061d5f751636182412141ea9ee9f752d7b92efeafb4357f21c0e9a7de90a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\edge_shutdown_ms.txt

Filesize
3B

MD5
e9f4bdc6c29110f706b70f9da5fbd391

SHA1
041016a6d1ea472593ad19b9d3a69d864b6a9a0f

SHA256
6cca1632b8613300e7ec998690bf1c9e1188d0cb8eaa0525b177e36f352b6496

SHA512
e6410906194183eacfae4df5b024793371769dd583ec4bc9336a3ae3c47634ccd799b34b2198732f83214bab84be3d2f92969f1782ab6b02c6b9b7e9cb4e4b4c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
7215cfc33cacb84748311024104f6e76

SHA1
2fecc05f24fb49f159efd0490e8eeb7189305455

SHA256
478ebef818d2295606a193ec04b669c9b6d83441eccd4c16a0a7d8de68edc817

SHA512
773b518d7aadf245f4c9d85f6bed075f29b371bab720a700fac6ee355aa04955594b81ef3564020cd967b79503daa161831799ee3e1ca5eaab35979b761df008

Download Submit
C:\Users\Admin\AppData\Local\Temp\All-In-One.exe

Filesize
5.1MB

MD5
a48e3197ab0f64c4684f0828f742165c

SHA1
f935c3d6f9601c795f2211e34b3778fad14442b4

SHA256
baecc747370a4c396ef5403a3a2b286465d8fe4677bf1bfd23b8164ef5c22bbb

SHA512
e0b0b73c39850a30aac89f84f721c79f863612f596d6ff3df0860a9faf743a81364656773c99708e9c0656c74b6a278b6bf7e648f7ff1b9080f9a21e10515a59

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-conio-l1-1-0_not.dll

Filesize
18KB

MD5
6ea692f862bdeb446e649e4b2893e36f

SHA1
84fceae03d28ff1907048acee7eae7e45baaf2bd

SHA256
9ca21763c528584bdb4efebe914faaf792c9d7360677c87e93bd7ba7bb4367f2

SHA512
9661c135f50000e0018b3e5c119515cfe977b2f5f88b0f5715e29df10517b196c81694d074398c99a572a971ec843b3676d6a831714ab632645ed25959d5e3e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-convert-l1-1-0.dll

Filesize
21KB

MD5
72e28c902cd947f9a3425b19ac5a64bd

SHA1
9b97f7a43d43cb0f1b87fc75fef7d9eeea11e6f7

SHA256
3cc1377d495260c380e8d225e5ee889cbb2ed22e79862d4278cfa898e58e44d1

SHA512
58ab6fedce2f8ee0970894273886cb20b10d92979b21cda97ae0c41d0676cc0cd90691c58b223bce5f338e0718d1716e6ce59a106901fe9706f85c3acf7855ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
ac290dad7cb4ca2d93516580452eda1c

SHA1
fa949453557d0049d723f9615e4f390010520eda

SHA256
c0d75d1887c32a1b1006b3cffc29df84a0d73c435cdcb404b6964be176a61382

SHA512
b5e2b9f5a9dd8a482169c7fc05f018ad8fe6ae27cb6540e67679272698bfca24b2ca5a377fa61897f328b3deac10237cafbd73bc965bf9055765923aba9478f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
aec2268601470050e62cb8066dd41a59

SHA1
363ed259905442c4e3b89901bfd8a43b96bf25e4

SHA256
7633774effe7c0add6752ffe90104d633fc8262c87871d096c2fc07c20018ed2

SHA512
0c14d160bfa3ac52c35ff2f2813b85f8212c5f3afbcfe71a60ccc2b9e61e51736f0bf37ca1f9975b28968790ea62ed5924fae4654182f67114bd20d8466c4b8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
93d3da06bf894f4fa21007bee06b5e7d

SHA1
1e47230a7ebcfaf643087a1929a385e0d554ad15

SHA256
f5cf623ba14b017af4aec6c15eee446c647ab6d2a5dee9d6975adc69994a113d

SHA512
72bd6d46a464de74a8dac4c346c52d068116910587b1c7b97978df888925216958ce77be1ae049c3dccf5bf3fffb21bc41a0ac329622bc9bbc190df63abb25c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
a2f2258c32e3ba9abf9e9e38ef7da8c9

SHA1
116846ca871114b7c54148ab2d968f364da6142f

SHA256
565a2eec5449eeeed68b430f2e9b92507f979174f9c9a71d0c36d58b96051c33

SHA512
e98cbc8d958e604effa614a3964b3d66b6fc646bdca9aa679ea5e4eb92ec0497b91485a40742f3471f4ff10de83122331699edc56a50f06ae86f21fad70953fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
8b0ba750e7b15300482ce6c961a932f0

SHA1
71a2f5d76d23e48cef8f258eaad63e586cfc0e19

SHA256
bece7bab83a5d0ec5c35f0841cbbf413e01ac878550fbdb34816ed55185dcfed

SHA512
fb646cdcdb462a347ed843312418f037f3212b2481f3897a16c22446824149ee96eb4a4b47a903ca27b1f4d7a352605d4930df73092c380e3d4d77ce4e972c5a

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
25KB

MD5
35fc66bd813d0f126883e695664e7b83

SHA1
2fd63c18cc5dc4defc7ea82f421050e668f68548

SHA256
66abf3a1147751c95689f5bc6a259e55281ec3d06d3332dd0ba464effa716735

SHA512
65f8397de5c48d3df8ad79baf46c1d3a0761f727e918ae63612ea37d96adf16cc76d70d454a599f37f9ba9b4e2e38ebc845df4c74fc1e1131720fd0dcb881431

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
41a348f9bedc8681fb30fa78e45edb24

SHA1
66e76c0574a549f293323dd6f863a8a5b54f3f9b

SHA256
c9bbc07a033bab6a828ecc30648b501121586f6f53346b1cd0649d7b648ea60b

SHA512
8c2cb53ccf9719de87ee65ed2e1947e266ec7e8343246def6429c6df0dc514079f5171acd1aa637276256c607f1063144494b992d4635b01e09ddea6f5eef204

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
23KB

MD5
fefb98394cb9ef4368da798deab00e21

SHA1
316d86926b558c9f3f6133739c1a8477b9e60740

SHA256
b1e702b840aebe2e9244cd41512d158a43e6e9516cd2015a84eb962fa3ff0df7

SHA512
57476fe9b546e4cafb1ef4fd1cbd757385ba2d445d1785987afb46298acbe4b05266a0c4325868bc4245c2f41e7e2553585bfb5c70910e687f57dac6a8e911e8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-string-l1-1-0.dll

Filesize
22KB

MD5
404604cd100a1e60dfdaf6ecf5ba14c0

SHA1
58469835ab4b916927b3cabf54aee4f380ff6748

SHA256
73cc56f20268bfb329ccd891822e2e70dd70fe21fc7101deb3fa30c34a08450c

SHA512
da024ccb50d4a2a5355b7712ba896df850cee57aa4ada33aad0bae6960bcd1e5e3cee9488371ab6e19a2073508fbb3f0b257382713a31bc0947a4bf1f7a20be4

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
849f2c3ebf1fcba33d16153692d5810f

SHA1
1f8eda52d31512ebfdd546be60990b95c8e28bfb

SHA256
69885fd581641b4a680846f93c2dd21e5dd8e3ba37409783bc5b3160a919cb5d

SHA512
44dc4200a653363c9a1cb2bdd3da5f371f7d1fb644d1ce2ff5fe57d939b35130ac8ae27a3f07b82b3428233f07f974628027b0e6b6f70f7b2a8d259be95222f5

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
b52a0ca52c9c207874639b62b6082242

SHA1
6fb845d6a82102ff74bd35f42a2844d8c450413b

SHA256
a1d1d6b0cb0a8421d7c0d1297c4c389c95514493cd0a386b49dc517ac1b9a2b0

SHA512
18834d89376d703bd461edf7738eb723ad8d54cb92acc9b6f10cbb55d63db22c2a0f2f3067fe2cc6feb775db397030606608ff791a46bf048016a1333028d0a4

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\freebl3.dll

Filesize
324KB

MD5
04a2ba08eb17206b7426cb941f39250b

SHA1
731ac2b533724d9f540759d84b3e36910278edba

SHA256
8e5110ce03826f680f30013985be49ebd8fc672de113fc1d9a566eced149b8c4

SHA512
e6e90b4becf472b2e8f716dbb962cd7de61676fcce342c735fccdc01268b5a221139bc9be0e0c9722e9978aefaae79c10bc49c43392aa05dd12244b3147aeffc

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\mozglue.dll

Filesize
135KB

MD5
591533ca4655646981f759d95f75ae3d

SHA1
b4a02f18e505a1273f7090a9d246bc953a2cb792

SHA256
4434f4223d24fb6e2f5840dd6c1eedef2875e11abe24e4b0e9bc1507f8f6fd47

SHA512
915b124ad595ee78feab8f3c9be7e80155445e58ed4c88b89665df5fb7e0a04e973374a01f97bb67aaa733a8ce2e91a9f92605ec96251906e0fb2750a719b579

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\msvcp140.dll

Filesize
429KB

MD5
109f0f02fd37c84bfc7508d4227d7ed5

SHA1
ef7420141bb15ac334d3964082361a460bfdb975

SHA256
334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4

SHA512
46eb62b65817365c249b48863d894b4669e20fcb3992e747cd5c9fdd57968e1b2cf7418d1c9340a89865eadda362b8db51947eb4427412eb83b35994f932fd39

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\nss3.dll

Filesize
1.2MB

MD5
fc57d044bfd635997415c5f655b5fffa

SHA1
1b5162443d985648ef64e4aab42089ad4c25f856

SHA256
17f8c55eba797bbc80c8c32ca1a3a7588415984386be56f4b4cdefd4176fb4c3

SHA512
f5a944230000730bc0aad10e6607e3389d9d82a0a4ab1b72a19d32e94e8572789d46fb4acd75ad48f17e2bbc27389d432086696f2ccc899850ff9177d6823efb

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\softokn3.dll

Filesize
140KB

MD5
1b304dad157edc24e397629c0b688a3e

SHA1
ae151af384675125dfbdc96147094cff7179b7da

SHA256
8f0c9ac7134773d11d402e49daa90958fe00205e83a7389f7a58da03892d20cb

SHA512
2dc625dbdf2aae4ade600cca688eb5280200e8d7c2dfc359590435afe0926b3a7446cc56a66023ee834366132a68ae68da51a5079e4f107201e2050f5c5512ad

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\ComponentsExt\vcruntime140.dll

Filesize
81KB

MD5
7587bf9cb4147022cd5681b015183046

SHA1
f2106306a8f6f0da5afb7fc765cfa0757ad5a628

SHA256
c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d

SHA512
0b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\nspr4.dll

Filesize
72KB

MD5
72414dfb0b112c664d2c8d1215674e09

SHA1
50a1e61309741e92fe3931d8eb606f8ada582c0a

SHA256
69e73fea2210adc2ae0837ac98b46980a09fe91c07f181a28fda195e2b9e6b71

SHA512
41428624573b4a191b33657ed9ad760b500c5640f3d62b758869a17857edc68f90bc10d7a5e720029519c0d49b5ca0fa8579743e80b200ef331e41efde1dc8c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\nss3.dll

Filesize
172KB

MD5
7ddbd64d87c94fd0b5914688093dd5c2

SHA1
d49d1f79efae8a5f58e6f713e43360117589efeb

SHA256
769703fb1ba6c95fb6c889e8a9baaea309e62d0f3ca444d01cc6b495c0f722d1

SHA512
60eaad58c3c4894f1673723eb28ddb42b681ff7aafe7a29ff8bf87a2da6595c16d1f8449096accdb89bd6cda6454eb90470e71dde7c5bd16abd0f80e115cfa2d

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\plc4.dll

Filesize
8KB

MD5
c73ec58b42e66443fafc03f3a84dcef9

SHA1
5e91f467fe853da2c437f887162bccc6fd9d9dbe

SHA256
2dc0171b83c406db6ec9389b438828246b282862d2b8bdf2f5b75aec932a69f7

SHA512
6318e831d8f38525e2e49b5a1661440cd8b1f3d2afc6813bb862c21d88d213c4675a8ec2a413b14fbdca896c63b65a7da6ec9595893b352ade8979e7e86a7fcf

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\plds4.dll

Filesize
6KB

MD5
ee44d5d780521816c906568a8798ed2f

SHA1
2da1b06d5de378cbfc7f2614a0f280f59f2b1224

SHA256
50b2735318233d6c87b6efccccc23a0e3216d2870c67f2f193cc1c83c7c879fc

SHA512
634a1cd2baaef29b4fe7c7583c04406bb2ea3a3c93294b31f621652844541e7c549da1a31619f657207327604c261976e15845571ee1efe5416f1b021d361da8

Download Submit
C:\Users\Admin\AppData\Local\Temp\External\Components\softokn3.dll

Filesize
155KB

MD5
e846285b19405b11c8f19c1ed0a57292

SHA1
2c20cf37394be48770cd6d396878a3ca70066fd0

SHA256
251f0094b6b6537df3d3ce7c2663726616f06cfb9b6de90efabd67de2179a477

SHA512
b622ff07ae2f77e886a93987a9a922e80032e9041ed41503f0e38abb8c344eb922d154ade29e52454d0a1ad31596c4085f4bd942e4412af9f0698183acd75db7

Download Submit
C:\Users\Admin\AppData\Local\Temp\License.XenArmor

Filesize
104B

MD5
774a9a7b72f7ed97905076523bdfe603

SHA1
946355308d2224694e0957f4ebf6cdba58327370

SHA256
76e56835b1ac5d7a8409b7333826a2353401cf67f3bd95c733adc6aa8d9fec81

SHA512
c5c77c6827c72901494b3a368593cb9a990451664b082761294a845c0cd9441d37e5e9ac0e82155cb4d97f29507ffc8e26d6ff74009666c3075578aa18b28675

Download Submit
C:\Users\Admin\AppData\Local\Temp\OutPut.json

Filesize
1KB

MD5
f6ce70d5466fe074a3b419543ff95d8b

SHA1
915d6dc9ca2686d63979e77adc43d71c9678e534

SHA256
6a509971a9cc11490946cb7b33864da43cd3af9f25673c130fc3bab5c365ff29

SHA512
93e83de5d0a96cd71dcfb8f9ab3b32ed2afaa388a77ac450dd7fdca11dcf2ff0d59db54107c936859d6df3b6d28630b2e9907e0b546e8b27336b684bcbed84f8

Download Submit
C:\Users\Admin\AppData\Local\Temp\XenManager.dll

Filesize
2.0MB

MD5
7a5c53a889c4bf3f773f90b85af5449e

SHA1
25b2928c310b3068b629e9dca38c7f10f6adc5b6

SHA256
baa9c3a0d0524263c4f848056b3f1da3b4bb913162362cbcabe77ce76a39870c

SHA512
f5943687d7e098790581bf56ac6fec3b7e9b83d0e29301077a8bc48768c5a0e9f54f53d926f9847885f6035a2b31e456e4e45ccf1c70be27229c46e79876e2ed

Download Submit
C:\Users\Admin\AppData\Local\Temp\settings.db

Filesize
20KB

MD5
56b941f65d270f2bf397be196fcf4406

SHA1
244f2e964da92f7ef7f809e5ce0b3191aeab084a

SHA256
00c020ba1cce022364976f164c575993cb3b811c61b5b4e05a8a0c3d1b560c0c

SHA512
52ad8c7ed497a5b8eed565b3abcbf544841f3c8c9ec3ca8f686846a2afd15ac4ac8b16abf1cb14aeca1a2fb31f3086ad17206ec4af28e77bae600dca15e8deab

Download Submit
C:\Users\Admin\Desktop\How To Decrypt My Files.html

Filesize
679B

MD5
50c5286927bb44472b0ac24cb8d8007c

SHA1
843223792c63f1220e42d1afe35f408d2ddb33ed

SHA256
a10fd121e49ff7906a50098e17ea407a91ccb06356f787e17f786a51daafdf8d

SHA512
86cd7c1e1a8b7c7d0d6057d39edf0a5ce58f8affdf6e3e7332a5dcdee9da49267b2fe26b4a25a5899d586f40ed13ed103f9de6d3c651801314fa8584a931bd1f

Download Submit
C:\Users\Admin\Desktop\desktop.ini

Filesize
282B

MD5
9e36cc3537ee9ee1e3b10fa4e761045b

SHA1
7726f55012e1e26cc762c9982e7c6c54ca7bb303

SHA256
4b9d687ac625690fd026ed4b236dad1cac90ef69e7ad256cc42766a065b50026

SHA512
5f92493c533d3add10b4ce2a364624817ebd10e32daa45ee16593e913073602db5e339430a3f7d2c44abf250e96ca4e679f1f09f8ca807d58a47cf3d5c9c3790

Download Submit
C:\Users\Admin\Documents\desktop.ini

Filesize
402B

MD5
ecf88f261853fe08d58e2e903220da14

SHA1
f72807a9e081906654ae196605e681d5938a2e6c

SHA256
cafec240d998e4b6e92ad1329cd417e8e9cbd73157488889fd93a542de4a4844

SHA512
82c1c3dd163fbf7111c7ef5043b009dafc320c0c5e088dec16c835352c5ffb7d03c5829f65a9ff1dc357bae97e8d2f9c3fc1e531fe193e84811fb8c62888a36b

Download Submit
C:\Users\Admin\Downloads\desktop.ini

Filesize
282B

MD5
3a37312509712d4e12d27240137ff377

SHA1
30ced927e23b584725cf16351394175a6d2a9577

SHA256
b029393ea7b7cf644fb1c9f984f57c1980077562ee2e15d0ffd049c4c48098d3

SHA512
dbb9abe70f8a781d141a71651a62a3a743c71a75a8305e9d23af92f7307fb639dc4a85499115885e2a781b040cbb7613f582544c2d6de521e588531e9c294b05

Download Submit
C:\Users\Admin\Music\desktop.ini

Filesize
504B

MD5
06e8f7e6ddd666dbd323f7d9210f91ae

SHA1
883ae527ee83ed9346cd82c33dfc0eb97298dc14

SHA256
8301e344371b0753d547b429c5fe513908b1c9813144f08549563ac7f4d7da68

SHA512
f7646f8dcd37019623d5540ad8e41cb285bcc04666391258dbf4c42873c4de46977a4939b091404d8d86f367cc31e36338757a776a632c7b5bf1c6f28e59ad98

Download Submit
C:\Users\Admin\NTUSER.DAT{53b39e88-18c4-11ea-a811-000d3aa4692b}.TMContainer00000000000000000001.regtrans-ms.ENC

Filesize
16B

MD5
d4c9f953da4d669882e4f3d98f5e98b9

SHA1
438a9462e920dfa41fa4654ba432916512df28ff

SHA256
acdbf74ca896f92641dae85451e895f5d46dcc3a5aa67134de20659ce8cd85ec

SHA512
204ade2295cc7ab895c586ba6044a8a7338891f5dbfe70999106d65da76032ed48d306ec97f4b14a8b45b0bd97ff0bc4fb4c45da48ff26068329220d8c8d8b5a

Download Submit
C:\Users\Admin\OneDrive\desktop.ini

Filesize
96B

MD5
c193d420fc5bbd3739b40dbe111cd882

SHA1
a60f6985aa750931d9988c3229242f868dd1ca35

SHA256
e5bfc54e8f2409eba7d560ebe1c9bb5c3d73b18c02913657ed9b20ae14925adc

SHA512
d983334b7dbe1e284dbc79cf971465663ca29cec45573b49f9ecdb851cdb6e5f9a6b49d710a1553bdae58c764887c65ba13fd75dfdd380c5c9ef9c0024aa3ef0

Download Submit
C:\Users\Admin\Pictures\desktop.ini

Filesize
504B

MD5
29eae335b77f438e05594d86a6ca22ff

SHA1
d62ccc830c249de6b6532381b4c16a5f17f95d89

SHA256
88856962cef670c087eda4e07d8f78465beeabb6143b96bd90f884a80af925b4

SHA512
5d2d05403b39675b9a751c8eed4f86be58cb12431afec56946581cb116b9ae1014ab9334082740be5b4de4a25e190fe76de071ef1b9074186781477919eb3c17

Download Submit
C:\Users\Admin\Videos\desktop.ini

Filesize
504B

MD5
50a956778107a4272aae83c86ece77cb

SHA1
10bce7ea45077c0baab055e0602eef787dba735e

SHA256
b287b639f6edd612f414caf000c12ba0555adb3a2643230cbdd5af4053284978

SHA512
d1df6bdc871cacbc776ac8152a76e331d2f1d905a50d9d358c7bf9ed7c5cbb510c9d52d6958b071e5bcba7c5117fc8f9729fe51724e82cc45f6b7b5afe5ed51a

Download Submit
memory/1176-1322-0x000000001D720000-0x000000001D72C000-memory.dmp

Filesize
48KB

Download
memory/1176-9-0x00007FF9A1B80000-0x00007FF9A2641000-memory.dmp

Filesize
10.8MB

Download
memory/1176-901-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-844-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-833-0x000000001BC30000-0x000000001BC3A000-memory.dmp

Filesize
40KB

Download
memory/1176-926-0x000000001BC50000-0x000000001BC5A000-memory.dmp

Filesize
40KB

Download
memory/1176-931-0x000000001E0B0000-0x000000001E584000-memory.dmp

Filesize
4.8MB

Download
memory/1176-0-0x0000000000BE0000-0x0000000000BFA000-memory.dmp

Filesize
104KB

Download
memory/1176-21-0x00000000013D0000-0x00000000013DC000-memory.dmp

Filesize
48KB

Download
memory/1176-10-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1319-0x000000001BCA0000-0x000000001BCAA000-memory.dmp

Filesize
40KB

Download
memory/1176-1122-0x000000001BCB0000-0x000000001BCBA000-memory.dmp

Filesize
40KB

Download
memory/1176-1337-0x000000001CA40000-0x000000001CA4C000-memory.dmp

Filesize
48KB

Download
memory/1176-1338-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1339-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1342-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1346-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-905-0x000000001B5F0000-0x000000001B5FA000-memory.dmp

Filesize
40KB

Download
memory/1176-7-0x000000001BE20000-0x000000001BF22000-memory.dmp

Filesize
1.0MB

Download
memory/1176-2-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1-0x00007FF9A1B80000-0x00007FF9A2641000-memory.dmp

Filesize
10.8MB

Download
memory/1176-1377-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1378-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1380-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1381-0x0000000001400000-0x0000000001410000-memory.dmp

Filesize
64KB

Download
memory/1176-1448-0x00007FF9A1B80000-0x00007FF9A2641000-memory.dmp

Filesize
10.8MB

Download
memory/4964-1426-0x0000020325330000-0x0000020325331000-memory.dmp

Filesize
4KB

Download
memory/4964-1425-0x0000020325330000-0x0000020325331000-memory.dmp

Filesize
4KB

Download
memory/4964-1431-0x0000020325330000-0x0000020325331000-memory.dmp

Filesize
4KB

Download
memory/4964-1432-0x0000020325330000-0x0000020325331000-memory.dmp

Filesize
4KB

Download
memory/4964-1433-0x0000020325330000-0x0000020325331000-memory.dmp

Filesize
4KB

Download
memory/4964-1434-0x0000020325330000-0x0000020325331000-memory.dmp

Filesize
4KB

Download
memory/4964-1427-0x0000020325330000-0x0000020325331000-memory.dmp

Filesize
4KB

Download