crimsonrat | hxxp://malware download

Resubmissions

14-05-2024 17:54

240514-wg1xgahd24 10

14-05-2024 17:29

240514-v2zz8sge63 8

Analysis

max time kernel
419s
max time network
431s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
14-05-2024 17:54

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

http://malware download

Score

10^/10

crimsonrat bootkit discovery evasion persistence ransomware rat trojan upx

Malware Config

Extracted

Family

crimsonrat

185.136.161.124

Signatures

CrimsonRAT main payload 1 IoCs

resource	yara_rule
behavioral1/files/0x000700000002373c-2062.dat	family_crimsonrat

CrimsonRat
Crimson RAT is a malware linked to a Pakistani-linked threat actor.
rat crimsonrat
Disables Task Manager via registry modification
evasion
Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 1 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	DB.EXE

Checks computer location settings 2 TTPs 3 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	CrimsonRAT.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	Ana.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\International\Geo\Nation	EN.EXE

Executes dropped EXE 9 IoCs

pid	Process
4600	$uckyLocker.exe
5332	CrimsonRAT.exe
3788	dlrarhsiva.exe
6020	Ana.exe
2112	AV.EXE
1824	AV2.EXE
6108	DB.EXE
6040	EN.EXE
3580	SB.EXE

UPX packed file 7 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x0007000000023742-2184.dat	upx
behavioral1/memory/6108-2193-0x0000000000590000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/6108-2200-0x0000000000590000-0x0000000000623000-memory.dmp	upx
behavioral1/memory/6108-2196-0x0000000000590000-0x0000000000623000-memory.dmp	upx
behavioral1/files/0x0007000000023743-2209.dat	upx
behavioral1/memory/6040-2212-0x0000000000400000-0x000000000040A000-memory.dmp	upx
behavioral1/memory/6108-2211-0x0000000000400000-0x0000000000445000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	DB.EXE

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
300	raw.githubusercontent.com
301	raw.githubusercontent.com

Writes to the Master Boot Record (MBR) 1 TTPs 1 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\physicaldrive0	SB.EXE

Drops file in System32 directory 1 IoCs

description	ioc	Process
File created	C:\Windows\SysWOW64\KBDSF0.exe	DB.EXE

Sets desktop wallpaper using registry 2 TTPs 1 IoCs

ransomware

Defacement

T1491

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-3571316656-3665257725-2415531812-1000\Control Panel\Desktop\Wallpaper = "0"	$uckyLocker.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3571316656-3665257725-2415531812-1000\{E32A79FA-A752-4D03-99AC-D13B6481BA23}	msedge.exe

Modifies system certificate store 2 TTPs 2 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\30530A0C86EDB1CD5A2A5FE37EF3BF28E69BE16D	AV.EXE
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\30530A0C86EDB1CD5A2A5FE37EF3BF28E69BE16D\Blob = 03000000010000001400000030530a0c86edb1cd5a2a5fe37ef3bf28e69be16d2000000001000000b3020000308202af308202180209009168978ee53f5964300d06092a864886f70d010105050030819b310b30090603550406130255533110300e06035504081307566972676e69613110300e060355040713074e65776275727931123010060355040a13094261636f72204c4c43312330210603550403131a746f74616c736f6c7574696f6e616e746976697275732e636f6d312f302d06092a864886f70d010901162061646d696e40746f74616c736f6c7574696f6e616e746976697275732e636f6d301e170d3131303931383131313834395a170d3132303931373131313834395a30819b310b30090603550406130255533110300e06035504081307566972676e69613110300e060355040713074e65776275727931123010060355040a13094261636f72204c4c43312330210603550403131a746f74616c736f6c7574696f6e616e746976697275732e636f6d312f302d06092a864886f70d010901162061646d696e40746f74616c736f6c7574696f6e616e746976697275732e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100cac8419346518527133fdefd7982ac3919f1d6e2f815ecab0b5d219ccf843885645cfd9c35cae2eff8e7506e690b52c587a59c8d667cb671454030bd370fa334b18afb5ea4f4f819a36685a705a8543f320af913ca680a1d32a402db6d3e42d93228e44ba230fda524d490ddc35b922f23d36d95417136ac50afa567e21359350203010001300d06092a864886f70d0101050500038181003c6a7f43ca2cee1caafee88b04777032a4c9d7794222537e3ebe57953198281bdbe0d3a58f7d3eb358f361848f30ad88a364cd0ae3376e6239dedb01497d52d3dd55e78e49375373419ad7e5e2e036f713bf4d96a552f2aa26b35b66d7a83fb2a9b6e317d162d8342f09ccc71b2a1c7d9474ca7872bfa4acd623d61c4491d740	AV.EXE

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 828696.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 613629.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 919599.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 22 IoCs

pid	Process
4356	msedge.exe
4356	msedge.exe
412	msedge.exe
412	msedge.exe
5092	identity_helper.exe
5092	identity_helper.exe
4060	msedge.exe
4060	msedge.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
6028	msedge.exe
5444	msedge.exe
5444	msedge.exe
5756	msedge.exe
5756	msedge.exe
812	msedge.exe
812	msedge.exe
6108	DB.EXE
6108	DB.EXE
6108	DB.EXE
6108	DB.EXE

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 28 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: 33	5544	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	5544	AUDIODG.EXE
Token: SeDebugPrivilege	6108	DB.EXE
Token: SeShutdownPrivilege	3580	SB.EXE

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 412 wrote to memory of 4124	412	msedge.exe	84
PID 412 wrote to memory of 4124	412	msedge.exe	84
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 2348	412	msedge.exe	85
PID 412 wrote to memory of 4356	412	msedge.exe	86
PID 412 wrote to memory of 4356	412	msedge.exe	86
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87
PID 412 wrote to memory of 3472	412	msedge.exe	87

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://malware download
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffb31e746f8,0x7ffb31e74708,0x7ffb31e74718
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2140 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2904 /prefetch:8
  2⤵
  PID:3472
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3224 /prefetch:1
  2⤵
  PID:3972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:1668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
  2⤵
  PID:2308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3608 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:8
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4104 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4288 /prefetch:1
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:1932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4140 /prefetch:1
  2⤵
  PID:100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5112 /prefetch:1
  2⤵
  PID:2648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5344 /prefetch:1
  2⤵
  PID:3552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3264 /prefetch:1
  2⤵
  PID:4724
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5356 /prefetch:8
  2⤵
  PID:4828
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5372 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:4060
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3472 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:1012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4020 /prefetch:1
  2⤵
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2132 /prefetch:1
  2⤵
  PID:4344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2204 /prefetch:1
  2⤵
  PID:4548
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1432 /prefetch:8
  2⤵
  PID:560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5932 /prefetch:1
  2⤵
  PID:5912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1808 /prefetch:1
  2⤵
  PID:4964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3124 /prefetch:1
  2⤵
  PID:5636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1260 /prefetch:1
  2⤵
  PID:4884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5220 /prefetch:1
  2⤵
  PID:6132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=1060 /prefetch:8
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6496 /prefetch:1
  2⤵
  PID:5528
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2564 /prefetch:1
  2⤵
  PID:1876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:1
  2⤵
  PID:3160
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6672 /prefetch:1
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:1
  2⤵
  PID:5832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6552 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6600 /prefetch:8
  2⤵
  PID:5312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7468 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5444
- C:\Users\Admin\Downloads\$uckyLocker.exe
  "C:\Users\Admin\Downloads\$uckyLocker.exe"
  2⤵
  - Executes dropped EXE
  - Sets desktop wallpaper using registry
  PID:4600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7368 /prefetch:1
  2⤵
  PID:1752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7692 /prefetch:8
  2⤵
  PID:5436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5756
- C:\Users\Admin\Downloads\CrimsonRAT.exe
  "C:\Users\Admin\Downloads\CrimsonRAT.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:5332
- - C:\ProgramData\Hdlharas\dlrarhsiva.exe
    "C:\ProgramData\Hdlharas\dlrarhsiva.exe"
    3⤵
    - Executes dropped EXE
    PID:3788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7008 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7972 /prefetch:8
  2⤵
  PID:4636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2056,3262931222955414501,4294519548203098925,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6452 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:812
- C:\Users\Admin\Downloads\Ana.exe
  "C:\Users\Admin\Downloads\Ana.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  PID:6020
- - C:\Users\Admin\AppData\Local\Temp\AV.EXE
    "C:\Users\Admin\AppData\Local\Temp\AV.EXE"
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    PID:2112
- - C:\Users\Admin\AppData\Local\Temp\AV2.EXE
    "C:\Users\Admin\AppData\Local\Temp\AV2.EXE"
    3⤵
    - Executes dropped EXE
    PID:1824
- - C:\Users\Admin\AppData\Local\Temp\DB.EXE
    "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
    3⤵
    - Checks BIOS information in registry
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - Drops file in System32 directory
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:6108
  - - C:\Windows\SysWOW64\cmd.exe
      /c C:\Users\Admin\AppData\Local\Temp\~unins3906.bat "C:\Users\Admin\AppData\Local\Temp\DB.EXE"
      4⤵
      PID:1708
- - C:\Users\Admin\AppData\Local\Temp\EN.EXE
    "C:\Users\Admin\AppData\Local\Temp\EN.EXE"
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    PID:6040
  - - C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\system32\cmd.exe" /c del C:\Users\Admin\AppData\Local\Temp\EN.EXE > nul
      4⤵
      PID:1744
- - C:\Users\Admin\AppData\Local\Temp\SB.EXE
    "C:\Users\Admin\AppData\Local\Temp\SB.EXE"
    3⤵
    - Executes dropped EXE
    - Writes to the Master Boot Record (MBR)
    - Suspicious use of AdjustPrivilegeToken
    PID:3580

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1756

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4808

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x514 0x4f4
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5544

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6060

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Defacement

T1491

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Hdlharas\dlrarhsiva.exe

Filesize
9.1MB

MD5
64261d5f3b07671f15b7f10f2f78da3f

SHA1
d4f978177394024bb4d0e5b6b972a5f72f830181

SHA256
87f51b4632c5fbc351a59a234dfefef506d807f2c173aac23162b85d0d73c2ad

SHA512
3a9ff39e6bc7585b0b03f7327652e4c3b766563e8b183c25b6497e30956945add5684f1579862117e44c6bac2802601fc7c4d2a0daa1824f16c4da1fd6c9c91a

Download Submit
C:\ProgramData\Hdlharas\mdkhm.zip

Filesize
56KB

MD5
b635f6f767e485c7e17833411d567712

SHA1
5a9cbdca7794aae308c44edfa7a1ff5b155e4aa8

SHA256
6838286fb88e9e4e68882601a13fa770f1b510a0a86389b6a29070a129bf2e5e

SHA512
551ba05bd44e66685f359802b35a8c9775792a12844906b4b53e1a000d56624c6db323754331c9f399072790991c1b256d9114a50fb78111652a1c973d2880af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c9c4c494f8fba32d95ba2125f00586a3

SHA1
8a600205528aef7953144f1cf6f7a5115e3611de

SHA256
a0ca609205813c307df9122c0c5b0967c5472755700f615b0033129cf7d6b35b

SHA512
9d30cea6cfc259e97b0305f8b5cd19774044fb78feedfcef2014b2947f2e6a101273bc4ad30db9cc1724e62eb441266d7df376e28ac58693f128b9cce2c7d20d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
4dc6fc5e708279a3310fe55d9c44743d

SHA1
a42e8bdf9d1c25ef3e223d59f6b1d16b095f46d2

SHA256
a1c5f48659d4b3af960971b3a0f433a95fee5bfafe5680a34110c68b342377d8

SHA512
5874b2310187f242b852fa6dcded244cc860abb2be4f6f5a6a1db8322e12e1fef8f825edc0aae75adbb7284a2cd64730650d0643b1e2bb7ead9350e50e1d8c13

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
69KB

MD5
aac57f6f587f163486628b8860aa3637

SHA1
b1b51e14672caae2361f0e2c54b72d1107cfce54

SHA256
0cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486

SHA512
0622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
39KB

MD5
9f164fe021108103a248b76897788d57

SHA1
1f317a8d32bdcf08b1695aa364ac512470f5c2b5

SHA256
68dd24f49df6a16a293b8b5ceb34caabce8415a1fe78acc1c6c9e7d739e82bc1

SHA512
5b9c40c57f0bb6aa3dbed89fb3d9af8383c7389b1adbfc3fcc5d3ae17ed1ac175cb6ece8603c3c1f4b1d6233be2dd3eccaf84cb1314b0717b4a5666e8482bca6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000008

Filesize
1.2MB

MD5
b76a36f694fd69b229872393bd33b65c

SHA1
710ebf0e68bb65f2faa4356abe17f3d164e8b943

SHA256
1942ea4d2f0b066d0bbf102d25490e01e3843a204b2cc3cf2b721a7f7ddb9712

SHA512
8e4172f38b9b32658717de15c38f5b0c4dfcdbeb73424e6ba4f08981c868fdc240eb5776452f0a71395df2d0bc441f3f88ffaead5860fa672d992a94fb868a26

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000009

Filesize
75KB

MD5
cf989be758e8dab43e0a5bc0798c71e0

SHA1
97537516ffd3621ffdd0219ede2a0771a9d1e01d

SHA256
beeca69af7bea038faf8f688bf2f10fda22dee6d9d9429306d379a7a4be0c615

SHA512
f8a88edb6bcd029ad02cba25cae57fdf9bbc7fa17c26e7d03f09040eb0559bc27bd4db11025706190ae548363a1d3b3f95519b9740e562bb9531c4d51e3ca2b7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000a

Filesize
33KB

MD5
3cd0f2f60ab620c7be0c2c3dbf2cda97

SHA1
47fad82bfa9a32d578c0c84aed2840c55bd27bfb

SHA256
29a3b99e23b07099e1d2a3c0b4cff458a2eba2519f4654c26cf22d03f149e36b

SHA512
ef6e3bbd7e03be8e514936bcb0b5a59b4cf4e677ad24d6d2dfca8c1ec95f134ae37f2042d8bf9a0e343b68bff98a0fd748503f35d5e9d42cdaa1dc283dec89fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000d

Filesize
53KB

MD5
68f0a51fa86985999964ee43de12cdd5

SHA1
bbfc7666be00c560b7394fa0b82b864237a99d8c

SHA256
f230c691e1525fac0191e2f4a1db36046306eb7d19808b7bf8227b7ed75e5a0f

SHA512
3049b9bd4160bfa702f2e2b6c1714c960d2c422e3481d3b6dd7006e65aa5075eed1dc9b8a2337e0501e9a7780a38718d298b2415cf30ec9e115a9360df5fa2a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000e

Filesize
40KB

MD5
3051c1e179d84292d3f84a1a0a112c80

SHA1
c11a63236373abfe574f2935a0e7024688b71ccb

SHA256
992cbdc768319cbd64c1ec740134deccbb990d29d7dccd5ecd5c49672fa98ea3

SHA512
df64e0f8c59b50bcffb523b6eab8fabf5f0c5c3d1abbfc6aa4831b4f6ce008320c66121dcedd124533867a9d5de83c424c5e9390bf0a95c8e641af6de74dabff

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
220KB

MD5
c758a89dcfa620f9bc138930fe891ca9

SHA1
f68be6d49724806db8f0fe1305e6d573d21b47ef

SHA256
c7807a5a766842371b12966dda2640923bfce3e17b06e553c4057dd5ac7364b4

SHA512
1d0f2b06adaeedc53d8519a88d354af6f3918119ce03edc9133eb037a03beaac2f3970dae333b64abe46936a89bc66bec0ec3fe764029982f43698fdca311490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000018

Filesize
19KB

MD5
99914fee9faaf0da23228235e0e18605

SHA1
13d588c78b8a25c19b1e3618a2377329561bfcdb

SHA256
20d2d61e4f8fb6115e1568e5d5ec890f946b99f7c705cce27c8055c47449258d

SHA512
e6d03528fa50a6745f2f283f8ac49eb1d2bb6dc413e9b561527b9510b9511c83b2c1edf145ca4ca9fb8adf4307e5b22f32aec4a41e951ff08597a5a216164028

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\02b1a637dfc4493e_0

Filesize
4KB

MD5
13194af3e6eff7052f51c577d39a54e3

SHA1
efbd44574b8df09cd9f9145eac044bc1dcc2fdfa

SHA256
f2b6c8eb8a19e1adddeae8f0baaf193262fdf85ec3a75107e7251e14690464db

SHA512
c4475b6f95295ede50ecf3e25265d19c420db5907df661949b653ddc72ec2a004a6cdcbc627035081823e3149370d07187aa33aff21b31a2526c377349cfc1fb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0503effc8bf0d7f8_0

Filesize
2KB

MD5
c29c829ec34463aba4cde42bdcebc392

SHA1
752ab813a15c99808b0ee3f47b97feea3ae90a07

SHA256
cdbc43e13c3086b11cb34afd783340948d8321ee786096fcef51e0de31e44a95

SHA512
816662901fea1c755b2746e6bef2150629e2e4087920c0b57e7726394adce831d00678b736455bb068a896accb6f37af605385eb1f27e2e3458bb0e8b67f6f1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\25c90b4fb1c6ef85_0

Filesize
3KB

MD5
4139524adead68c3e20618c6141de3f0

SHA1
a6f4f057888b93960a31cbbf89c6bb302c26ad21

SHA256
be24743b3941a61ef6f0d29251ecf0fe76daecb0a7c12e69765c93ec47b6c60f

SHA512
2d310c29f0411b68d05d752febcbd4e9429e505addd379e555fa71fed0faf870e51501899332a50fd05d70f725fda002398d7229f8d588ed03db1984a71789ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\45a16ff6d0d9ab5f_0

Filesize
1KB

MD5
9bb04d6eeab542e678951a240443f620

SHA1
c3bc316b19eccbdce77d1ebea6c5947c9dbf9f4c

SHA256
22c34ffa256a681613511c0add0f6d4a9a0454702d41ec51d884c7b6aeadaf7f

SHA512
8b1aeb46372b05488ee94826158b09e86edd6c502aa05d126afdddbd37ef06ab28cf936ae6ca748b2fe8950127837610bb8b20702374dcfced2dd81f2babf7fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\53ac5abc87e80789_0

Filesize
3KB

MD5
fb6ed337f7f389238df7f30595676434

SHA1
eeb11bf65329a7a14f1cd4d084b1b46d66215900

SHA256
9f92f2cfb4ce4db90ee5c5d2761fab0f37cfc4f5a13784a2b15e21762728ae4f

SHA512
4f0a291a178f6da2c26ee64290d063bf012401e3ac01c0818c4f66e9625ddaa9c13903c852c43d80541669336e6aa10061b5a649c25cdfb452ab4c7edd1efdbe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\64fa70d4ab69732e_0

Filesize
8KB

MD5
07472d23a9b30b95d87c28f94f4e0627

SHA1
5457efc552090befd02c898c5b98c0e9df43161a

SHA256
57ebb24a376693cff70c216174ef34aef8c0042f36225abd01fcda4d370d6ca4

SHA512
6a8256a1e0e95402b3759e5a953020c9b469698adce09a253c9a0403d3cbffc81bb3d64709411bca8de9b42a591ea23d392600245d6d3cb770743c0eca1e6a22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\74b88724f60b0383_0

Filesize
2KB

MD5
c554c4adf5019f3c6f8f9688d227e75a

SHA1
5b6c19cf0086a046d5c626839ee081af1f55177c

SHA256
6ae29cbeda8dbc8decca0119906d01eb88e27bd2e73d5eefcbbf1f1631fd50cc

SHA512
c8ac10bcf9e2597232e8941233d4cd498c0fdbb6a200e6509a9c7aaf56ea6191990baf15bdc5c9a10dce1aaea7164aea8cc66cc6a3b2158b43ff0053ae155cd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\7d7621a425aef257_0

Filesize
11KB

MD5
457c72711077a323c5479795c363d800

SHA1
fe2d3daf1faaf78ee34c3ea1a46c1f6d3c5be0d4

SHA256
ba4d46057abfd3e86fe7edde38ebd94c75a0f3c7533b786292d6367a8a382a25

SHA512
bb1ffef4748c3845f6c481b0ec665f24ae20907fc7e91c650a816a2ba111ed8dde23fc4525b1a5e1660c1459c26fe0927fcd65e4c285f22f6b01a9710873e71e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80baba1206113f67_0

Filesize
13KB

MD5
8c3d63d7035f5a3e69a10ccb9a5df696

SHA1
a4826c281afcf0539c2bfdc9bcbd7f2c6fdc4ebd

SHA256
426b93a5509144ca7134810984e6777329909989a1bb646d8457cd698f612a74

SHA512
fe2cc45aaaf167eb43f1e91db5350f9a574971bcd6fcf17bf4abbc805d0c815a7d0a58c3c119702b5c0e664006f3c2aa6a843905858c5a10c275ebf36db6fe14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\8e5987d08f7b6e11_0

Filesize
1KB

MD5
420eb351e06847580cd4321820e67912

SHA1
f7cef062cfe1b173fd19f13e6902df1f364bd42c

SHA256
7cb60634e17e2026861428b68e1f736f7a1e37e795f82d80bc370e3720d906c5

SHA512
9d47aca1ea4214b6c859a07f18c5bbff0c4a1337b7f2086555baa141abf1a92731fd14153b7868b4029929850053649bb20db7c3f90bfe9a33130e44fd9ccc96

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\9412c8b664751f90_0

Filesize
2KB

MD5
977a38e5f367eb9afb9818e5dedc11e5

SHA1
1934a883a52187c03179b60bc5f732e67b39a97d

SHA256
e387571c98ab0ea045e8c8973c2c466b2d7c46790e94610e7047b6ef4ee03b08

SHA512
75a6d286c78599e6d26da4ab1d74e83179e88a73da7d8387be9b16391b1f1802a6a2a8c49e34df11d908eb98e457cfdb615968a8e96d59e28f5c2eeec88f8d5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ac9b40a0411376f7_0

Filesize
1KB

MD5
4941edfc573c16f379b17adf460f4f61

SHA1
67862eb4f9e9888b8681bb605d618365b1a9865d

SHA256
ae8667c6f07465496e49a8dd2143e0b83f19b4b3f3aa790dc6cbc29af195a756

SHA512
e26a3a92c4f117a484b735907ed6a21185f4552ce2b77c522870b78b5ec3c13c5e9733beeaa2bb4fd9516f65feff4ce09347cc7a72db8eafdc9e6e7b34a086b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\af48edbd3578ee3b_0

Filesize
2KB

MD5
381ba502e0b0992048276e42cfbf37eb

SHA1
8a3b9dc24c7c9c59ad72b7464ae17e372b0df21e

SHA256
084ca1f6602300600c2f79444faa094aa927992f2491350fa5ac29b355396f78

SHA512
ceb06c5529869d47324b246000c109a044b20f61c84da79734974c12a9129cbcf39a1e49c1c6414709ca0d96bfdcae78680de7ed558814592d10455e53ed6160

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\bf0c3222b48cb44a_0

Filesize
1KB

MD5
b15fa10b7eb4057566d73e2882ad9695

SHA1
415e5d86326477287e5def210f8949aad26df8ae

SHA256
3fef27f0390be65e0a6b7bea98f535b8fd0c810c3a28c690700da299b5f80750

SHA512
3ee3ad93496f03e3fea04f6b795e7c1b18d3b43e8caa72d63b599a001dc91b2b5a2372441b621b8f668d06c7087658466f22d1ae6e8d113b5f4be2531c4123e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d7a29efad91a1117_0

Filesize
262B

MD5
b5ab674dcbf67057c4b3d747e1cfe95e

SHA1
b0e53862fb4de2a5883323d686b3943227961b6d

SHA256
4918f3a610b26083fe9476101b6b68c56631f7d562c316203a8fa3b5422b8e15

SHA512
9a32e01f2a8120c3daf6a93c49f994ae3f555c3cdeec542595a14d12b7525740d63141aff2ecfeb4d2951cf11ec79877f44ee5f443a194568255eacf577e9556

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\daea348421cbc209_0

Filesize
2KB

MD5
d4a5f29610c82e53fced645777dff039

SHA1
abbc82ab957e19721dd99b5163d4bdc41b5cb791

SHA256
deefec122fdb29e1d5a115ef3aebde621a9a57d988aa213990a3f32843ad4fa4

SHA512
3a642431aed610cddabd7cfde386fbdf99e905ac1d1fe18a69c3e9d5d834fd539b9fa3b3f1a30740b2b27ab357edaafa8fb6270d888e35728d44e0e32e5b5aa4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\ed26cd2dcd561670_0

Filesize
26KB

MD5
af55bf995c0f9873c91f112497e1fc33

SHA1
12671a1c24ed2b3f3cd53a0ac2b2f688f9e9e00a

SHA256
0aa45bcb112e1861d1200f073c2e9a14438ff824c08076c4c82ec292cf911548

SHA512
9552aa83718aac917eb368fefed47cff507d630d0cdee3d90730549b9b28743baf55de9a81f0e0701ce622efe257eb9b3ef45ff7ec5faf423a15bca880f099d5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f89251fac2b69325_0

Filesize
3KB

MD5
ff780a55bd7a885d3f7b2b7e3c92a4b9

SHA1
0ac62946f5c5b21bac4e87c6f9baafab8f24fd7e

SHA256
42f44b09cd57874923bfd9c964d5b7b261a40ea3a3c09e45269388b08a17d942

SHA512
143454732d951dfe324307421ec0ae639dd1f1d0c33950c1cdb99a06fc87d70a041fce2d7053d6dfdd4a17e0f946f519b58f99304cfc3da6318b6935ea6c6af6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
d4d066dbe5f9ed5490f4b2641ed40fa8

SHA1
71dee7ddccb067f7698d207578c2b3ebed47701b

SHA256
afd9a264d73d4e1d65f1411ae0a4f9ee1560d6cad9fee5bda076acd82b5c4255

SHA512
3c1242a624fa201ceb56cba93f98bac17cad6b4c4c75d3a7391b51710b33a181ac146146351f41b51ef6da393bbe720a584e8fb906f148f1bc40f22c8adaee99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
50762a6dffe2dc24f1f9d9e91d37d5f4

SHA1
307b939941926d9afe47b5f628aec21339955c83

SHA256
eb5fe6f651e20d9c92fb90c2881110d337c30d94f9ab4c91120b3acb60eba602

SHA512
29514d4309adee2bc4e16f60eded38135a3f80088f363bb4eab17f39e47af1613b57ddd29a339c3203a923dc260b6af8a8341fc2ceee2540e9e11e6ea41973b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
f1cdc5c5104994ca2e0f7e4834e00802

SHA1
7362edb7cc24a48df262afd4be98006c4455609e

SHA256
bed3b4461589593fdbcdae8bf7234a5dafc620d5c7a8db6f372e0c545f89878e

SHA512
9e6bc452b30b82f1eb6edcf7d49fbf4556bb59d8d99f639e8a77db1c0510693e14500e5cda8c1a24e5ddbce41b4b3de0cbd87b82fb07874a732c5bb69dc9eb2a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
c1e50738e34edc2cb637c44f96c363c7

SHA1
768835c6169b430c9e010781eb71472c16533210

SHA256
eb6dfb71cf4f4b6763a0abc70747cb074f5cef22d4e7f40cd049a5d9512b23d3

SHA512
b2874ccfdb8f887f1b6f575da8f9a953996181ba6fc025bc554f24b0cf92a82a4b421a6f447a7b138ea5aa208e3aae0447012e458abc9a65c3a6c7ec153972a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
a8fd08675247f6c916ea3612f003d2fa

SHA1
1895cb87565e47d42625cc17f982725a39fdbfd5

SHA256
6ce2852fa171897ce1fb9b87074dffd88e1b50b731540e97b61962d8c7b89d98

SHA512
8a45696497a418008ff25cd354ac690de13127327b6c7c6abbf94311ca98c8d6658ce372dc6e58026783b0d826f9484640f6695a3010e1c0551fe3d75a594612

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
7056c1dcf32ef8686f94b3a9dea8f162

SHA1
ba8097e69e8a91e67a41192a474a3da7c2bd139b

SHA256
ddb65c63752bf926e9cc6d1869e32579ab888544960123f50e02100d8a2a5d52

SHA512
de6db8923af80721b6c244f75f6eed854a3d4694468d56b9b6afc219fe45f6065503d303ec752b6156cf577355fd898725505a92afd6e226b56882b276883993

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
6KB

MD5
5a2f480fa9fd33c1b32ec52c98878960

SHA1
ee61ee1eb13102d4c9a241fabe91c45465385f92

SHA256
acbc6c9cc0be340b34818500510a4037e78dfe69fcbc84f76196e7a668b15bc1

SHA512
e9b320eafc30e75a8e666739326e6b801449d3ebeb600549814cd53e31c0f7f2a5b5e30f4a5e0b60fbbeca6fafa746a68cd3e9f5a2a5bc86e2fae98042b7bfd4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
3KB

MD5
d31df96e05afd2069470fb915ca9d48b

SHA1
6e1de5b1cd10134837010c8eaefc4f3bbf30690a

SHA256
a4194e0531b43812a96bd21a634b74cc2afe5df60c8b61125761c99076083ba4

SHA512
d378db2741067542b84508a4d48f00bd565f603870d0704c62478a28c13f7b6a1f82af140a17dd6869e9bf194ef447e91b769c80e3f8fc6702fbf97cec09f911

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Platform Notifications\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
2732e744445d6826d71bfd10e3716110

SHA1
fe584c6d1b39193516f3cf93772d079ebabad0ec

SHA256
1a51bd9ac8968693c38d4dd9b0b1b2bc2abc942a6a09a1020ec3ff49b71d9713

SHA512
d839c9a7920b7d6b142f8f291b192eba00d7c95cc87ff5884a77a60b63ddb2a7ef9fc51274003ec8fb718ff927fa925055b7360dd12018a14880afffe12edb00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
1d622eade97842a82bbe490f780d5a1e

SHA1
07738707f12288a752af9bdecb36866c99a5a597

SHA256
ce4795196a3460e2f9d3d44ccfe8c63791f494bad994ad91d3446bc1bb2d3329

SHA512
f95bf610f5e1ffe86b03553db762164fca3a4fb72d38c22c05c69301e54ce0b2e0ad6539a661c4ce8c9abf02a4076447bc4f14d2a0784e49163432b8dd9fd02d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22a2d957e2149c78f6d6792f4a910735

SHA1
eb0c594665deea8066723120ea3de82cd5a02990

SHA256
67eda1805373d38ef64a4985ad62642265cd27cf4b086ff7d56bbcea45f9ba35

SHA512
afefeb9124d92964f16309698767bee3f7e67b14e407425dd6b8a934d283cf000712706c0d6e820baa5ac054610b0a58d42284fc8e44e32a958aba3da3be9773

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8e91459f8559215f50cc982a392702ca

SHA1
17ff930b98ef224e285ddf660d0fb4bd99ecb778

SHA256
a0d51dd6d7e3eadefd563898e4d778a363ba891dd065d83221673a8ed48d4bea

SHA512
62a4e79f7ff55a90333b64d859a513ed7a9a7122c766935dfa517e37c47adce799dc157556eac2478f13f3c85ea705c1c3766e27af0ab64c7fb15d919db420ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
75e8c283f67ca43c13ce08c6be110128

SHA1
4119b11d523066f8e5245b4859031e897fc0f2fd

SHA256
e48c9d2d3699ec911cfd03ac850a45f6e2f3bea450e0f24e14d501c33c50533f

SHA512
f14b10f88c64a5ecba104633315e4da166da8c80a0beba3e11842c18576d750fea26c0a2651bf7e9cb40bee1cd7ee7edf86bfc70cadc10b2be29061e87427d76

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
4522b163ed3b9d2c4262dea46f4acef5

SHA1
4322bf6cc7c652da84ca4d90bcd62d0b77d7c046

SHA256
e8e014118569a6d504b7c3dd8a1e8695591c3b0ccd8b5e7a631f82ca941331ea

SHA512
9c96ea2827f00c477f067d4acea78b8662dcf55ba8e150dbbe93495e8eb91f9a7c17f70423d8d5151c4d0cce1a26658abb5946140d579800a56aee0e83e04011

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
b432014165c3fb03b5da92ead1f8ba60

SHA1
d52b3566261a886bf7fb0a0c6e09f2ab05faf3cf

SHA256
ae93976e3e6b5981b88d0d9ba88d70d759a2c5415878615541e58b8e5eee8853

SHA512
e811c5eed81d42cea9c895b7c829e5299491756ca357637aa40672de8ba0eb3ec30b5849c7117a4c9d03a8eda6258d94987f3474e544094747bfb91625fad63b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9505ec9d-0942-4c0b-a228-941e35bc71da\index-dir\the-real-index

Filesize
624B

MD5
9b9fe4fcde8ab434343a632939d3f13d

SHA1
50d9efaa4e41cc74f80e3cf7baf370fece205c83

SHA256
fb1c7b40c06e4efc079ad30c981588013ce38f1c95585d66cf877b189abc4867

SHA512
c8c22003f23fba113047325cb5c740f7a2031a142b9cf5f0bc62b26ecfc572e6c62c212250925f989a896f49f0b114f74f7e2bec68080a68cadbcbbb0430ceae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\9505ec9d-0942-4c0b-a228-941e35bc71da\index-dir\the-real-index~RFe58ed59.TMP

Filesize
48B

MD5
f0134612417ef45fbec9149af9eed8d1

SHA1
3d1715bb7bb36c74b32455b9b2b75ff060ebba36

SHA256
f419bfccd7f1a4293fde78ccdd09b819ce97297cf5755dd76fb80174a948c715

SHA512
c36143140bb3370c749db3f81ef9c5f68d13622a650676d442f89428eeeeb3379c285d9966f8dd334d7579a8a9ed83299903652d315f9647365c7a935c280723

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\d7ffdbbe-9590-4ef9-96fe-1fe702bbca5a\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3835d0f-1706-49e5-8a01-10c3501e9e1c\index-dir\the-real-index

Filesize
2KB

MD5
b2d8d7354e705ad0a50635b7ce7e7157

SHA1
3f1d67f4305e0cbeac73b72db740e36160fedbb5

SHA256
35884b5c61f025af4197b3136ac90e810ac450b03b06fd96e7812d48b5025fca

SHA512
b46d3bb568269ee1c15a441a62ed78e31eba61ce6861e0616b33eef49cb404d9aeb0a21643865b13c691681bcf35590020bf81a73d3ca4907dfaef88895a07bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3835d0f-1706-49e5-8a01-10c3501e9e1c\index-dir\the-real-index

Filesize
2KB

MD5
57dec2c986d24a06e0a658b83bea5598

SHA1
a828c69c671b7a3da184d4f1f69ccae5eae218cf

SHA256
544b22455cb1187825ec2cf9b3c316b2e29d6c54d02a6122f935462e0fef3778

SHA512
b9bc200486218e72efa7a0811a10fcb5427a4985a1ab8e7b4d159980a502beb4f8bee9ead41d4c61b7a3643e8366e599116f758c8b5a9bbb6555bf20e9acc238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3835d0f-1706-49e5-8a01-10c3501e9e1c\index-dir\the-real-index

Filesize
2KB

MD5
4d3e73c8310b85dc9453fd6902b3d1f8

SHA1
20af9112d8eaeaae6a47166689db0f0888532e61

SHA256
ae16c798395b2e3453bfc17c3703b27fee52f79280e9ddbaecbdff49959abd0a

SHA512
5f7b12ccf298fad38bc9dbe8a27ec0afba98585a1667c80f8b7eb7efc813a40f2d6b371347086dd5db6a4a1e40347059b37daa003be305f51f0e8f2c8a60d5d3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3835d0f-1706-49e5-8a01-10c3501e9e1c\index-dir\the-real-index

Filesize
2KB

MD5
8c03aa0dde2fda571abeef41703cc206

SHA1
4f548088d7dbcb1ab88025fc34a5a616b9960b10

SHA256
89ea435618daa6beba77ce0dfa65130c518074b68c2395b1945c74bcaac4bdcd

SHA512
013758e6216fb1b1a217706aa02e499718f0842dc8274e889a97c667beb4bfa9cec69f5d2416232e6999ad05509c0f6f6b666a6db128b6c68bc4e107db23112f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\f3835d0f-1706-49e5-8a01-10c3501e9e1c\index-dir\the-real-index~RFe58913f.TMP

Filesize
48B

MD5
e50d432f86ae8a47aaa4618442d3ddaf

SHA1
23d8d3d23e0951c8b0e78757b88efa8aba43d96c

SHA256
a8e522314e02dd4e36e161a7f7b26466d6dfc99acfce5d87149abf9ecb7e7ab9

SHA512
53096297f576390d0d04b3461a08d281884255116f04b40edbc56372946165be9b027eefe9da9d60ec342eabcdc0d706e474d380b15eef76c76bfa8adc772124

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
89B

MD5
09cb3791831e0b582e73194cd4ae2c5d

SHA1
fbd6856d9536ca91f68c1709ff3378e0ac836df4

SHA256
b2611b6e5b9737f9c1a18082e905e580463ec813ce75ec7095f54b4314dfef9d

SHA512
bb9368f5f392143e07a594adc2fb8be1fdac35e5767649d328b09e59f0807367eb2f939d6f0dfc8a64e2bae8483787aa1b495dfc3ba6cef34ac17782f814a2e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
146B

MD5
b3ace9b33cdd0066f0a28b0f2e353dea

SHA1
094fe52062b9cf4557e0ba3c248502fa65900a37

SHA256
b2f1c5fe1b6b801b13e62f6ae782551b55cd4718d0eb4837df425278a270f796

SHA512
b9ef852289aee45f7116136ebb9ce16649b865eafd58563a248bc83dfbefee97b9cae8af877f7a84cd52970c8f2b8e7d0f381e0da4bbadf90a82d91bf230d6f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
157B

MD5
300cd95823b7afaf615e4cd512f9f399

SHA1
ee293722389ded75f3db9e2cafc669328990e3cf

SHA256
41c82554b76a9ea901c7efc6cef37e713ef73e59d4d361b00ceb0f05ba1eff4f

SHA512
8e56a335d010debe5230cdd171d6831348ee593b39c716ac202e25dd25cd4842cf1c47aaf6e8b34589efb5b3df0c030cfc7535c4f63a1c41be258b8a04ba278b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
82B

MD5
73dc6d05b0d1ba171750524880fd2f87

SHA1
9be73739d29875abe545a0eca3a84b8454d3b08f

SHA256
071b879fa20b87a72487da75ba32f6476e7002e66299ba615c8e54e1095a2418

SHA512
3dae2d2a038c46a3134d605b624cfb41aac6f9c71e8f2b4251b750f500f53e6f9b10d085a8bb80a519df327764080eb276a55db962e989b0dfc3d70e59146633

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
148B

MD5
a5fcc79d63c42484531f043aedc0b40a

SHA1
7c6014e8ba9db9f0f03351354a47f0b4244d048e

SHA256
fe771fef8f10679a045c12c2d0009ac4a5cd7cd30d90a8c7b0c7a1333f4b50be

SHA512
4768255cf3a35ae5256dca0f5ed96ca56bb05216f9cf6f5e2b9e7af121aae0ff6cfc4b3bc9e65bdf704a74ab9d2fd3d1b183504c101fb31b4d4e14b3be1cb164

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
21bb8949fe51b2ea8ffe8e013e6b0e88

SHA1
28dc8d95ac380fdd0532fc6415e6cf780e23c842

SHA256
40499fb6ceef5167d5b8b6844b49bba9e4835379b6a9ae8ac54842824bf6032e

SHA512
194afe8e81179f9d796596aca726e93ddf25709779a3bb0044603e6fbe0b40eb79e43fd9a6e010d3902d2709067dc9ba31fc8ad30907168e9ebaad875bc6cebd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
84B

MD5
a36e925f79d6c37a479db62f1881c1fc

SHA1
40b294d16b150e2aabfe12bbdc3d86555ba6c98d

SHA256
e3a2dd10b5e15f8933963bdf444bfe7e915919a2dafbc915d5e0f49c757c01db

SHA512
58dee401071b7e8246e5edc53075b22507b3c5d6035db593bf1d434a0cac8a1ee4496f7e32c269f07fa392a10a9848a07796c1bb0928ef2b3253f4cd532f58e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
a88c4a843f3e2e5cdefbaa75fa292517

SHA1
467dce43f5df3034f98896fe46d02a2109397e7d

SHA256
5891bcccaf9c1f1cff92f1474c8c9e990163d3a458e9c3b84ce5197883597af2

SHA512
70938cd1893e38ac1c888fcefb7c842fbc402e956db7be37718b72b38a25bb753d890276fd27daa1934a4a2d834bf078feacf5c993b58093a172a56f72754bc9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

Filesize
153B

MD5
20ea5afdafabc05e460c4830cc6f6287

SHA1
fcab58189c84ca151e9beaffe6b15ba2b6adb682

SHA256
9adb91c2a2019f80beaa02d27d602701c3c153298208aa464edc36629acb9cff

SHA512
f4b9976c89b166f92737a2eaa6ae11b242117ff928cf37bd17b15ea38ecfba56ae4d54c5c882075193ca29d8237d32ba2b04099b83d78bdb2eda55f9e59eb422

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt.tmp

Filesize
153B

MD5
05007d4139e89641150abdc358f12d00

SHA1
f5aa1a115d84efd424dac4bda389cbe7f5309b4a

SHA256
b0a34c0ad468d1eba9fbdf80d0ed1330f24980be9139001a7e46b777c3b01167

SHA512
68513600ecd46ca87a18981b99e3a9bf3c932d0200dd8d42608b76ab00ca8a7716322683a482ef257562079c8945187f63bb7b43bc6c3093b6f07329ba8f31f6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
5d309cc8433648660c43cb412a1457a2

SHA1
4cb31f809123074f6f197a841803241e87ba0483

SHA256
bc2b8bea8ccebff749d6fcfbcf76c4c216e3f8bad39231f699645b1cb4bd454a

SHA512
486e7ca39611c4574e0e30dbc57f94e02ff1aac1243ab0156de603c92f35a2ccd7f51869d7aefc57add07ebe2777724a82ee6252a867e1b4f5f95e35c6b07a71

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe58e644.TMP

Filesize
48B

MD5
82f6743d9b4233728d2d87399a5b57e0

SHA1
7a4ee41d90ce0cc8e030f694e540bb468fde974d

SHA256
1b862d68b45bd2d225aa2bc8e003093f483013027e8af27f9314743c6dcb65fd

SHA512
718e2a1e69f02d002f354b1395f05da27a079abc47e0eb1f0bfb507b80e8555727a3abae3509a28fbc06c774345e42c4017c0f8b98344792d29eaa56fbf3ccf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
024168542a55a220614de6c0304caebd

SHA1
b77804f070831a58e460a22b7e344f892d631fc9

SHA256
2dada0e795b9c7fb653e45e1cb0b32460de4c2c0d964fdeb5a6256e30a7162e9

SHA512
35a985661880fc9fb19299e2c34ea5643e439b84ab5784caf3bcc60b83e3e373a88043587233995fe995560b7905666c3f4277a58b002eb77c30a2098bf3b003

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
94faf137afce231f98586d9a8e4c668c

SHA1
6a8f4ae443a9385e236f576091570b8525214dab

SHA256
898ba93cff66ee39e14c690114233167454011e8d921329e4628650d3cd48f27

SHA512
c3af906e34880c0e5b96268f5c7cca9cbd2fe6669c1f7a72811c3e070dfbbdeaaa19904f71ca4983835457344d22f4237a281c4d1eac9deb27c1b7001981f1c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
3441ee8e2e14293148737239a58d34e7

SHA1
c3a98759f0029267515123fd0bd1991855ffdc96

SHA256
a083aa05f596d487e29360b18ad952b3a7891a7926621deeabe052db4b2cde1a

SHA512
8cc0765d74fc866d3ac905e4aeab434a3cb4812314dfbfceb8b7a7468731562541c149e746062abec1a7213094b079ab919159fe30c692700335a1d2f712c3f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e73196465e4dd36a4eddfae60d3c0b77

SHA1
6a3560badce527d4df57f31b16ca198367648ffb

SHA256
abd5087dfe55ed5a9321d16b18afdbb6df5697955c61e3576f388fbe6f58bb42

SHA512
26e784e421e4d56e22050b3b50e4b8c3f9dae8b95337e33f6a76103eccb8de8e9768adca90fce4214751832ba671b45c7f08c6429e2a52d64e364f7a1a3fd609

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
0ced6e630407ee9d9e485d361f53ad56

SHA1
9b1438b731fa8b6ea97883e14bd229e26c8cba64

SHA256
d70daf29d3a35ee12d624554240a22cb66a246c9755dbe2f6ac8e8f5907efa1e

SHA512
51d28c6351d645c9cd95bb5ad2541a702996427d4e93b03b367138cf8b79c8173c9d6245db5d027f4d9d213a904eb54cd892eadddda94f35ee6945e1d55875d0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
f4fd3a672c63d09f410deb9b0e5580b7

SHA1
69a18e611072700a64bf13fe0e84dc94c64c751f

SHA256
708c65d96dda0784aab4e8ca4f7f2af960823c7e2b368b2ed9313805ba2a0773

SHA512
fbb71fba8f5216196805927a2dbd7c077b3a5ac7194246dff7bbbde9d7e8427cf4a357d6026421491c29345de461c0a953ed6b7ff7c0978a4e224e2419ac1a9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
7476d2f628bb90a8d2af49ce1c8f436d

SHA1
b21f5ed94cec2a42cc0860ebb5ad9c65b3d92f9e

SHA256
ff923c05d99a17f5e966e1d06e8e05812cdd6aae2c59234f6424147fc114a000

SHA512
9a5ff7791a50d5c43d0a5bd70ef5ddccbc80c4dac6c485c980cadd40d5f0613ed950cdbaaad08fb4ece7216198e900b6f1167a517037d2556cb7b6c165e6a44f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
8724bea412c14be27e9568f6c696c27b

SHA1
4f7dfd274b7ab4400367355e2138916829f59f76

SHA256
e70aaa32c6a6f65149282c20581e18101c2132cebb8a233b6386352337d49fdf

SHA512
5fdb545f662c0b3ff7c6c8f7a644891c351c8c1b38677dc080f1e2ab032ecf3b2715e09675d3257f7850cb0dd6242d88cec9d3082826f5e7bee56f8476b460f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
0de6a77eb3c40b4a5a1422e7cde56637

SHA1
a96887341bd9011468674f03f723bd52935cc7f3

SHA256
ecc754ccb32348da6b8c33b9bd6124d9d4b01f30146dc3f33d5c220e0dec8224

SHA512
694b54f41734c5c202b75409a77f0d81ec4e246127dfbd6efeb030af014afb91d3eb5c1c51f3d1e7724ffa508196480d6eb38b20f9e4e601e0796543f4007b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
feab753136a1b420bc66826843fd0f70

SHA1
ecdba774564d7957181b9fc7ac67c69b0903019a

SHA256
ae464d697fce1ff43209cc957667c138c8fae3b85a3dadd1c766132eef4b0572

SHA512
0a2528d1a6d9bda62e906e42bd8e2f6cc99fd524d4f082fef7d1c2c66b9c3f99a36ff6cc261cf1a743bf171dbe340d40267e5ce7e8e8ad26430aeefc6c06a4fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5a3f23987fdb45c493a49e707cb2e9e1

SHA1
05250fee6daa6a3ab76171819c65e2da41deeb90

SHA256
5461467b79d071dd7e57fc10a72795e83ae142a8dd0ea6c55c93a7cff08a1a4c

SHA512
d8fd5e376829344732115a3577c8950a3ef850f73d16096b8960c797a7aa7a5a74e32b7f1bcc2158d45f872ad2dc5a93889df14d6ec50c082dc6288a46c8071e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fec3.TMP

Filesize
538B

MD5
47cab45750df96b287b2dc320fec62a5

SHA1
750d1227f69b9920c2ff22c913ec5c34a9c3f9a0

SHA256
7e692041eca79c3df89e2674adbefc162cbccb0a0b5c5e2943b74c52332538d0

SHA512
3263a0bb8802254749a990d75a5dba60e567c644fedf92fc98639d6e6f2c1194e4a3e66defb33de1fbf67a5b1e798ac44b4212aac71e21b6cda09aee17aae1af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\b51bfadb-e3b9-4c0c-8eee-fb94e23e1fec.tmp

Filesize
6KB

MD5
8979dfdbbd2c9fab81136b25e7ca00e1

SHA1
a8365a58bb8fad1bd3b7305643fc2b12726a5298

SHA256
d3281763a05f6d898c7be43bf247bd7726b0629acac33143b1b8452da46bbe3d

SHA512
4da00777a368e75223168a6cf16ca07023bdefc058e1f44211f2cd85797f406fc7b6d486d7916c0b8dea92837d117f81a701f02ede8f0e25f92cf1d1a5d2eb8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d1b2d05ee10417782fff7eb5c670360e

SHA1
7e5cab6ead454b8747688ff1b06c9c6ee4e47d37

SHA256
f01c2d968116e2a3d5f7e30eab830d50918dfcee31febcd72cca316d97831884

SHA512
67adb12da6ad52d25ef8f9bfdc5cf4ea01fcc154a542432f57d184db4c7a80235798aa922dd2d97871b51ebcd5af526e4de9fb03bb2a2acae5365e07ecb5e5b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9d381b6d0b10e40b5e86d0cbe83339ed

SHA1
fcc1acdbb53ebdedb0c57435860c1550beda7e68

SHA256
33f4448739a64693054730addd5c8821a9e4777607498bea514d0a2482dd56e7

SHA512
82fc179bd0ec1839288b8f4368d8f120f7d98a8c8f8b3835ba1e9afd31872bc89843ccfd0ad630807aa22892f61c95d3e11d6ec74c2053ee8880ec4da3b98625

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
39b8530dfaf80413c70965b735b9e1c4

SHA1
4434218a7f0d74f738f2af7f3f76244494f45e98

SHA256
955d15bb2618d5bdd4004dca612b05711eda52f78f5dd39d40c479882118e73d

SHA512
02b4b583097d52e8e9f5b7c0e2247b9c0edb2618b8be3c77a13c93adf5541e83566b23bb465b4027c1d1761c029c9419613e71d474ca3cbbe1c4c7d3e1a30341

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV.EXE

Filesize
1.1MB

MD5
f284568010505119f479617a2e7dc189

SHA1
e23707625cce0035e3c1d2255af1ed326583a1ea

SHA256
26c8f13ea8dc17443a9fa005610537cb6700aebaf748e747e9278d504e416eb1

SHA512
ebe96e667dfde547c5a450b97cd7534b977f4073c7f4cbc123a0e00baaefeb3be725c1cafbfb5bb040b3359267954cd1b4e2094ef71fc273732016ee822064bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\AV2.EXE

Filesize
368KB

MD5
014578edb7da99e5ba8dd84f5d26dfd5

SHA1
df56d701165a480e925a153856cbc3ab799c5a04

SHA256
4ce5e8b510895abb204f97e883d8cbaacc29ccef0844d9ae81f8666f234b0529

SHA512
bd5159af96d83fc7528956c5b1bd6f93847db18faa0680c6041f87bbebef5e3ba2de1f185d77ff28b8d7d78ec4f7bd54f48b37a16da39f43314ef022b4a36068

Download Submit
C:\Users\Admin\AppData\Local\Temp\DB.EXE

Filesize
243KB

MD5
c6746a62feafcb4fca301f606f7101fa

SHA1
e09cd1382f9ceec027083b40e35f5f3d184e485f

SHA256
b5a255d0454853c8afc0b321e1d86dca22c3dbefb88e5d385d2d72f9bc0109e6

SHA512
ee5dfa08c86bf1524666f0851c729970dbf0b397db9595a2bae01516299344edb68123e976592a83e492f2982fafe8d350ba2d41368eb4ecf4e6fe12af8f5642

Download Submit
C:\Users\Admin\AppData\Local\Temp\EN.EXE

Filesize
6KB

MD5
621f2279f69686e8547e476b642b6c46

SHA1
66f486cd566f86ab16015fe74f50d4515decce88

SHA256
c17a18cf2c243303b8a6688aad83b3e6e9b727fcd89f69065785ef7f1a2a3e38

SHA512
068402b02f1056b722f21b0a354b038f094d02e4a066b332553cd6b36e3640e8f35aa0499a2b057c566718c3593d3cea6bbabd961e04f0a001fd45d8be8e1c4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\GB.EXE

Filesize
149KB

MD5
fe731b4c6684d643eb5b55613ef9ed31

SHA1
cfafe2a14f5413278304920154eb467f7c103c80

SHA256
e7953daad7a68f8634ded31a21a31f0c2aa394ca9232e2f980321f7b69176496

SHA512
f7756d69138df6d3b0ffa47bdf274e5fd8aab4fff9d68abe403728c8497ac58e0f3d28d41710de715f57b7a2b5daa2dd7e04450f19c6d013a08f543bd6fc9c2e

Download Submit
C:\Users\Admin\AppData\Local\Temp\SB.EXE

Filesize
224KB

MD5
9252e1be9776af202d6ad5c093637022

SHA1
6cc686d837cd633d9c2e8bc1eaba5fc364bf71d8

SHA256
ce822ff86e584f15b6abd14c61453bd3b481d4ec3fdeb961787fceb52acd8bd6

SHA512
98b1b3ce4d16d36f738478c6cf41e8f4a57d3a5ecfa8999d45592f79a469d8af8554bf4d5db34cb79cec71ce103f4fde1b41bd3cce30714f803e432e53da71ea

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\f01b4d95cf55d32a.automaticDestinations-ms

Filesize
8KB

MD5
c49416ff62ac6fc289d83c7229404183

SHA1
ae2b212d2e50df5687c1eaa68cbaf30a13b89ba5

SHA256
4f0961c544c14eb1e24c958ca75df9e3660ec4470f9ee33542481025bd17c9dd

SHA512
5c57867b251ee92821bc266a5724feffa8147e5b09b324dae0486a9b2ef282c7457ebec43504e9484b2857a57e91ec9c1992015c62405c1177f88228f19c768f

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 613629.crdownload

Filesize
84KB

MD5
b6e148ee1a2a3b460dd2a0adbf1dd39c

SHA1
ec0efbe8fd2fa5300164e9e4eded0d40da549c60

SHA256
dc31e710277eac1b125de6f4626765a2684d992147691a33964e368e5f269cba

SHA512
4b8c62ddfc7cd3e5ce1f8b5a1ba4a611ab1bfccf81d80cf2cfc831cffa1d7a4b6da0494616a53b419168bc3a324b57382d4a6186af083de6fc93d144c4503741

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 828696.crdownload

Filesize
414KB

MD5
c850f942ccf6e45230169cc4bd9eb5c8

SHA1
51c647e2b150e781bd1910cac4061a2cee1daf89

SHA256
86e0eac8c5ce70c4b839ef18af5231b5f92e292b81e440193cdbdc7ed108049f

SHA512
2b3890241b8c8690aab0aed347daa778aba20f29f76e8b79b02953b6252324317520b91ea60d3ef73e42ad403f7a6e0e3f2a057799f21ed447dae7096b2f47d9

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 919599.crdownload

Filesize
2.1MB

MD5
f571faca510bffe809c76c1828d44523

SHA1
7a3ca1660f0a513316b8cd5496ac7dbe82f0e0c2

SHA256
117d7af0deb40b3fe532bb6cbe374884fa55ed7cfe053fe698720cdccb5a59cb

SHA512
a08bca2fb1387cc70b737520d566c7117aa3fdb9a52f5dbb0bb7be44630da7977882d8c808cbee843c8a180777b4ac5819e8bafda6b2c883e380dc7fb5358a51

Download Submit
C:\Users\Admin\Downloads\tsa.crt

Filesize
1010B

MD5
6e630504be525e953debd0ce831b9aa0

SHA1
edfa47b3edf98af94954b5b0850286a324608503

SHA256
2563fe2f793f119a1bae5cca6eab9d8c20409aa1f1e0db341c623e1251244ef5

SHA512
bbcf285309a4d5605e19513c77ef077a4c451cbef04e3cbdfec6d15cc157a9800a7ff6f70964b0452ddb939ff50766e887904eda06a9999fdedf5b2e8776ebd2

Download Submit
memory/3788-2072-0x000002B8D7EF0000-0x000002B8D8804000-memory.dmp

Filesize
9.1MB

Download
memory/4600-1908-0x0000000000A40000-0x0000000000AAE000-memory.dmp

Filesize
440KB

Download
memory/4600-1909-0x0000000005A10000-0x0000000005FB4000-memory.dmp

Filesize
5.6MB

Download
memory/4600-1910-0x0000000005500000-0x0000000005592000-memory.dmp

Filesize
584KB

Download
memory/4600-1911-0x00000000054B0000-0x00000000054BA000-memory.dmp

Filesize
40KB

Download
memory/5332-2039-0x000002924B7E0000-0x000002924B7FE000-memory.dmp

Filesize
120KB

Download
memory/6040-2212-0x0000000000400000-0x000000000040A000-memory.dmp

Filesize
40KB

Download
memory/6108-2193-0x0000000000590000-0x0000000000623000-memory.dmp

Filesize
588KB

Download
memory/6108-2200-0x0000000000590000-0x0000000000623000-memory.dmp

Filesize
588KB

Download
memory/6108-2196-0x0000000000590000-0x0000000000623000-memory.dmp

Filesize
588KB

Download
memory/6108-2211-0x0000000000400000-0x0000000000445000-memory.dmp

Filesize
276KB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Extracted

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads