d6334f9a9eebc74ff286ae30a54c0afe6ae2732a4ab97b1be097c2e4f66c5124

Resubmissions

14/06/2024, 10:09

240614-l65xlswcne 8

14/06/2024, 10:08

240614-l6jdlszcpj 3

14/06/2024, 10:02

240614-l2ws5sward 6

14/06/2024, 09:59

240614-l1cnwazapm 3

Analysis

max time kernel
113s
max time network
118s
platform
windows10-2004_x64
resource
win10v2004-20240611-en
resource tags

arch:x64arch:x86image:win10v2004-20240611-enlocale:en-usos:windows10-2004-x64system
submitted
14/06/2024, 10:02

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

output.ps1
Size

1.3MB
MD5

79c5a7175002efbba4e43635d6b4efdd
SHA1

7967fdc4c9c457d79922169547fa135264cb844b
SHA256

d6334f9a9eebc74ff286ae30a54c0afe6ae2732a4ab97b1be097c2e4f66c5124
SHA512

d091f85ba25d6e608b4d650c524ba2f74c067706de3a3e090380957f8a71be9272d07e79bedaedc2a67c1c84d4e943c6f0c657577c95bf2dcd647a6faa3dc3cd
SSDEEP

24576:rxI9ydWnhHtTgTuGa14HKYktMpicPC3IyIBwnkx7Cn:V+pdRttczPmFxu7+

Score

6^/10

execution

Malware Config

Signatures

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	msedge.exe
File opened (read-only)	\??\D:	msedge.exe
File opened (read-only)	\??\F:	msedge.exe
File opened (read-only)	\??\D:	msedge.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
2440	powershell.exe

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	msedge.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies data under HKEY_USERS 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	msedge.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133628329693784519"	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{3955556B-D4C1-4DF7-8C26-A293EA66E089}	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3665033694-1447845302-680750983-1000\{6134D030-FBF3-4651-9B4B-077230A1C9AA}	msedge.exe

Suspicious behavior: EnumeratesProcesses 11 IoCs

pid	Process
2440	powershell.exe
2440	powershell.exe
2440	powershell.exe
2440	powershell.exe
2440	powershell.exe
2440	powershell.exe
2440	powershell.exe
2440	powershell.exe
2440	powershell.exe
4452	msedge.exe
4452	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe
4452	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	2440	powershell.exe

Suspicious use of FindShellTrayWindow 26 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe
2740	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2440 wrote to memory of 2740	2440	powershell.exe	93
PID 2440 wrote to memory of 2740	2440	powershell.exe	93
PID 2740 wrote to memory of 2564	2740	msedge.exe	94
PID 2740 wrote to memory of 2564	2740	msedge.exe	94
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 2492	2740	msedge.exe	95
PID 2740 wrote to memory of 4068	2740	msedge.exe	96
PID 2740 wrote to memory of 4068	2740	msedge.exe	96
PID 2740 wrote to memory of 2708	2740	msedge.exe	97
PID 2740 wrote to memory of 2708	2740	msedge.exe	97
PID 2740 wrote to memory of 2708	2740	msedge.exe	97
PID 2740 wrote to memory of 2708	2740	msedge.exe	97
PID 2740 wrote to memory of 2708	2740	msedge.exe	97
PID 2740 wrote to memory of 2708	2740	msedge.exe	97
PID 2740 wrote to memory of 2708	2740	msedge.exe	97

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell.exe -ExecutionPolicy bypass -File C:\Users\Admin\AppData\Local\Temp\output.ps1
1⤵
- Command and Scripting Interpreter: PowerShell
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
  2⤵
  - Enumerates connected drives
  - Checks processor information in registry
  - Enumerates system info in registry
  - Modifies data under HKEY_USERS
  - Modifies registry class
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:2740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2c4,0x338,0x7ffcf00c4ef8,0x7ffcf00c4f04,0x7ffcf00c4f10
    3⤵
    PID:2564
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2304,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=2292 /prefetch:2
    3⤵
    PID:2492
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1956,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=2344 /prefetch:3
    3⤵
    PID:4068
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2536,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=2596 /prefetch:8
    3⤵
    PID:2708
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3436,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=3464 /prefetch:1
    3⤵
    PID:4620
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3448,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=3504 /prefetch:1
    3⤵
    PID:2172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=3168,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=4052 /prefetch:1
    3⤵
    PID:3972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=5080,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=5092 /prefetch:2
    3⤵
    PID:4240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5084,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=5016 /prefetch:8
    3⤵
    PID:2324
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=3432,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=5640 /prefetch:1
    3⤵
    PID:3656
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --field-trial-handle=4280,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=5328 /prefetch:1
    3⤵
    PID:2788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5620,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=3724 /prefetch:1
    3⤵
    PID:1240
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4084,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=5720 /prefetch:8
    3⤵
    PID:400
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=4092,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=3948 /prefetch:8
    3⤵
    PID:3312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=6000,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=4048 /prefetch:8
    3⤵
    PID:3228
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=6008,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=5460 /prefetch:8
    3⤵
    PID:3332
- - C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=6532,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:8
    3⤵
    PID:4612
- - C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=6532,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=6556 /prefetch:8
    3⤵
    PID:2172
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --field-trial-handle=6884,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=6904 /prefetch:1
    3⤵
    PID:4788
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --field-trial-handle=7128,i,9807897492542366089,6437817238758513504,262144 --variations-seed-version --mojo-platform-channel-handle=7124 /prefetch:1
    3⤵
    PID:3784
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
    3⤵
    - Enumerates connected drives
    - Checks processor information in registry
    - Enumerates system info in registry
    - Modifies data under HKEY_USERS
    - Modifies registry class
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    PID:4452
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=125.0.6422.142 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=125.0.2535.92 --initial-client-data=0x23c,0x240,0x244,0x238,0x24c,0x7ffcf00c4ef8,0x7ffcf00c4f04,0x7ffcf00c4f10
      4⤵
      PID:2096
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2300,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=2296 /prefetch:2
      4⤵
      PID:4624
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --field-trial-handle=1948,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=2332 /prefetch:3
      4⤵
      PID:4880
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --field-trial-handle=2512,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=2524 /prefetch:8
      4⤵
      PID:1864
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --extension-process --renderer-sub-type=extension --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3128,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=3380 /prefetch:2
      4⤵
      PID:3308
  - - C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4848,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:8
      4⤵
      PID:3972
  - - C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --field-trial-handle=4848,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=4880 /prefetch:8
      4⤵
      PID:2232
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5068,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=5080 /prefetch:8
      4⤵
      PID:4288
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=5196,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=5052 /prefetch:1
      4⤵
      PID:4284
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5248,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=5268 /prefetch:8
      4⤵
      PID:2492
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5276,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=5424 /prefetch:8
      4⤵
      PID:4136
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=5720,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=5744 /prefetch:1
      4⤵
      PID:4440
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --field-trial-handle=5748,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=5768 /prefetch:1
      4⤵
      PID:3644
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --pdf-upsell-enabled --enable-dinosaur-easter-egg-alt-images --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --field-trial-handle=5772,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=6004 /prefetch:1
      4⤵
      PID:3540
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=5144,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=4888 /prefetch:8
      4⤵
      PID:2692
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --field-trial-handle=5116,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=5244 /prefetch:8
      4⤵
      PID:5104
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=5244,i,4074607104241754458,3350385009223497317,262144 --variations-seed-version --mojo-platform-channel-handle=4932 /prefetch:8
      4⤵
      PID:3504

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
1⤵
PID:4880

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x49c 0x324
1⤵
PID:2256

C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\125.0.2535.92\elevation_service.exe"
1⤵
PID:1680

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
7960c634b9b525fd6aacfdad2fa2be69

SHA1
1d7b82829b9cb5affafd70338401daf1275a52be

SHA256
373f2c72049e264fee995965bcbf81864b8059f41b81475773bfea0b246e8a3b

SHA512
07962c2c9496d8e2733feef87f61093e12c0daedb528a691fde7b4697cf3ae81698c80bbc005412c26b3b3465ad413fb7b5b9669d8add33de54cec26dcf5d201

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
0ba2ae93690101aaa7ab1350abd49696

SHA1
9f97119cff35d4a9a2b14352f9060d3e6ec9535e

SHA256
457c31d6fbf780435c4a2c225cc14416edd097e509ce79c03069abbdd1e5ceb3

SHA512
a9aa2d26f68542b0b4169aa1d1ff2a1a0f63d70cb65c56a7b4617217cc0891dc2138c5f49b3c66f872b74f41e58f77f95760281b6b725078642dc1dca04849c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\3a14d453-965c-4cbb-923b-b00e1345efc5.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\AdPlatform\auto_show_data.db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_0

Filesize
44KB

MD5
4c694bd70256398cafd62c73e31273dd

SHA1
f26e8f9964f7ec826e2db73a8ea2eefba4888626

SHA256
47291c1b36b0156215e99e9acad8838230bff6d23df9c66cc1cf0f601bbb8f78

SHA512
16306ad742172a34f198451f70a2e9b6798e0069ee2d2905cfa030dbf16767d860d219f0c839967e97d00d7f8a5309f1a8eba6b8f312069d1741cf0aa5082d47

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_1

Filesize
264KB

MD5
c2a0eb0b81ea705babee681d7b9d613d

SHA1
adf8092b4cac5024fbcf5daa0e197bf80d85d3a2

SHA256
172edc289f097ec2f1e8c40c737df5053c9dbf5259f7943a3bdb5170d220f871

SHA512
8b0388d783dfddeaca90f51dd6b3f5ec6ea05527fac00db321f8b2691f36f57f9d21a6bae7c40c485b071842501566f3a4d0bf8566d78179b8ac2a6196358fe9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_2

Filesize
1.0MB

MD5
3d3538e2d9c707177e4d11919b00e8ef

SHA1
05c589bb883f87ae00cad9c0f7b35dbf3b99f1c6

SHA256
89f85162498cfdc9e5b8f691c7631377e0c17d0fe7bda0b810f0d8eeb3c69683

SHA512
0869ab6ea7230324e619a008851b0643984c3fc42170646ffe2d65cc8ab7997117c0da0c7e020bc7f38f0751442a08354924c1b9bd747a5dde1b67e60ae499c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\data_3

Filesize
4.0MB

MD5
954fec8a1cc30b734944f03fe3571299

SHA1
d5d9ca29b9a8bb6f98f58cb7461f9ac5b0d58c31

SHA256
53a6c23c96092b2a4a72654967324707aa35205b1623d916e39a94ac80fdccc7

SHA512
30e58eb9fa4143bd1a65e3a1b5b32b9e16e727e5cfe041ea3e76b86ae0986a35ebc8b01608e5c022acc0ca2b8e6af31ba5319d5fadef735f69a16d6ad466cff3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000001

Filesize
21KB

MD5
c76d6b33193446f90b8450b761e071fe

SHA1
1b2ea45368371877b1123186263af52476221235

SHA256
ecb9ce5f8dfe9401f123737df5d1382dae69575da4874b1526a30a0343cb8ca2

SHA512
b81d684b54a4a5b63c9b57f85d801e4759b0da39fec0eca43d102fdcb5b582f0322fd3971a086d1a9f03fdc41bf34350ac3a150299b1c8807c532cd1d3436d69

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000002

Filesize
52KB

MD5
e14347d1816d9cf77590bbe8b415d079

SHA1
c36683169a3a2eb941dcf5346f8600009a20e90a

SHA256
af6de8737ee904fbeb53642c09175192dabe7680adf43157b34e86e54bbfa555

SHA512
c5fbaf8a482cec991612c385aaca8b6316681a0f6d18b88364212ddf3617b0f6114bc2269f041df9db8d5040cacc589d99340f25d28d3491a9a9e45fa33a0b80

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000003

Filesize
28KB

MD5
6613100fb06164ebcfeff3d3d0d61fc7

SHA1
e20838764ef8f10ebaea52c2a2fd1acd1606b87b

SHA256
f320a3daa53c47c4e55797ea008940e38a1045e589140407830fa5f5028ffa3b

SHA512
311c2bb55a319fe583e9dba52cdc7c60504a508deb5acbc51b5698509f97162a9d2d65759ba8e9330aa4d7c67bdedf38bd88cb5c4c4da6793e5d2508d88355c7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000004

Filesize
122KB

MD5
c7cd1e34429e707a0a3969f6fb4dffd7

SHA1
b6e6b2f228ea70dd4443f6a06dfa9a0a4e89b659

SHA256
9cba844494a79e6c83aad47d2840a47b6ec6acf587b4c60cefaa6115fa98b611

SHA512
9f3f4a19156da3821d6e321ece6af7620a9e46a8a3188f29de9b828954d3aa7f8a1e6a9d591e697c29fdf2503c958a54e80b53cb4430821fccdfd2350f4f1329

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000005

Filesize
31KB

MD5
e53de79c273479f6c958adc55c59e634

SHA1
a63c1286097d76538361cb8debdc811586f74d7c

SHA256
8b34f39ede8140e46bb3b4753cf5050e70f8b6cec510fead430afbdc4b0cfccb

SHA512
c05dd0e3d8d0917ce4549173b81f5465248303aa3e934f2dfe25dedb72693dc0d0b9aa2e57ed115f0f70339856ea590bc1b10ce6c917972b3e94690c164fc0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000006

Filesize
70KB

MD5
d010c44248f14f599e8312d6dd7b28a6

SHA1
17d3652c229d05e7d2c4778b57e413fc132ebdfe

SHA256
2c5b75483b9b2ae97dc421791520e7f8c14439a637f8b68ee745912381692348

SHA512
efd2b25ea587c5e050faff7187499c06b029699f2aa6911aaa0a1a33ca4dd63f082fd801952f60effc2b8dd56d2669d302beb0fd08a60742e3ef6847e792b95a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000007

Filesize
153KB

MD5
da38b9999e949cb2abf1175f2ca3cc12

SHA1
bafbc4ac295f76a02ed82e9281c55e6da51694a4

SHA256
c65edb59caa1e1f8bed264832a1fb9d5b68ac3c5c763fedc5ea8d612dd63eb8e

SHA512
0875f8208b4bd921661e2daabb5ecb2178322c0ddf2c67655578c70f428575eac5cf23ff39e78f73a9c5bef86bddd5eefa18f024d90ab9d355422ad2ff48e564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000008

Filesize
558KB

MD5
34fbef6aa9b4940a0bb4e7dfd88e0773

SHA1
a77a373dff07ca58fe730f87fa3eec01905dc1fd

SHA256
5b762a6f514e1232ebf9cab135954d2ee4229425a2e51a132dbfe3f98ab7d46d

SHA512
2fb150758a110068a2778d648e334ff17bb6dd73c869e988f6d8ba453a3e85ecf64c765f4efeba384a06b914c16d9619fa9884d8567eeb58e11e1e9156fa2a34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_000009

Filesize
517KB

MD5
8f428445441f508e0cdc159c807ef2b5

SHA1
c75c34b925a35f09605827d4b8762e25cb0b28a8

SHA256
6e32f5fb6a38a3665f5fd03ad5433dd0d635fb3ad50387b9ee419f0ddbe8ee19

SHA512
5729713b7494756f2b9e3d3cdfc67ff313d58c4a5d08a0416e8a8fa74da63cad9c4005891fb1bf4550299b149ba2dbc4be3068d3de5c98a5fab36ababcb29d48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00000a

Filesize
118KB

MD5
5c8aa5a64fed9dfbbc13261567c5d890

SHA1
0c89ea5a55eb53d37a0a196f02af34bd2f140376

SHA256
98cbef7ed37298ede5c635e8b58b4f8d89b6c2211a4d10b6723118f0812b87e2

SHA512
46468f5f245a48c4d2bdea87015b1caeb56c86bf33bb3e0c94f4672b93d7dd46e618493e589d3bc231527b92b3909552e976f38fe6d159483cace94b88bb344f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\Cache_Data\f_00000b

Filesize
126KB

MD5
b7bb1417196cf03f6f5e8f2fccef24a3

SHA1
6a7cb728021229535c8de84a312925c12af086fd

SHA256
1e49f746a9f53d701a1599f1b69c5c799c26ea21d51952908c6527c020da77da

SHA512
d816253da865ef911ea305f7b7dc49f0698ba6317ba1420c761eac655983a4f3cbe87db479440f267894d7b3137eef9fab24dbc205a5a6a6b49a0cc12293113b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
ccaf333bc7b55475c22cc55ed958c39b

SHA1
28086490bc5b2330d7bc60b37ce51869c1900a3a

SHA256
35b2bbba6e4681f0b4fcc7f8368d41bf28cf8ee4bbfd41cd62c0ddb0ea2a6ae5

SHA512
3e906f9224c624ea724c94b14ef5d1281607d85b4379929b2b86c22701e93a5f20a67308ea6d126200af28ccdcb2c8835d24c65c0ffbd707475e50edc388af58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DawnWebGPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Extension Settings\cfpppdnoochdjogndfbpiighlggomdpd\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8e47e6ac2769271a3a5b10af0358561d

SHA1
151be0b9dc726b14d7d7973944d06121b106527c

SHA256
43a053c33b30db12b410f3fdbd885bd05d808f8bb2ef33f5e2908acb608c4308

SHA512
d4282be9ee192c79a3a0947e15c30620059c9f88595c67409dcbc3bee1e0e0d7c127afedb9790c9b8ccf00efc0efc0338db9560d4330821e77e21e55c163ec59

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
d1a21f414c0a90dc75597b6f49262c6f

SHA1
4f9d273efa558d24394b8d24d50fa6afe4ba5583

SHA256
15eb618afa6fe2e9e33e6ea1093ee72770f7b1f9020f0756a3750b36e8ed89be

SHA512
fc7b15e3ff5b024c2691003d11d169844eb13f64453cd1f91dcec41fb27a69ba5ca7ae66eb9e6893695fe0c366f3ad73d7926bedba554ad903c9413b6c6773c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
dd346c72cd0e17ca94edae73a394836f

SHA1
5fd394bca58f5c463a7819af13de28779b711c41

SHA256
a7176dc9ca68b193f3c49c5a39ca91b0a3fb3dd415eb61326e9100b10e76b9dc

SHA512
468ecc68d7577efc49e265723c77d3b688f9cc32e45455ec8be7bc2ba1b0235692971b638ffe7f17167c9730f6dac4ffb5e6785742e19117c8fb698fb87d386a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
2545d7e4c54ffac4a7266bbac49a0d07

SHA1
047e6acd6faad21c13f4f32e8a64b9d06f41688c

SHA256
322e6407afdfadc152ea624cb89b907aa476477085f79ae3df45aebdc4fc4e70

SHA512
2f0c40b4edfa41916b2f40f31b86ebf0963415698959f7e8d742dcb1111edaf2713f420dac5a656dae9e0ed877a099203492f56e200977344cfde14f9d24dcbb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\TransportSecurity

Filesize
1024B

MD5
0bc01f48f6c94494499f20955b73d45e

SHA1
37cb99d84809fafe25e703d4e31a673721ad154f

SHA256
16ca3f00a0a3ed34a8264334fba5e7fb8cc815dcb103037ed31c3bfef1a88331

SHA512
2cbb7abc7fde4a84422e0d078137c62f3df34676b49ff2bc1d4750e3460f19e6321924014bb567ea18e076f24012063c1a26d1256e525339693c5fe99a41ab86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
95b4e1b1f7b669bd7245d1110d6ae248

SHA1
74c546c1526985512d587c6cfc7792595a0a2336

SHA256
d3a69f610b752cd4023aecf7d893e20d90cb9c731afad0d5e2cf686b002e8902

SHA512
00e63f3868e1f0431848e515fbff7a2097d17c252cbf4dac0a0d659a6d81515697206baa19cb8eaea799be8cbbca8f1e5bec24c6a111e6b406d4b0211ec3786d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
ec59df2eb4866c6d4b5af307f89e51e8

SHA1
3cb02a4216a11811a48d8ebe9ef0fdd0429f46e6

SHA256
69fef33e242486ae3abca7ac180725e46dcff7d1e5619e690b6e6eabb00147cb

SHA512
9088a987a23d5b3d8150ef585b1f7219fd400b77d63dc77d01fade214dd21f76238f88c50313bd570f775d4c88624d927d613576ad0eba225ea4009818e762cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
10KB

MD5
198ecb776e2fb55eaab97b0b23f3f367

SHA1
599da06befe72244ec1d0e13d914d22ee4343c50

SHA256
64729273ae53f3227db4623d54c0395127a16b00e158cdd5bee75c2e251cf573

SHA512
821a2f1320b852de8ae39741ed5fb3b8144d4321afa01a2a5d0fdbe04bb85f4810cf50ce3e3c138d203f06ce1edb1815a8148ee83d69c3c3952999abefdc1a0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
104251be9b770a1f6353d4506cb5c756

SHA1
e41be895d917c44ea664283cbc641334bee78251

SHA256
ea8c5597144f1806353407f21c2f9f40682072522ed46a3629132fdbdcc9fc47

SHA512
db03dd9f5bb4912e10dc34c43d70d1650a862698417f88ce0649afb0378cf4a714a7780b26a85f9f496a0998aaec3a3417e6333abaef44900788237227c4bb2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
31KB

MD5
13a81854a43478be0a0f085fcc0cef56

SHA1
30c4187a118d5af3af6caebac34c405dec4d4f06

SHA256
a3c5c960cce179f69ed569f1b72536fc9b289efc779269ba328a80fa993432dd

SHA512
db195efeb96497dbbe3098cbc5a2d8dae88ca1112bf615e2cdc7cf2646a2ba6e6f86af5964282a006a9484f8553d52e33910fea4554397631fe6fb5e4355f889

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
31KB

MD5
702ba370cc533203f822607f07f5c4f2

SHA1
1fa0ed04c6348e101ffbc06c988ac906b423f9a8

SHA256
43dc40d2f776842fdb5e9bb0792bcc19428d4ed9620c8191fc8f1c7beca1f552

SHA512
227dc73c3e3240890bd5bae4168823f45a9c22598ed30324c85801631f7b6a5d0995fbdf0a10b16bc7c588454c51add053d505f34411204fef10cb18a96dff86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
504B

MD5
41b74f315958a848ee3564f9d3d41c07

SHA1
b0c2ef24b7c84c3a5571bb378a20dcb339ffdae3

SHA256
025ab1e1d807d6cb96efca0dc88b8ea93a2a45b78b7a4840c4c4bec65b2154bd

SHA512
9c574e12a5e78b69771eb068b3b667c7bcbf5ead987d672e58f36b57066028583a39912839c0c8e8d0050beaa30c57c68aa6dc7f142ba5bd97424e8efdaea2f9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe582c4b.TMP

Filesize
48B

MD5
f4cd461a31d426844d6b17484b9dad88

SHA1
e0b62d38379e428bd2c45dcb99c70fa6296baf23

SHA256
01bace2b0f5efe68abe9146da29e4786381fc424f14bef2e70119362c3caa414

SHA512
f19f6abccfed00bd97076b0e2d51379e19951477b22cfa76ce02e7f1ca79b92bafd6f98d7ff1a9c72fe1bb4fc3a826a4257e12ebff5b31344b401742f481de2d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
323B

MD5
a2600edc6a49fb494df4cf59a6356820

SHA1
f008952727cf3ef57544a415cad74f9a597268db

SHA256
30595216fab3c7c3acec980004173ece3db14b5e8673d145587727d2a3647e6e

SHA512
1278666cf06ddacacdb062bd791ce230e0fa7ac5993fed91530ff87a378fc5d21b8bc5282918ecb12c6115527f415c356b6320976f349cd979d7f8350e99fa18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
13B

MD5
754f1eae8d950f937197f3edaa4637fb

SHA1
4572f845999bfba664611bd72683eccdc16b420b

SHA256
801bc3c3e5ee87fdf8c5dfa78fdeaeb013ddfa8530f542ffa7e4dff10c6ee384

SHA512
7d1ba8d9d7823ec70284a6e9042cce7272233b3512e95230da39fb822c933851f32427f97ab1685770b77e2a46b7b3f86f15a873e79585c7ad599b4a3cc90928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
38KB

MD5
ed35eac42d7060aff5dde438d5dd0c4a

SHA1
6331feb425a681457f055ca3c8b2d446d1ae7bbe

SHA256
497a40d2893e423b254d4e289aa45860abf16cceab0cc76db5e79d2f3977e3b0

SHA512
d8d72dcf2c0bb6c8f88619f4f634e6d5622438998e88e1ffddfdf2ae75910a242bc5b8e589051fc393f96aa7c1a6d3529d18d968a41a2b8c2a5cba3554ca9f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
48KB

MD5
5a13727322400f1bfc5d44fb62ec294b

SHA1
fe7de6099d3d41fec76b5429588bf01afac046f1

SHA256
31e77a685fe95884e4a7d8858dbe4f40a7562e7035b4eaec7bc8e480596a4230

SHA512
310fae3d9dd4db6270e1c10dd279fd9419b84be4966061bb082bfed6711cfb5aeb26bf949685523676d18e9d29f46a1486eb4a5aa7018779da3c8529cb49993d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
52KB

MD5
3e1695e9ede0c8599c2f21a7b9aa0cc1

SHA1
4fedc8a63ad62bcceea7d7c7eea2ef7e201307ac

SHA256
4f3bfe90562550ef3d1aa49ec7121f5d384b34650cc9ff3c9c8720f6a6f003ee

SHA512
06d8ca871beb9ab67ee2caebabf40ff05cf367e82b796a910daa46c741234218933a63c4ed8b284fc68e0c61cf8be56dbac9529c68e46b06cae155d9c8204cb8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\SmartScreen\local\uriCache

Filesize
9B

MD5
b6f7a6b03164d4bf8e3531a5cf721d30

SHA1
a2134120d4712c7c629cdceef9de6d6e48ca13fa

SHA256
3d6f3f8f1456d7ce78dd9dfa8187318b38e731a658e513f561ee178766e74d39

SHA512
4b473f45a5d45d420483ea1d9e93047794884f26781bbfe5370a554d260e80ad462e7eeb74d16025774935c3a80cbb2fd1293941ee3d7b64045b791b365f2b63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Variations

Filesize
86B

MD5
961e3604f228b0d10541ebf921500c86

SHA1
6e00570d9f78d9cfebe67d4da5efe546543949a7

SHA256
f7b24f2eb3d5eb0550527490395d2f61c3d2fe74bb9cb345197dad81b58b5fed

SHA512
535f930afd2ef50282715c7e48859cc2d7b354ff4e6c156b94d5a2815f589b33189ffedfcaf4456525283e993087f9f560d84cfcf497d189ab8101510a09c472

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

Filesize
2KB

MD5
838e15c6f2627379ebf3759d684b558e

SHA1
dcbc36f818ead83244a637d8ade82a2b5bc0696d

SHA256
a618b505edc91054c2400f42db1c5a1d648a491645d8d734abaa70f956a0e82d

SHA512
6d867ad35ea79571ee0c400f46b3196778ee55d64748b8da12d05b933240b87d832a1855ea3e0c6db82c50ccb7df8901687c1d17774aa7ca2cd4b09fba3f58d9

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ttjtu0ie.tea.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\config.js

Filesize
200B

MD5
6543162fc08ba83c21025902a15aab72

SHA1
aedd6ae3a1b8135e22e50a8771720415a7859066

SHA256
5e0733b5f800bd1d4a98a6acf4eafb73276ed147f775d0ba4df0e6a0d2c59654

SHA512
712b2fb7a8d664e828c4bcdb1f18460fb8a7c78c36e6ca222c16881765714f77f1d048bfa43095f93f25527d8a6f4338d0d7a1786261a2f37c9778d992d5d079

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\ico.png

Filesize
3KB

MD5
40de419c81de274c26c63e0f23d91a3f

SHA1
3fda2c10bf0d84aa327e107730b3596fcd13d4fd

SHA256
7d1878c4a74f2b7c6deb2efb39aa4c1cef86b8792efd2022644437cad6c48af3

SHA512
a6c0a9328941b31ab92d7de6bfedb7012a66e10f1726a3648d8314a49fd37dfbed06c199db04ddf6a0da6f9d42d9a78378ea67e7399fd847d48e4427bbb0ff99

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\manifest.json

Filesize
1KB

MD5
a426a5b97b2032c58538ee58c9ed7e43

SHA1
f070698366a9d990d2850c461eab6edff36175f1

SHA256
82abab030de48e279fb274f1bbb32d91e72348fd205107bfc30c09faf716a157

SHA512
4113bf37cc18b70a1f67f5df30dc979ba649b42249025aec1678397ffe6290f28daa62a93aa0c80c9053845c110e28a4418d0c18610160cac33cd543e2db08ce

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\rules.json

Filesize
620B

MD5
6c96a8e0dc7f99afebd022054a96bff5

SHA1
836c9f51bbbc8e5dc096cee29d7354b3a2211de1

SHA256
464f3f4c07331ae1f15fe0e6a209b4cfaf8cfce14a7c79eb192cbf2c49bbcb19

SHA512
ebad39459aead9cac1d3d1bd27459de20f107a19c3492678b869d8488e014fb2fba168c7a0d98cfb7742a4052e20ba526bef29aa63cf79f923dbdb926c87469d

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\background.js

Filesize
22KB

MD5
5c018bbd734469aadb9d065a63ebbe32

SHA1
d90571b3ae3f02bab2a67a3c59c537f8b2af4d6f

SHA256
07b9b8e49e61df70453a3c98b6671c1823145b0dc93218038070051de0a34209

SHA512
5ab625a74b6e15aa60049aaff0b044d9fc0379fa10fccd7c4d554e24b648ea6a9d38d7e4cf710f39d81375af924b40d285011928a5ed554a1b82da1054dbbeed

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\content\main.js

Filesize
218KB

MD5
1dd2fe383955495f184461b44b7e67b6

SHA1
11ce15a76d75a34d69fa406f37c4ec0730bd503f

SHA256
4237306a00388360a640289e51cd9cc799e05965d78bba691a8b5b363f600e7f

SHA512
1e715f3036b2692b6fcc6b53499f271d6a786f17601bb0b2e6f05d2615f1c722538809741fdee33a086362158baf27527843204311ba1cd1060c41fd590d609f

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\clipper.js

Filesize
8KB

MD5
83e89ef8ac5cedcfb31f955890044353

SHA1
f69cb8b60999e83c1e8da70d637d15a876d70bb0

SHA256
0fea02710bb5013606f442ea62e4a8ce08ff1977c7f71907d7a6ab954d8b93d8

SHA512
97914ed7bb4c26fe3e92e1d115042438dd6091af6decbe5f4bb7f50e1b0b5bffda599723c891a94e66166bd5a0ddb8477324bd39eb8ec1505edf190d93458559

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\commands.js

Filesize
26KB

MD5
63412559ad95e29e9d66db59bcee99c2

SHA1
93ce2f9464fc23f4ccddad18644498c793018479

SHA256
3651e193252e07e4a237b752bfa68ba7b1b98089d7adc4dceba0a216309ce101

SHA512
8f322fdff3552dd169eb106dd640fca4c9a7745e3085b9557447aefb28dd41b2936a182938f723892ba9a2b295b7fbb33024d26708c5d95d7dd8cd37f4e5700f

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\csp.js

Filesize
6KB

MD5
94e35924bb49f3b21715943b48cbb0cb

SHA1
3fb4d6307e0ce0e259d33d4f3daab2d5efcceca6

SHA256
0456ac868e9a441b6361eb13c42e5ab389aece3c925e9625418abee73d988c19

SHA512
00fa64c0183d9014092b29d9b6e4beaaabc829044e8be989eddf6c5251a6c618b35a8bf9b1b6de9c733f53ff7c3a2f6ef4546c27ca3fe35bb8316012504aabf3

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\domain.js

Filesize
38KB

MD5
4cecc21ab788b4030ac759b169588b9c

SHA1
139009ca5eb493068b0ed6407bf268ce2311ebef

SHA256
11566e6d5f7985bc4ff49418b9a5dc8f555a1ce32ce2d3e1fa98d155d95fcf85

SHA512
c78a6e04e91beed1f82b8a94904aa7c8e0176d1c75de82a64f4c6ff3867fa8de022e342f89b7cf7b70fdbc28db4d8569313bd419b9869dbe85f708eb2a352410

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\exchangeSettings.js

Filesize
112KB

MD5
874f56ef8b0604fb8f8bf3201e13be2c

SHA1
56b0cbcda49b3fe4a14379cba8903a023e34228e

SHA256
aa9a1f357a62331fb3bba5ee45c9bb4b7c7e66e89d554d5f1682ebd27c0267a0

SHA512
8a8494d2cdebe104fc7f36882af465df9084799a008e60cb9b934c4b933823694503691b9b718195349656ed1c2fd1bf09527d63442033e3056e4b8c620a4648

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\extensions.js

Filesize
6KB

MD5
6e6746eef50d393a71425a2faf22e170

SHA1
44a0ae2c5e72240fbe0e2a3d0cffa66706367e4c

SHA256
d3d8e7bd515996da5bc6b545443d6b46eb25d75022dd4c4c2ab52caf1d14acf2

SHA512
2b2c9da7ecf0bd142c0157576a00ca24074870758704d63abdec8344f906c1b4d57eaf3415674e1df3867ef63f8e13b29420d8e3469dce3b588c065370b42350

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\getMachineInfo.js

Filesize
23KB

MD5
d2ed7ce840eee40014fe830b51402199

SHA1
b01e0dce027c877a48b81766b252dc8f8f55974a

SHA256
5bd3fa60f094dfcd65317acbd3a26a346ffd73657b4aaf69a062b85cea5b3bde

SHA512
3c4b2661c64dc970d4338d8652ca3b9953360fdb9172c7f3ad5924d3983e7152b2d9d3b5b0f36539fafde42a206fa02319951104c0b8acc2ddcb445d5d3aa548

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\injections.js

Filesize
32KB

MD5
d141f3516df1a2ed4660da1a59d2fbb6

SHA1
01536e746a6efffdb73b9ce083d1f803dd3ef202

SHA256
fe0eb766e2571d565730a88ab4177503742df1413b624c07b63ee83abaced7ab

SHA512
6218ceebea2b67de4905dc58fdcb24887a8ad87dc8600b09f31b3ea04bccb4387408bf49e74ba47aabc2c1640fb1184536df60cd5682ffaa55f4e1297ff3c93e

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\notifications.js

Filesize
9KB

MD5
cdbb4be250468c3d714b46310b0d21c1

SHA1
e20da871639b6757778096586e4edbca3355b212

SHA256
0c1ddcaf922f72aa9a3e68b3c820a6a014da8497be6198dbed5da42c26212630

SHA512
187e39b4a08b7689ef30607464d50b29ccaa9370306d65de9a24c28d58d8d72f6d0cdeeeea8cf7f7a7505f400e7cc7c2dc5476951dc1a2260b9192b505132bc3

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\proxy.js

Filesize
108KB

MD5
95529457ca0905c7f98158030b244f8e

SHA1
3501c8593f17cf5e2642be0ee004e458f3dad971

SHA256
6c6297b862526c37cf0ad082fa16c823e21a4d9c1bbce522f683fee9deebe7b9

SHA512
886da718cd616792fe0139894e4f83720371171dd2a165da40d611c1ec39300b6e38e71b9d2c6450015c7ade168d399d49fcf1d7b46a4a924b4d82d84b312f15

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\screenshot.js

Filesize
6KB

MD5
77e3b9491eb292f278353452b75b9898

SHA1
3c44a63c60e504bf20d9caa6993787b206722e6f

SHA256
fd1378547a4f5d5b862abae5e63955ad774c3bd71f66c1d88845a3099eac5de4

SHA512
9156511f11bb1e16b882b030d25bbe7d6cd9c89b17769e730ee230910a8d73a0c4e9091c9d566ce2e35701a56bfc142704cf35721ea89519ebcb32c8e013e3f0

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\screenshotRules.js

Filesize
8KB

MD5
394e347fed37d178a77d875946e6d4f9

SHA1
3ad344eb01b8f94d3036d5aed8ceff60628bb023

SHA256
6eb0d12f0f5b263ae5d0ed1532d97fc65ffc7997ed59c97065d4d13a2caaed72

SHA512
ed553279974248ce9f7f66648b35871b506723b1d8392f4624bd513e56c56c11a31b6971a3ed58d436a51f4a2b2bc68b7d6e790307e1788ed0606f72ab44a38f

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\settings.js

Filesize
8KB

MD5
54dc93a6472e2a2fd8ebcd3ce1e4e9d3

SHA1
5fb74fe6207d49bbece35adc7c8798f1721cf84a

SHA256
3254e2763b7a7e1605124c97a907b290a8ac6f27a98581e8254f4c7dd477bb05

SHA512
163a711b9021df637f3c3d46280b6b2560d0d3ef4f4a991aada8dbe7b21fccd1909feec3f0323459186e395105b56f3df5330153cc7ed154c354e46454d9afb6

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\tabs.js

Filesize
9KB

MD5
fabe3e6586f3a3ad49705f28924e4b28

SHA1
41aa7aaa8d854615cbc6cd9b677718bbdbcd54bc

SHA256
785ffc3a5182a34c03682be0bec13b4dcab78e36cd6a92b97f45c8f93a6e9f6a

SHA512
8d9fca0525897bdd27a66771eec18f700566c51353b164391a75f6645eb232bfe3f1012e8fce896a40b59586fdb81e52a76da516ac77b6b583a27adfbb25f772

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\functions\utils.js

Filesize
5KB

MD5
cb78855b0c0be9ef7f48aa584fd8be98

SHA1
f36d34a4b9cca6adbe92a9e1fccbb077ef569d94

SHA256
adc4338b8eb37c6ecadb87921e3e938fd81295e8bb5caf237172ac715b4a0982

SHA512
bb71db22ee1ee12e43de79b3a0a77045f160f055a6b5fe03418b3a0a5fa903f175c56769d1ea910ec5b2067023b78bc463b2411cee02b534603c059ad770e3e7

Download Submit
C:\Users\Admin\AppData\Local\VDMjPJgKHb\src\mails\gmail.js

Filesize
274KB

MD5
74c95b19fe873d1214176599d2de162d

SHA1
dbaa13924fb21fbfa058636b88a8cf64ec9d3946

SHA256
2bbf572ba7c868a00178ac09073a924d45cdba440b476d0a71f073b0e216d087

SHA512
70a71d85fe6239d7b07b51035f1e0a2995cb657ae41c49f92284cd6df734825e6ebb04dae40da873318bef7acba15c000b448c25ff78568629bf7b1e848c4647

Download Submit
memory/2440-39-0x00000127A1C80000-0x00000127A1E42000-memory.dmp

Filesize
1.8MB

Download
memory/2440-40-0x00000127A2380000-0x00000127A28A8000-memory.dmp

Filesize
5.2MB

Download
memory/2440-14-0x00007FFCF9190000-0x00007FFCF9C51000-memory.dmp

Filesize
10.8MB

Download
memory/2440-13-0x00000127A1A50000-0x00000127A1A6C000-memory.dmp

Filesize
112KB

Download
memory/2440-12-0x00007FFCF9190000-0x00007FFCF9C51000-memory.dmp

Filesize
10.8MB

Download
memory/2440-44-0x00007FFCF9190000-0x00007FFCF9C51000-memory.dmp

Filesize
10.8MB

Download
memory/2440-47-0x00007FFCF9190000-0x00007FFCF9C51000-memory.dmp

Filesize
10.8MB

Download
memory/2440-11-0x00007FFCF9190000-0x00007FFCF9C51000-memory.dmp

Filesize
10.8MB

Download
memory/2440-1-0x000001279F490000-0x000001279F4B2000-memory.dmp

Filesize
136KB

Download
memory/2440-0-0x00007FFCF9193000-0x00007FFCF9195000-memory.dmp

Filesize
8KB

Download